English Русский Контакты Карта сайта Добавить в избранное
Профиль
Регистрация
Вход
Бреиндампы
Главные бреиндампы
Новые бреиндампы
Прислать дамп
Получить последний дамп
Форумы
braindumps.com.ua
флейм
Продавец
3COM (10)
Adobe (2)
BEA (1)
c# SAMPLE (1)
Checkpoint (22)
Cisco (20)
Citrix (21)
CIW (15)
Compaq (0)
CompTIA (51)
CWNA (2)
EMC (2)
Exin (4)
GEJOS (4)
HDI (1)
HP (4)
IBM (15)
Juniper (5)
Linux Prof Institute (LPI) (2)
Lotus (11)
Microsoft (2487)
Network Appliance (2)
Novell (16)
Oracle (448)
PLSQL (1)
PMI (5)
SAS (1)
Sun (90)
Teradata (4)
Авторизация
Логин:
Пароль:
RSS лента

Контакты
Сайты по тематике
Cсылки
Авторизированые пользователи могут оценивать бреиндампы.
Пожалуйста, авторизируйтесь или зарегистрируйтесь.
Если вы хотите отблагодарить за полученный тут сервис, то уделите 5 минут и проголосуйте.
Скрыть это сообщение        Да, я проголосую

  № 5239, Microsoft 70-284: Passed - with this dump.  03.09.2006 
  Рейтинг: 0 

Basic Facts About Testking

TestKing Introductory Note:
At the moment, many argue about the necessity of certificates and every day its becoming more difficult to get these certificates, because they are permanently upgrading and being aware of the latest upgrades is essential nowadays. Therefore, the basic facts are quite simple - to get ready for these examinations and read carefully all the certification manuals, as well as study guide and the best possible resource concerning this cram is undoubtedly testking.

Essential Details About Testking Brain Dumps:
At test king our main goal is to give you the best braindumps and other examination materials that can get you prepared for your examinations the way no other resource can do. Our team consists of professionals and dedicated specialists, who in their turn are certification holders and know all the ins and outs of the certification game. And to be the best among competitors is the essential longing of Testking team, and it is proven by our continuous efforts - the number of students who have not only succeeded in their exams, but at present are at the top of their professional fields speaks the truth.

Getting Prepared for Your Exam With Testking:
At testking we provide you with all existing materials and manuals, study guides necessary for your certification cram session. These include study guides, braindumps, practical examination materials that will show you the right direction and system on how to prepare. The braindumps we have prepared for you will help you succeed in your cram session and achieve the certification you want the most.

Why Choose Testking:
A great number of online and offline services is available at the moment on the certification market that prepare people for certifications. Among them are such online services as transcender, certmag and many more alike. However, Testking is the only existing service that covers all existing vendors in a unique and adequate manner, summarizing all the essential data. At Testking we give you an exclusive opportunity to get prepared for your examination having a wide range of braindumps, manuals and guidelines that will ultimately help you reach the essential goal of certification. We righteously claim that no other service provides such a detailed cram session exam guidelines, and that is only a small part of valuable information Testking gives you to get good and ready for your exams.




All questions same as dump.
Good Luck.

1.QUESTION NO: 1

You are the Exchange administrator for TestKing. The Exchange organization contains 10
Exchange servers. All Exchange servers run Exchange Server 2003 and Microsoft
Windows 2000 Server. All client computers run Windows XP Professional.
A single Exchange server named TestKing1 is allowed to send and receive SMTP traffic to
and from the Internet. User mailboxes are evenly distributed across the other nine
Exchange servers. All Exchange servers host Microsoft Outlook Web Access and are
accessible from the Internet by using HTTP only.
You distribute Outlook to all users. You ensure that all users have personal digital
encryption certificates issued by a commercial certification authority (CA). Subsequently, a
new written security policy is issued. The policy requires encryption for all e-mail messages
that contain confidential data.
You need to ensure that all local and remote users can send and receive encrypted e-mail
messages. You must achieve this goal by making the minimum number of changes to the
protocols allowed into the intranet from the Internet.
What should you do?

A. Instruct local users to use Outlook to send encrypted e-mail messages.
Instruct remote users to use Outlook Web Access to send encrypted e-mail messages.
B. Instruct all users to use Outlook to send encrypted e-mail messages.
Configure all client computers to use RPC over HTTP to connect.
C. Instruct all users to use Outlook to send encrypted e-mail messages.
Instruct remote users to establish VPN connections to the Exchange server that contains
their mailboxes before they use Outlook.
Configure the network to permit VPN connections to all Exchange servers, configure
Routing and Remote Access on all Exchange servers to accept VPN connections.
D. Instruct all users to use Outlook to send encrypted e-mail messages.
Configure Outlook for local users to connect to the Exchange servers as an Exchange
client.
Configure Outlook for remote users to connect to the Exchange servers as a POP3 client.
Ensure that all Exchange serves can send and receive messages to and from the Internet.


Answer: A

Explanation :
Exchange exists on Windows 2000, and need ensure that all users have personal digital
encryption certificates issued by a commercial certification authority (CA). They can configure
external PKI certificates for each user mapped to each user account. This way users can utilize
Outlook or OWA to encrypt and answer A is valid.

Incorrect Answers :
B: The requirements for using OWA with S/MIME support include the following:
The server must be running Exchange Server 2003.
The client must be running Windows 2000 or later and Internet Explorer 6.0 Service Pack 1
(SP1) or later and a smart card or other certificate.
C: VPN connections will encrypt communications to and from Outlook and OWA servers.
However, the question requires a minimum number of changes to protocols and configuration.
Simply using the built-in features of Outlook and OWA 2003 will accomplish the task with no
changes. Therefore, this is not the best answer. D. :POP means a protocol change. Since this violates the requirement of a minimum number of
protocol changes, this is not the best answer.
Reference
See "Configuring Exchange Server 2003 for Client Access," in the book Exchange Server 2003
Deployment Guide
(http://www.microsoft.com/exchange/library).
Exchange Server 2003 Administration Guide

2.QUESTION NO: 2

You are the Exchange administrator for TestKing. The Exchange organization contains a
single server that runs Exchange Server 2003. The Exchange server supports POP3,
IMAP4, and MAPI clients. Company employees use various client software applications for
e-mail.
POP3 users report that they receive a Winmail.dat attachment on every e-mail message
that they receive. The attached file contains only random characters.
You need to ensure that POP3 users do not receive Winmail.dat attachments.
What should you do on the POP3 virtual server?


A. Configure the character set to US ASCII.
B. Configure the message encoding format to MIME.
C. Configure the message encoding format to UUENCODE.
D. Disable support of rich-text formatting.

Answer: D

According to the Microsoft Exchange Help: Exchange Server 2003Message Format
Use this tab to configure the way that MAPI messages are converted when retrieved by a Post
Office Protocol version 3 (POP3) client. You can choose the MIME encoding type and the
character set. You can also choose whether to send messages to POP3 clients in Exchange Rich
Text Format, Standard Text format, or both.
Note: Exchange Rich Text Format will not be used if HTML formatting is selected in Outlook.
Caution: You should only select this option if every client that will be connecting to this virtual
server supports Exchange Rich Text Format. Incompatible clients will display blank messages
with unviewable file attachments called winmail.dat.
Incorrect Answers: A. is incorrect, as there are many mail systems that do not use US ASCII for text. Forcing this
format will result in any email server that uses a non US ASCII character set to generate the
same winmail.dat file. A good example of this is anything sent overseas. Even if the receiving
email system is configured for US ASCII, any interim SMTP server that does not will generate
the winmail.dat file.


B: is not correct due to the fact that disallowed characters are replaced with plain text as possible,
but no winmail.dat file is generated. The winmail.dat file is generated by rich text formatting in
a message being ?set aside? into this file for incorporation at the destination. The winmail.dat
file contains all the rich text formatting information for the message. If a POP3 client can not
utilize rich text formatting, this file remains in the message, and contains unprintable characters.
Settings for the POP3 virtual server: C. is not correct, as UUEncode takes a binary file and converts to 7 bit ASCII. This is used in
news groups to convert a binary file such as a photograph to ASCII text.
Reference :
Exchange Server 2003 Administration Guide; Exchange Server 2003 Help File

3.QUESTION NO: 3

You are the Exchange administrator for TestKing. The Exchange organization contains a
single server that runs Exchange Server 2003.
After a new written company security policy is implemented on the Exchange server, the
SMTP virtual server is configured as shown in the Authentication dialog box in the exhibit.


External customers now report that they cannot send e-mail to TestKing from the Internet.
They receive error messages stating that they do not have permission to submit e-mail to
your Exchange server.
What should you do?

A. Enable anonymous access.
B. Enable basic authentication.
C. Reconfigure the relay restrictions to allow all IP addresses to relay to the SMTP virtual
server.
D. Specify that the NETWORK group has permission to submit messages to the SMTP
virtual server.

Answer: A

Explanation :
By default, the SMTP virtual server allows only authenticated users to relay e-mail messages.
This setting prevents unauthorized users from using your Exchange server to send e-mail
messages to external domains.
If your server is secured for relay, only authenticated users can send mail to the Internet using
your server.
To verify SMTP virtual server is configured to allow anonymous access
In Exchange System Manager, in the Properties dialog box of the SMTP virtual server, on the
Access tab, click Authentication.
In the Authentication dialog box (see Figure 5.15), select the Anonymous access check box (If it
were selected, this problem would not exist.)
Figure 5.15 Authentication dialog box
To permit use the SMTP connector to external users you need to permit anonymous user access
to SMTP connector.
Reference :
Exchange Server 2003 Administration Guide


4.QUESTION NO: 4

You are the Exchange administrator for TestKing.
One front-end server and three back-end servers run Exchange Server 2003.
The front-end server provides remote users with access to Microsoft Outlook Web Access.
The only server that is accessible from the Internet is the front-end server.
Many users report problems to the help desk when using Outlook Web Access for the first
time.
You discover that the majority of the problems are a result of the user?s lack of familiarity
with Outlook Web Access.
You need to ensure that users are automatically presented with a customizable Help and
Outlook Web Access logon Web page.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two)

A. Enable forms-based authentication to the front-end server.
B. Enable SSL on the front-end server. Require all users to use SSL when they connect.
C. Enable SSL on all the back-end servers. Require all users to use SSL when they connect.
D. Create an Active Server Pages (ASP) sign-on page for each back-end server.
E. Set the HTTP Exchange virtual directory?s Execute permissions to allow scripts.


Answer: A,B

Explanation :
A: Enabling forms based authentication on the SMTP virtual server is required, as this is what
will allow the form to be displayed when the user attempts to connect to the OWA server.
B is also required. Attempting to enable Forms Based Authentication will result in the following
dialog box:
To enable forms based authentication for Outlook Web Access: 1. Start System Manager: On the Start menu, point to Programs, point to Microsoft
Exchange, and then click System Manager.
You can manually start the application by following these instructions: On the Start menu, point
to Programs, point to Microsoft Exchange, and then click System Manager.
2. Navigate to HTTP.
Servers
1. Server
2. Protocols
3. HTTP
3. Right-click a virtual server, and then click Properties.
4. On the Settings tab, in the Outlook Web Access pane, select Enable Forms Based
Authentication, and then click OK.
Incorrect Answers:
C: Enabling SSL on all the back end servers will have no effect, as all the external clients are
connecting to the front end servers only. Remember that only the front end server connects to the
back end servers, and that communication is beyond the scope of this question.
D: Creating anything on the back end server is not helpful. Since all the external clients use the
front end servers to communicate, no outside user would ever see the sign on page created on the
back end server.
E: Setting the HTTP site?s virtual page to allow scripts will be automatically accomplished by
allowing forms based authentication. Therefore, it will not be explicitly required.
Reference
Exchange Server 2003 Administration Guide
What's New in Exchange 2003
Exchange Server 2003 Product Help


5.QUESTION NO: 5

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain testking.com. All users use Microsoft Outlook and Outlook Web Access
to send and receive e-mail.
TestKing hires 50 independent contractors. All contractors work off site. None of them
have user accounts in the domain. Internal users communicate with the contractors by email.
However, users report that they cannot find e-mail addresses for the contractors in
Outlook or in Outlook Web Access.
You need to ensure that all users can look up the e-mail addresses of the contractors in the
global address list (GAL). Your configuration must not give the contractors any permission
on any company resources.
What should you do?

A. For each contractor, create a mail-enabled User object in Active Directory.
Configure the User object to forward e-mail messages to the contractor?s e-mail address.
B. For each contractor, create a mail-enabled contact object in Active Directory.
Configure the Contact object to use the contractor's e-mail address.
C. Create an Outlook distribution list that includes all contractors.
Send the distribution list to all internal users in e-mail
D. Create an Outlook contact for each contractor?s e-mail address.
Send all Outlook contacts to all internal users in e-mail.


Answer: B

Explanation :
To see the contractors email you just need to create a contact object for each contractor and put
their mail address to forward the mail to the mail contact ? This explanation is correct, but the
correct answer to match this explanation is ?B?, not ?A?. A mail-enabled contact, not a mailenabled
user object needs to be created in order to prevent the contractors from having any rights
in the organization.
Contact: An Active Directory object that represents a user who is outside of the Exchange
organization. For example, a contact may represent a user at another company.
Incorrect answers:
A: is incorrect because the question states that the contractors must not be allowed any access to
the company resources. If a user object is created, they will have some permissions on the
domain unless other precautions are taken. (Domain users have access to many resources such as
printing.) Since the question does not state these precautions are taken, ?A? can not be correct.
C: A distribution list for the contractors can not be created since they do not have any
information in Active Directory. In order for the contractors to show up for a Distribution List,
they must first either be created as users or as contacts.
D: This answer will not list the contractors in the GAL. In addition, it would be very labor
intensive and not centralized.
Reference :
Exchange Server 2003 Administration Guide

6.QUESTION NO: 6

You are the Exchange administrator for TestKing. All network servers run Microsoft
Windows Server 2003. The network contains a two-node server cluster.
Another administrator installs Exchange Server 2003 on the cluster in an active/passive
configuration. When you test the installation, you discover that Exchange is not running on
the cluster. Exchange services are set to manual startup and are not running on either
node.
You need to ensure that Exchange is running on the cluster.
What should you do?

A. Configure all Exchange services to start automatically on the active node.
Reboot the active node.
B. Configure all Exchange services to start automatically on both nodes.
Reboot both nodes.
C. Create a new cluster resource group for the Exchange server and create a System
Attendant resource.
D. In Exchange Server 2003, run the setup /disasterrecovery command to reinstall
Exchange Server 2003 on the active node.


Answer: C

Explanation :
It is only stated that Exchange has been installed in a Cluster. However, to permit an active
passive configuration, they need to perform the additional task: Create a new cluster resource
group for the Exchange server and create a System Attendant resource for the
active/passive configuration.
Customizing Your Exchange Cluster Configuration
When you deploy Exchange Server 2003 in a cluster, you must accept many default settings. For
instance, your Exchange cluster consists of Exchange Virtual Servers that are created using the
New Group Wizard. However, this wizard does not allow you to configure all of the possible
failover options for your Exchange Virtual Servers. Similarly, the New Resource Wizard, which
creates an Exchange System Attendant resource for your Exchange Virtual Server, automatically
creates the remaining Exchange resources, like the Exchange store and the MTA, using the
default settings for each of these additional resources.
Because initial cluster deployment usually involves so many default settings, you may need to
customize your cluster configuration settings. This customization is important not only to
achieve your cluster objectives, but also to achieve optimal cluster performance. Improper cluster
configuration is the source of many of the Exchange-related issues handled by Microsoft Product
Support Services. For this reason, carefully follow the recommendations in this chapter to ensure
your clusters perform optimally.
Configuring Exchange Virtual Server Settings
When you create your Exchange Virtual Servers, the default properties that are applied at that
time should allow your Exchange cluster to operate adequately. However, you may want to
modify these settings to customize your clusters to accommodate your specific Exchange
environment.
To change the configuration settings for an Exchange Virtual Server, you use the property
settings associated with that Exchange Virtual Server object. These property settings instruct
Cluster Service in how to manage your Exchange Virtual Servers.


7.QUESTION NO: 7

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain testking.com. All network servers run Microsoft Windows Server 2003.
The relevant portion of the network configuration is shown in the exhibit.
Each of the five offices is defined as a separate Active Directory site. Each site contains one
global catalog server, which also provides DNS services for all local computers. The global
catalog servers are named TESTKING1 through TESTKING5.
Active Directory replication is managed by the company?s networking group. The server in
each branch office replicates with the main office once a day after regular business hours.
To avoid saturating the WAN connections or overloading TESTKING1, the starting times
for replication are staggered by one hour. Active Directory replication cannot be forced to
occur at any time other than the regularly scheduled replication interval.
Management decides to implement Exchange Server 2003 as the companywide messaging
system. Each office requires its own Exchange server, which must be located in a separate
routing group. Necessary hardware is purchased. All appropriate software is installed in
each office to prepare for the installation of Exchange. You install Exchange on a new
server in the main office and create all of the routing groups. Then you immediately begin
to remotely install Exchange on a new server in one of the branch offices. However, you are
unable to select a routing group in which to place the server. You cancel the installation.
You need to ensure that you can complete the installation of the branch office Exchange
servers before the end o the business day.
What should you do?

A. First configure the new server in each branch office to point to TESTKING1 as its
primary DNS server.
Then install Exchange Server 2003 on the new server.
B. First configure the new server in each branch office to point to the local global
catalog server as its primary DNS server.
Then install Exchange Server 2003 on the new server.
C. On the new server in each branch office, install Exchange by running setup
/choosedc and specify TESTKING1.
D. On the new server in each branch office, install Exchange by running setup
/choosedc and specify the local global catalog server.


Answer: C

They tell us that the schedule can not been modified or forced, Exchange server 2003 installation
needs to lookup for the CG attributes for Exchange, the new server site can not been installed
until the replication occurs, but they can use the new Exchange Server 2003 switch /ChooseDC
and select TestKing1 as the GC to successfully install Exchange. Exchange Server 2003
includes a new switch that is supported by the Exchange 2003 Setup program. This switch is
named the /chooseDC, and you can use it to specify the domain controller that Setup must use
during installation to read and to write Microsoft Active Directory service information. You can
use the /chooseDC switch in combination with other Exchange 2003 Setup switches, including
/domainprep.
Reference :
Description of the /ChooseDC Switch in Exchange Server 2003 822593
Setup Options for Exchange Server 2003 822893

8.QUESTION NO: 8

You are the Exchange administrator for TestKing. The company?s network consists of a
single Active Directory domain named testking.com.
You attempt to install Exchange Server 2003 on your existing Exchange Server 5.5
computer. Setup fails, and you receive the following error message: ?This version of
Microsoft Exchange does not support upgrading from Exchange Server 5.5.?
You need to ensure that Exchange Server 2003 can be installed on the existing exchange 5.5
server.
What should you do?

A. Install the Exchange Sever 2003 Active Directory Connector (ADC).
B. Upgrade the Exchange 5.5 server to Exchange 2000 Server.
C. Upgrade the operating system of the Exchange 5.5 server to Microsoft Windows Server
2003.
D. Run the commands to clean and prepare the forest and to prepare the domain for
Exchange Server 2003.


Answer: B

Explanation :
In-place upgrade from Exchange Server 5.5 to Exchange 2003 is not supported. Because they ask
to us for an in place upgrade, an upgrade to Exchange 2000 is required. After that, from
Exchange 2000 to Exchange 2003.
They do not tell use if the ADC is running or not, for this reason I do not consider answer ?A?,
although is a required step to upgrade ADC to Exchange 2003, they ask to us for in place
upgrade
Exchange 5.5 to Exchange 2000 In-Place Upgrade Method
With the in-placed upgrade method, you can take an existing Exchange Server 5.5 SP3 or SP4
server and install Exchange 2000 Server on it. In this way, you upgrade your existing Exchange
Server databases and connectors to Exchange 2000 Server. When you use this method, you must
perform all prerequisites and testing for the installation of Exchange 2000 Server.
You must upgrade Active Directory Connectors (ADCs) to the version of ADC that is included
in Exchange 2003 before you can install the first Exchange 2003 computer in your organization.
The installation of the first Exchange 2003 ADC increments all connection agreement version
numbers that are hosted on the server.
Understanding this option is available is important, but including it in a discussion of the
question is not relevant, and will end up confusing the user come exam time.
References
Considerations When You Upgrade to Exchange Server 2003 822942
Overview of Operating System and Active Directory Requirements for Exchange Server 2003
822179
XADM: Description of Exchange Server Migration Methods 327928


9.QUESTION NO: 9

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain testking.com. Currently, companywide messaging services are provided
by an IMAP4 mail server.
You create a new Exchange organization to replace the existing messaging system.
Exchange Server 2003 is installed on all Exchange servers. All IMAP4 mailbox data must
now be migrated to an Exchange server named TestKing1. IMAP4 users already have user
accounts in the domain. You manually create a migration file that lists all IMAP4 users.
Then you perform a one-step migration of the IMAP4 mailbox data. The migration
completed with errors. The migration summary is shown in the exhibit.
You verify that the Active Directory user accounts for the IMAP4 users have Exchange
mailboxes on TestKing1. However, the mailboxes are empty.
You need to ensure that all IMAP4 mailbox data is migrated to the new Exchange
mailboxes.
What should you do?

A. Enable and start the Exchange IMAP4 service on TestKing1 and return the one-step
migration.
B. Create an Active Directory user account that has the same user name and password as the
IMAP4 mail administrator.
Assign the Send As permission on TestKing1 to the new account.
Use the new account to log on to TestKing1 and rerun the one-step migration.
C. Collect the Exchange alias name of each new Exchange mailbox.
Use this information to update the migration file and rerun the one-step migration.
D. Collect the IMAP4 mailbox password of each IMAP4 user.
Use this information to update the migration file and rerun the one-step migration.


Answer: B

Explanation :
IMAP4 users already have user accounts in the target domain and you manually create a
migration file that lists all IMAP4 users. Exchange Migration Wizard must have appropriate
permissions in the original mail account and in the destination to be able to access. In order to do
that you will need to give the account the send as permission to the Migration wizard account
The Migration Wizard is stand-alone application that is installed on your computer during
Exchange setup. Migration Wizard consists of two types of components: source extractors and a
migration file importer. Source extractors copy directory information, messages, and calendar
information from various messaging systems. They save the data in and intermediate file format
that can be read by the migration file importer.
After the information is in an intermediate file format, the migration file importer imports
directory information to Active Directory and then adds messaging data to Information Store.
You can perform both steps in this two-step process (extract and then import) the same time or in
separate steps.
Create a List of Accounts
You can manually create a list of merge operations for Active Directory Account Cleanup
Wizard to perform. You can create a list of merge operations in Notepad or any other
application that uses the .csv format.
Note You need to create a list of merge operations manually only if you have a particular
reason to do so; for example, you might want to create a list of merge operations manually if you
already have a list of accounts to be merged in the correct .csv format for the wizard.
Grant or Deny Mailbox Permissions to a User or Group
You can grant or deny permissions for a mailbox-enabled user, or mail-enabled user or
group, that enables them to access another's mailbox. This is helpful when you want to
enable a user or group to have permissions to another's mailbox. For example, you can give a
mailbox-enabled user send as permissions to another user's mailbox; or you can deny a mailenabled
group from reading permissions of an existing user.
To create a list of accounts to be merged in Notepad:
1. Open Notepad.
2. In a blank Notepad document, type Source,Target on the first line.
3. On the following lines, type the source and target accounts for the merge operations you
want to add:
,

10.QUESTION NO: 10

You are the Exchange administrator for TestKing. The network contains a single Exchange
Server 2003 computer. The Exchange server contains a single storage group that contains
one mailbox store and one public folder store.
The server is configured with two logical drives. System files and Exchange transaction log
files are located on drive C. Exchange database files, which have a total size of 80 GB, are
located on drive D.
Except for the company?s 10 managers, all users have a mailbox size limit of 100 MB.
Managers have no size limit set on their mailboxes. The average mailbox size for managers
is 2 GB. Managers frequently use advanced searched to locate messages in their mailboxes.
Each search requires more than three minutes to complete.
You need to ensure that managers can search their mailboxes more quickly and that each
manager?s search includes all messages in the mailbox. Your solution must have the
minimum amount of impact on e-mail performance for other users.
What should you do?

A. Create a full-text index on the mailbox store and configure full-text indexing to run once
per week during non business hours.
B. Create a full-text index on the mailbox store and configure full-text indexing to run
continuously.
C. Create an additional mailbox store. Move all managers? mailboxes to the new mailbox
store.
Create a full-text index on the mailbox store and configure full-text indexing to run
continuously.
D. Create an additional mailbox storage group and an additional mailbox store.
Move all managers? mailboxes to the new mailbox storage group.
Create a full-text index on the mailbox store and configure full-text indexing to run
continuously.

Answer: C

Incorrect Answers :
A: Running the full text indexer once a week will not include all messages in index, and will
give incomplete search results. Therefore it does not satisfy the requirement given in the question
to ensure that managers can search their mailboxes more quickly and that each manager?s search
includes all messages in the mailbox .
B: Performance reasons - the solution must have the minimum amount of impact on e-mail
performance for other users. Indexing the entire store will take significant CPU usage as well as
hard drive time and space. It is not necessary to do full text indexing on the entire store when
only the managers need this capability.
D: Performance reasons - creating another storage group and mailbox store on the same disk will
decrease performance
Reference :
Exchange 2003 Admin Guide

11.QUESTION NO: 11

You are the Exchange administrator for TestKing. Exchange Server 2003 runs on a
Microsoft Windows Sever 2003 member server. The Exchange server contains one mailbox
store and one public folder store.
A free disk space warning threshold is configured for the Exchange server. However, when
the amount of free disk space is below the threshold, the help desk mailbox does not receive
an e-mail notification.
You need ensure that the help desk is notified if the server?s free disk space is below the
specified threshold.
What should you do?

A. Configure an e-mail notification to occur when free disk space is in a warning state.
B. Configure the server?s mailbox management process to send summary reports to the help
desk.
C. Configure the help desk?s e-mail address as the non-delivery report (NDR) address on the
SMTP virtual server.
D. Configure the warning message intervals on the mailbox store and the public folder store
to use a custom schedule that allows notification 24 hours per day, seven days per week.


Answer: A

Explanation:
Notify an Administrator by E-mail
You can send an e-mail message to an administrator when a server or connector enters a warning
state or critical state. The server and connector states are set on the Monitoring tab of a server or
connector. The subject line and body of the e-mail message are automatically created; their
content depends on which server is monitoring the servers and connectors in your organization,
and which servers and connectors are being monitored. However, if problems exist between the
monitoring server and the server or connector being monitored, the message may not be
delivered.
Reference:
Exchange 2003 Server Help

12.QUESTION NO: 12

You are the Exchange administrator for TestKing. The Exchange organization contains a
single server named TestKing3. TestKing3 runs Exchange Server 2003 and hosts all user
mailboxes. TestKing3 also functions as an SMTP gateway for Internet e-mail. A firewall
separates the internal network from the Internet and allows only SMTP traffic to each
TestKing3.
One afternoon, users report extremely slow response times on TestKing3. Some users
cannot access the server at all. You examine network traffic to TestKing3 and conclude
that the server is the target of an external distributed denial of service (DDoS) attack.
Your immediate need is to prevent the attack from affecting TestKing3. You must
minimize the effect of your actions on internal e-mail users.
What should you do?

A. Stop the SMTP service on TestKing3.
B. Reconfigure TestKing3 to prohibit all POP3 and IMAP connections.
C. Reconfigure the firewall to prohibit all incoming SMTP traffic.
D. Reconfigure TestKing3 to accept only POP3 connections.
Instruct users to access TestKing3 by using POP3 client software.
E. Configure TCP/IP filtering on TestKing3 to permit only RPC traffic.


Answer: C

Explanation :
The primary goal should be to stop the denial of service attack of the Exchange Server. The
most efficient way to do this WITHOUT affecting the internal E-mail users is to shut down the
SMTP traffic by reconfiguring the firewall.
Incorrect answers:
A: Stopping the SMTP service will also shut down all the internal mail, which violates the last
requirement of the exam.
B: Prohibiting IMAP and POP3 connections will not prevent the incoming SMTP traffic (which
is the root of the DDoS attack)
D: While this would stop the DDoS attack, it would require a lot of reconfiguration on the
clients, and hence disrupt all the internal e-mail users. This is a violation of the last requirement
of the question.
E: This answer is incorrect for the same reason ?D? is incorrect. Only allowing RPC traffic
would prevent internal clients from connecting. Remember that internal clients will be using
SMTP to communicate. Allowing ONLY RPC traffic will prevent the internal users from
connecting to the Exchange server.


13.QUESTION NO: 13

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain testking.com. The functional level of the domain is Windows Server
2003. The network contains a single Exchange Server 2003 computer that contains a single
storage group with one mailbox store. You perform full nightly backups of the storage
group.
You store the transaction log files on drive F and the database files on drive G. You have
created the Recovery Storage Group by using the G:\Exchsrvr\Recovery Storage Group
path for the restored database files.
A user named Tess reports that she can no longer access any network files and that her
mailbox is not functioning. Other users report that they cannot find Tess?s name in the
global address list (GAL). You discover that Tess?s Active Directory account was deleted 20
minutes ago. You re-create Tess?s accounts in Active Directory.
You need to ensure that Tess has access to her most current e-mail message. Your solution
must result in the least amount of mailbox downtime for Tess.
What should you do?

A. Create a new mailbox for Tess.
Restore the Exchange database to the Recovery Storage Group.
Mount the mailbox store.
Use Exmerge to extract Tess?s mailbox to a .pst file.
Deliver this .pst file to Tess.
B. Create a new mailbox for Tess.
Restore the Exchange database to the Recovery Storage Group.
Mount the mailbox store.
Use Exmerge to merge Tess?s old mailbox data into her new mailbox.
C. Set up a recovery mailbox server.
Restore the Exchange database.
Use Exmerge to extract Tess?s mailbox to a .pst file.
Deliver this .pst file to Tess.
D. Run the Cleanup Agent.
Use Mailbox Recovery Center to reconnect Tess?s mailbox to her newly created account.

Answer: D

Explanation :
By default Exchange keep any mailbox deleted seven days, to recover a single mailbox
to recover a single mailbox you just need to recreate a deleted USER
ACCOUNT, run the cleanup agent and reconnect the mailbox to the new account
To Restore a Mailbox by Using Exchange System Manager:
1. Start Exchange System Manager
2. If the Display administrative groups option is enabled, expand Administrative
Groups, and then expand AdministrativeGroup (where AdministrativeGroup is the name
of your administrative group).
Note: To display administrative groups, right-click YourOrganization, click Properties,
click to select the Display administrative groups check box, click OK, click OK, and
then restart Exchange System Manager.
3. Expand Servers, expand YourServerName, and then expand YourStorageGroupName.
4. Expand Mailbox Store, right-click Mailboxes, and then click Run Cleanup Agent.
5. Right-click the mailbox that you want to recover, and then click Reconnect.
6. In the list of Microsoft Active Directory directory service accounts that appears, click the
user account where you want the mailbox to connect, and then click OK.
7. Quit Exchange System Manager.
Reference
HOW TO: Recover or Restore a Single Mailbox in Exchange Server 2003 823176

14.QUESTION NO: 14

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain named testking.com. The Exchange organization contains two servers
named Exch1.testking.com and Exch2.testking.com. Both servers run Exchange Server
2003.
Users who have mailboxes on Exch1.testking.com report that their e-mail messages are not
being delivered to other users on the network. However, these users can open their
mailboxes and read the e-mail messages in their mailboxes. You discover that users who
have mailboxes on Exch2.testking.com can send e-mail messages to mailboxes on the same
server. However, e-mail messages sent to mailboxes on Exch1.testking.com are not
delivered. You open Queue Viewer on Exch2.testking.com. The queue information is shown
in the exhibit.
You need to ensure that all users can send and receive e-mail messages.
What should you do? (pictire)

A. Configure the SMTP virtual server on Exch1.testking.com to accept only authenticated
connections.
B. Start the SMTP service on Exch1.testking.com.
C. Configure a mail exchanger (MX) resource record for Exch1.testking.com on the DNS
server that is authoritative for testking.com.
D. Start the IMAP4 and POP3 services on Exch1.testking.com.

Answer: B

Explanation :
These can success if the advanced queuing engine may not be able to access the global catalog
servers or to access the recipient information. In this case the problem is due to the smtp service,
if the service is stopped for any reason the messages can not be resolved to any destination
Incorrect Answers:
A: Configuring Exchange to accept Authenticated connections is used only to permit Domain
authenticated users to send mail. It will not affect mail delivery in this case, as all users have
authenticated connections.
C: Exchange Server does not need to have a MX record to deliver mail within organization.
Exchange use SRV records to locate a Global Catalog through DSaccess component.
D: There is no problem with POP or IMAP protocols. Exchange Server uses MAPI by default
Queue: Messages awaiting directory lookup
Description: This queue contains messages to recipients who have not yet been resolved against
the Microsoft Active Directory service. Messages are also held in this queue while distribution
lists are expanded.
Troubleshooting: Generally, messages accumulate in this queue because the advanced queuing
engine cannot categorize the message. The advanced queuing engine may not be able to access
the global catalog servers or to access the recipient information. Or, the global catalog servers
are unreachable or are performing slowly.
Reference
How to Use Queue Viewer to Troubleshoot Mail Flow Issues 823489

15.QUESTION NO: 15

You are the Exchange administrator for TestKing. The Exchange organization contains a
single Exchange Server 2003 computer named TestKingSrvA. The Exchange server
contains one mailbox store.
The Active Directory administrator informs you that he accidentally deleted a user account
and mailbox. You immediately investigate and discover that the mailbox is still listed in the
mailbox store.
You need to ensure that the user can access the mailbox.
What should you do?
A. Run the Cleanup Agent on the mailbox store.
B. Execute the mailbox management process on the Exchange server.
C. Ask the Active Directory administrator to perform an Active Directory authoritative
restore of the user object.
D. Ask the Active Directory administrator to perform an Active Directory non-authoritative
restore of the user object.

Answer: C

Explanation :
In this case the user account has been deleted along with the mailbox account. It is possible to
recreate the user account and reconnect the mail to the new account, but in that case the new
account will have a new SID and lose any permissions. Therefore, the administrator needs to
perform an authoritative restore for the user that was deleted.
Incorrect answers:
A: Running the Cleanup Agent will show the orphaned mailbox. It can be used to connect to a
recreated account to retrieve mail. However, doing this will not recreate all permissions the
account contained. In addition, a new user account would have to be created to attach the email
account to, and since this is not done, this is not a correct answer.
B: The Mailbox Management process will not affect a Mailbox recovery in any way. Mailbox
Management is used to define Mailbox Recipient Policies
D: Performing a non-authoritative restore would restore the mailbox and the associated account.
However, when the domain controller is restarted, the changes from other domain controllers
would once again remove the user object. Remember that a non-authoritative restore will restore
an object, but it is not authoritative, and hence will be overwritten by any other domain controller
that has newer information.

16.QUESTION NO: 16

You are the Exchange administrator for TestKing. The network contains an Exchange
Server 2003 active/passive cluster that contains nodes named TestKingSrvA and
TestKingSrvB. The cluster contains a single Exchange Virtual Server (EVS).
TestKingSrvA is the preferred owner of the EVS.
TestKingSrvA has intermittent hardware failures that cause it to go offline. When
TestKingSrvA goes offline, the EVS fails over to TestKingSrvB.
You need to change the cluster configuration so that the EVS remains online while you
troubleshoot the cause of the hardware failure.
What should you do?

A. In Cluster Administrator, select the option to move the cluster group to TestKingSrvB.
Remove TestKingSrvA as a possible failover node.
B. In Cluster Administrator, select the option to move the cluster group to TestKingSrvB.
Select the option to prevent failback to TestKingSrvA.
C. Create a new cluster group.
Move all the Exchange cluster resources to the new cluster group.
Select TestKingSrvA and TestKingSrvB as the preferred owners of the cluster, and
ensure that TestKingSrvA is selected at the top of the possible owners list.
D. Create a new cluster.
Move all the Exchange cluster resources to the new cluster group.
Select the option to prevent failback to TestKingSrvA.


Answer: B

Explanation :
Specifying Preferred Owners
During the creation of an Exchange Virtual Server, you have the option of defining a list of
preferred cluster nodes or preferred owners for that server. Cluster Service uses this list of
preferred owners when assigning the Exchange Virtual Server to a node. Cluster Service first
tries to assign the Exchange Virtual Server to the first node in the list. If that node is unavailable,
Cluster Service tries the next node in the list. If that node is unavailable, Cluster Service
continues down the list, until it can assign the Exchange Virtual Server to a node. If Cluster
Service cannot find an available node in the preferred owners list, it tries to fail over to the other
available nodes in the cluster that have Exchange installed.
By default, you do not have to specify any preferred owners. If you do not specify owners,
Cluster Service assigns an Exchange Virtual Server to the next available node that has Exchange
installed.
Specifying Failover Options
When configuring how Cluster Service manages failovers, consider the Threshold and Period
options on the Failover tab (see Figure 8.7). The Threshold setting determines the number of
times that the Exchange Virtual Server can fail over during the failover Period. If the actual
number of failovers exceeds the threshold during the failover period, the Exchange Virtual
Server may be in a failed state, and Cluster Service will not bring it online. The default and
recommended settings for these failover options are to have Exchange fail over 10 times in a
6-hour period.
1. To specify the failover options for an Exchange Virtual Server
On the Failover tab (see Figure 8.7) in the Exchange Virtual Server's Properties dialog box,
type a value for the Threshold and Period options.
Figure 8.7 Failover tab in the Properties dialog box for an Exchange Virtual Server

Setting Failback Options
Used in conjunction with the Failover tab, the Failback tab (see Figure 8.8) helps define what
happens during a failover. On this tab, you have the option of preventing failback from occurring
automatically (the default), or allowing failback to occur automatically.
Preventing Failback If you do not allow an Exchange Virtual Server to fail back, an
administrator must intervene and manually move the server back to the original, preferred node.
This may be your preferred setting because it allows you to control when the failback occurs. For
example, you may want to select Prevent failback if you want to take time to troubleshoot or run
diagnostics on the failed node before allowing the node to take ownership of the Exchange
Virtual Server again.
You can also use this setting to minimize downtime for users. For example, consider a scenario
where a failover that occurs at 3:00 P.M. causes EVS1 to move from Node 1 to Node 4 (the
stand-by node). By preventing failback, you can wait until the end of the work day to manually
move EVS1 back to Node 1, and users do not have to experience downtime waiting for the
server to come back online after the move.
Allowing Failback
By allowing an Exchange Virtual Server to fail back to the preferred node automatically, you can
also specify when this failback should happen: either immediately or during a specified time
interval.
This is the preferred setting if you want to have Cluster Service manage the cluster without any
manual administrator intervention.

To specify the failback options for an Exchange Virtual Server
On the Failback tab (see Figure 8.8) in the Exchange Virtual Server's Properties dialog box,
select the failback options for the server.
Figure 8.8 Failback tab in the Properties dialog box for an Exchange Virtual Server

17.QUESTION NO: 17

You are the Exchange administrator for TestKing. The Exchange organization contains a
single server TestKingSrv that runs Exchange Server 2003. The Exchange server hosts 500
users and contains one storage group and one mailbox store. The size of the mailbox store
is 23 GB. Every night, a full backup is performed on the storage group.
The mailbox store fails. When you attempt to bring it back online, the mailbox store fails to
mount. You discover that the mailbox store is corrupted.
You need to restore all the Exchange mailboxes without losing any data.
What should you do?

A. Restore the mailbox store and the transaction log files.
Replay the transaction log files.
B. Restore the mailbox store but not the transaction log files.
Do not replay the existing transaction log files.
C. Restore the mailbox store but not the transaction log files.
Replay the existing transaction log files.
D. Restore the mailbox store and the transaction log files.
Delete the restored transaction log files.


Answer: A

Explanation :
In order to prevent losing data, the existing transaction logs must be replayed. If the transaction
logs are restored as stated in the question, they would overwrite any logs that currently exist, and
therefore delete any messages that were created from the last backup until the time of the failure.
Incorrect answers:
A: If this option is chosen without specifying a different location for the log files, the restore will
overwrite all transactions that took place from the time of the backup until the time of the failure.
Note that the question does not provide for an alternate recovery location. It must be assumed
that the restore operation takes place in the original location.
B: Not replaying the transaction log files will result in a database that is current up until the time
of the backup, but not after that. This is a violation of the requirement that the most current data
be available, and disqualifies this from being a possible answer.
D: Simply restoring the transaction log files is not enough. The log files must also be replayed.
To restore then delete the log files accomplishes nothing. Only the data that was in the database
at the time of the backup would be usable.
Following is the procedure to replay the logs:
To work around this behavior and replay the logs, you must copy all the transaction logs that
you want to recover to the temporary restore folder that you defined in the restore process. To
copy all the transaction logs that you want to recover to the temporary restore folder and then
replay the logs, follow these steps:
Restore all the online backups to the recovery server:
Click Start, point to Programs, point to Accessories, point to System Tools, and then click
Backup.
Click the Restore tab, click to select the files to restore, and then click Start Restore.
In the Restoring Database Store dialog box, type the name of the folder where you want to
temporarily locate the log files in the Temporary location for the log and patch files box, and
then click OK.
Important
Do not click to select the Last Backup Set check box. You can only copy all the transaction logs
to the temporary restore folder before you start the manual replay process if you leave this check
box unselected.
In the Enter Backup File name dialog box, enter the location of the backup file, and then click
OK.
Copy all the offline log files to the Temp_restore_folder\Storage_group_name folder, where
Temp_restore_folder is the temporary restore folder that you defined in the restoration process
and Storage_group_name is the name of the storage group.

Make sure that the log files are contiguous.
Log replay only plays forward as long as the sequence is contiguous. When the sequence is
interrupted, replay stops.
After you are satisfied with the state of the log files, switch to the
Temp_restore_folder\Storage_group_name folder, and then run either of the following
commands from the command prompt:
c:\exchsrvr\bin\eseutil /cc
-orc:\
program files\exchsrvr\bin\eseutil /cc
These commands force an Eseutil manual log recovery. After this process is complete, you can
manually mount the databases that you restored.
Overview of the Exchange 2003 Restore Process
When a restore operation begins, Backup informs the extensible storage engine (ESE) that the
process has begun, causing ESE to enter restore mode. Next, the database is copied from the
backup media directly to the database target path (a database is comprised of a pair of files: an
.edb file and a .stm file). ESE then creates an extra storage group in which to mount the
databases; this storage group is separate from the original storage group in which the databases
are located. Finally, the associated log and patch files are copied to a temporary folder.
Note: To specify the temporary location for the log and patch files, use the Temporary location
for log and patch files option in Backup. For each storage group that you restore, Exchange
creates a subfolder within the specified temporary directory; therefore, you can simultaneously
restore multiple databases within the same storage group in the same job. If you perform separate
restore jobs simultaneously, you should specify a different temporary folder for each restore job
so you can perform a hard recovery without interfering with other databases running in the
storage group.
References:
You Cannot Mount the Information Store Database After an Online Restore 823016
MS white paper Disaster Recovery for MicrosoftR Exchange 2000 Server
HOW TO: Use the Eseutil Utility to Perform a Checksum Procedure on a streaming file 823167
Offline Backup and Restoration Procedures for Exchange 296788


18.QUESTION NO: 18

You are the Exchange administrator for Acme. TestKing has a business partnership with
Testking. The two companies share a single network and a single Exchange organization.
Each company has its own Active Directory domain named testking.com. The domains are
named acme.com and testking.com, respectively. Both domains are contained in a single
forest. The relevant portion of the network configuration is shown in the Network exhibit.
A new e-mail design document states the following requirements:
.. All inbound Internet e-mail messages for acme.com must be delivered to
Exch1.acme.com. If this server is not available, the e-mail messages must be
delivered to TestKing1.testking.com.
.. All inbound Internet e-mail messages for testking.com must be delivered to
TestKing1.testking.com. If this server is not available, the e-mail messages must be
delivered to Exch1.acme.com.
You discover that mail1.testking.com and Exch1.acme.com receive equal numbers of
Internet e-mail messages that are intended for acme.com. mail1.testking.com and
Exch1.acme.com also receive equal numbers of Internet e-mail messages that are intended
for testking.com. You use the nslookup command to view the Internet mail exchanger
(MX) resource records for the two domains. The output is shown in the Nslookup exhibit:
You need to ensure that the e-mail messages for each domain are delivered as stated in the
e-mail design document.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two)

A. Set the priority for the Exch1.acme.com MX record in acme.com to 20.
B. Set the priority for the Exch1.acme.com MX record in testking.com to 20.
C. Set the priority for the mail1.testking.com MX record in acme.com to 20.
D. Set the priority for the mail1.testking.com MX record in testking.com to 20.
E. Remove the MX record for Exch1.acme.com from the testking.com zone.
F. Remove the MX record for mail1.testking.com from the acme.com zone.

Answer: B, C

Explanation:
In this case with a MX cost of 10 mail will be routed to his domain until the connector fail and
use the next on cost 20, this apply to both domains
Exchange 2003 provides load balancing in the form of a round-robin DNS between servers, both
sources and targets. A round-robin DNS is a mechanism that directs incoming requests to servers
on a rotating basis. This is done by looping through a list of IP addresses belonging to the servers
in the configuration. When an e-mail client attempts to access a mailbox on an Exchange server,
the client is given the first IP address on the list. The second client request is given the second IP
address in the list, and so on. If there are four servers on the round-robin list, all four IP
addresses are used before the first IP address is used again, and the loop starts over. In addition,
Exchange 2003 offers improvements over the Exchange 5.5 Site Connector if one of the source
bridgehead servers is down
Exchange connectors automatically try not to use that server until it comes back up. If there are
multiple connectors with the same cost, each server picks a random connector and uses it for a
period of time. Over multiple servers, this functionality simulates round-robin behavior.
Reference :
Exchange server Resource Kit
Chapter 7 - Migrating Transports, Connectors, and Hubs

19.QUESTION NO: 19

You are the Exchange administrator for TestKing. The Hong Kong and Tokyo offices each
have a routing group that contains an Exchange Server 2003 computer. The two Exchange
servers are named HongKongMail and TokyoMail.
You add a new office names Beijing to the network. The Beijing office has a routing group
that contains an Exchange Server 2003 computer named BeijingMail. The relevant portion
of the network is configured as shown in the exhibit.
You test the connectivity from HongKongMail to BeijingMail by running the ping
command, but you receive no response. You can ping TokyoMail from HongKongMail and
you can ping TokyoMail from BeijingMail. You perform a test on HongKongMail by
running the tracert command, and you receive the following result.
You need to enable network connectivity between HongKongMail and BeijingMail. All
changes will be implemented by the network administrator.
Which action should you ask the network administrator to perform?

A. On HongKongMail, create a static IP route to 131.107.30.10.
B. On Router1, create an IP route to the 131.107.30.10.
C. On Router1, create an IP route to the 131.107.30.0 network.
D. On Router4, create an IP route to the 131.107.30.0 network.

Answer: C

Explanation :
The tracert command shows us:
? First HOP IP address 131.107.10.1
? Second Hop IP address 131.107.1.1 (Internet router)
One Network hop is the router 1 IP 131.107.10.1 and next one 131.107.1.1 this means that router
one does not have a default route to reach the Beijing network 137.107.30.x and BeijingMail
Server IP 131.107.30.10.
In this case we need to add to router one a route to reach Beijing network
Reference
Basic Routing


20.QUESTION NO: 20

You are the Exchange administrator for TestKing. The company operates a main office
and one branch office. Both offices are connected to the Internet. A VPN provides
interoffice connectivity. The relevant portion of the network is configured as shown in the
exhibit.
The network consists of a single Active Directory domain testking.com. Each office
contains one domain controller and one server that runs Exchange Server 2003. The
domain controllers are name DC1 and DC2. The Exchange servers are named TestKing1
and TestKing2. In each office, all user mailboxes are hosted on the local Exchange server.
Microsoft Outlook is the only e-mail client in use.
When users in the branch office send e-mail messages, they report that Outlook sometimes
requires several minutes to resolve user names to e-mail addresses. The problem occurs
intermittently, but it affects all users in the branch office. These users experience no delays
when they open e-mail messages and attachments. Users in the main office no not
experience any delays when they open e-mail messages or when user names resolve to email
addresses.
You need to improve the performance of Outlook name resolution in the branch office.
What should you do?

A. Configure DC2 as a global catalog server.
B. Configure the interoffice VPN to pass LDAP traffic.
C. Configure the client computers in the branch office to authenticate to DC2.
D. Modify Active Directory to place both office networks in the same site.

Answer: A

Explanation:
DS1 is the only Catalog server. Adding a GC to the branch office will enable Exchange to look
up the attributes of the user it needs, and hence resolve the issue. The problem was intermittent
due to traffic on the network. When traffic was high, response was slow.

21.QUESTION NO: 21

You are the Exchange administrator for TestKing. The network consists of two subnets.
The relevant portion of the network is configured as shown in the following diagram.
Subnet A contains 25 client computers that receive their TCP/IP configuration from a
DHCP server. The properties of the subnet A scope on the DHCP server is shown in the
exhibit.
Subnet B contains only a single Exchange Server 2003 computer named TestKing1.
Users in subnet A report that they cannot connect to TestKing1. You run the ping
131.107.50.126 command on a client computer in subnet A. You receive the following error
message: ?Request times out?.
You need to ensure that the client computers in subnet A can connect to TestKing1.
What should you do?

A. Change the IP address of TestKing1 to 131.107.50.130.
B. Change the subnet mask of TestKing1 to 255.255.255.224.
C. Change the IP address of the subnet A interface on Router1 to 131.107.50.65.
D. Change the subnet mask of the client computers in subnet A to 255.255.255.224.
E. Change the default gateway of the client computers in subnet A to 131.107.50.129.


Answer: A

Explanation :
We need to include server in the same network ID as the network card of the router in subnet B
DCHP range, going from IP address 131.107.50.66 to 131.107.50.91.
There are 25 computers. The server IP and the two router IP are out of DHCP scope that mean
static IP configuration is required.
Incorrect Answers :
B: If we change the mask to 255.255.255.224. let us just 30 host per subnet
C: IP is not in the correct range
D: If we change the mask to 255.255.255.224. let us just 30 host per subnet
E: There is no need to change default gateway. Routing in correctly enabled

22.QUESTION NO: 22

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain testking.com that contains two domain controllers. Each domain
controller runs Microsoft Windows Server 2003 and is configured as a DNS server. Each
DNS server is configured with root hints for resolving Internet host names.
The Exchange organization contains two servers that run Exchange Server 2003. One
Exchange server is configured with two network adapters and two SMTP virtual servers.
One SMTP virtual server is configured for internal e-mail, and the other is the bridgehead
server for an SMTP connector that delivers all Internet e-mail messages. The Internet
SMTP virtual server is configured to use a DNS server at an ISP as an external DNS
server.
The firewall configuration for TestKing is modified to permit only domain controllers to
make DNS queries to the Internet. Users report that they can no longer send e-mail
messages to recipients on the Internet. However, they can receive e-mail messages from the
Internet.
You need to ensure that users can use the Internet to send and receive e-mail messages.
What should you do?

A. Reconfigure the network adapater used by the Internet SMTP virtual server to use the
DNS server at the ISP.
B. Reconfigure the Internet SMTP virtual server to not use an external DNS server.
C. Configure the Internet SMTP virtual server to use a smart host to deliver e-mail
messages.
Use the fully qualified domain name (FQDN) of an SMTP server managed by the ISP as
the smart host.
D. Configure the SMTP connector to use a smart host to deliver e-mail messages.
Use the fully qualified domain name (FQDN) of an SMTP server managed by the ISP as
the smart host.

Answer: B

Explanation :
They already have Internet SMTP virtual server configured to use a DNS server at an ISP as an
external DNS server. The problem is this case is DNS queries Each DNS server is configured
with root hints for resolving Internet host names also the firewall configuration is modified
to permit only domain controllers to make DNS queries to the Internet. Because in the ISP
DNS they have a MX for the company domain, they can receive mail from Internet. But in order
to go out smtp connector for the domain must be able to resolve or forward DNS queries to
external domain or in this case to forward DNS resolution to ISP
Exchange 2000 and Exchange 2003 work differently than Exchange Server 5.5. SMTP is an addon
to Exchange Server 5.5 through Internet Mail Service. SMTP is native to Exchange 2000 and
Exchange 2003. Everything is SMTP-based. The default SMTP virtual server (by itself) can
handle all Internet traffic (inbound and outbound).
Typically, the main reason for an SMTP connector is to send mail a certain way to a certain
domain (for example, to forward messages to a specific smarthost for that domain only or to send
HELO instead of EHLO).
To configure the SMTP connector:
1. Start Exchange System Manager.
2. Expand the Administrative Groups container. To do so, click the plus sign (+) to the left
of the container.
3. Click the administrative group that you want to work with, and then expand it.
4. Expand the Routing Groups container.
5. Click the routing group that you want to work with, and then expand it.
6. Click the Connectors container. Right-click the Connectors container, and then click
New.
7. Click SMTP Connector.
8. On the General tab, provide an appropriate identifying name for the connector.
9. Choose to use DNS or forward to a smart host (if you are relaying through an
Internet service provider send-mail server).
10. Under Local Bridgeheads, click Add. Add the server that becomes the bridgehead server
for the routing group. Designate an SMTP virtual server as a bridgehead server for the
SMTP connector.
11. Click the Address Space tab. Under Connector Scope, click either Entire Organization
or Routing Group. As in earlier versions of Exchange Server, when you configure the
Internet Mail Service, click Add, click SMTP, and then click OK. Accept the default (*)
unless you require outbound e-mail domain restriction, and leave the cost as 1.
12. If you have chosen forward all mail to a smart host, click the Advanced tab. Click the
Outbound Security option, and then select an appropriate authentication method for
your relay host. The default is Anonymous Access.
13. Click OK to exit Outbound Security.
14. Click OK to exit the Advanced tab.
15. Click OK to exit the SMTP connector.
16. Quit the Microsoft Exchange Routing Engine service and the SMTP service for these
changes to take effect.
Addressing
Exchange stores recipient addresses in a directory. Rather than requiring a user to supply the
recipient's address for each message, the user only needs to type the recipient's name, which
Exchange then resolves into a complete address. The user must supply addresses for recipients
who are not in the Address Book. Although users see only the names or the e-mail aliases in the
Address Book, the directory is a database (and a service) that contains additional addressing
information for name resolution and routing purposes.
Addresses have two parts:
? A site address for each Exchange computer. Exchange uniquely identifies sites by using
the c, a, p, and o components of the originator/recipient O/R address space.
? A recipient address for each mailbox.
Site and recipient addresses are stored in the directory. Custom addresses also can be created for
recipients on foreign mail systems. Exchange creates a site address using the organization name
and site name that you provided during setup. Because recipient addresses are created using site
addresses, confirm that you have valid site addresses before you add mailboxes or connectors.
Exchange defines the following address types that can be present in the gateway routing table
(GWART), which the MTA searches when it is routing a message to the appropriate connectors:
EX Denotes a distinguished name on Exchange. This address type is searched only when a
distinguished name for the recipient exists in the directory.
MS Denotes Microsoft Mail for PC Networks.
SMTP Denotes the standard Internet mail protocol Simple Mail Transport Protocol.
X400 Denotes the O/R address, which is used for addressing under the X.400 protocol.
The address types MS and SMTP are created automatically during setup. If you install other
gateways, Exchange also generates other address types.
Reference
Part 10 - Exchange Architecture
How to Configure the SMTP Connector in Exchange 265293
g the way in IT testing and certification tools, www.testking.com

23.QUESTION NO: 23

You are the Exchange administrator for TestKing. The Exchange organization contains 10
servers that run Exchange Server 2003. All users send and receive e-mail messages by
using Microsoft Outlook.
TestKing has many different departments and a total of 10,000 users. For each department,
management asks you to create one address list that contains all users in that department.
Management also asks you to create a confidential address list. The membership of the
confidential address list will consists of several users from every department.
For each department, you create an address list that uses the department attribute.
Now you need to create the confidential address list. You must ensure that members of the
Managers group are the only users who can identify the members of the list by using
Outlook. You must not affect any existing e-mail functionality.
What should you do?

A. Modify the permissions on the user accounts of individuals in the confidential address list
so that only the Managers group has permission to send e-mail messages to these
accounts.
Create a confidential address list that includes the required user accounts.
B. Modify the permissions on the user accounts of the individuals in the confidential address
list so that only the Managers group has permission to view these accounts.
Create a confidential address list that includes the required user accounts.
C. Configure the department attribute as Confidential for the user accounts of individuals in
the confidential address list.
Create an address list that uses the department attribute.
Modify the permissions on the address list so that only the Managers group has
permission to view its membership.
D. Configure a custom attribute as Confidential for the user accounts of individuals in the
confidential address list.
Create an address list that uses the custom attribute.
Modify the permissions on the address list so that only the Managers group has
permission to view its membership.


Answer: D

Explanation:
In order to prevent affecting the current e-mail functionality, the use of a custom attribute is
required. There are 15 custom attributes available in Exchange 2003 for defining things such as
special memberships. Enabling and grouping based on these attributes will not affect any other
distribution lists.
Incorrect answers:
A: Modifying permissions on individual accounts will change the memberships of the existing
groups. Other users will not be able to send mail to these modified users, and this would disrupt
the existing e-mail functionality.
B: Modifying permissions so only managers will be able to see the accounts will also disrupt the
existing functionality, as anytime a user wants to send to anyone in this group (whether they
want to send to the whole group or not does not matter) they will not be able to see them.
Remember that the purpose of the confidential group is not to hide the members from getting
normal mail, but to hide the fact that these people are in a confidential group.
C: Configuring the Departmental attribute in this way will prevent the users in the group from
receiving normal departmental mail. This will disrupt the normal e-mail functionality. In
addition, the users will not be seen by their own departments.
Reference :
Exchange 2003 Admin HELP


24.QUESTION NO: 24

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain testking.com. A single Exchange organization contains servers that run
Exchange Server 2003. The domain contains 500 Contact objects that represent company
customers. The Contact objects are used by all users and updated infrequently. The
domain also contains mailbox-enabled users.
TestKing acquires another company Acme. The other company?s network consists of a
single Active Directory domain acme.com. A single Exchange organization contains servers
that run Exchange Server 2003. The other company?s domain contains 200 Contact objects
that represent company customers and are updated frequently.
Microsoft Outlook is the only e-mail client in use in both companies.
Written security polices state that users in one domain must no have any security
permissions in the other domain, including the permission to read Active Directory
information.
You need to enable users in both companies to send e-mail messages to the Contact objects
from both domains.
What should you do?

A. Configure a two-way trust relationship between the domains.
Configure SID filtering so that SIDs in one domain cannot be used in the other domain.
B. Use Active Directory Users and Computers to export the Contact objects from each
domain. Then use an import utility to import the objects into the other domain.
C. Configure Outlook in each domain to make LDAP queries against the other company?s
domain.
D. Configure DNS in each domain to use DNS server in the other domain as a forwarder.

Answer: B

Explanation :
Domain and Forest Partitioning
Because of the tight integration between Exchange and Active Directory, the Active Directory
forest structure directly affects your Exchange planning. There is a one-to-one relationship
between an Active Directory forest and an Exchange organization. An Exchange organization
can span only a single Active Directory forest. Likewise, an Active Directory forest can host
only a single Exchange organization. Understanding your current forest structure and the
reasoning behind those design decisions can help you to decide whether to use an existing forest
to host Exchange or whether to create a new forest to host Exchange.
Although the recommended design for Active Directory consists of a single Active Directory
forest for the entire organization. Your organization may contain multiple forests that represent
separate business units. One reason this design may be necessary is if your organization needs
strict security boundaries between the directories for each business unit.
In a multiple forest scenario, you need to determine which forest is to host Exchange. To reduce
the administrative burden, you also need to implement a provisioning method so that changes
made in one forest are propagated to the other forests, for example, by using Microsoft Identity
Integration Manager (MIIS). Another option is to create a separate forest dedicated to running
Exchange. By default you can not access from one Exchange Organization GAL (Global
Address Book), to another Exchange Organization GAL (Global Address Book), including if
they have a trust relation between forests
You will need to use some as Microsoft Identity Integration Server to sync both directories.
So the only way that they can take is to import export the contacts
References
Planning an Exchange Server 2003 http://www.microsoft.com/exchange/library
Messaging System
Exchange 2000 Server Resource KIT
Chapter 5 - Active Directory Integration and Replication

25.QUESTION NO: 25

You are the Exchange administrator for TestKing. The network consist of a single Active
Directory domain named testking.com. Exchange Server 2003 is used as the companywide
messaging system. The Exchange organization includes two mailbox servers. The perimeter
network contains one front-end server named madrid1.testking.com, which hosts Microsoft
Outlook Web Access. The relevant portion of the network is configured as shown in the
exhibit.
The external firewall is configured to allow limited access to the servers on the perimeter
network and the internal network. Internet users access all servers behind the external
firewall by using the IP address of the firewall?s external interface. The internal firewall is
configured to allow limited access to the servers on the internal network by using the actual
IP address of each internal servers.
Users report that they cannot access madrid1.testking.com from the internal network or
the Internet.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two)

A. On the perimeter DNS server, configure a new host (A) resource record that maps
madrid1.testking.com to the IP address of the external interface of the external firewall.
B. On the perimeter DNS server, configure a new host (A) resource record that maps
madrid1.testking.com to the actual IP address of the server.
C. On the internal DNS server, configure a new host (A) resource record that maps
madrid1.testking.com to the IP address of the external interface of the external firewall.
D. On the internal DNS server, configure a new host (A) resource record that maps
madrid1.testking.com to the actual IP address of the server.

Answer: A, D

Explanation:
They have OWA in the perimeter zone known as DMZ, they have two cards one card is
connected to internal network, and the other card is the external IP address that is accessed from
Internet.
If we would like to provide access to the OWA in the perimeter we need to provide DNS
resolution for their IP in the internal LAN, to do that we just need to add their internal IP LAN to
our internal DNS
If we would like to provide external access from internet we need to provide DNS resolution
form our external DNS to the external IP address of OWA server
Securing Exchange with ISA Server 2000
As a best practice alternative to locating your front-end Exchange 2003 servers in the perimeter
network, deploy ISA Server. ISA Server acts as an advanced firewall that helps control Internet
traffic entering your network. When you use this configuration, you locate all your
Exchange 2003 servers within your corporate network, and use ISA Server as the advanced
firewall server exposed to Internet traffic in your perimeter network.
All inbound Internet traffic bound to your Exchange servers, such as Outlook Web Access, RPC
over HTTP communication from Outlook 2003 clients, Outlook Mobile Access, POP3, IMAP4,
and so on are processed by your ISA Server. When ISA Server receives a request to an Exchange
server, ISA Server proxies the requests to the appropriate Exchange servers on your internal
network. The internal Exchange servers return the requested data to the ISA Server, and then
ISA Server sends the information to the client through the Internet. Figure 4.1 shows an example
of a recommended ISA deployment.
References
Planning an Exchange Server 2003 http://www.microsoft.com/exchange/library


26.QUESTION NO: 26

You are the Exchange administrator for TestKing. The Exchange organization contains a
single Exchange Server 2003 computer.
Users at TestKing frequently exchange e-mail with another company. A new security
agreement between the two companies specifies that all e-mail containing proprietary
information must be encrypted when it is transmitted across the Internet. The other
company does not have a public key infrastructure. The other company?s management
refuses to use a commercial certification authority (CA) to obtain certificates for its users.
However, they are willing to purchase a small number of certificates for their servers.
You need to ensure that e-mail transmitted across the Internet complies with the new
security agreement.
What should you do?

A. Obtain digital certificates for each user in TestKing.
Instruct each user to send digitally signed messages to all users at the other company.
B. Configure your Exchange server to use Transport Layer Security (TLS) when it connects
to the mail server at the other company.
Instruct the e-mail administrator at the other company to configure its mail server in the
same way.
C. Configure your Exchange server to use IPSec to encrypt all outgoing SMTP traffic.
D. Configure the Exchange HTTP virtual server to require SSL connections.


Answer: A

Explanation :
They can avoid using commercial PKI infrastructure using TLS
Incorrect Answers :
A: other company?s management refuses to use a commercial certification authority
C: IPSEC encrypt but they need to use certificates or preshared key and encrypt the
communication not the mail
D: They do not tell us that they are using OWA to communicate
Use TLS Encryption
You can require that all clients use Transport Layer Security (TLS) encryption, a generic
security protocol similar to Secure Sockets Layer (SSL), to connect to an SMTP virtual server.
This option secures the connection, but it is not used for authentication.
To enable TLS encryption on a virtual server, you must create key pairs and configure key
certificates on the Exchange server running the SMTP Service. This can be done through IIS.
Clients can then use TLS to encrypt the session with Exchange, and thus all messages sent.
Exchange can also use TLS to encrypt sessions with remote servers.
Note If your virtual server is on the Internet, requiring TLS encryption on inbound connections
is not recommended. Very few of these connections will support TLS and users will not be able
to connect to your server. In most cases, it makes more sense to encrypt your mail messages
instead of the SMTP channel. TLS is intended for a point-to-point SMTP connection between
partner organizations, for example, where both parties know the other supports TLS.
Require TLS Encryption
Once you've enabled TLS encryption on your virtual server, you must require it in all client and
server connections.
To require TLS encryption:
1. Start System Manager: On the Start menu, point to Programs, point to Microsoft
Exchange, and then click System Manager.
You can manually start the application by following these instructions: On the Start menu, point
to Programs, point to Microsoft Exchange, and then click System Manager.
2. Navigate to the SMTP virtual server.
1. Servers
2. Server
3. Protocols
4. SMTP
5. SMTP virtual server
3. Right-click the SMTP virtual server, and then click Properties.
4. On the Access tab, under Access control, click Authentication.
5. In Authentication, select Basic authentication.
6. Select the Require TLS encryption check box.
7. In Default domain, type the Windows domain which, by default, will be used to
authenticate users.
Note Users outside the default domain will also be able to authenticate, provided an Active
Directory trust relationship exists between their domain and the default domain. Users outside
the default domain will have to specify the domain authorized to validate their credentials.
8. To return to the Access tab, click OK.
9. Under Secure communication, click Communication.
10. In Security, select the Require secure channel check box.
Reference
Exchange 2003 Server Help

27.QUESTION NO: 27

You are the Exchange administrator for TestKing. The network consists of a single
network subnet connected to the Internet by means of a firewall. The network contains two
Exchange Server 2003 computers named TestKing1 and TestKing2. TestKing1 contains all
user mailboxes. TestKing2 is configured as a front-end server and hosts Microsoft Outlook
Web Access. The firewall is configured to allow incoming HTTPS traffic to each
TestKing2.
The network is reconfigured to include a perimeter network. The perimeter network is
connected to the internal network by means of a new firewall. TestKing1 remains on the
internal network, and TestKing2 is relocated to the new perimeter network.
Internet users now report that Outlook Web Access in inaccessible. You confirm that all
services on TestKing2 start normally and that internal users can access their mail by using
Microsoft Outlook to connect to TestKing1.
You need to ensure that Internet users can access Outlook Web Access over an encrypted
connection.
What should you do?

A. Configure the internal firewall to allow HTTP traffic to pass from TestKing2 to
TestKing1.
B. Configure the external firewall to allow HTTP traffic to pass from the Internet to
TestKing2.
C. Configure the internal firewall to pass LDAP queries from TestKing2 to a domain
controller on the internal network.
D. Configure the external firewall to allow RPC traffic to pass from the Internet to
TestKing2.


Answer: A

Explanation :
They tell us that you need to ensure that Internet users can access Outlook Web Access over an
encrypted connection that discards answer A and B because firewall is configured to allow incoming
HTTPS traffic toachTestKing2. Also if we just open LDAP queries we still needing more ports to open
between firewall, for this reason the only answer valid is D
HTTP communication between the front-end and back-end servers is not encrypted. In cases when the
front-end and back-end servers are maintained in a separate subnet, this is not a concern. However, if
front-end and back-end servers are kept in separate subnets and network traffic must pass over
unsecured areas of the corporation, Microsoft recommends that this traffic be encrypted to protect
passwords and data
The MicrosoftR remote procedure call (RPC) over Hypertext Transfer Protocol (HTTP) implementation
(RPC/HTTP) allows RPC clients to more securely and efficiently connect across the Internet to RPC
server programs and execute remote procedure calls.
? Option 1 (recommended) Deploy an advanced firewall server such as Internet Security and Acceleration (ISA) Server
in the perimeter network, and position your RPC Proxy server within the corporate network.
? Option 2 Position the Exchange 2003 front-end server acting as an RPC Proxy server in the perimeter network.
Because they do not tell us that they are using an ISA firewall we must assume that they are using RCP
over http or classic approach
The classic approach require following ports
Front-End Server(s) in a Perimeter Network
RPC over HTTP System Requirements
To use RPC over HTTP, you must run Windows Server 2003 on the following computers:
Source Destination Service Protocol and port
Internet/External Perimeter Network HTTP TCP 80
HTTPS TCP 443
IMAP4 TCP 143
IMAP4TLS TCP 993
Perimeter Network Internal/Private Network DNS TCP, UDP 53
HTTP TCP 80
RPC EP Mapper TCP 135
KERBEROS TCP UDP 88
LDAP TCP 389
NETLOGON TCP 445
DSAccess (GC) TCP 3268
TCP High Ports TCP 1024+
? All Exchange 2003 servers that will be accessed with Outlook 2003 clients using RPC over
HTTP.
? The Exchange 2003 front-end server acting as the RPC Proxy server.
? The global catalog server used by Outlook 2003 clients and the Exchange 2003 servers
configured to use RPC over HTTP.
Exchange 2003 must be installed on all Exchange servers that are used by the computer designated as
the RPC Proxy server. Additionally, all client computers running Outlook 2003 must also be running
Microsoft Windows XP Service Pack 1 (SP1) or later with the "Windows XP Patch: RPC Updates Needed
for Exchange Server 2003 Beta" (http://go.microsoft.com/fwlink/?LinkId=16687) update installed.
Table 8.2 Default required ports for RPC over HTTP
Server Ports (services)
Exchange back-end servers 593 (end point mapper)
6001 (Store)
6002 (DS referral)
6004 (DS proxy)
Global catalog server 593 and 6004
Securing the Exchange Messaging Environment
As a best practice alternative to locating your front-end Exchange 2003 servers in the perimeter network,
deploy Microsoft Internet Security and Acceleration (ISA) Server 2000. ISA Server act as advanced
firewalls that control Internet traffic entering your network. When you use this configuration, you put all of
your Exchange 2003 servers within your corporate network, and use ISA Server as the advanced firewall
server exposed to Internet traffic in your perimeter network.
All inbound Internet traffic bound to your Exchange servers (such as Microsoft Office Outlook Web
Access, RPC over HTTP communication from Outlook 2003 clients, Outlook Mobile Access, Post Office
Protocol version 3 (POP3), Internet Message Access Protocol version 4rev1 (IMAP4), and so on) is
processed by the ISA Server. When ISA Server receives a request to an Exchange server, ISA Server
proxies the requests to the appropriate Exchange servers on your internal network. The internal
Exchange servers return the requested data to the ISA Server, and then ISA Server sends the
information to the client through the Internet. Figure 8.1 shows an example of a recommended ISA Server
deployment.
Figure 8.1 Deploying Exchange 2003 behind ISA Server
Securing Communications Between the Client and Exchange Front-End Server
To secure data transmitted between the client and the front-end server, it is highly recommended that you
enable the front-end server to use Secure Sockets Layer (SSL). In addition, to ensure that user data is
always secure, you should disable access to the front-end server without SSL (this option can be set in
the SSL configuration). When using basic authentication, it is critical to protect the network traffic by using
SSL to protect user passwords from network packet sniffing.
Warning
If you do not use SSL between clients and the front-end server, HTTP data transmission to your front-end
server will not be secure. It is highly recommended that you configure the front-end server to require SSL.
It is recommended that you obtain an SSL certificate by purchasing a certificate from a third-party
certification authority (CA). Purchasing a certificate from a certification authority is the preferred method
because the majority of browsers trust many of these certification authorities.
As an alternative, you can use Certificate Services to install your own certification authorities. Although
installing your own certification authority may be less expensive, browsers will not trust your certificate,
and users will receive a warning message indicating that the certificate is not trusted. For more
information about SSL, see Microsoft Knowledge Base article 320291, "XCCC: Turning On SSL for
Exchange 2000 Server Outlook Web Access"
Securing Communications Between Exchange Front-End Server and Other Servers
After you secure your communications between the client computers and the Exchange front-end servers,
you must secure the communications between the Exchange front-end server and back-end servers in
your organization. HTTP, POP, and IMAP communications between the front-end server and any server
with which the front-end server communicates (such as back-end servers, domain controllers, and global
catalog servers) is not encrypted. When the front-end and back-end servers are in a trusted physical or
switched network, this lack of encryption is not a concern. However, if front-end and back-end servers are
kept in separate subnets, network traffic may pass over unsecured areas of the network. The security risk
increases when there is greater physical distance between the front-end and back-end servers. In this
case, it is recommended that this traffic be encrypted to protect passwords and data.
Using IPSec to Encrypt IP Traffic
Windows 2000 supports Internet Protocol security (IPSec), which is an Internet standard that allows a
server to encrypt any IP traffic, except traffic that uses broadcast or multicast IP addresses. Generally,
you use IPSec to encrypt HTTP traffic; however, you can also use IPSec to encrypt Lightweight Directory
Access Protocol (LDAP), RPC, POP, and IMAP traffic. With IPSec you can:
Configure two servers running Windows 2000 to require trusted network access.
Transfer data that is protected from modification (using a cryptographic checksum on every packet).
Encrypt any traffic between the two servers at the IP layer.
In a front-end and back-end topology, you can use IPSec to encrypt traffic between the front-end and
back-end servers that would otherwise not be encrypted. For more information about configuring IPSec
with firewalls, see Microsoft Knowledge Base article 233256, "How to Enable IPSec Traffic Through a
Firewall
Reference
Exchange 2003 Deployment guide
Planning Outlook Web Access Servers
Exchange 2003 RPC over HTTP Deployment Scenarios
Exchange Server 2003 Message Security Guide
Using ISA Server with Exchange 2003


28.QUESTION NO: 28

You are the Exchange administrator for TestKing. The network serves two offices named
West and East. Each office contains an Exchange Server 2003 computer.
Each office has an Exchange routing group. The Exchange server in the West routing
group is named TestKing1. The Exchange server in the East routing group is named
TestKing2. The Exchange topology is shown in the following diagram.
A financial application that runs on a server in the West office generates a 15-MB
automated report every morning at 8:00 A.M. The report is automatically sent from a
mailbox on TestKing1 to a mailbox on TestKing2. Because the report is not needed until
the next day, it is sent with low priority.
While the message that contains the automated report is being sent, the delivery of other
messages between the West and East offices is delayed. Other users are allowed to send
only messages that are smaller than 2,000 KB.
You need to ensure that the sending of the automated report does not delay the delivery of
any other messages between the West and East offices.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two)

A. Configure the West-East routing group connector to deliver messages throughout the day.
B. Configure the West-East routing group connector to allow only Normal and High priority
messages.
C. Configure the West-East routing group connector to use an allowed maximum message
size of 2,000 KB.
D. Configure the West-East routing group connector to use a custom schedule that allows
message delivery only after 6.00 P.M.
E. Configure the West-East routing group connector to use a custom schedule that allows
message delivery only after 6:00 P.M. for messages larger than 15,000 KB.


Answer: C, E

Explanation :
Because users are allowed to send only messages that are smaller than 2,000 KB you can
not choose A as valid answer because Configure the West-East routing group connector to
deliver messages throughout the day this will permit will permit messages to exceed 2,000 KB
limits we need choose C to limit users over 2,000 Kb quota
Also you need to ensure that the sending of the automated report does not delay the
delivery of any other messages between the West and East offices you do not need to send
the report until the next day, you will need to send it with low priority.
They tell us
A financial application that runs on a server in the West office generates a 15-MB
automated report every morning at 8:00 A.M.
You will nee to configure the routing group for To specify delivery times based on message size,
select Use different delivery times for oversize messages. In Oversize messages are greater
than (KB), type the size, in kilobytes, of messages you want to designate as oversized. Under
Connection time, specify times when oversize messages are sent, as described in the previous
step. In this case the limit will be 15-MB
Configure Routing Group Connector Delivery Options
On a Routing Group connector's Delivery Options tab, you can specify when messages are sent
through the connector and define a separate delivery schedule for large messages.
To configure Routing Group connector delivery options:
1. Start System Manager: On the Start menu, point to Programs, point to Microsoft
Exchange, and then click System Manager.
You can manually start the application by following these instructions: On the Start menu, point
to Programs, point to Microsoft Exchange, and then click System Manager.
2. Navigate to Connectors.
If you do not have routing groups defined:
System Manager
1. Administrative Groups
2.
3. Connectors
If you do have routing groups defined:
System Manager
4. Administrative Groups
5.
6. Routing Groups
7.
8. Connectors
3. Right-click a routing group connector, click Properties, and then click the Delivery
Options tab.
4. To specify times when messages are sent through the connector, under Connection
Time, select one of the standard values in the drop-down list. The default is Always run.
- OR -
Click Customize and select the appropriate connection times on the timetable grid. To change
the level of detail on the grid, in Detail view, select 1 hour or 15 Minutes.
5. To specify delivery times based on message size, select Use different delivery times for
oversize messages. In Oversize messages are greater than (KB), type the size, in
kilobytes, of messages you want to designate as oversized. Under Connection time,
specify times when oversize messages are sent, as described in the previous step.
Configuring Message Routing
Microsoft Exchange 2003 Server is designed to serve companies of all sizes. Smaller companies
can meet all of their messaging and collaboration needs using a single computer running
Exchange. Larger companies may require more complex configurations, with connections
between multiple computers running Exchange or between Exchange and other messaging
systems.
An Exchange mail system, or organization, consists of one or more computers, or servers, on
which Exchange is installed. In all but the smallest Exchange installations, you will likely need
to configure multiple computers running Exchange to work together. Within some groups of
computers, servers are connected by reliable, permanent connections. Groups of servers linked
together in this way are called a routing group. Between routing groups, connections may be
unreliable or slower.
Routing group configuration becomes necessary only when you need to connect two or more
routing groups or when you install connectors to foreign messaging systems in your Exchange
installation. Communication between routing groups is handled by Exchange Routing Group
connectors.
After you determine the topology for your messaging system, the topics in this section provide
the background information you need to connect computers running Exchange and to understand
how messages are routed from one computer to another.
Reference
Exchange server 2003 Admin Help


29.QUESTION NO: 29

You are the Exchange administrator for TestKing. The company intranet is protected by a
firewall. The Exchange organization includes a server named TestKingSrvA, which runs
Exchange Server 2003. TestKingSrvA contains only public folders. It does not contain user
mailboxes.
Currently, your customers send comments in e-mail messages to an alias named
Comments. These e-mail messages are received by the customer service manager.
Management decides to collect customer comments in one location so they can be easily
viewed by all users. You remove the Comments e-mail SMTP address from the mailbox of
the customer service manager. You use Exchange System Manager to create a new public
folder named Comments and TestKingSrvA. Then you send a test e-mail message to the
Comments e-mail address. You receive a non-delivery report (NDR).
You need to ensure that customers will be able to send comments to the Comments alias,
and that the comments will be saved in the new Comments folder.
What should you do?

A. Modify the configuration of the Comments folder so that it is mail-enabled.
B. Modify the configuration of the firewall to allow SMTP traffic to pass from the Internet
to TestKingSrvA.
C. On your DNS server, create a mail exchanger (MX) resource record that has a priority of
10 and that points to the host (A) resource record for TestKingSrvA.
D. In Active Directory, create a new Contact object named Comments.
Configure the contact object to have the Comments e-mail alias as its e-mail address.


Answer: A

They tell us
You use Exchange System Manager to create a new public folder named Comments and
TestKing1. You will need to mail enable the public folder
Create a Mail-Enabled Public Folder
To configure folder properties related to sending and receiving mail, you must first enable the
folder and then use the tabs to configure settings for your organization.
To create a mail-enabled public folder:
1. Start System Manager: On the Start menu, point to Programs, point to Microsoft
Exchange, and then click System Manager.
You can manually start the application by following these instructions: On the Start menu, point
to Programs, point to Microsoft Exchange, and then click System Manager.
2. If administrative groups are displayed, expand Administrative Groups, and then expand
the group you want to work with.
3. In the console tree, expand Folders, and then expand the folder tree containing the folder
you want to work with.
4. Right-click the folder, point to All Tasks, and then click Mail Enable.
mail-enabled: An Active Directory object that has at least one e-mail address defined. If the user
is mail-enabled, the user has an associated e-mail address, but does not have an associated
Exchange mailbox.
Reference
Exchange Server 2003 Server admin help

30.QUESTION NO: 30

You are the Exchange administrator for TestKing. The newly deployed Exchange
organization contains a single Exchange Server 2003 computer named TestKingB.
TestKing?s intranet does not have a full-time Internet connection. A demand-dial router
connects the intranet to the company?s ISP.
The ISP gives TestKing a user account and static IP address. The ISP agrees to queue
TestKing?s e-mail on its SMTP server so that TestKingB can retrieve the queued e-mail.
You discover that TestKingB is not receiving e-mail from the Internet.
You need to ensure that Excah1 can retrieve e-mail that is stored at the ISP.
What should you do?

A. Configure an SMTP connector that sends the HELO command.
B. Configure an SMTP connector to forward all outbound messages to the ISP?s SMTP
server and to issue an ETRN command.
C. Configure your SMTP virtual server to use the ISP?s SMTP server as a smart host.
D. Configure your SMTP virtual server to use the same DNS server that is used by the ISP?s
SMTP server as an external DNS server.

Answer: B

Configure SMTP Advanced Options
In addition to the standard SMTP specification, there is an update called Extension to SMTP
(ESMTP). Not all mail servers are capable of using ESMTP, but it is becoming increasingly
common. The SMTP sender starts a session by issuing one of two start commands, HELO for
SMTP and EHLO for ESMTP. The type of start command determines whether SMTP or ESMTP
is used for the session. Because some servers cannot use ESMTP, you can configure Exchange to
send the HELO command to specified domains through the SMTP connector.
To save money, many small companies maintain transient connections to their service providers.
In addition, sometimes the client (the SMTP sender) depends on mail arriving quickly. Forcing
the queues on the server belonging to the client's service provider can be more desirable than
waiting for a timeout to occur and the connection to be retried. The TURN and ETRN
commands allow the client to request that a remote server start processing its mail queues
for messages to the client that are waiting at the server. If there are messages for the client
at the server, the server sends the messages at that time.
If you choose to request remote servers to dequeue mail, messages sent to a client through the
client's service provider are held until a TURN or ETRN command is received. The ETRN
command is more secure than the TURN command because it requests that the server start a new
connection aimed at the specified client. Thus, the server is more likely to communicate with the
correct SMTP client.
To configure SMTP advanced options:
1. Start System Manager: On the Start menu, point to Programs, point to Microsoft
Exchange, and then click System Manager.
Cannot Start the Application
You can manually start the application by following these instructions: On the Start menu, point
to Programs, point to Microsoft Exchange, and then click System Manager.
2. Navigate to Connectors.
If you do not have routing groups defined:
System Manager
1. Administrative Groups
2.
3. Connectors
If you do have routing groups defined:
System Manager
4. Administrative Groups
5.
6. Routing Groups
7.
8. Connectors
3. Right-click an SMTP connector, click Properties, and then click the Advanced tab.
4. To send the HELO start message, and use standard SMTP and not extended SMTP, select
Send HELO instead of EHLO.
5. To configure outbound security, click Outbound Security, and then select the
appropriate parameters.
6. To prevent requests on the SMTP connector for remote servers to process the mail in
their queues, select Do not send ETRN/TURN. This option is the default.
7. To specify that dequeing requests are sent with the message, select Request
ETRN/TURN when sending messages. If you choose this option, you can also request
dequeuing at certain times by selecting the Additionally request mail at specified times
check box, and then choosing dequeuing times under Connection time.
8. To request dequeuing from a server other than the one to which the message is sent,
select Request ETRN/TURN from different server, and then, under Server, type the
server name.
9. If you have not disabled dequeuing, to request dequeuing at certain times, under
Connection Time, select one of the standard values in the drop-down list, or click
Customize, and then select the appropriate connection times on the timetable grid.
10. To specify the ETRN or TURN command for dequeuing, under Specify how to request
that remote servers dequeue mail, select Issue ETRN or Issue TURN. To specify the
domains for which the ETRN command should be issued, under Issue ETRN, click
Domains, and then add the domains.
Configure SMTP Outbound Security
You can configure the SMTP connector to provide the authentication credentials required by the
remote domain. There are two types of authentication available: Basic (clear text) and Integrated
Windows authentication. With Basic authentication, the account name and password of the
server to which you are connecting is transmitted in clear text. The Integrated Windows
authentication option requires a Windows account name. You can also disable authentication,
which is the default option.
The outbound security you select on the SMTP connector overrides the SMTP virtual server
authentication setting on the Access tab. The following table describes several configuration
examples
SMTP Connector
Transmissions
Authentication Option
Messages are
commonly sent to
multiple addresses.
Disable authentication for the SMTP connector. If attempts to deliver
messages to an address fail because of authentication requirements, add
a remote domain for the address. Then enable authentication for the
domain at the same level required by the server.
Messages are
commonly sent to one
address, which
requires
authentication.
Determine what level of authentication is required to connect and enable
authentication for the SMTP connector using the same level of
authentication. If you then want to send messages to other addresses, set
up remote domains and set different authentication options. If you use
this option, it is likely that the account name used is the one that
identifies the computer set up as the smart host.
To configure SMTP outbound security:
1. Start System Manager: On the Start menu, point to Programs, point to Microsoft
Exchange, and then click System Manager.
Cannot Start the Application
You can manually start the application by following these instructions: On the Start menu, point
to Programs, point to Microsoft Exchange, and then click System Manager.
2. Navigate to Connectors.
If you do not have routing groups defined:
System Manager
1. Administrative Groups
2.
3. Connectors
If you do have routing groups defined:
System Manager
4. Administrative Groups
5.
6. Routing Groups
7.
8. Connectors
3. Right-click an SMTP connector, click Properties, and then click the Advanced tab.
4. Click Outbound Security.
5. To disable authentication for outgoing messages, select Anonymous access. This is the
default.
6. To set basic authentication for outgoing messages, select Basic authentication, and then
click Modify. In the Outbound Security Connection Credentials dialog box, in User,
type the user name of the account of the computer to which you're connecting. In
Password, type the password of the account. In Confirm password, re-enter the
password.
7. To set Windows system security for outgoing messages, select Integrated Windows
authentication, and then click Modify. In the Outbound Connection Credentials
dialog box, in Account, type the Windows account name to which you're connecting, or
click Browse and select the Windows account name from the list. In Password, type the
password of the account. In Confirm password, re-enter the password.
8. To enable Transport Layer Security (TLS) encryption for a remote domain, select TLS
encryption. TLS is a privacy protocol that uses a smart card or certificate. This requires
smart card or certificate authentication on the remote computer. For more information,
see your Windows 2000 documentation.
Note If the remote domain does not support TLS encryption, all messages are returned with a
non-delivery report (NDR).
To configure the SMTP connector:
1. Start Exchange System Manager.
2. Expand the Administrative Groups container. To do so, click the plus sign (+) to the left
of the container.
3. Click the administrative group that you want to work with, and then expand it.
4. Expand the Routing Groups container.
5. Click the routing group that you want to work with, and then expand it.
6. Click the Connectors container. Right-click the Connectors container, and then click
New.
7. Click SMTP Connector.
8. On the General tab, provide an appropriate identifying name for the connector.
9. Choose to use DNS or forward to a smart host (if you are relaying through an
Internet service provider send-mail server).
10. Under Local Bridgeheads, click Add. Add the server that becomes the bridgehead server
for the routing group. Designate an SMTP virtual server as a bridgehead server for the
SMTP connector.
11. Click the Address Space tab. Under Connector Scope, click either Entire Organization
or Routing Group. As in earlier versions of Exchange Server, when you configure the
Internet Mail Service, click Add, click SMTP, and then click OK. Accept the default (*)
unless you require outbound e-mail domain restriction, and leave the cost as 1.
12. If you have chosen forward all mail to a smart host, click the Advanced tab. Click the
Outbound Security option, and then select an appropriate authentication method for
your relay host. The default is Anonymous Access.
13. Click OK to exit Outbound Security.
14. Click OK to exit the Advanced tab.
15. Click OK to exit the SMTP connector.
16. Quit the Microsoft Exchange Routing Engine service and the SMTP service for these
changes to take effect.

31.QUESTION NO: 31

You are the Exchange administrator for TestKing.
The network consists of a single Active Directory domain named testking.com.
All network servers run Microsoft Windows Server 2003.
You plan to install Exchange Server 2003 on a member server named Exch1.
You use a domain user account named ExchAdmin to run the setup /forestprep command.
However, you receive an error message stating that the account does not have the necessary
permissions to perform this task.
You need to ensure that the ExchAdmin account can be used to run the setup /forestprep
command.
To which two groups should you add ExchAdmin? (Each correct answer presents part of
the solution. Choose two)
A. Administrators on Exch1
B. Enterprise Admins in the domain
C. DnsAdmin in the domain
D. Schema Admins in the domain
E. Administrators in the domain

Answer: B, D

Explanation :


Reference :
Exchange Server 2003 Deploy Tools
Reference
Exchange Server 2003 Deploy Tools

32.QUESTION NO: 32

You are the Exchange administrator for TestKing.
The network consists of a single Active Directory forest.
The forest contains the forest root domain testking,com and one child domain
japan.testking.com.
User accounts and group accounts are contained in the child domain.
Management decides to deploy Exchange Server 2003 as the companywide messaging
system.
You prepare the forest to support a new Exchange Server 2003 organization.
Replication completes normally.
You install the first Exchange Server 2003 system in the forest root domain.
You need to ensure that all user accounts can be mailbox-enabled.
What should you do?

A. Run the setup /domainprep command in the forest root domain.
B. Run the setup /domainprep command in the child domain.
C. Install Active Directory Connector (ADC) on a domain controller in the forest root
domain.
D. Install Active Connector (ADC) on a domain controller in the child domain.


Answer: B

Explanation :
Management decides to deploy Exchange Server 2003 as the companywide messaging system.
This mean
testking,com and one child domain japan.testking.com.
Reference
Exchange Server 2003 Deploy Tools


33.QUESTION NO: 33

You are the Exchange administrator for TestKing.
The network consists of a single Active Directory forest.
The forest root domain is named domain.root.
The domain structure is shown in the work area.
You plan to implement Exchange Server 2003 as the companywide messaging system.
Exchange servers must be deployed only in the testking.com and beijing.testking.com
domains.
Each domain in the testking.com tree must contain mailbox-enabled users and mailenabled
groups.
You need to run the appropriate command or commands to ensure that the Active
Directory infrastructure is prepared to support this implementation.
Your solution must require the minimum amount of administrative effort.
Which setup command or commands should you run, and in which domains?
To answer, drag the appropriate setup command or commands to the correct domain or
domains in the work area.


Answer:



Explanation :
The network consists of a single Active Directory forest.
You plan to implement Exchange Server 2003 as the companywide messaging system.
Each domain in the testking.com tree must contain mailbox-enabled users and mail-enabled
groups.
In this case does not matter how many child domains are down, for any that you pick up, put
domainprep

Reference :
Exchange Server 2003 Deploy Tools


34.QUESTION NO: 34

You are the Exchange administrator for TestKing.
The company operates offices in Athens and Madrid.
The network consists of a single Active Directory forest, as shown in the exhibit.
Each office consists of a single Active Directory site and contains domain controllers for
only the local domain.
You plan to implement Exchange Server 2003 as the companywide messaging system.
You plan to deploy Exchange servers in both sites.
You need to ensure that the Active Directory infrastructure is prepared is prepared to
support this implementation.
What should you do?

A. Run the setup /forestprep command in the forest root domain.
Run the setup /domainprep command in both domains.
B. Run the setup /forestprep command in the forest root domain.
Install the Exchange system management tools.
Delegate the role of Exchange Full Administrator at the Exchange organization level to
the Domain Admins group in both domains.
C. In the Madrid site, configure at least one domain controller as a global catalog server.
D. In the Madrid site, enable universal group membership caching and configure the Madrid
site to refresh the cache from the Athens site.

Answer: A

Explanation :
You plan to deploy Exchange servers in both sites. Athens and Madrid two different domains
one root domain .
Reference :
Exchange Server 2003 Deploy Tools

35.QUESTION NO: 35

You are the Exchange administrator for TestKing.
The network consists of a single Active Directory domain named testking.com.
All network servers run Microsoft Windows Server 2003.
The company operates five offices worldwide.
Management plans to install Exchange Server 2003 on one member server in each office.
Users will use HTTPS, WAP devices, MAPI, IMAP, and SMTP/POP3 to connect to the
Exchange servers.
You create a script to automate the installation.
IT administrators in each office will prepare the servers to support the scripted
installation.
You need to specify any additional Windows Server 2003 components that will be required.
Which component or components should you specify? (Choose all that apply)

A. World Wide Web Service
B. NNTP service
C. SMTP service
D. POP3 service
E. ASP.NET


Answer: A, B, C, E

Explanation :
Installing and Enabling Windows 2000 or Windows Server 2003 Services
Exchange 2003 Setup requires that the following components and services be installed and
enabled on the server:
? .NET Framework
? ASP.NET
? Internet Information Services (IIS)
? World Wide Web Publishing Service
? Simple Mail Transfer Protocol (SMTP) service
? Network News Transfer Protocol (NNTP) service
If you are installing Exchange 2003 on a server running Windows 2000, Exchange Setup installs
and enables the Microsoft .NET Framework and ASP.NET automatically. You must install the
World Wide Web Publishing Service, the SMTP service, and the NNTP service manually before
running Exchange Server 2003 Installation Wizard.
If you are installing Exchange 2003 in a native Windows Server 2003 forest or domain, none of
these services is enabled by default. You must enable the services manually before running
Exchange Server 2003 Installation Wizard.
Reference
Exchange Server 2003 Deployment Guide

36.QUESTION NO: 36

You are the Exchange administrator for TestKing.
The company operates three offices.
The network consists of a single Active Directory domain named testking.com.
Each office has one domain controller that runs Microsoft Windows Server 2003.
You plan to deploy one Exchange Server 2003 computer in each office.
Each Exchange server must be placed in a separate administrative group.
The forest and the domain are already prepared to support Exchange Server 2003.
When you try to install the first Exchange server, you discover that you cannot choose an
administrative group in which to place the server.
You cancel the installation.
You need to ensure that you can choose an administrative group during installation.
What should you do?

A. Install Exchange Server 2003 by running the setup /choosedc command and specify the
local domain controller.
B. Install Exchange System Manager. Create the administrative groups.
C. Install Exchange System Manager. At the Exchange organization level, assign the
Exchange Full Administrator permissions to the account used to install Exchange Server
2003.
D. At the Administrative Groups container level, use Active Directory Sites and Services to
assign the Full Control permission to the account used to install Exchange Server 2003.

Answer: B

Explanation :
ChooseDC switch
Exchange Setup includes the new /ChooseDC switch. You can now enter the fully qualified
domain name (FQDN) of a Windows domain controller to force Setup to read and write all
data from the specified domain controller (the specified domain controller must reside in the
domain where you install your Exchange 2003 server). When installing multiple
Exchange 2003 servers simultaneously, forcing each server to communicate with the same
Active DirectoryR directory service domain controller ensures that replication latencies do
not interfere with Setup and cause installation failures.
Reference
Exchange Server 2003 Deployment Guide

37.QUESTION NO: 37

You are the Exchange administrator for TestKing.
The company operates a main office and one branch office.
The network consists of a single Active Directory domain named testking.com.
Exchange Server 2003 is used as the messaging system.
Exchange servers are deployed in two separate Exchange administrative groups.
One administrative group exists in each office.
You manage both offices. An IT administrator manages the users and resources in the
branch office.
You need to enable the IT administrator to manage the objects in the Exchange
administrative group in the branch office.
The IT administrator must not have the ability to modify permissions for the
administrative group.
What should you do?

A. Create a new organizational unit (OU). Place all Exchange servers in the branch office in
the new OU. Delegate control over all computer objects in the OU to the IT
administrator.
B. Make the IT administrator a local administrator on all Exchange servers in the branch
office's administrative group.
C. In the branch office's administrative group, delegate the role of Exchange Full
Administrator to the IT administrator.
D. In the branch office's administrative group, delegate the role of Exchange administrator to
the IT administrator.


Answer: D

Explanation :
Permissions to access mailboxes
Exchange Setup configures permissions on user mailbox objects so that members of groups that
have any of the standard Exchange security roles (Exchange Full Administrator, Exchange
Administrator, Exchange View Only Administrator) applied to them at the organization and
administrative group levels cannot open other user mailboxes.
Chapter 8 procedures and corresponding permissions
Procedure Required permissions or
roles
Set up Secure Sockets Layer (SSL) on a server Local Administrator
Obtain a server certificate from a certification authority Local Administrator
Add Certificate Manager to Microsoft Management Console (MMC) Local Administrator
Back up your server certificate Local Administrator
Require SSL Local Administrator
Designate a front-end server Local Administrator
Configure your Exchange front-end server to use remote procedure
call (RPC) over HTTP
Local Administrator
Configure the RPC virtual directory Local Administrator
Domain Administrator
Configure the RPC Proxy server to use the specified default ports for
RPC over HTTP inside the corporate network
Local Administrator
Domain Administrator
Configure the global catalog servers to use the specified default ports
for RPC over HTTP inside the perimeter network
Local Administrator
Domain Administrator
Create a MicrosoftR Office OutlookR profile to use with RPC over
HTTP
No specific permissions
necessary
Configure Exchange 2003 to use Microsoft Exchange ActiveSyncR Local Administrator
Configure Pocket PC Phone Edition devices to use Exchange
ActiveSync
No specific permissions
necessary
Verify ACE/Agent is configured to protect the entire Web server Local Administrator
Limit SecurID Authentication to the Microsoft-Exchange-ActiveSync
virtual directory
Local Administrator
Configure custom HTTP responses for devices Local Administrator
Enable Microsoft Outlook Mobile Access Local Administrator
Configure Pocket PC Phone Edition devices to use Outlook Mobile
Access
No specific permissions
required
Enable forms-based authentication Local Administrator
Exchange Administrator
Enable data compression Local Administrator
Exchange Administrator
Start, pause, or stop the virtual server Local Administrator
Reference
Exchange Server 2003 Deployment Guide


38.QUESTION NO: 38

You are the Exchange administrator for TestKing.
The network consists of a single Active Directory domain named testking.com.
Exchange Server 2003 is used as the companywide messaging system.
Network administrators create a new child domain.
They also create a new user accounts in the child domain and configure the accounts to use
mailboxes located on the Exchange servers in the parent domain.
Users in the new domain report that they receive an error message when they open
Microsoft Outlook to access their Exchange mailboxes.
The message state states that the mailbox name cannot be matched to a name in the
address list.
You discover that none of the user accounts in the child domain have e-mail addresses.
You need to ensure that users in the child domain can access their mailboxes.
What should you do?

A. Run the setup /domainprep command in the child domain. Create a Recipient Update
Service for the child domain.
B. Create a new storage group on an Exchange server. Move all mailboxes for the child
domain users to a new mailbox store in the storage group.
C. Create a new e-mail address recipient policy. Apply the policy to only Exchange
recipients that have mailboxes.
D. In the child domain, create a user account named ExchangeProxyAccount. Delegate
Exchange Full Administrator permissions in the Exchange organization to this account.


Answer: A

Explanation:
Network administrators create a new child domain.
They also create a new user accounts in the child domain and configure the accounts to use
mailboxes located on the Exchange servers in the parent domain.
Recipient Update Service
Exchange uses the Recipient Update Service primarily to generate and update default and
customized address lists, and to process changes made to recipient policies. This service ensures
that when new recipient policies or address lists are created, their content is applied to the
appropriate recipients in the organization. The Recipient Update Service also applies existing
policies to new recipients that are created after the policy or address list has already been
established. In this way, information is kept current with minimal administrative overhead.
You must have at least one Recipient Update Service for each domain in your organization, and
it must be run from an Exchange 2003 or Exchange 2000 server. For domains that do not have
these Exchange servers, the Recipient Update Service must be run from an Exchange server
outside of the domain. You can set up more than one Recipient Update Service for a domain, if
there are multiple domain controllers. Each Recipient Update Service must read from and write
to a unique domain controller.
Note
If you do not have a Recipient Update Service for a domain, you cannot create recipients in that
domain.
In situations where you have high network latency within a domain, set up the Recipient Update
Service at the local sites. For example, if you have one domain that has sites in Seattle and in
Beijing, there could be a long delay before a mailbox that an administrator creates in Beijing is
processed by the Recipient Update Service in Seattle. In this case, having a Recipient Update
Service on the local domain controller in Beijing will decrease the time the user has to wait to be
able to access the mailbox after it has been created.
? Sets permissions for the Exchange Enterprise Servers group at the root of the domain, so
that Recipient Update Service has the appropriate access to process recipient objects.
? In topologies such as parent/child administrator must be a member of a group that has the
Exchange Administrator role or greater applied at the organization level to be able
specify the server responsible for Recipient Update Service in the child domain.
? Address lists are created dynamically. When new users are added to your organization, they are
automatically added to all of the appropriate address lists. These updates are one of the primary
responsibilities of both the Recipient Update Service and Exchange System Attendant.


39.QUESTION NO: 39

You are the Exchange administrator for TestKing.
The network consists of a single Active Directory domain named testking.com.
All network servers run Microsoft Windows Server 2003.
The relevant portion of the network configuration is shown in the exhibit.
***MISSING***
Each of the five offices is defined as a separate Active Directory site.
Each site contains one global catalog server, which also provides DNS services for all local
computers.
The global catalog servers are named GC1 through GC5.
Active Directory replication is managed by the TestKing's networking group.
The server in each branch office replicated with the main office once a day after regular
business hours.
To avoid saturating the WAN connections or overloading GC1, the starting times for
replication are staggered by one hour. Active Directory replication cannot be forced to
occur at any time other than the regularly scheduled replication interval.
Management decides to implement Exchange Server 2003 as the companywide messaging
system.
Each office requires its own Exchange server, which must be located in a separate routing
group.
Necessary hardware is purchased.
All appropriate software is installed on each office to prepare for the installation of
Exchange.
You install Exchange on a new server in the main office and create all the routing groups.
Then you immediately begin to remotely install Exchange on a new server in one of the
branch offices.
However, you are unable to select a routing group in which to place the server.
You cancel the installation.
You need to ensure that you can complete the installation of the branch office Exchange
servers before the end o the business day.
What should you do?
***MISSING***

Answer: (PICTURE)Run Setup/choosedc GC1

Drawing need to be provided, but you will need to pass to Exchange native to be able to add new
administrative groups to install the new servers in the appropriate administrative groups .

40.QUESTION NO: 40

You are the Exchange administrator for TestKing.
Exchange Server 2003 is the messaging system.
The Exchange organization includes a two-node active/active server cluster that provides
failover capabilities for each of the two Exchange Virtual Servers (EVSs).
You need to ensure that the cluster will automatically balance the two EVSs evenly across
both cluster nodes, as long as both nodes are operational.
You must not remove the existing failover capabilities.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two)

A. Configure failover for each EVS.
B. Configure failback for each EVS.
C. Configure a single preferred node for each EVS.
D. Configure a single possible node for each EVS.
E. Configure the quorum disk resource so that it does not affect the cluster resource group
when a failure occurs.


Answer: B, C

Explanation :
Understanding How Failover Works in an Exchange Cluster
As noted earlier, Exchange Virtual Servers are the basic units of failover for your cluster. However,
failover occurs differently in active/passive clusters and active/active clusters.
In an active/passive cluster, such as the 3-active/1-passive cluster shown in Figure 8.3, there are three
Exchange Virtual Servers: EVS1, EVS2, and EVS3. This configuration can handle a single node failure at
a time and still maintain 100 percent availability after a failure occurs. That is, if Node 3 fails, Node 1 still
owns EVS1, Node 2 still owns EVS2, and Node 4 takes ownership of EVS3 with all of the storage groups
mounted after the failure. However, if a second node fails while Node 3 is still down, the Exchange Virtual
Server associated with the second failed node remains in a failed state because there is no stand-by
node available for failover.
Figure 8.3 Effect of failures on an active/passive cluster
In an active/active cluster (as shown in Figure 8.4), there are only two Exchange Virtual Servers: EVS1
and EVS2. This configuration can handle a single node failure at a time and still maintain 100 percent
availability after the failure occurs. That is, if Node 2 fails, Node 1 still owns EVS1, and Node 1 also takes
ownership of EVS2 with all of the storage groups mounted after the failover. However, if Node 1 fails
while Node 2 is still down, the entire cluster is in a failed state, because no nodes are available for
failover.
Figure 8.4 Effect of failures on an active/active cluster
Configuring Exchange Virtual Server Settings
When you create your Exchange Virtual Servers, the default properties that are applied at that time
should allow your Exchange cluster to operate adequately. However, you may want to modify these
settings to customize your clusters to accommodate your specific Exchange environment.
To change the configuration settings for an Exchange Virtual Server, you use the property settings
associated with that Exchange Virtual Server object. These property settings instruct Cluster Service in
how to manage your Exchange Virtual Servers.
To access the properties of an Exchange Virtual Server
In Cluster Administrator, in the console tree, right-click the Exchange Virtual Server that you want to
configure, and then click Properties.
After you open the Properties dialog box for a specific Exchange Virtual Server, you can use the options
on the various tabs to customize the preferred owner, failover, and failback settings.
Specifying Preferred Owners
During the creation of an Exchange Virtual Server, you have the option of defining a list of preferred
cluster nodes or preferred owners for that server. Cluster Service uses this list of preferred owners when
assigning the Exchange Virtual Server to a node. Cluster Service first tries to assign the Exchange Virtual
Server to the first node in the list. If that node is unavailable, Cluster Service tries the next node in the list.
If that node is unavailable, Cluster Service continues down the list, until it can assign the Exchange
Virtual Server to a node. If Cluster Service cannot find an available node in the preferred owners list, it
tries to fail over to the other available nodes in the cluster that have Exchange installed.
By default, you do not have to specify any preferred owners. If you do not specify owners, Cluster Service
assigns an Exchange Virtual Server to the next available node that has Exchange installed.
However, it is recommended that you specify preferred owners if you have a cluster that hosts multiple
applications. In this scenario, the first nodes in the list should be those nodes whose resources are best
able to handle any existing applications on those nodes, and the Exchange Virtual Server for which
Cluster Service is trying to find a node.
The preferred owners list is also important if you configure your Exchange Virtual Server to fail
back automatically. With automatic failback enabled, an Exchange Virtual Server that is trying to
come back online attempts to fail back to the first node in the preferred owners list. Again, this
first node should be the node that is best able to accommodate the Exchange Virtual Server. If the
Exchange Virtual Server is unable to fail back to any of the nodes in the list, the server will not come
online, and the mailboxes on that server will not be available for your users.
When setting the preferred owners for your Exchange Virtual Servers, follow the rules outlined in
Table 8.2.
Table 8.2 Rules for setting the preferred owners for an Exchange Virtual Server
Setting Rule
Specifying a single node as the
preferred owner for each Exchange
Virtual Server
You should assign a different node to each server.
For example, the 4-node/3 Exchange Virtual Server example,
shown earlier in Figure 8.1, could have the following preferred
owners:
EVS1 to Node 1
EVS2 to Node 2
EVS3 to Node 3
Specifying a list of nodes as the
preferred owners for each Exchange
Virtual Server
You should ensure that the first node that is listed for one
Exchange Virtual Server is not listed as the first node for any
other Exchange Virtual server.
For example, the 4-node/3 Exchange Virtual Server example,
shown earlier in Figure 8.1, could have the following preferred
owner lists:
EVS1 to Node 1, Node 2, and Node 3
EVS2 to Node 2, Node 3, and Node 1
EVS3 to Node 3, Node 1, and Node 2
To specify a list of preferred owners
On the General tab (see Figure 8.6) in the Exchange Virtual Server's Properties dialog box, under
Preferred owners, click Modify to specify the nodes that are to be preferred owners for this server.
Figure 8.6 The General tab in the Properties dialog box for an Exchange Virtual Server
Specifying Failover Options
When configuring how Cluster Service manages failovers, consider the Threshold and Period options on
the Failover tab (see Figure 8.7). The Threshold setting determines the number of times that the
Exchange Virtual Server can fail over during the failover Period. If the actual number of failovers exceeds
the threshold during the failover period, the Exchange Virtual Server may be in a failed state, and Cluster
Service will not bring it online. The default and recommended settings for these failover options are to
have Exchange fail over 10 times in a 6-hour period.
To specify the failover options for an Exchange Virtual Server
On the Failover tab (see Figure 8.7) in the Exchange Virtual Server's Properties dialog box, type a value
for the Threshold and Period options.
Figure 8.7 Failover tab in the Properties dialog box for an Exchange Virtual Server
Considering Other Factors that Affect Failover
The failover options that you set for your Exchange Virtual Servers are only one factor that affects the
speed at which an Exchange Server 2003 cluster fails over. In addition to those settings, many other
factors can influence failover rates. Table 8.3 lists these additional factors. By understanding these
factors, you should be able to configure your Exchange clusters for optimal failover.
Table 8.3 Factors that affect failover performance of Exchange 2003 clusters
Factor Description
State of the
Exchange
store
The state of the Exchange database and logs at the time of startup or shutdown affects
failover performance.
For example, if Exchange databases were shut down abruptly, there may be a large
number of log files to roll through before starting the Exchange databases on the new
Exchange Virtual Server.
Number of
storage
groups and
databases on
your servers
In general, the greater the number of Exchange databases on your Exchange Virtual
Server, the longer it takes to move resources to the new Exchange Virtual Server.
Number of
service
connections
into the
Exchange
store
The Exchange store performs cleanup routines before it releases and allows failover to
occur. An unloaded server that takes 100 seconds to fail over takes 120 seconds to fail
over when that server has 3,000 simultaneous Microsoft Office OutlookR Web Access
or Microsoft Outlook connections.
Size of the
SMTP queue
If the SMTP queue size is greater than 1,000 messages, the time to fail over from one
cluster node to another can be significant. You can modify this setting by creating and
configuring the SMTP Max Handle Threshold registry key value:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMTPSVC\
Queuing\MsgHandleThreshold
For more information about creating and configuring this registry key, see the procedure
following this table.
Reference:
Exchange 2003 Administration guide


41.QUESTION NO: 41

You are the Exchange administrator for TestKing.
The company's network consists of a single Active Directory domain named testking.com.
The Exchange organization contains two servers, the company's server and a subsidiary
company's server.
TestKing's server runs Exchange Server 2003 and the subsidiary's server runs Exchange
Server 5.5.
Both Exchange servers are located in the same Active Directory site and in the same
routing group.
Active Directory Connector (ADC) is configured with a two-way connection agreement
between the company and the subsidiary.
The company's management decides to sell the subsidiary.
You delete the subsidiary user mailboxes from the Exchange 5.5 server.
You discover that the deletions do not replicate to Active Directory.
You need to ensure that the deletions are replicated to Active Directory.
What should you do?

A. Configure the connection agreement as a one-way connection agreement from Exchange
to Microsoft Windows.
B. Configure the connection agreement as a one-way connection agreement from Microsoft
Windows to Exchange.
C. Configure the connection agreement to delete the objects from Active Directory when
replicating deletions from the Exchange 5.5 directory.
D. Configure the connection agreement to delete the objects from the Exchange 5.5
directory when replicating deletions from Active Directory.
E. Configure the connection agreement so that it is not the primary connection agreement
for the connected Exchange organization.
F. Configure the connection agreement so that it is not the primary connection agreement
for the connected Microsoft Windows domain.

Answer: C

Explanation:
They tell us Active Directory Connector (ADC) is ALREADY configured with a two-way
connection agreement between the company and the subsidiary. They need to check their ADC
settings in order tell to Active Directory that the mailboxes have been deleted:
Incorrect answers:
A:There is currently a connector in place. There is no need to establish another one.
B: Incorrect for the same reason as ?A?. There is currently a connector in place.
D: Configuring the connection agreement to delete objects in Exchange is not needed since the
objects were deleted in Exchange 5.5 in the first place. The changes need to be replicated to
Active Directory. Note that the question states that AD is not getting the updates FROM
Exchange Server 5.5.
E: There is only one connection agreement in place. Therefore, it has to be the primary one.
There is no way to tell the only agreement that is it not primary. In addition, changing the
agreement to not be primary will not change how replication is handled across it.
F: This is incorrect for the same reason as ?E?. Namely, there is no ability or need to change the
only agreement to be not primary. Setting this will not change how the replication occurs. That
is defined via the ADC (connector).
Site Replication Service (SRS)
is a component that exchanges configuration information between Active Directory and the
directory in Exchange 5.5. In Exchange 5.5, SRS is necessary because Exchange 5.5
configuration information can only be exchanged between Exchange 5.5 servers and
Exchange 5.5 directories?not with Active Directory. SRS mimics an Exchange 5.5 directory so
that other Exchange 5.5 servers can replicate information to it. Using the configuration
connection agreement created by Exchange Setup, Active Directory Connector replicates the
configuration information in SRS into Active Directory.

42.QUESTION NO: 42

You are the Exchange administrator for TestKing.
The company's network consists of a single Active Directory forest.
The forest contains three domains named TestKing1, TestKing2, and TestKing3.
The functional level of the domains is Windows 2000 mixed.
TestKing1 contains a single Exchange 2000 Server computer named Exch1.
TestKing2 contains a single Exchange 2000 Server computer named Exch2.
TestKing3 contains a single Exchange Server 5.5 computer named Exch3, which runs
Windows 2000 Server.
Exchange 2000 Server Active Directory Connector (ADC) is installed on Exch1 and Exch2.
There is a two-way connection agreement on Exch1.
This connection agreement replicates changes between TestKing1 and Exch3.
There is also a two-way connection agreement on Exch2.
This connection agreement replicates changes between TestKing2 and Exch3.
You upgrade ADC on Exch1 to Exchange Server 2003 ADC.
The connection agreement updates and replicated normally.
Then you notice that the connection agreement on Exch2 stop replicating.
You need to ensure that all connection agreements are replicating properly.
What are two possible ways to achieve this goal? (Each correct answer presents a complete
solution. Choose two)

A. Move all connection agreements from Exch2 to Exch1.
B. Upgrade ADC on Exch2 to Exchange Server 2003 ADC.
C. Promote Exch2 to a domain controller and a global catalog server.
D. Raise the functional level on TestKing3 to Windows 2000 native.

Answer: A, B

Explanation :
Because Exch1 is already working we can achieve the solution moving the agreements from
Exch2 to Exch1. Because of the different ADC versions are running they need to upgrade ADC
in the Exch2 domain also.
Upgrade Active Directory Connector servers
Checklist for upgrading your ADC servers:
? Run ForestPrep.
? Run DomainPrep.
? Run ADC Setup.
? Run ADC Tools.
? Update ADC version on all servers before you upgrade your Exchange 2000 servers.
Reference
Exchange 2003 Administration guide


43.QUESTION NO: 43

You are the Exchange administrator for TestKing.
TestKing acquires a company named Tailspin Toys.
TestKing has a single Active Directory forest named testking.com.
Tailspin Toys has a single Active Directory forest named tailspintoys.com.
TestKing uses a directory synchronization tool to synchronize identity information between
the directory services.
For business reasons, you cannot decommission either of the two forests.
Users will continue to use either testking.com or tailspintoys.com as their primary logon
domain.
Users in each forest have mailboxes on servers in their local Exchange organization.
When users in both forests search the global address list (GAL), they must be able to see
recipients from both forests.
You need to create the required directory objects on the two forests. For security reasons,
you must create objects that have only the minimum necessary rights and permissions.
What should you do?

A. For every mailbox-enabled user object in the tailspintoys.com domain, create a mail-enabled
inetOrgPerson object in the testking.com domain.
For every mailbox-enabled user object in the testking.com domain, create a mail-enabled
inetOrgPerson object in the tailspintoys.com domain.
B. For every mailbox-enabled user object in the tailspintoys.com domain, create a mail-enabled
disabled user object on the testking.com domain.
For every mailbox-enabled user object in the testking.com domain, create a mail-enabled
disabled user object in the tailspintoys.com domain.
C. For every mailbox-enabled user object in the tailspintoys.com domain, create a mail-enabled
enabled user object in the testking.com domain.
For every mailbox-enabled user object in the testking.com domain, create a mail enabled
enabled user object in the tailspintoys.com domain.
D. For every mailbox-enabled user object in the tailspintoys.com domain, create a mail-enabled
contact object in the testking.com domain.
For every mailbox-enabled user object in the testking.com domain, create a mail-enabled
contact for object in the tailspintoys.com domain.


Answer: D

Creating contacts in each organization for the users in the other domain they can access from
their GAL to any user without giving permission
Incorrect answers:
A, B, and C: Each of these answers give the tailspintoys users an account in Active Directory.
This violates the requirement that the users not have any rights. (The users would at least have
domain user rights, and this is not acceptable given the scope of the question.)

44.QUESTION NO: 44

You are the Exchange administrator for TestKing.
Some user mailboxes are on servers that run Exchange Server 2003, and other user
mailboxes are on servers that run Lotus Notes.
The Lotus Notes connector is installed on an Exchange server.
The sales department has been partially migrated from Lotus Notes to Exchange Server
2003.
In Active Directory, you create a mail-enabled universal distribution group named
SalesDepartment, to which you add all the Exchange mailboxes for users in the sales
department.
The other users in the sales department have Lotus Notes mailboxes.
These users are members of a Lotus Notes group named Sales.
Mail-enabled contact objects have been created in Active Directory for users who have
Lotus Notes mailboxes.
A mail-enabled contact named Sales has been created in Active Directory for the Sales
group in Lotus Notes.
Currently, when an Exchange user sends an e-mail message to the SalesDepartment
distribution group, it is delivered to users in the sales department who have Exchange
mailboxes, but it is not delivered to users who have Lotus Notes mailboxes.
You need to ensure that Exchange users can send messages to all users in the sales
department.
However, Exchange administrators must not be required to make changes when additional
mailboxes are added to Lotus Notes for users in the sales department.
Your solution should minimize traffic between the Exchange servers and Lotus Notes
servers.
What are two possible ways to achieve this goal? (Each correct answer presents a complete
solution. Choose two)

A. In Active Directory, add the Sales contact object to the SalesDepartment universal group.
B. In Active Directory, add the contact objects for sales department users who have Lotus
Notes mailboxes to the SalesDepartment universal group.
C. In Lotus Notes, create a contact for the SalesDepartment universal group. Add the contact
to the Sales group on Lotus Notes.
D. Instruct Exchange users to send message both to the SalesDepartment universal group
and the Sales contact when they need to send messages to the entire sales department.

Answer: A, D

Explanation:
A:Adding the Sales contact to the SalesDepartment group will work, as the Sales contact
encompasses all Notes users in the Sales group in Active Directory
C: Adding the SalesDepartment contact to Notes will work because the SalesDepartment contact
is mail-enabled in Active Directory.
Incorrect Answers:
B: Adding the contacts individually would mean a great deal of administration. In addition, when
more Notes users are added, the administrator would have to go back and add these users to the
proper group. Since there is administration overhead involved with this process, this answer is
not correct.
D: The administrator would have to inform the new Notes user that he has to send to two groups
instead of one. This can be easily overlooked, and would result in help desk phone calls when
this problem returned. While this answer would technically work, it is not the best answer.

45.QUESTION NO: 45

You are the Exchange administrator for TestKing.
All seven servers in the Exchange organization run Exchange Server 2003.
TestKing acquires another company that uses a single Novell GroupWise server that runs
on NetWare.
The GroupWise mailboxes are assigned SMTP addresses in a namespace that is different
from the namespace used by the Exchange mailboxes.
For business reasons, it is not possible for you to migrate the GroupWise users to Exchange
immediately.
You configure one of the Exchange servers, which have no local mailboxes, as a dedicated
bridgehead server for communications to the GroupWise server.
Exchange users can see the GroupWise users in the Exchange global address list (GAL)
and can send messages to them. However, when the Exchange users want to send meeting
requests, they cannot view the free or busy status of GroupWise users.
You need to ensure that the Exchange users can view the free or busy status of the
GroupWise users.
What should you do?

A. On the Exchange bridgehead server, configure the Calendar Connector.
B. On the Exchange bridgehead server, install the Gateway Service for NetWare.
C. On the Exchange bridgehead server, add a replica of the Schedule+ Free Busy folder.
D. On the Exchange bridgehead server, create an SMTP connector to one of the GroupWise
SMTP bridgehead servers.
E. On all Exchange servers, install the Microsoft Exchange Connector for Novell
GroupWise.

Answer: A

How to Store Free and Busy Information
The Calendar Connector always stores free and busy information in its administrative group's
public folder, specifically the Schedule+ Free Busy public folder. If there are multiple
administrative groups on an Exchange 2003 server, each administrative group has its own public
folder. In this case, free and busy information for Exchange 2003 users may be stored in a
different public folder than the free and busy information for users on partner computers.
The Calendar Connector does not support the following procedures:
? You cannot initiate real-time queries to downstream Exchange 2003 routing groups.
Exchange users in routing groups that are not directly connected by the Calendar
Connector to a partner system (routing groups downstream of the routing group in which
the Calendar Connector is installed) are not able to initiate real-time queries. Instead, they
receive the calendar data that has been replicated from the Calendar Connector?s site
(routing group). If you want to provide real-time free and busy access to all Exchange
users, install and configure a Calendar Connector in each Exchange site (routing group).
There is no way to relay a real-time free and busy query over a Site Connector or Routing
Group connector.
? You cannot use the Calendar Connector as a free and busy switch between Notes and
GroupWise. Exchange does not support free and busy switches or queries from one
partner computer to another by using Exchange as a backbone. In addition, you cannot
use a partner computer as a backbone between two Exchange computers.
? You cannot configure multiple Calendar Connectors in a single administrative group that
connects to the same partner post office
Configure the GroupWise Connector on Exchange 2003
1. Start Exchange System Manager.
2. Open the properties of your Exchange 2000 organization.
3. Click Display routing groups and Display Administrative Groups.
4. Use the following path to locate the Connector for Novell GroupWise, and then open its
properties:
Administrative Groups\First Administrative Group\Routing Groups\First Routing
Group\Connectors
5. On the General tab, type the path for the API Gateway in the API Gateway Path box.
For example:
\\nwserver\sys\gwdomain\wpgate\api
6. Click Modify. Type the NetWare account and password used in GSNW in the NetWare
Account and Password fields.
7. Click the Address Space tab. Add a GWISE address type in the Address field, and then
click OK.
NOTE: You can use an asterisk (*) in the Address field as the address. This allows all
mail addressed to GroupWise users to be sent through this connector.
8. Click the Import Container tab, and then click Modify. Choose a container to import
the GroupWise directory entries into. These containers exist in Active Directory as
organizational units (OUs). You can create a specific OU for this within the Active
Directory Users and Computers MMC snap-in.
9. Click the Export Container tab, and then click Modify. Select the Users container as the
export container. Click Export Contacts and Export Groups if you want to export these
items to GroupWise.
10. Click the Dirsync Schedule tab. Configure the connector to run at a specified time.
11. Click OK to close the connector properties.

46.QUESTION NO: 46

You are the Exchange administrator for TestKing.
The network consists of a single Active Directory domain named testking.com.
The functional level of the domain is Microsoft Windows Server 2003.
The Exchange organization contains two servers that run Exchange Server 2003.
The servers are named Exch1 and BH1.
All mailboxes are located on Exch1.
BH1 is a bridgehead server and contains no mailboxes.
BH1 is configured with an SMTP connector for all TestKing Internet e-mail.
TestKing employees need to begin to communicate with employees at a separate company
named Contoso, Ltd.
The employees need to communicate by using e-mail during business hours.
Employees from TestKing and Contoso, Ltd., need to send each other attachments that
average 20 MB in size.
TestKing purchases a new leased line to Contoso, Ltd. Contoso, Ltd., used a UNIX-based email
system.
The relevant portion of the network is configured as shown in the following diagram.
You create aliases in your global address list (GAL) for the employees at Contoso, Ltd.
You need to ensure prompt delivery of all messages and attachments from TestKing to
Contoso, Ltd.
You do not want these attachments to delay delivery of other TestKing messages to the
Internet.
What should you do?

A. Configure a second SMTP virtual server. Create a dedicated SMTP connector that uses
this virtual server. Forward all mail going through this connector to 10.1.100.50. Add
testking.com as an address space on this connector.
B. Configure a second SMTP virtual server. Create a dedicated SMTP connector that uses
this virtual server. Forward all mail going through this connector to 10.1.100.50. Add
contoso.com as an address space on this connector.
C. Allow 10.1.100.50 as the only IP address to connect to the TestKing SMTP virtual server.
Create a dedicated SMTP connector that uses the existing virtual server. Forward all mail
going through this connector to 10.1.100.50. Add contoso.com as an address space on
this connector.
D. Configure the TestKing SMTP virtual server to forward all unresolved recipients to
10.1.100.50. Create a dedicated SMTP connector that uses the existing virtual server.
Forward all mail going through this connector to 10.1.100.50. Add contoso.com as an
address space on this connector.

Answer: B

Explanation:
We need to see the complete draw but B is a possible solution
We need to forward non Exchange mail recipients for *.contoso.com name space to the Unix
server. We can achieve that using a second connector in a second virtual smtp for *.contoso.com
on the bridgehead server because BH1 just is configured with an SMTP connector for all
TestKing Internet e-mail. We need to reroute *.contoso.com name space

47.QUESTION NO: 47

You are the Exchange administrator for TestKing.
The Exchange organization contains three servers that run Exchange Server 2003.
All users access e-mail by using Microsoft Outlook.
Last year there were 5,000 users at TestKing.
Over the past year, the number of users increased by 15 percent, to its current level of
5,750.
Response time for Outlook increased significantly as the number of users increased.
Currently, some users report that Outlook requires more than three minutes to open and
that each e-mail message requires an additional two minutes to open.
However, less than 10 percent of network bandwidth is in use.
Current projections indicate that the number of users will increase by 25 percent within
one year.
Management asks you whether upgrading the Exchange servers will prevent further
degradation in Outlook performance.
You need to gather additional data in order to reply.
Which data should you monitor?

A. Usage of processor, memory, and disk space on each Exchange server.
B. Usage of processor and memory on each global catalog server.
C. Length of the SMTP queue on each Exchange server.
D. Number of messages sent to recipients inside and outside the Exchange organization.

Answer: A

Explanation:
Usage counters on the Exchange server will be the best determination of load on the Exchange
server. Since the network usage is not a problem, the issue must lie in the hardware. The most
logical place for the problem will be in the Exchange server itself. In addition, Microsoft
recommends not having more than 5000 users on an Exchange server. This is a clear indication
that the server needs to be addressed.
Incorrect answers:
B: Viewing the Global Catalog server counters would be all but useless. While Exchange makes
use of the GC, there are many other items that rely on it as well. Monitoring the usage on that
server will tell very little about the Exchange environment.
C:The SMTP queue on each server is valuable in determining how long messages wait to be
delivered. A long queue is an indication that there is a network or hardware problem, but
monitoring it alone will not give information on server hardware statistics, and hence what
hardware may need to be purchased to upgrade the server.
D: The number of messages sent to recipients will have no bearing on the server hardware load
all by itself. It would require additional hardware counters to fully determine what is causing the
degradation. Even if the number of messages has drastically increased, if the server has enough
hardware to support it (this would only be determined by looking at the counters specified in
answer ?A?) then it?s not a problem for the server to handle the increased work load.
Minimal Set of Counters
The following counters are the minimal set of counters you should use to establish a baseline and
monitor overall server health. A description and recommended value are provided for each
counter. Use the recommended value for each counter to monitor performance.
Note There are many counters you can use to establish a baseline specific to your organization
and to monitor your Exchange 2000 server?s performance. See the ?Appendix? section later in
this document for a complete list of counters, with a description and recommended value for
each.
Table 3 Minimal Set of Counters
Counter Description Recommended Value
MSExchange IS
Mailbox\
Message Opens/sec
Message Opens/sec indicates the rate that
requests to open messages are submitted to the
Exchange store.
The value of this counter
is specific to your
organization. Use this
counter to establish a
baseline of normal server
performance.
MSExchangeIS
Mailbox\Folder
Opens/sec
Folder Opens/sec indicates the rate that requests
to open folders are submitted to the Exchange
store.
The value of this counter
is specific to your
organization. Use this
counter to establish a
baseline of normal server
performance.
MSExchangeIS
Mailbox\Local
Delivery Rate
Local Delivery Rate indicates the rate at which
messages are being delivered locally.
The value of this counter
is specific to your
organization. Use this
counter to establish a
baseline of normal server
performance.
MSExchangeIS\
RPC Operations
/sec
RPC Operations/sec indicates the rate that RPC
operations occur. This counter tells you how
many RPC requests are outstanding. If Outlook
is notifying users that it cannot contact their
Exchange server, it is likely that this counter
will show significant spikes.
The value of this counter
is will be specific to your
organization, but in
standard operation this
counter should remain at 0
on 4 processor machines.
Use this counter to
establish a baseline of
normal server
performance.
MSExchangeIS\RPC
Requests
RPC Requests indicates the number of client
requests that are currently being processed by
the Exchange store.
This counter should not
exceed 100. You should
also use this counter to
establish a baseline of
normal server
performance.
PhysicalDisk
(_Total)Disk
Transfers/sec
Disk Transfers/sec indicates the number of
completed read and write operations per
second. This counter measures disk utilization
and is expressed as a percentage. Values over
50 percent might indicate that the disk is
becoming a bottleneck.
This counter should
remain below 50 percent.
You should also use this
counter to establish a
baseline of normal server
performance.
Process
(store)\% Processor
Time
% Processor Time indicates the percentage of
time the processor is running non-idle threads.
You can use this counter to monitor the percent
each Exchange service is using the processor.
An average value that is
below 20 percent indicates
the server is unused or
services are down. An
average value that is
consistently above 75-80
percent indicates that the
server is overburdened.
Use this counter to
establish a baseline of
normal server
performance.
Processor
(_Total)\%
Processor Time
% Processor Time indicates the percentage of
time the processor is running non-idle threads.
You can use this counter to monitor the percent
each Exchange service is using the processor.
An average value that is
below 20 percent indicates
the server is underused or
services are down. An
average value that is
consistently above 75 to 80
percent indicates that the
server is overburdened and
you should consider
moving users to another
server. Use this counter to
establish a baseline of
normal server performance.
SMTP Server\
Local Queue
Length
Local Queue Length indicates the number of
messages in the local SMTP queue.
The value of this counter is
specific to your
organization. Use this
counter to establish a
baseline of normal server
performance.
SMTP Server\
Messages
Delivered/sec
Messages Delivered/sec indicates the rate that
messages are being delivered to local mailboxes.
The value of this counter is
specific to your
organization. Use this
counter to establish a
baseline of normal server
performance.
SMTP Server\
Messages
Received/sec
Messages Received/sec indicates the rate that
messages are being received.
The value of this counter is
specific to your
organization. Use this
counter to establish a
baseline of normal server
performance.
SMTP Server\
Messages Sent/sec
Messages Sent/sec indicates the rate that
messages are being sent.
The value of this counter is
specific to your
organization. Use this
counter to establish a
baseline of normal server
performance.
Reference
Troubleshooting Microsoft Exchange 2000 Server Performance
Microsoft Exchange 2000 Front-End Server and SMTP Gateway Hardware Scalability Guide

48.QUESTION NO: 48

TestKing operates two offices and has a single Exchange organization. You are the
Exchange administrator in the Los Angeles office. Another Exchange administrator is
responsible for the other office in Boston. Both Exchange administrators are members of a
mail-enabled universal group named ExchAdmins.
Each office contains five servers that run Exchange Server 2003. Each office is configured
as a separate routing group and a separate administrative group. One server in each office
is a bridgehead server for the routing group. The routing groups are connected by a
routing group connector.
You need to ensure that the Exchange administrators are notified whenever e-mail services
between the two offices are disrupted.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two)

A. Add a new resource to monitor the status of the SMTP queue on each bridgehead server.
Configure the new resource to reach a warning state if the SMTP queue continues to
grow for 10 minutes.
B. Add a new resource to monitor the status of the X.400 queue on each bridgehead server.
Configure the new resource to each a warning state if the X.400 queue continues to grow
for 10 minutes.
C. Add a new resource to monitor the status of the Microsoft Exchange Information Store
service on each bridgehead server. Configure the new resource to each a warning state
when the Microsoft Exchange Information Store service shuts down.
D. Configure one e-mail notification to monitor both bridgehead servers by using one
bridgehead server as the monitoring server. Configure the notification to send an e-mail
message to the ExchAdmins group when monitored items reach a warning state.
E. Configure one e-mail notification to monitor both bridgehead servers by using the
bridgehead server in your routing group as the monitoring server. Configure another email
notification to monitor both bridgehead servers by using the bridgehead server in the
other routing group as the monitoring server. Configure both notifications to send an email
message to the ExchAdmins group when monitored items reach a warning state.

Answer: A, E

Explanation:
A is correct. One of the steps should be to monitor the SMTP status on each bridgehead server.
A growing SMTP queue is an indicator that the connector has failed due to the fact that the
queue is the number of mail messages waiting to be delivered. If this queue continues to grow
for 10 minutes, then there is probably a problem in the link.
E is also correct. In order for the monitoring to correctly take place, a notification must be sent if
the warning state triggered in answer ?A? is reached. Simply monitoring the queue is not
enough. A message must be sent to notify the administrator of the problem. Note that the
warning must be set up on each server, since the connector?s being down would prevent one
administrator from receiving the message.
Incorrect answers:
B: Monitoring the X.400 queue would not make any difference since SMTP uses X.500 to
communicate. Furthermore, since there is no x.400 connector between the sites, it would never
register as being down to the x.400 queue.
C:If the connector fails, the Exchange Store will not shut down; it will simply store the
messages until the connector is restored. Therefore, this would not be a good event to monitor.
D:Using one bridgehead server as the monitoring server is not sufficient. If the disruption is
caused by a bridgehead server going down, and that is the server doing the monitoring, there
would be no notification sent. In short, there is a ?hole? in the coverage.
Monitoring Resources
You can monitor other resources using the Monitoring and Status tool. To do so, click Add on
the Monitoring tab and select the resources you want to monitor. These resources are monitored
to see if they pass two thresholds. Resources that pass the first threshold enter a "warning" state;
those that pass the second threshold enter a "critical" state.
Reference:
Exchange 2000 Chapter 4 - Enterprise Monitoring

49.QUESTION NO: 49

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain named testking.com. The Exchange organization contains two servers
named Exch1.testking.com and Exch2.testking.com. Both servers run Exchange Server
2003.
Users who have mailboxes on Exch1.testking.com report that their e-mail messages are not
being delivered to other users on the network. However, these users can open their
mailboxes and read the e-mail messages in their mailboxes. You discover that users who
have mailboxes on Exch2.testking.com can send e-mail messages to mailboxes on the same
server. However, e-mail messages sent to mailboxes on Exch1.testking.com are not
delivered. You open Queue Viewer on Exch2.testking.com. The queue information is shown
in the exhibit.
You need to ensure that all users can send and receive e-mail messages.
What should you do? (pictire)

A. Configure the SMTP virtual server on Exch1.testking.com to accept only authenticated
connections.
B. Start the SMTP service on Exch1.testking.com.
C. Configure a mail exchanger (MX) resource record for Exch1.testking.com on the DNS
server that is authoritative for testking.com.
D. Start the IMAP4 and POP3 services on Exch1.testking.com.

Answer: B

Explanation:
There are several clues: First, the error message stating that the remote server didn?t respond to a
connection request. Second is the fact that Exch2 is performing normally, but users can?t send to
Exch1. Third is the fact that no one in TestKing1 can send or receive messages. All these lead to
the fact that there is a problem on Exch1. Since all these problems are SMTP related, the logical
answer is to simply start the SMTP service.
Incorrect answers:
A: Configuring TestKing1 to only accept authenticated connections will not resolve the problem
here. Since there is an error message stating that the remote server did not respond to a
connection attempt, it is a safe assumption that there is something preventing connections. Since
servers all authenticate through Kerberos, the authentication method can not be the problem.
C: Configuring an MX record for Exch1 will not help. MX records are only useful for receiving
mail from outside the organization. Since users local to Exch1 can?t send or receive mail, adding
an MX record will not change anything.
D: Starting the IMAP and POP3 services will also accomplish nothing. All Exchange mail is
sent through SMTP. IMAP and POP3 have no participation in the transfer of mail from a server
to itself. Further, Unless a server is specifically set up for these services (not mentioned here) it
will not use it for server to server communications. Both of these facts disqualify this answer.
Troubleshooting: Review third-party programs that are installed or event sinks that can interfere
with message queuing or message fidelity. If the computer responds slowly, use Windows Task
Manager to determine processes that may use too many system resources. Restarting the Internet
Information Server service may provide temporary relief until you can determine the root cause
of the problem.
Reference: KB article 823489 - How to Use Queue Viewer to Troubleshoot Mail Flow Issues

50.QUESTION NO: 50

You are the Exchange administrator for TestKing. The company network consists of a
single Active Directory domain named testking.com that contains two domain controllers.
One domain controller is also a global catalog server. The Exchange organization contains
two Exchange Server 2003 computers names Exch1 and Exch2. All users send and receive
e-mail messages by using Microsoft Outlook.
Users who have mailboxes on Exch2 report that they cannot open their mailboxes.
However, users who have mailboxes on Exch1 can open their mailboxes and send e-mail
message to all users on the network. You open Queue Viewer on Exch2. The queue
information is shown in the exhibit.
You must ensure that users on Exch2 can send and receive e-mail messages.
What should you do? (picture)

A. Add a mail exchanger (MX) resource record for Exch2 to the DNS zone.
B. Start the IMAP4 and POP3 services on Exch2.
C. Configure Exch2 to use the global catalog server for all directory services access.
D. Mount the mailbox store on Exch2.

Answer: D

Explanation:
Mailbox store is not mounted. The local delivery queue shows a large number of messages
waiting to be delivered. There are very few possible answers. Either the SMTP service has
stopped, or the mailbox store is not mounted. In either event, the remedy is simple: Either start
the SMTP service, or mount the store. Since starting the SMTP service is not an option, the
answer must be to mount the mailbox store.
Incorrect answers:
A:Adding a mail exchange record is only useful for internet mail inbound to the Exchange
server. In this case however, the mail is all internal to the server. Therefore, this can not be the
answer.
B: Starting the IMAP and POP3 services will also accomplish nothing. All Exchange mail is
sent through SMTP. IMAP and POP3 have no participation in the transfer of mail from a server
to itself. Further, Unless a server is specifically set up for these services (not mentioned here) it
will not use it for server to server communications. Both of these facts disqualify this answer.
C:Configuring Exch2 as a global catalog server will not relieve the situation. The problem,
according to the exhibit, is in the local delivery queue. The Global Catalog will only be useful
when the server has to look to it to resolve a name. That is only done when the name is NOT
local to the Exchange Server. Since the local delivery queue has the problem and not any
external delivery queue, the Global Server can not help.

51.QUESTION NO: 51

You are the Exchange administrator for TestKing. The Exchange organization contains
five servers that run Exchange Server 2003. An Exchange server named TestKing3
functions as the public folder server. TestKing3 contains 1,000 mailboxes. Each of the other
four Exchange servers contains 2,000 mailboxes. TestKing3 is configured with eight
physical disks, as shown in the following table.
Physical disk Logical disk Disk contents Available space
Disk 0, Disk 1
(mirrored)
C System files 2 GB
Disk2 D Paging file 3 GB
Disk3, Disk 4
(mirrored)
E Transaction log
files
12 GB
Disks 5-7 (RAID 5) F Exchange
databases
10 GB
The public folder store on TestKing3 is currently 20 GB in size. It is growing at a rate of
100 MB per week.
The public folders on TestKing3 are frequently used by all users. Most messages in the
public folders include large attachments. Users frequently need to search for documents in
the public folders. Each search requires more than three minutes to complete. Most
searches are based on specific words. However, searches often fail to return all appropriate
documents.
You enable full-text indexing on the public folder store. You restore the index files on drive
E. Users now report that search results are more accurate, but each search still requires
more than three minutes.
You need to ensure that public folder searches are completed as quickly as possible. You
must minimize the impact on server performance for ordinary public folder and mailbox
usage.
What should you do?

A. Move the index files for the full-text index to drive D.
B. Move the index files for the full-text index to drive F.
C. Move the paging file to drive E.
D. Move the transaction log files to drive F.

Answer: B

Explanation:
There is no optimal answer here. The best answer is to add another drive, and move the searches
to that drive. Since that is not an option, moving the files to the fastest drive is the best answer.
RAID5 will give the best performance of all the options listed. Therefore, the best answer is to
move the index files to drive F.
Incorrect Answers:
A: Moving the index files to drive D would seriously degrade performance, as it is a single drive
and already contains the OS?s paging file. In addition, the drive is not big enough, as MS states
that the full text indexing will take approximately 10% of the original store?s size. Since the
store is 20GB, the index will take 2GB. This maxes out the drive. The first time it grows (in a
week) the index drive will be out of space. Therefore, this is not the best answer.
C: Moving the paging file to E is not the best answer since doing that will degrade the overall
server performance. MS recommends having the paging file on its own drive. By placing the
page file and the transaction logs on the same drive, the paging file will become fragmented, and
will cause the server to slow down. This performance degradation will affect the entire server.
D: Moving the transaction log files to drive F will degrade the performance of the mailbox store.
This is due to the constant writing that the transaction log will incur. This will be a bigger
performance hit than the option of moving the index to F. The index will not be writing
constantly. The log files will be. Read operations are much faster than writes.

52.QUESTION NO: 52

You are the Exchange administrator for TestKing. The Exchange organization contains
five servers that run Exchange Server 2003. There are 1,200 users at TestKing.
An Exchange server named OWA1 is configured as a front-end server running Microsoft
Outlook Web Access. OWA1 requires SSL for all client connections. A pilot group of users
currently uses Outlook Web Access to send and receive e-mail messages. Over the next two
months, you plan to make Outlook Web Access incrementally available to all users.
You need to collect server performance data on OWA1. You will use the data to forecast
when you might need to upgrade the hardware on OWA1.
What should you do?

A. Use System Monitor to monitor the Exchange store.
B. Use Task Manager to monitor network utilization.
C. Use Exchange System Manager to configure an e-mail notification that will send you an
e-mail message whenever CPU usage exceeds 80 percent for five minutes.
D. Use Performance Logs and Alerts to configure a counter log to monitor CPU and
memory usage.
E. Use Performance Logs and Alerts to configure an alert that will log an entry in the
application event log whenever memory usage exceeds 80 percent of available memory.

Answer: D

Explanation:
The only answer that allows for the LOGGING of data is choice D. The question specifically
states that you need to collect data and forecast when a hardware upgrade may be needed. In
order to do that, any data collected must be logged.
Incorrect answers:
A: Monitoring the Exchange Store will not give the necessary logging of information. All that
can be done is looking at the current data. Trends can not be spotted, and this data can not be
presented to anyone to forecast what may happen.
B: Incorrect for the same reason as ?A?. Namely, this option does not log anything? Only
monitors.
C: Sending an email notification can?t be used to forecast trends unless each and every email is
kept for comparison purposes. While this can be done, there is no mention of doing this in the
question, and is not the optimal solution.
E: Placing an event in the event log is a good idea, and can help in determining a necessity for an
upgrade. However, memory usage is only one counter that could indicate a need for a hardware
upgrade. If the CPU is overworked, for example, there will be no entry in the log to reflect this,
but there would still be a need for a faster processor. Since there is a ?hole? in this answer, it is
not the best answer.

53.QUESTION NO: 53

You are the Exchange administrator for TestKing. TestKing operates two offices; one in
London and one in Leipzig. The Exchange organization contains eight servers that run
Exchange Server 2003. Each office contains four Exchange servers. Each office is
configured as a routing group. The routing groups are connected by a routing group
connector.
In each office, one Exchange server is configured as a bridgehead server. Each bridgehead
server is configured with two SMTP virtual servers. One SMTP virtual server is configured
as the bridgehead server for the SMTP connector for e-mail messages sent to and from the
Internet. The other SMTP virtual server is configured as the bridgehead server for the
routing group connector.
You need to ascertain the number and size of e-mail messages sent between the two offices,
and to and from the Internet, every day. You need to specify the number of messages sent,
the total size of messages sent, and the appropriate queue length on each server. You will
use this data to plan for future growth.
How should you modify each bridgehead server?

A. Configure a counter log to monitor both SMTP virtual servers.
B. Configure a counter log to track all messages sent by Microsoft Exchange MTA Stacks
service.
C. Configure SMTP logging on both SMTP virtual servers.
D. Configure SMTP logging on the SMTP virtual server that sends and receives e-mail
messages to and from the Internet. Configure a counter log to track all messages sent
between routing groups by the Microsoft Exchange MTA Stacks service.

Answer: D

Explanation:
Looking at the figures below, configuring logging on the SMTP virtual servers will accomplish
the necessary tasks. Clicking the Advanced tab under Logging Properties will allow the
configuration of the counters needed.
Incorrect answers:
A: Configuring a counter log to monitor both SMTP servers is incorrect because it is vague. No
mention of what counters are needed or where to do the logging is stated. In addition, it is
unclear what is meant by ?monitoring the servers?. Do they mean the physical servers? SMTP
virtual servers? This is not the best answer.
B:The MTA stacks service will not help here. They can not log items daily for review. The
MTA Stacks service is only used for compatibility between Exchange 5.5 and Exchange 200x
servers. Since there are no Exchange 5.5 servers here, this counter is not needed.
D: This answer is incorrect for the same reason ?B? is incorrect. The MTA stacks service will
not send messages between routing groups. SMTP will do that. Therefore, those performance
monitors will always read next to zero.

54.QUESTION NO: 54

You are the Exchange administrator for TestKing. The Exchange organization contains
three servers that run Exchange Server 2003. All users send and receive e-mail messages by
using Microsoft Outlook.
One Exchange server is configured as a bridgehead server for Internet e-mail. The other
two servers are configured as mailbox servers. Each mailbox server contains one storage
group that contains one public store and two mailbox stores. Each mailbox server has two
CPUs and 1 GB of RAM.
Users report that Outlook requires more than one minute to open. Each e-mail message
requires more than two minutes to send or open. You monitor the mailbox servers and
discover that the primary bottleneck is insufficient RAM. You add an additional 1 GB of
RAM to each mailbox server. Users report no change in the performance of Outlook.
You need to modify each mailbox server to maximize its performance.
What should you do?

A. Add the switch that enables physical address extensions to the Boot.ini file.
B. Add the switch that increases user mode memory usage to the Boot.ini file.
C. Add an additional physical disk and move the paging file to the new disk.
D. Create an additional mailbox store and move half of the existing mailboxes to the new
mailbox store.

Answer: B

If you have more than 1 gigabyte (GB) of physical memory installed on a server that is running
Exchange Server 2003, you must make sure that Exchange Server 2003 can make efficient use of
that memory.
If you are running Exchange Server 2003 on a Windows Server 2003-based computer, and if the
/3GB switch is set, Microsoft recommends that you set the /USERVA=3030 parameter in the
Boot.ini file. This configuration option increases the virtual address space.
Incorrect answers:
A: The /PAE switch lets developers perform similar testing of device drivers by forwarding 64-
bit addresses to kernel-mode components. This feature is known as Physical Address Extension
(PAE), and it may not work on all chip sets.
C: Adding a hard drive will not resolve the problem. In this case, the problem is coming from an
incorrect memory configuration. (This is evidenced in the statement regarding the source of the
bottleneck.)
D:This answer does not relate, as front-end servers do not have mailboxes configured on them.

55.QUESTION NO: 55

You are the Exchange administrator for TestKing. The main office has 5,700 users. A total
of 1,500 users work in 70 different branch offices. All branch offices are connected to the
main office by WAN connections.
The Exchange organization contains four servers that run Exchange Server 2003. Each
Exchange server contains 1,800 mailboxes. All Exchange severs are located in the main
office and are configured as Microsoft Outlook Web Access servers. Only SSL connections
are accepted for Outlook Web Access.
Branch office users connect to the Exchange servers by using Outlook Web Access. They
report unacceptably slow response times when they access the servers. You use System
Monitor on one Exchange server to collect the performance data shown in the exhibit.
You need to optimize the performance of Outlook Web Access for branch office users.
What should you do?

A. Install additional RAM on each Exchange server.
B. Install additional physical disk on each Exchange server. Move the paging file to the new
disk.
C. Install an additional Exchange Server 2003 computer. Configure the new server for SSL
and configure it as a front-end server. Instruct all branch office users to use the new
server for Outlook Web Access.
D. Install an additional Exchange Server 2003 computer. Move all mailboxes for branch
office users to the new server. Configure the new server for SSL. Instruct all branch
office users to use the new server for Outlook Web Access. (picture)

Answer: C

Explanation:
The need for a second server for SSL would come if the processor usage is high. Since the
processor is almost maxed out (98%), there is an indication that a second server (or a second
processor) would be needed to offload the SSL work.
Incorrect answers:
A:Looking at the performance counters, it is apparent that the number of pages per second is
high (412.980). The article referenced below states that Exchange makes heavy use of the paging
file, and a high number of pages in and of itself does not indicate a performance issue.
Therefore, this counter MUST NOT be used alone in determining problems. For this reason, this
is not the best answer.
B: Adding a physical disk will not help much. The percent disk time is relatively low (34%), so
the workload on the hard drives is minimal
D: If the mailboxes are moved to the new server, some of the load will be shifted. This is true.
However, there are two problems with this solution:
Firstly, there is a lot of administrative effort involved. To move the mailboxes to a new server,
have all the remote clients point to the new server, and configure the firewalls to allow for the
new server would require a lot of effort. Secondly, this is not MS recommended practice.
Microsoft recommends that when remote users connect to an organization, a front-end server be
in place to handle all remote connections, and then connect to a back-end server.
Reference:
Exchange Server 2000 Server Operations Guide, Section 4 ? Performance Monitoring
http://www.microsoft.com/technet/prodtechnol/exchange/2000/maintain/e2kops4.mspx .

56.QUESTION NO: 56

You are the Exchange administrator for TestKing. The Exchange organization contains 12
Exchange servers with a single administrative group. All exchange servers run Exchange
Server 2003. Each Exchange server contains four mailbox stores.
The written company e-mail policy specified a maximum amount of e-mail storage that
each user is allowed to use.
You need to ensure that the e-mail storage restrictions are consistently applied on all
Exchange mailbox stores in the organization. You need to achieve this goal by using the
minimum amount of administrative effort.
What should you do?

A. Apply global message delivery options that define maximum message sizes.
B. Define mailbox store size limits for each mailbox store on all Exchange servers.
C. Configure a Mailbox Manager recipient policy that applies to all users in the
organization.
D. Create a mailbox store policy that defines storage limits. Apply the policy to all mailbox
stores.

Answer: D

Explanation:
A mailbox storage policy would require the least amount of effort, as the policy would only have
to be applied to each store, and only done one time for each user. In addition, the configuration
changes needed (maximum email storage) is a configurable policy.
Incorrect answers:
A: Global message delivery options can not define size limits for individual mailboxes. It can
define how large messages can be before they are sent, but this does not apply to the total
mailbox size for any particular user. For this reason, this answer is incorrect.
B: Defining mailbox store limits would work, but violates the requirement that the procedure be
done with the minimum amount of administrative effort. This process would require touching
every Exchange mailbox on all 12 servers. This is obviously not a good use of the Exchange
Admin?s time.
C: A mailbox recipient policy defines things like individual message size limits and what
domains inbound mail is accepted from, and how outbound mail is sent. While a recipient policy
can be designed to do what is asked in the question, the scope is limited, and can not take into
account where in the user?s mailbox mail is stored. In other words, the policy would have to be
very carefully defined, users would have to store their mail in a very specific way, and any
deviation from this would cause administrator problems. For this reason, this is not the best
answer.
Reference: Microsoft Exchange Server 2003 Help file -> Defining Policies
Exchange Server 2003 Admin guide:
http://www.microsoft.com/downloads/details.aspx?familyid=98e45481-1458-4809-97d6-
50d8aeebd8a1&displaylang=en

57.QUESTION NO: 57

You are the Exchange administrator for TestKing. Exchange Server 2003 runs on a
Microsoft Windows Server 2003 member server named Server2. The server is a quadprocessor,
2.2GHz computer with 4 GB of RAM and RAID-5 disk array that has 550 GB of
disk storage. All Exchange binary files, log files, and database files are located on drive C.
During the peak-usage times, the server supports 1,600 active Microsoft Outlook 2002
users. The Outlook 2002 client computers are configured as MAPI clients.
Users report that Outlook often takes 10 seconds or more to send a message that are 1 K or
less in size. You run System Monitor logging for three hours during the time users report
performance problems. You record a log file and display the results in the following report.
You need to improve Outlook response time for sending messages as much as possible.
What should you do?

A. Add 2 GB of additional RAM to Server2.
B. Increase the size of the TCP sliding window.
C. Move the transaction log files to a new physical hard disk.
D. Set the processor affinity for the Microsoft Exchange Information Store service to the
fourth processor. (Picture)

Answer: C

Explanation: The percent Disk Time is an indicator of the amount of time the hard disk is
queuing items. A high number is an indication that the hard drive subsystem is being
overworked. The only choice to alleviate disk slow downs is choice ?C?.
Incorrect answers:
A:Adding RAM would lessen the stress on the Memory subsystem. Looking at the exhibit, the
available memory is still 1874MB, which is ample for running Exchange Server.
B: Increasing the size of the TCP sliding window is used to improve network communications.
Since the output queue length is one, manipulating the TCP/IP settings in any way is not
necessary.
D:Setting the processor affinity would put more emphasis on one processor over another. Since
the processor time is relatively low (anything under 80% is acceptable), this is not an issue.

58.QUESTION NO: 58

You are the Exchange administrator for TestKing. Exchange Server 2003 runs on a
Microsoft Windows Server 2003 member server. The Exchange server contains two
mailbox stores. All user accounts are located in the Accounts organizational unit (OU).
An e-mail virus infects all mailboxes on both mailbox stores. You create a non
administrative user that needs to be able to use the Exmerge utility. This user does not have
the necessary permissions to open other user's mailboxes.
You need to assign this user permission to open all users' mailboxes to extract the virus.
What should you do?

A. Assign the user Full Control permissions to the Accounts OU.
B. Assign the user Send As and Receive As permissions to administrative group.
C. Add the user to the Exchange Domain Servers group.
D. Add the user to the Enterprise Admins global group and to the Exchange server's local
Administrators group.

Answer: B

Explanation:
No matter what account is used to do an ExMerge, the merge will fail if the user does not have
Send As AND Receive As permissions on the store. According to the KB article referenced
below: ?? behavior occurs because the account you are logged on as does not have Receive As
and Send As permissions to the mailboxes on which ExMerge is exporting and importing
messages. Even the Full Exchange administrator account does not have Receive As and Send As
permissions by default.?
Tricky question,
According to articles 262054 and Exmerge documentation the only permission that you need is receive as
but according to article 322312 you will get following error
Error opening message store (MSEMS). Verify that the Microsoft Exchange Information Store service is
running and that you have the correct permissions to log on. (0x8004011d)
Because you need also the send as permission
IMPORTANT: Security Tab Not Available on All Objects in System Manager
In Exchange System Manager, the Security tab is displayed in an object's properties.
However by default, the Security tab is displayed only on the following objects:
? Address Lists
? Global Address Lists
? Databases (Mailbox stores and Public Folder stores)
? Top Level Public Folder Hierarchy
To display the Security tab on all objects, you must add the following registry key.
1. Start Registry Editor (Regedt32.exe).
2. Locate the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Exchange\ExAdmin
3. On the Edit menu, click Add Value, and then add the following registry value:
Value Name: ShowSecurityPage
Data Type: REG_DWORD
Value: 1
To give access to all necessary mail you can follow Method 1 or method two, because MS thumb
rule use less administrative effort, best way is use method two, in this case valid answer is C
How to Assign Service Account Access to All Mailboxes in Exchange Server 2003 (821897)
For a Microsoft Exchange 2000 Server version of this article, see XADM: How to Get Service Account Access to
All Mailboxes in Exchange 2000 (262054)
SUMMARY
This article discusses how to grant permissions to all mailboxes. Granting access to all mailboxes can be useful
when you are completing tasks such as offline recovery.
MORE INFORMATION
In Microsoft Exchange Server 5.5, when you grant Service Account Admin access rights on the Site container to a
Microsoft Windows-based account, you grant that account unrestricted access to all mailboxes. In Microsoft
Exchange 2000 Server and Exchange Server 2003, there is no service account, and even accounts with
Enterprise Administrators rights are denied rights to gain access to all mailboxes.
If your logon account is the Administrator account or is a member of the Domain Admins or Enterprise Admins
groups, then you are explicitly denied access to all mailboxes other than your own, even if you otherwise have full
administrative rights over the Exchange system. All Exchange Server 2003 administrative tasks can be performed
without having to grant an administrator sufficient rights to read other people's mail.
Method One
If you are not the Administrator, or if you are not a member of the Domain Admins or the Enterprise Admins
groups, you can add your account to the Exchange Domain Servers group. After you do this, you are
permitted full access to all mailboxes on servers in the domain.
Note To use Method 1, the Exchange Domain Servers group must have the Receive As right.
Method Two
You can grant Windows 2000 or Windows Server 2003 administrators rights to all the mailboxes in the whole
organization by changing the permissions on the organization object at the top of the Exchange System
Manager tree. If you do not want to grant such blanket access, you can use the instructions that are provided in the
"Method Three" section of this article to grant access only to individual databases.
The explicit denial of rights to administrators is set on the organization object by denying Receive As and Send As
rights. You can clear these denials for accounts that you want to have full access. Note that if the account
belongs to an administrator group, the account will still not be able to gain access to mailboxes, because the denial
to the group will take precedence over the grant of permission to the individual account.
Note To change the security on the organization object, you must force the display of the Security tab in Exchange
System Administrator. Warning If you use Registry Editor incorrectly, you may cause serious problems that may
require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result
from using Registry Editor incorrectly. Use Registry Editor at your own risk. To force the display of the Security
tab, follow these steps:
1. Click Start and then click Run.
2. In the Open box, type regedit, and then press ENTER.
3. In Registry Editor, locate the following subkey in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Exchange\EXAdmin
4. On the Edit menu, point to New, and then click DWORD Value.
5. Type ShowSecurityPage, and then press ENTER.
6. Press ENTER.
7. In the Edit DWORD Value dialog box, type 1 in the Value data box, and then click OK.
8. Quit Registry Editor.
Method Three
To grant your administrative account access through Exchange System Manager to all mailboxes in a single
database regardless of inherited explicit denials:
1. Start Exchange System Manager, and then locate the database you want to have full mailbox access to.
2. Open the properties of this object, and then click the Security tab.
If you do not see the Security tab, see the steps for enabling the Security tab that are provided
3. Grant your account full explicit permissions on the object, including Receive As and Send As permissions.
After you have made this change, you may still see unavailable Deny and Allow permissions assigned to your
account. The unavailable permissions indicate that by inheritance you have been denied permission, but that you
have inherited permissions at this level. In the Windows permissions model, explicitly granted permissions override
inherited permissions. Note that an explicit Allow at a lower level permission overrides an explicit Deny from a
higher level permission only on the single object where the override is set, not on that object's child objects. This
prevents you from granting yourself permissions on a server to gain access to each database; you must grant
permissions on databases individually.
After you change permissions, you may have to log off and log back on. Microsoft also recommends that you stop
and restart all Exchange services. If you have multiple domain controllers in the forest, you may also have to wait
for directory replication to complete.
Microsoft Exchange Mailbox Merge Program
In order for this program to successfully work against an Exchange 5.5 Server, the user must be logged into
Windows 2000 with the Microsoft Exchange Service Account or have Service Account Admin privilege at the
Organization, Site and Configuration levels of the Microsoft Exchange Directory.
Important: On Exchange 2000 Server, the user must be logged into an account that has rights to access all the
selected mailboxes. The user must have at least ?Receive As? rights on each Mailbox Store that the program will be
operating against.
For more information, please see Knowledge Base Article:
Incorrect answers:
A: Full permissions to the Accounts OU will not work, as these are NTFS permissions, and what
is needed are Exchange permissions.
C: Adding the user to the Exchange Domain Servers group will not work due to the fact that
there is no such group.
D:Adding the users to the groups listed in this answer will not work because neither the
Enterprise Admins group nor the local admin groups are going to have Send As and Receive As
permissions on the mailbox store.
Reference: KB article 273642: ExMerge Does Not Work Unless You Have Receive As and
Send As Permissions on the Store

59.QUESTION NO: 59

You are the Exchange administrator for TestKing. Exchange Server 2003 runs on two
Microsoft Windows Server 2003 computers. Each Exchange server contains one mailbox
store.
Written TestKing policy states that a copy of each e-mail message that is sent and received
by every user in the auditing department must be kept for five years.
You need to ensure that only the auditing department e-mail meets this requirement.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two)

A. Configure the auditing department's mailbox store to archive all e-mail messages.
B. Create an additional mailbox store and move all auditing department mailboxes to that
mailbox store.
C. Create a recipient policy that manages mail retention for all users in the auditing
department.
D. Create a recipient policy that manages the auditing department's mailbox store and does
not purge the users' Inbox folder or Sent Items folder for five years.

Answer: B, D

The official name of this feature is ?Message Journaling?, which is explained in KB261173

60.QUESTION NO: 60

You are the Exchange administrator for TestKing. The network currently consists of a
two-node Exchange Server 2003 active/passive cluster. Three hundred HTTP client
computers connect to the Exchange servers by using SSL.
Users report that the response time of their Microsoft Outlook Web Access screen
refreshed is unacceptably slow. You add two more servers to the existing Exchange
environment.
You need to ensure that your HTTP client computers have redundancy and acceptable
client response times.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two)

A. Join the new servers to the existing cluster.
B. Select the option to configure the new servers as front-end servers.
C. Configure the new servers so that they use Network Load Balancing.
D. Create an Exchange System Attendant cluster resource for each front-end server on the
existing cluster.

Answer: B,C

By configuring Exchange front end servers they will deal with the over CPU stress caused
by the HTPS access.
Using a front-end Exchange server to proxy incoming client requests increases the fault tolerance
and load balancing capability of your topology, as compared with allowing clients to access the
back-end servers directly.
They will use a unique point to access to a mail.corp.net, resource this MX registry will point to
from one to 32 font end exchange servers,
Incorrect Answers:
A: Joining the servers to the existing cluster would resolve the problem, as processing power is
disturbed among three servers as opposed to one. (Remember that one server in active/passive is
unused.) However, if this were done, it would not conform to Microsoft Best Practices. In
addition, there would be no second answer, and as the question specifically calls for two
answers, this answer can not be correct.
D: Creating an Exchange System Attendant cluster resource for each front end server is not a
valid answer since the existing cluster is not set up as a front end server. (This is a given since
the company is receiving email, and email is not housed on front end servers.)

61.QUESTION NO: 61

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain named testking.com.
The network contains an Exchange Server 2003 active/passive server cluster that contains
nodes named Exchange1 and Exchange2. The NetBIOS name of the cluster is Cluster1. The
cluster contains one Exchange Virtual Server (EVS) named EVS1.
The configuration of the cluster is shown in the following table.
Name Fully qualified domain name
Exchange1 Exchange1.testking.com
Exchange2 Exchange2.testking.com
CLUSTER1 CLUSTER1.testking.com
EVS1 EVS1.testking.com
Users attempt to connect to Exchange1.testking.com by HTTP, but fail.
You need to ensure that users can connect to their e-mail servers by using Microsoft
Outlook Web Access.
What should you do?

A. Create an HTTP virtual Web site for Exchange1.testking.com.
B. Create an HTTP virtual Web site for CLUSTER1.testking.com.
C. Instruct users to connect to CLUSTER1.testking.com.
D. Instruct users to connect to EVS1.testking.com

Answer: D

Explanation:
The client should use a NetBIOS name for connect to cluster. The NetBIOS name is the only
name that will be understood outside of the cluster set. What is not stated in the question is that
when a cluster configuration is implemented, a NetBIOS name for the Exchange Virtual Server
is also created. This is the NetBIOS name that must be used for connections.
Incorrect answers:
A:Creating an HTTP virtual web site is unnecessary. Users should be able to connect to the
default virtual site and make the connection.
B: Incorrect for the same reason as ?A?. Users need to connect to the cluster, not to the cluster
resource name. The name cluster1.testking.com is the internal name; not an external one.
C: The clients must connect to the Exchange Virtual Server. When the EVS is created, it is
given a NetBIOS name and static IP. This is what is used to make the connection. The cluster
name sits on top of all of this, but is not used for connections. It manages resources for the
cluster, but does not service clients for Exchange directly.

62.QUESTION NO: 62

You are the Exchange administrator for TestKing. The network contains a single Active
Directory domain named testking.com. The functional level of the domain is Windows
Server 2003.
The network is configured in a two-node Exchange Server 2003 cluster. The cluster nodes
are named Exchange1 and Exchange2. The cluster includes a single Exchange Virtual
Server (EVS) named Exch1. All mailboxes are on Exch1. The cluster node receives its IP
addresses from a DHCP server. The Exchange1 node is the preferred owner of Exch1.
Users report that they cannot access the Exchange server. You open Cluster Administrator.
You notice that all the cluster resources in the Exchange cluster group are offline except
for the disk resources. You attempt to bring the Exch1 cluster group online, but the
attempt fails and you receive the following error message: "This IP address is already in
use".
You need to bring the Exch1 cluster group back online and ensure that it remains
accessible.
What should you do?

A. Run the ipconfig /registerDNS command from one of the cluster nodes.
B. Run the ipconfig /release command and then run the ipconfig /renew command from
one of the cluster nodes.
C. Change the IP address of the cluster IP address resource to a fixed IP address that is
reserve for the cluster node.
D. In Cluster Administrator, create a new cluster group. Move the existing Exch1 resources
to this new cluster group. Configure the cluster IP address resource with a reserved
DHCP address.

Answer: C

Explanation:
Cluster servers require a static IP address to function correctly. The DHCP server attempted to
renew the address on the inactive node and failed, then released the address to another client.
When the node then needed the address, it was not available even though the node was using it.
This resulted in the problem noted in the question. To permanently resolve this issue, use a static
IP address.
Incorrect answers:
A: Running the Registerdns command will attempt to register the server?s address with DNS.
However, since the address is in use, the command will fail, and the problem will still exist.
B: Releasing and renewing the address will resolve the problem. However, this is not the best
answer since some time in the future, the problem will reoccur as the situation described in the
explanation happens again.
D: Creating a new cluster group is not required. Although creating the cluster IP address with a
reserved address will work, it is much more work than is required to resolve the problem.
Therefore, this is not the best answer.

63.QUESTION NO: 63

You are the Exchange administrator for TestKing. The network contains an active/passive
Exchange Server 2003 cluster that contains two nodes named Exchange1 and Exchange2.
The cluster contains an Exchange Virtual Server (EVS) named Exch1. Exch1 contains two
storage groups named SG1 and SG2. Each storage group contains two mailbox stores.
The written company policy states that the most current data must be restored in the in the
event of a database restore. Exch1 stores its transaction log files and databases on a Storage
Area network. The relevant Storage Area Network disks, Disk 1, Disk 2, and Disk3, are
configured as shown in the exhibit.
A RAID-protected array is dedicated for the mailbox stores. The array that contains the
mailbox stores uses 37 GB of disk space on drive G. There are 30 GB of available disk
space on drive G. A mirrored pair of disks is dedicated for the transaction log files. The
transaction log files routinely use approximately 8 GB of disk space on drive F before
nightly backups are performed.
You need to ensure that there is sufficient space for the transaction log files and that highly
availability is maintained.
What are two possible ways to achieve this goal? (Each correct answer presents a complete
solution. Choose two)

A. Create a partition on Disk 2 and format it as drive H. Add this disk as a cluster resource.
Move the transaction log files for SG2 to drive H.
B. Create a partition on Disk 2 and format it as a volume mount point to drive F. Add this
disk as a cluster resource. Place the transaction log files for SG2 on this mount point.
C. Create a partition on Disk 2 and format it has drive H. Add this disk as a cluster resource.
Move the transaction log files for SG2 to drive E. Move the database files for SG2 to
drive H.
D. Create a partition on Disk 2 and format it as a volume mount point to drive E. Add this
disk as a cluster resource. Place the transaction log files for SG2 on this mount point.

Answer: A,B

Explanation:
There are two groups: SG1 and SG2. Both groups use a total of 8 GB of disk space. If we create another
disk in disk2 and move to the new disk the transaction logs of SG2, this means
4GB in each disk until backup is performed
If we need to backup do a restore we need to replay the logs
? The database gets copied to its original location (ESE checks the Restore.env file for this
information) and the log files from tape get copied to the temporary folder specified
during the restore operation ("Log Path" box).
? The ESE instance used for the restore process replays these log files to the database (this
only happens if you click to select the Last Backup Set check box during the restore
operation), then checks the ESE instance running against the storage group to determine
which production log files it needs to replay next.
? Before starting the replay process, ESE checks the log file sequence and warns you if a
log is missing (or doesn't match the logs from the backup set). In this case, ESE only
replays the logs from tape and brings the database to a consistent state.
Incorrect answers:
B: The question states that the transaction logs currently exist on a mirrored volume. Therefore,
it is impossible to add the volume as a mount point to drive F, as that would destroy the mirror
set, and thereby remove the high availability requirement.
C: Moving the 30GB database files to the 8.47GB drive is simply not an option. Additionally,
moving the 8GB of transaction logs to the volume that is only 4GB won?t work, either.


64.QUESTION NO: 64

You are the Exchange administrator for TestKing. The Exchange organization contains a
single Exchange Server 2003 computer named TestKing1. TestKing1 contains a single
storage group that has two mailbox stores.
Occasionally, a user deletes a message and later wants the message to be restored. The
written company policy allows users to retrieve deleted messages for 30 days after they are
deleted.
TestKing1 connects to a Storage Area Network where the mailbox store databases and
transaction log files are stored. Currently, 80 GB of disk space is available to Exchange on
the Storage Area Network.
You need to ensure that users can retrieve deleted messages according to company
requirements. You need to achieve this goal by using the minimum amount of
administrative effort.
What should you do?

A. Create a daily shadow copy of the mailbox store databases.
B. Perform incremental backups of the mailbox store databases Monday through Saturday.
Perform a full backup of the mailbox store databases Sunday night. Place all the mailbox
store database backups on the Storage Area Network.
C. Create a mailbox store policy and select the option to keep deleted messages for 30 days.
Add each mailbox store database to this policy.
D. Create a recipient policy and select 30 days as the age to process deleted items for all
message sizes for all users.

Answer: C

Explanation:
Creating a mailbox store policy is the simplest administration method. It can be applied to
multiple stores with minimal intervention. In addition, setting the deleted item retention option
is an available option within this policy.
Incorrect answers:
A: Creating a daily shadow copy will work, but it will take more effort, and require a great deal
of storage space. While this is a viable answer, it is not the best answer.
B: Performing backups of any type require a lot of manual intervention. This violates the
requirement of using the least administrative effort.
D: Recipient policies do not allow for the retention of deleted items. This is a mailbox storage
policy. Therefore, this answer is not correct.


65.QUESTION NO: 65

You are the Exchange administrator for TestKing. The network contains a single Exchange
Server 2003 computer. The Exchange server contains one storage group and one mailbox
store.
Full backups of the mailbox store and transaction log files are performed every night.
After the mailbox store is restored from tape, users report that some of their e-mail
messages are not restored. You discover that the storage group is configured as shown in
the exhibit.
You need to ensure that after you restore the mailbox store, users have all of the most
current data.
What should you do?

A. Zero out deleted database pages after you perform a restore operation.
B. Disable circular logging before you perform a backup.
C. Perform only shadow copy backups and shadow copy restore operations.
D. Create a mailbox store policy. Select the option to keep deleted messages for 30 days.
Add the mailbox store to this policy.

Answer: B

Explanation:
Circular logging is used to minimize the amount of storage space required for log files. The
issue with this however, is that in the event of a restore, only the database is restored. Since all
the log files are not available, no transactions still in the logs at the time of the last backup will
be restored.
Incorrect answers:
A: Zeroing out the database pages is a method of assuring that data can NOT be recovered. It is
done for security purposes. This is the exact opposite of what needs to take place.
C: Performing shadow copy backups and restores is not sufficient, as the data is sensitive to the
time of the last backup. Running the backup continuously is not an option. Therefore, there is a
high likelihood that some data will be lost between the last backup and the time of the problem
that causes the need for recovery.
D: Setting a deleted item retention policy will not resolve the issue. The problem stems from the
fact that at any time, there are transactions waiting to be written from the transaction log to the
database. The messages that would not be restored in the event of a recovery are not the deleted
items, but instead the items in the transaction logs that have not been written to the database.
Note:
HOW TO: Turn On or Turn Off Circular Logging in Exchange 2003 Server
Circular logging allows Exchange Server to overwrite transaction log files after the data that the
log files contain has been committed to the database. However, if circular logging is enabled,
you can recover Exchange Server data only up until the last full backup.
Turn On or Turn Off Circular Logging
Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.
Expand Server, right-click the storage group that you want to change, and then click Properties.
In the Properties dialog box, click to select or clear the Enable Circular Logging check box to
turn circular logging on or off.
Click OK.
Microsoft Knowledge Base Article ? 314605

66.QUESTION NO: 66

You are the Exchange administrator for TestKing. TestKing hosts Exchange e-mail for
other companies.
The service level agreement (SLA) for a customer named Trey Research states that failed
Exchange mailbox stores must be online again in one hour or less. The SLA also states that
all e-mail data must be retained for one year.
Trey Research uses two mailbox stores named MBX01, and MBX02. Both mailbox stores
reside on a Storage Area Network. MBX01 is 25 GB in size and MBX02 is 22 GB in size.
There is 153 GB of available disk space on the Storage Area Network for Trey Research
data. You can back up or restore Trey Research mail at a rate of 12 GB per hour.
You need to ensure that you can meet the SLA requirements for the Trey Research
mailbox stores.
What should you do?

A. Every night, perform full backups to tape and archive them. Then perform a shadow copy
backup to the Storage Area Network.
B. Perform full backups to tape on Saturday night and archive them. Perform differential
backups to tape every Sunday through Friday night.
C. Perform full backups to tape on Saturday night and archive them. Perform differential
backups to tape every Sunday through Friday night.
D. Perform full backups to tape on Saturday night and archive them. Perform incremental
backups to tape every Sunday through Friday night.

Answer: A

They told us there is 153 GB of available disk space on the Storage Area Network for Trey
Research data. By default, when you perform a backup in Windows Server 2003, the volume shadow
copy method is used to create the backup. Shadow Copies and full backups made every night and
archived would allow us to meet the SLA requirements.
Restore process using shadow copy
1. The backup program (or agent) runs a scheduled job.
2. The Volume Shadow Copy service requestor in the backup program sends a command to the
Volume Shadow Copy service to take a shadow copy of the selected Exchange 2003 storage
groups.
3. Volume Shadow Copy service communicates with the Exchange 2003 writer to pause new
transactions, to finish current transactions, and to flush all the cached data to disk.
4. Volume Shadow Copy service communicates with the appropriate storage provider to create a
shadow copy of the storage volume or the storage volumes that contain the Exchange 2003
storage group or storage groups.
5. Volume Shadow Copy service releases Exchange 2003 to resume ordinary operations.
6. The backup program copies the shadow copies of the storage group databases and logs to the
tape backup device (in addition to any other files that are defined in the job).
7. When the tape copy is completed, the Volume Shadow Copy service requestor in the backup
program communicates with Volume Shadow Copy service to delete the shadow copy.
Traditional Exchange API-based backups focused on four backup types for Exchange databases:
? Full
? Incremental
? Differential
? Copy.
However, the Exchange 2003 Writer supports only a Full backup at the storage group (SG) level.
VSS performs Exchange Full backups at the SG level, even though the Exchange Writer treats individual
databases as separate components.
VSS uses the AddComponent call to add each database component to the Shadow Copy set, which in
the case of a Full backup, is the entire SG (i.e., databases or log files).
In a Full backup of a SG, VSS creates a complete Shadow Copy of all volumes?the Shadow Copy
contains database and transaction log files associated with that SG.
In addition, as is the case with non-VSS Full backups, VSS truncates the transaction log files after
successfully creating and backing up the Shadow Copy.
To truncate the transaction log files, the Shadow Copy set must include all databases
Although VSS backup for Exchange 2003 is at the SG level, you can recover individual databases from
the SG Shadow Copy set.
VSS-based restoration of an Exchange 2003 SG is useful when data in one or more databases in the SG
is lost or corrupted, but the current log files remain intact on disk; when the current log files on disk are
lost or corrupted, but the databases remain intact; or when databases and current log files within an SG
are lost or corrupted.
Exchange 2003 data restoration over a SAN
1. The backup application Requestor through the Exchange Writer and APIs takes the SG offline.
2. The backup application performs a VSS-based recovery of the volumes required from the SG
Shadow Copy set.
? If one LUN per SG is configured, Exchange recovers all databases except those that are
intact.
? If multiple LUNs per SG are configured, Exchange recovers only the LUNs with the
databases needing recovery from the Shadow Copy set.
3. Exchange performs an Extensible Storage Engine (ESE) hard recovery and replays applicable
log files for databases being recovered, depending on whether a Roll-Forward recovery or Pointin-
Time recovery is occurring.
4. The backup application Requestor through the Exchange Writer and APIs brings the SG online.
5. When you perform a shadow copy backup, files that are open and that are in use are included in
the backup. It is the only option which would ensure that SLA requirements for Trey Research
mailbox stores would be met.
Incorrect Answers:
Answers B, C and D cannot be correct, as it is stated that a restore of 12GB takes an hour. It means that
restoring a 24GB database would take at least 2 hours; which is more that required by an SLA.
Both databases are occupying 47GB on SAN. Lets assume the worst scenario, when 100% of emails in
the databases are being replaced with new ones during 24 hours and that Shadow Copies are being
made every hour.
The "first" snapshot would consume around 47GB and each next would consume around 2GB (1/24 of
47GB). This solution would require maximum 96GB of space on SAN.
As there is plenty of disk space (153GB) on SAN in this scenario this solution would be possible.
Normally Shadow Copies would be much smaller as only the "first one" makes a full snapshot of a
resource. Next snapshots are containing only changes to the "first one".
References:
Overview of Dependencies and Requirements for Exchange Server 2003 Features 822178
Exchange Server 2003 Data Back Up and Volume Shadow Copy Services 822896

67.QUESTION NO: 67 (Duplicate of question 66)

The service level agreement (SLA) for a customer named TestKing states that failed
Exchange mailbox stores must be online again in one hour or less. The SLA also states that
all e-mail data must be retained for one year.
TestKing uses two mailbox stores named MBX01 and MBX02. Both mailbox stores reside
on a Storage Area Network. MBX01 is 25 GB in size and MBX02 is 22 GB in size. There is
153 GB of available disk space on the Storage Area Network for TestKing data. You can
back up or restore TestKing mail at a rate of 12 GB per hour.
You need to ensure that you can meet the SLA requirements for the TestKing mailbox
stores.
What should you do?

A. Every night, perform full backups to tape and archive them. Then perform a shadow copy
backup to the Storage Area Network.
B. Perform full backups to tape on Saturday night and archive them. Perform differential
backups to tape every Sunday through Friday night.
C. Perform full backups to tape on Saturday night and archive them. Perform incremental
backups to tape every Sunday through Friday night.
D. Enable circular logging for the Exchange storage groups. Every night, perform shadow
copy backups to the Storage Area Network and copy the shadow copy backups to tape.
Archive the tapes.


Answer: A

Explanation:

68.QUESTION NO: 68

You are the Exchange administrator for TestKing. The Exchange organization contains a
single server that runs Exchange Server 2003. The Exchange server contains one storage
group and one mailbox store.
You discover that the mailbox store is corrupted and will not mount.
You need to ensure that you restore the most current data possible.
What should you do?

A. Create the Recovery Storage Group. Set the path to the same as the path for the existing
mailbox store.
B. Create the Recovery Storage Group. Set the database path to C:\Program
Files\Exchsrvr\Recovery Storage Group.
C. Restore the mailbox store and then mount the mailbox store.
D. Delete the database and transaction log files. Then mount the mailbox store.

Answer: C

Explanation:
Restoring the mailbox store is the only choice among the options listed. It would be preferable
to be able to replay the transaction log files as well. Note that this is the only option that will
bring back the entire database to a mountable configuration.
Incorrect answers:
A: Using the same path for the existing mailbox store for the Recovery Storage Group is
incorrect, as performing this step will overwrite the existing mailbox store, and will not allow for
the recovery and replay of the log files. This will result in loss of all data since the last full
backup.
B: The Recovery Storage Group is designed to recover one mailbox or a group of mailboxes to an
existing, RUNNING store. It is not designed to bring back an entire store.
D: Deleting the database and transaction log files is incorrect since doing this will result in the
loss of all data since the last backup.
Reference: KB824126 ? ?How to Use Recovery Storage Groups in Exchange Server 2003?

69.QUESTION NO: 69

You are the Exchange administrator for TestKing. The Exchange organization contains a
single Exchange Server 2003 computer named Exch1. Exch1 contains one storage group
and one mailbox store.
You build an Exchange server in your lab to test the defragmentation utilities against the
Exchange store. The Exchange data you are currently using in the lab is two months old.
You want to use the most current data on the lab server. You perform a full backup of the
data on Exch1 every night. You obtain a second tape with a full backup for the lab
environment.
You need to ensure that the lab server contains the most current copy of the data from
Exch1. You must maintain the existing backup rotation schedule on Exch1.
What are two possible ways to achieve this goal? (Each correct answer presents a complete
solution. Choose two)

A. Perform a full backup of the Exch1 data to the second tape. Restore this data to the lab
server.
B. Perform a copy backup of the Exch1 data to the second tape. Restore this data to the lab
server.
C. Perform a differential backup of the Exch1 data to the second tape. Use this tape with the
most recent full backup to restore the production data to the lab server.
D. Perform an incremental backup of the Exch1 data to the second tape. Use this tape with
the most recent full backup to restore the production data to the lab server.

Answer: B, C

Explanation:
Copy backups and differential backups do not reset the archive bit. When doing backups, the
backup program uses this archive bit to determine whether a file has been backed up or not.
(Note that this is true regardless of the backup being performed. It does not apply to only
Exchange.)
Incorrect Answers:
A: Performing a full backup will reset the archive bit. Even if the two backups were taken backto-
back, there would still be some files that change, as the transaction logs would continue to
write, the database will continue to be modified, etc. Therefore, the normal rotation backup will
be slightly out of sync with the database. If the database needed to be restored, it would end up
in an inconsistent state.
D: Incremental backups will reset the archive bit. This would cause a problem due to the fact
that the normal rotation would need to have this incremental tape before a restore could be
performed. As this would throw off the normal schedule, this is not an option.
Reference: Microsoft Windows Backup Help.

70.QUESTION NO: 70

You are the Exchange administrator for TestKing. The Exchange organization contains a
single Exchange Server 2003 computer. The Exchange server contains one storage group
that has three mailbox stores. Each mailbox store contains 200 mailboxes.
TestKing's service level agreement (SLA) requires that Exchange must not be offline for
more than four hours. The SLA requires that in the event of data corruption, the most
current data must be restored.
You want to test the recovery process on the existing Exchange server after business hours.
You need to ensure that the mailbox stores can be restored within four hours without
losing the current production data.
What should you do before performing the test restore operation?

A. Create a new storage group that contains three mailbox stores. Select the option to allow
the mailbox stores to be overwritten by a restore operation.
B. On the existing mailbox stores, select the option to allow the mailbox stores to be
overwritten by a restore operation.
C. Create the Recovery Storage Group and add the three mailbox stores. Configure the
Recovery Storage Group to use the default Recovery Storage Group path for each of the
mailbox stores.
D. Create the Recovery Storage Group and add the three mailbox stores. Configure the
Recovery Storage Group to use the existing database path for each of the mailbox stores.

Answer: C

Explanation:
Creating the Recovery Storage Group will set up the databases to be restored. The restore can
then occur in the recovery group, and this can be timed. Since the restore is being done to an
alternate location, there is no danger to the existing databases. In addition, as long as answer ?B?
is NOT done, the databases can not be accidentally overwritten. This will give the best
indication regarding the length of time a database will take to be restored, and the mailbox store
will be set up to test this.
Incorrect Answers:
A: Creating a new storage group and allowing it to be overwritten seems like a good idea.
However, when the restore is attempted, it will fail since the restore MUST happen to the same
locations as the backup, or put into the Recovery Storage Group. The group defined in this
answer is not a valid location for the restore operation. Only the Recovery Storage Group can be
used to recover databases in the same organization.
B: Setting the option to have the existing mailbox stores overwritten is dangerous and
unnecessary. When the test is performed (using old data from backup) the test will overwrite the
database, and any transactions made since that backup will be lost. This will result in lost e-mail,
which violates the question stating that production data must not be lost.
D: Using the existing database paths for the mailbox stores will overwrite the existing database.
Simply creating the Recovery Storage group is not sufficient. In order for it to be used, that
location must be the one specified for the restore. Remember that this does not violate the
explanation for answer ?A? since the Recovery Storage Group is a special group that can house
any mailbox store in the storage group.
Reference: Microsoft Help -> Recovery Storage Groups

71.QUESTION NO: 71

You are the Exchange administrator for TestKing. The Exchange organization contains a
single new Exchange Server 2003 computer. The Exchange server contains one storage
group and one mailbox store.
You create mailboxes on the new mailbox store. At the end of the day, before your first
backup job has run, the disk controller fails. You replace the disk controller. You discover
that the mailbox store is corrupted. You also discover that the mailbox store is dismounted.
You need to ensure that you can mount the mailbox store with the minimum amount of
data loss.
What should you do?

A. Run the exchdump command. Then run the isinteg ?fix command to repair the mailbox
store.
B. Move the files in the transaction log folder to a safe location. Run the isinteg ?fix
command to repair the mailbox store.
C. Move the files in the transaction log folder to a safe location. Then run the eseutil /p
command in repair mode.
D. Run the eseutil /r command in recovery mode. Then, if necessary, run the eseutil /p
command in repair mode.

Answer: D

Explanation:
Eseutil is the Exchange Server command line utility to manipulate the Exchange databases. The
/r switch will attempt to do a recovery of the damaged database. The /p switch will attempt to
patch the database. This is the preferred method if there is no backup available.
You will need to run Eseutil /r e00 /l ?c:\program files\exchsrvr\mdbdata?
Incorrect Answers:
A: Isinteg ?fix will attempt to do a repair of the database. However, this process almost always
results in more data loss than the eseutil utility will. Therefore, this is not the best option. For
more details, see the KB article listed in the reference.
B: Moving the transaction log files will prevent the database from being brought back to a
consistent state. This violates the requirement of minimum data loss.
C: Incorrect for the same reason as ?B?. The transaction log files are needed to bring the
database back to the most current position. Moving the transaction log files prevents the database
(once corrected) from continuing to read transactions into the database. This violates the
requirement of minimum data loss.
Reference: Microsoft Knowledge Base Articles ? 259851 ?Ramifications of running the eseutil
/p? and 328763 ?Troubleshooting a Corrupt Exchange Database?

72.QUESTION NO: 72

You are the Exchange administrator for TestKing. The Exchange organization contains a
server named Exch1 that runs Exchange Server 2003. Exch1 contains a single storage
group with a single mailbox store. The storage group stores transaction logs on
E:\Exchsrvr\Mdbdata. The mailbox store is located on F:\Exchsrvr\Mdbdata.
The disks on the Exchange server fail. All the disks for drive E and drive F are replaced.
You attempt to mount the mailbox store. You acknowledge the message and create new
mailbox store files. Then you restore the mailbox store from a tape backup and configure
C\Temp as the location for the transaction log files.
When you try to mount the mailbox store, you receive the following error message.
You need to ensure that the mailbox store mounts successfully with the restored data.
Which three actions should you perform before mounting the store? (Each correct answer
presents part of the solution. (Choose three)

A. Delete the transaction log files from C:\Temp.
B. Delete the Restore.env file from C:\Temp.
C. Delete the transaction log files from E:\Exchsrvr\Mdbdata.
D. Delete the checkpoint file from E:\Exchsrvr\Mdbdata.
E. Run the eseutil /cc command against the files in C:\Temp.
F. Run the eseutil /d command against the restored mailbox store.

Answer: C, D, E

Explanation:
A: Deleting the transaction log files from C:\Temp needs to be done after the eseutil /cc is run.
B: Deleting the restore.env file from C:\Temp is done for the same reason as ?A?.
E: Eseutil /cc will start a restore, and run the restore from the restore.env file. This is what
begins the replay of the transaction logs. Note that this would be done first in the series.
Incorrect Answers:
C: Deleting the transaction log files from E:\Exchsrvr\Mdbdata will overwrite the repaired,
restored database.
D: Deleting the checkpoint file from the E:\Exchsrvr\MdbData folder will delete the restored
checkpoint file.
F: The eseutil /d command is used to defragment the database. While this is a good step for
speed purposes, doing it while the database is in a n inconsistent state will further corrupt the
database.
Reference: Disaster Recovery Exchange 2000 Server and this web site:
http://www1.us.dell.com/content/topics/global.aspx/power/en/ps1q02_veritas?c=us&cs=555&l=
en&s=biz
Important If you forget to select the Last Backup Set check box, you can
use ESEUTIL /CC after the restore is complete. To run ESEUTIL /CC,
from a command prompt in the folder where the Restore.env file is
located, type eseutil /cc. Do not use any other parameters. ESEUTIL
performs the same function as the Last Backup Set check box. Use all
other /CC switches with extreme caution

73.QUESTION NO: 73

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain named testking.com.
The mixed-mode Exchange organization consists of two administrative groups named
Toronto and Dallas. TestKing's Dallas site contains a computer that runs Exchange Server
5.5. The Toronto administrative group contains a computer named TestKing1 that runs
Exchange Server 5.5 and a computer named TestKing2 that runs Exchange 2000 Server.
TestKing2 fails and is replaced with a new computer named TestKing3 that runs Exchange
Server 2003. You create an SMTP connector on TestKing3. When you view the site
configuration in the Exchange Administrator account on TestKing1, you notice that the
new SMTP connector is not shown.
You need to ensure that configuration changes on the Exchange Server 2003 computers are
replicated to the Exchange Server 5.5 computers.
What should you do?

A. Create a new Site Replication Service on TestKing3.
B. Replicate the system folders for the Toronto administrative group to TestKing3.
C. Create a new Active Directory Connector (ADC) recipient connection agreement for the
Toronto site.
D. Modify the directory replication connectors between the Toronto and Dallas sites to use
TestKing3 as the bridgehead server in the Toronto site.

Answer: A

Explanation:
ADC has nothing to do here
ADC replica Structure and Creation and deletion of users mailbox and public folder structure between
Exchange 5.5 and Exchange 2000 or 2003 and AD
Toronto administrative have two exchange servers one 5. 5 and one 2000, this means that between
exchange 5.5 and exchange 2000 exist one SRS service, because Exchange 2000 Server computer
has the Site Replication Service (SRS) installed and running on it, you must create a new SRS in
Exchange System Manager, this role must be moved to the new exchange 2003 to be able to see
SMTP connector
References
XADM: How to Create an Additional Site Replication Service for a Mixed Site KB 255285
XADM: How to Change the Role of a Server Within a Routing Group KB 239556
XADM: How to Rebuild a Site Replication Service Without a Backup KB 282061

74.QUESTION NO: 74

You are the Exchange administrator for TestKing. The Exchange organization consists of
several sites containing Exchange Server 5.5 computers and several administrative groups
containing Exchange Server 2003 computers. The site named London contains an
Exchange Server 5.5 computer named TestKing1, which will be retained for the next two
years.
You install a computer named TestKing2 into the London site. You install Exchange
Server 2003 on TestKing2. You move some mailboxes to TestKing2. You find that the
hardware configuration of TestKing2 is not adequate for the required workload. In
preparation for replacing TestKing2, you install a new computer named TestKing3 into the
administrative group. You install Exchange Server 2003 on TestKing3 and move all
mailboxes from TestKing2 to TestKing3.
You need to ensure that TestKing2 can be removed from the network without disrupting
Exchange services. To minimize the load on TestKing3, you must not move any
unnecessary roles to it.
Which three actions should you perform? (Each correct answer presents part of the
solution. Choose three)

A. Replicate the Offline Address Book Folder to TestKing3. Remove the replica from the
original owner of the folder.
B. Replicate the OAB Version 2 folder to TestKing3. Remove the replica from the original
owner of the folder.
C. Replicate the Schedule+ Free Busy folder to TestKing3. Remove the replica from the
original owner of the folder.
D. Modify the Recipient Update Service to use TestKing3.
E. Create an instance of the Site Replication Service on TestKing3. Remove the original
instance.
F. Configure the routing group to designate TestKing3 as the routing group master.

Answer: D,E,F

They tool us that you install a computer named TestKing2 into the London site, to install the Exchange
2003 in the existing site Exchange 2003 must be joined to actual org.
in this case is not the first exchange, in this case there is not possible way to be the routing group master,
The site named London contains an Exchange Server 5.5 computer named TestKing1, exchange 5.5 will
be the master the told us also they do not specifically tell to us that server tesking 2 is the first server,
also because in the question 75 they told us who server is thr rouing matser I still keeping as valid A, C,D,
F of course come be true, but we have only three answer choice and also the order to move the roles is
given, that is the reason to choose A,C and D as valid
This is one of the MS stupid questions that I really hate
Explanation:
The first Exchange Server 2003 computer that is installed in an administrative group holds certain
important roles. the first server hosts:
? Offline Address Book folder, the Schedule+ Free Busy folder,
? Events Root folder,
? Other folders.
1. Replicate All Public Folders to Another Server
All public folders and system folders that are housed on the first Exchange 2003 computer must be
replicated to another Exchange 2003 computer that is in the site
2. Rehome the Offline Address Book Folder
After replicas have been made on the destination server, wait for replication to complete, and then
make sure that the replica folders are synchronized with the source folders.
3. Rehome the Schedule+ Free Busy Folder
After replicas have been made on the destination server, wait for replication to complete, and then
make sure that the replica folders are synchronized with the source folders.
4. Rehome the Recipient Update Service (RUS)
Select Exchange Server dialog box, click the name of another Exchange 2003 Server computer as
the new server to host the Recipient Update Service,
OAB Version 2 folder will be recreated on server TestKing3 by the RUS service
By default, the offline Address Book replicates its contents to the public folder store of the server on
which it is installed. If the public folder store is removed from the offline Address Book's replication
configuration we will get an error, but this is solved with the Public folders replication that is nthe first
step to do
5. Designate Another Server to Be the Routing Group Master
They do not told us that server is the routing group master, F answer is not valid here
If this server is the routing group master, you must designate another server to be the routing group
master
6. Rehome Connectors to Another Server
Do not apply to the question
If this Exchange Server 2003 computer has any connectors that are hosted on it, these connectors
must be rehomed to another server before you remove this Exchange 2003 computer from the
routing group
7. Move Mailboxes to Another Server
If this Exchange Server 2003 computer hosts any mailboxes, these mailboxes must be moved to
another server before you remove this Exchange 2003 computer in this case mailbox are moved
from TestKing2. to TestKing3
8. Remove the First Exchange 2003 Server Computer
Insert the exchange Server 2003 CD-Rom in the computer to remove all components.
Reference
How to Remove the First Exchange 2003 Server Computer from the Site KB 822931

75.QUESTION NO: 75

You are the Exchange administrator for TestKing. The Exchange organization consists of
four administrative groups. Each group contains only Exchange Server 2003 computers.
Each administrative group contains a single routing group, which connects to other routing
groups by using routing group connectors.
The administrative group named Beijing is upgraded from an Exchange Server 5.5 site.
This administrative group contains two Exchange Server 2003 computers named
TestKing1 and TestKing2. TestKing1 was the first Exchange Server 2003 computer
installed into the administrative group. It is used as a mailbox server. There are no usercreated
public folders on TestKing1. All connectors in the routing group use only
TestKing2 as a bridgehead server. TestKing2 is configured as the routing group master.
TestKing1 cannot support the required workload. You add a new Exchange Server 2003
computer named TestKing3 into the Beijing administrative group. TestKing3 will perform
all tasks that are currently performed by TestKing1. You move all mailboxes from
TestKing1 to TestKing3.
You need to ensure that you can remove TestKing1 from the Beijing administrative group
without disrupting Exchange services.
Which three actions should you perform? (Each correct answer presents part of the
solution. Choose three)

A. Replicate the Offline Address Book folder and the OAB Version 2 folder to TestKing3.
Remove the original replica.
B. Replicate the Schedule+ Free Busy folder to TestKing3. Remove the original replica.
C. Modify the Recipient Update Service to use TestKing3.
D. Create an instance of the Site Replication Service on TestKing3. Remove the original
instance.
E. Configure the Beijing routing group to designate TestKing3 as the routing group master.
F. Configure all the routing group connectors in the Beijing routing group to use TestKing3
as the bridgehead server.

//***

Answer: A,B,C

Explanation:
The question is almost identical to number 74, with the exception that the Routing Group Master
is on TestKing2. The reference is the same (namely KB822931), and the answers are:
B: Replicate the Schedule+ Free/Busy Folder
C: Modify the Recipient Update Service to TestKing3
D: The SRS service is still needed, as it can not be assumed that there are no more Exchange 5.5
servers at the site. Remember that the question states that the upgrade is in progress- not
completed. Therefore, it must be moved to the new server.
Incorrect answers:
A: Replicate the Offline Address Book and OAB Version 2 to TestKing3 is not correct only
because of the ?and? in the answer. The OAB folder does not need to be moved, as it will be
taken care of as part of rehoming the RUS. Since one part of the answer is false, it makes the
whole answer false.
E:This is being handled be TestKing2. There is no need to relocate it to Testking3. In addition, it
adds unnecessary workload.
F: The Bridgehead is TestKing2. There is no need to move it. In addition, it adds unnecessary
workload.

76.QUESTION NO: 76

You are the Exchange administrator for TestKing. All network computers are members of
a single Active Directory domain named testking.com.
The company has one regional office, which is connected to the central office by a WAN
connection. Each office has its own intranet. Network characteristics are shown in the
following table.
Office Servers running Exchange
Server 2003
Domain controllers Users
Central
Office
5 10 12,000
Regional
Office
2 3 8,000
The sales department is located in the main office. An Exchange Server 2003 computer
named Exch3 contains all mailboxes for users in this department.
Currently, company users do not have public folders. The sales department purchases a
custom application that is based on Exchange public folders. Another administrator creates
a new public folder for sales department users and installs the custom application in the
public folder. Three weeks later, you discover that the WAN connection and the intranets
have high volumes of network traffic associated with public folder replication.
You need to reduce the replication traffic as much as possible, without affecting the ability
of sales users to access the custom application in Microsoft Outlook.
What should you do?

A. Configure public folder replication to use low priority replication.
B. Remove the public folder replicas from all Exchange servers except Exch3.
C. Make the sales public folder available only on Exch3 and on one Exchange server in the
branch office.
D. Remove the custom application from the sales public folder. Create a new Exchange
server in the main office and place the new server in a new Exchange organization. Install
the application on the new server.

Answer: B

Explanation:
The question deals with the high volume of replication traffic. To reduce the traffic, you need to
lessen the amount of replication traffic generated. Since all users who need the public folder
application are in the home office, there is no need to replicate across the WAN to the remote
office. Make sure to note the fact that all users were in the home office.
The incorrect answers are:
A: Configure to low priority - This would not lessen the traffic. The links would still be saturated
with replication. The replication simply would happen when the higher priority traffic has
passed. This could result in significant mismatches in public folder data, but moreover would
not alleviate the burden since all replication is still taking place.
C: There is no need to have a replica in the remote office. No users are currently using public
folders, and the users that need the public folder store are all in Sales, which is located in the
main office. Since all users that need the public store are all in one location, there is no need to
have any replicas.
D:Remove the application from Exch3. Install on a new Exchange Server in the main office. -
This is a variation on answer B, and is incorrect for the same reason. It would in theory work,
but the traffic generated from users in the branch office trying to obtain resources from the
central office would potentially be overwhelming
Reference: The closest match seems to be KB273479

77.QUESTION NO: 77

You are the Exchange administrator for TestKing. The company has eight branch offices
in addition to the main office. All network computers are members of a single Active
Directory domain named testking.com. Each office has 1,000 users, two domain controllers,
and one server running Exchange Server 2003. Microsoft Outlook 2003 is the only e-mail
client in use.
Users often schedule meetings by using Outlook's meeting scheduling feature. They report
that the available and unavailable times for other users are frequently incorrect, especially
for users located in other offices. You discover that the availability information for a user
can be as much as two days out of date when viewed by users in other offices.
You need to ensure that availability information is as accurate as possible in all offices.
What should you do?

A.Configure all Active Directory site links and site link bridges to increase the frequency of
Active Directory replication.
B. Configure all Exchange servers to increase the frequently of public folder replication with
other Exchange servers.
C.Instruct all users to configure the Microsoft Office Internet Free/Busy Service in Outlook
2003.
D. Install Microsoft Schedule+ 7.0 on all client computers in all offices.

Answer: B

Explanation:
Usually The Public folders are out of date because replication is not happening often enough. This is
especially true in larger organizations where a folder may be a replica of a replica but think about they just
have two DC and just one server running Exchange 2003, is not possible to get any delay form
organization architecture, They also tell us that they are using outlook 2003 as mail client
With the MicrosoftR Office Internet Free/Busy Service, users can publish their free/busy times to a shared
Internet location or an Exchange server. Members of the service can view each other?s free/busy
information and can help to control which members have access to their information.
To turn on the Microsoft Office Internet Free/Busy Service
1. In Microsoft Office OutlookR 2003, on the Tools menu, click Options.
2. Click Calendar Options, and then click Free/Busy Options.
3. Select Publish and search using Microsoft Office Internet Free/Busy Service
Incorrect answer:
A: Increase the frequency of AD replication - This could potentially make the situation worse, as
more network traffic is generated to the remote offices. In any event, this will not resolve the
problem as the Public Folders are out of date, not Active Directory.
C: Instruct users to use the Free/Busy service in Outlook 2003 - Outlook's free/busy service is
"...a Web-based service provided by Microsoft that enables you to publish the blocks of time
when you are free and when you are busy to a shared Internet location. This is convenient for
people who don't normally have access to your Calendar but who do have Internet access. "
Therefore, this does not apply to this scenario. (Microsoft Office 2003 Help - Free/Busy Service)
D: Install Schedule+ 7.0 on all client computers - Going back versions removes functionality. In
addition, the problem is not that the data can not be seen. The problem is that the data seen is out
of date. No client will change that issue.
Reference
http://www.microsoft.com/office/ork/2003/six/ch22/ColC02.htm

78.QUESTION NO: 78

You are the Exchange administrator for TestKing. The Exchange organization contains a
single server named Exch1. Exch1 runs Exchange Server 2003 and hosts all user mailboxes.
All remote users access Exch1 by using Microsoft Outlook Express 6. All internet users
access Exch1 by using Outlook.
You create several new public folders. All internal users can successfully access the new
folders, but some remote users cannot. All users can still access their personal mailboxes.
You need to ensure that all remote users can access the public folders.
What should you do?

A. Instruct the users who cannot access the folders to re-create their Outlook Express e-mail
accounts as IMAP accounts.
B. Instruct the users who cannot access the folders to establish a VPN connection with the
internal network before they open Outlook Express.
C. Modify the company firewall so that only SMTP, HTTP, and POP3 traffic is allowed to
pass to Exch1.
D. Modify the company firewall so that NNTP is added to the list of protocols allowed to
pass to Exch1.

Answer: A

Explanation:
The issue stems from the fact that most of the OE6 clients set up their mail as POP3. POP3 can
be sued to retrieve mail, but can not display such things as calendar or Public Folders. Changing
the clients to use IMAP enables these features.
The incorrect answers:
B: Establish a VPN connection before launching Outlook Express - This will not work, as the
client is still using a protocol (POP3) that can not display Public Folders. If the clients were to
use a VPN connection and Outlook, then this configuration would work, but as stated, the clients
will still not see Public Folders.
C: Modify the company Firewall - This will not allow the IMAP traffic through, and hence will
prevent all the OW6 clients that are currently working successfully from seeing the public
folders, as well as preventing them from connecting as their connections are set for IMAP, and
not HTTP, POP3, or SMTP.
D: Modify the firewall to allow NNTP traffic - NNTP is a news protocol. The Public Folders in
question are not using News Groups, so this protocol would have no effect on the problem. In
addition, some remote users can access the folders without incident, so the absence of the
protocol in the firewall can not be causing the problem.


79.QUESTION NO: 79

You are the Exchange administrator for TestKing. The Exchange organization contains a
single server that runs Exchange Server 2003.
Users send many order confirmations and order acknowledgement receipts to customers
by using e-mail. Users report that they are not being notified quickly enough when a
message to an external customer is not deliverable.
You need to ensure that when a message is not delivered within one hour, a notification is
sent to the message originator.
How should you configure the SMTP virtual server?

A. Configure the local delay notification to one hour.
B. Configure the local expiration timeout to one hour.
C. Configure the subsequent retry interval to one hour.
D. Configure the outbound delay notification to one hour.

Answer: D

Explanation:
The location is here:
Administrative Groups -> First Administrative Group -> Servers -> ServerName -> Protocols ->
SMTP -> Default Virtual Server
Right click on Default Virtual Server, click Properties, and look Under Outbound -> Delay
Notification:
In the Delay Notification, change the default (12 houra) to 1 hour.
Incorrect answers:
A: Configure Local Delay Notification to one hour - Applies to the local store only, and not to
any outbound message
B: Set the local expiration timeout to one hour - Same as "A"... Local store only
C: Subsequent retry to one hour - Delays how often messages attempt delivery. Will have no
effect on any notification settings

80.QUESTION NO: 80

You are the Exchange administrator for TestKing. The Exchange organization contains
two Microsoft Windows Server 2003 computers that run Exchange Server 2003. Inbound
SMTP mail from the Internet is delivered to both Exchange servers.
Customers report that messages they send to TestKing over the Internet are not delivered
and they receive non-delivery reports (NDRs). You discover that the customers are sending
messages to e-mail aliases that do not exist.
You need to ensure that all customer e-mail messages sent to an incorrect address are
delivered to a mailbox.
What should you do?

A. Configure the SMTP connector to have an address space of testking.com.
B. Configure the info user's e-mail addresses to have the additional SMTP address of
*.*@testking.com.
C. Configure each server's SMTP virtual server to forward all messages that have
unresolved recipients to the other Exchange server.
D. Configure each server's SMTP virtual server to send a copy of all NDRs to an existing
mailbox whose e-mail address is info@testking.com.
E. Create a mailbox-enabled user account whose e-mail address is
NDRMailbox@testking.com.

Answer: D

EXPLANATION:
According to QB295653:
In Exchange 2003, you can send a copy of all Non-Delivery Reports (NDRs) to a specific
mailbox or SMTP e-mail address. This feature does not support Distribution Lists and Public
Folders that are local to the Exchange 2003 organization. By default, when an e-mail message is
undeliverable, an NDR is returned only to the sender of the e-mail message.
To enable this feature in Exchange 2003:
In the Exchange System Manager Microsoft Management Console (MMC) snap-in, navigate to
the following location:
Administrative Groups\Administrative Group Name Servers\Exchange 2000 Server
Name\Protocols\SMTP\Default SMTP Virtual Server
Right-click the Default SMTP Virtual Server, and then click Properties.
On Messages tab, type the e-mail address that should receive a copy of the NDR in the Send
copy of Non-delivery Report to box (you can use any valid e-mail address).
NOTE: You cannot deliver mail to the SMTP addresses of the Public Folders or Distribution
lists that are homed in your Exchange Organization. This functionality does not work in
Exchange 2000.
Click OK.
Incorrect answers:
A: Configure the SMTP connector to have the address TestKing.com - This is not a valid email
address, so this will not work.
B: Configure user's email address to have additional SMTP address - This would qualify for
outbound mail, but would have no effect on the administrator seeing any NDR's.
C:Configure all unresolved addresses to be forwarded to the other Exchange Server - This could
lead to a lot of unnecessary traffic as messages ping-pong back and forth. In addition, since each
Exchange Server contains the same AD information, the external email address would not get
resolved anyway.
E: Create a mailbox enabled account called NDRMailbox@testking.com - This is tempting, but
would not work as there is no link between actual undeliverable messages and this mailbox.
Using this in conjunction with "D" would work if Answer "D" was set to use this email address
as its delivery point.

81.QUESTION NO: 81

You are the Exchange administrator for TestKing. Exchange Server 2003 runs on two
Microsoft Windows Server 2003 member servers. TestKing's network consists of a single
Active Directory domain named testking.com. Two domain controllers are located in a
single Active Directory. Inbound SMTP mail from the Internet arrives on both Exchange
servers.
You configure sender filtering to reduce the amount of junk e-mail that is received by
company users. You specify a list of known junk e-mail senders in the blocked-sender list.
Users report that they still receive e-mail from these senders.
You need to ensure that users do not receive messages from the blocked-sender list.
What should you do on both Exchange servers' SMTP virtual servers?

A. Enable the filter on the servers' IP address.
B. Assign relay permissions to only authenticated users.
C. Configure the servers' authentication settings to resolve anonymous e-mail.
D. Configure the servers to perform reverse DNS resolution on incoming messages.

Answer: A

The correct answer:
A: Enable the filter on the servers' IP addresses - The filter is created, but has not been applied to
anything. Hence, the junk mail still arrives. This is detailed in KB313395: HOW TO: Examine
Relay Restrictions for Anonymous SMTP Connections and Filter Unsolicited E-mail Messages
in Exchange 2000 Server. Note that even though this article is written for Exchange 2000, it
applies exactly the same in Exchange 2003.
The incorrect answers:
B: Assign relay permissions- This is helpful to avoid Denial of Service (DoS) attacks, but would
not affect the delivery of inbound spam messages. Also does not apply the given filter anywhere.
C: Configure servers' authentication to resolve anonymous email - By default all incoming mail,
whether spam or not, is authenticated anonymously. Resolving these names would incur
significant overhead, and many times would block even valid email. Does not utilize the given
filter.
D: Configure servers to perform DNS resolution on incoming messages - Would not prevent
spam, and certainly would not take into consideration the filter that was defined.

82.QUESTION NO: 82

You are the Exchange administrator for TestKing. The Exchange organization contains
three Microsoft Windows Server 2003 member servers that run Exchange Server 2003.
The company's network has a firewall. One of the functions of the firewall is queuing and
delivery of outbound SMTP mail.
The written company policy states that Exchange servers must not send SMTP mail
directly to the Internet. The three Exchange servers must be able to send mail directly to
each other.
You need to ensure that messages for external recipients are delivered to the Internet
through the firewall.
What should you do?

A. Configure each SMTP virtual server to use the firewall as a smart host.
B. Configure each SMTP virtual server to use the firewall as its external DNS server.
C. Configure each SMTP virtual server to forward e-mail with unresolved recipients to the
firewall.
D. Configure an SMTP connector that will use the firewall as a smart host.

Answer: A

?Explanation:
According to KB821911, "You can route all outgoing messages for remote domains through a
smart host instead of sending these messages directly to the domain." "To configure Exchange
Server 2003 to use a smart host IP address, follow these steps:
1. Click Start, point to Programs, point to Microsoft Exchange, and then click System
Manager.
2. Locate the following folder:
Servers/Your_Server/Protocols/SMTP/Your_SMTP_Virtual_Server
3. Right-click Your_SMTP_Virtual_Server, and then click Properties.
4. Click the Delivery tab, and then click Advanced.
5. In the Smart host box, type the name of the smart host server."
Incorrect answers:
B: Configure each SMTP to use the firewall as its external DNS server - Since the firewall has
no DNS lookups, this will not work. In addition, any external lookups from the Exchange Server
will fail.
C: Configure each SMTP virtual server to forward email with unresolved names to the firewall -
The mail would cease to be routed at this point, as the firewall would not know what to do with
the SMTP traffic once it arrived
D:Configure and SMTP connector that uses the firewall as a smart host - SMTP connectors do
not have allowances for smart hosts. Therefore, this answer has to be incorrect.

83.QUESTION NO: 83

You are the Exchange administrator for TestKing. The network contains two Exchange
Server 2003 computers named TestKing1 and TestKing2. TestKing1 is used as the mailbox
server for all users. It is not accessible from the Internet. TestKing2 is configured as a
front-end server. Users connect to TestKing2 from the Internet and access their mailboxes
by using Microsoft Outlook Web Access.
The company plans to implement a new Web service application. The application will store
data in public folders on TestKing1. You create a dedicated public folder tree named
Appdata for the public folders used by the new application. All users of the Web service
application will be located outside the company network. The Web service will access the
public folders in the Appdata public folder tree by using HTTP to connect to TestKing1
over the Internet. TCP port numbers will be used to identify all additional HTTP virtual
servers that need to be created. The Web service will be configured to include the TCP port
number un the URL of each request.
You need to enable access to the public folders in the Appdata public folder tree.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two)

A. Add a second HTTP virtual server to TestKing1. Configure the virtual server to use TCP
port 80. Associate the virtual server with the Appdata public folder tree.
B. Add a second HTTP virtual server to TestKing2. Configure the virtual server to use TCP
port 80. Associate the virtual server with the Appdata public folder tree.
C. Add a second HTTP virtual server to TestKing1. Configure the virtual server to use TCP
port 8000. Associate the virtual server with the Appdata public folder tree.
D. Add a second HTTP virtual server to TestKing2. Configure the virtual server to use TCP
port 8000. Associate the virtual server with the Appdata public folder tree.
E. Add a second HTTP virtual server to TestKing1. Configure the virtual server to use TCP
port 8000. Associate the virtual server with the default public folder tree.
F. Add a second HTTP virtual server to TestKing2. Configure the virtual server to use TCP
port 8000. Associate the virtual server with the default public folder tree.

Answer: C, D

The correct answers:
C: Create a second HTTP Public store, locate on port 8000, etc on TestKing1 - This is needed
because this is where the application will run
D: Create a second HTTP Public store, locate on port 8000, etc on TestKing2 - This is needed
because the parameters of the question do not allow external users to connect to TestKing1.
Creating a Public Store here will allow the remote access. (It must be assumed that there is
replication between the two Public Folder Sets.)
The incorrect answers:
A: You can not use port 80, as it is in use by the default web site
B: You can not use port 80, as it is in use by the default web site
E: Associating the new HTTP Public Store with the Default site will allow all external users to
see the Default Store, and NOT the AppData store. This is the opposite of the intended effect.
F: Associating the new HTTP Public Store with the Default site will allow all external users to
see the Default Store, and NOT the AppData store. This is the opposite of the intended effect.

84.QUESTION NO: 84

You are the Exchange administrator for TestKing. The network contains two Exchange
Server 2003 computers named TestKing1 and TestKing2. TestKing1 contains all user
mailboxes and is not accessible from the Internet. TestKing2 is configured as a front-end
server and is used for all Microsoft Outlook Web Access client connections from the
Internet. TestKing2 is also used as a relay for all incoming and outgoing SMTP messages.
The company uses the domain name suffix adatum.com for all SMTP addresses.
Users report that they do not receive non-delivery reports (NDRs) when e-mail messages
cannot be delivered. You discover this only occurs when TestKing2 cannot deliver e-mail
messages addressed to Internet recipients.
You need to ensure that users receive NDRs when delivery of Internet e-mail messages
fails. Users must still be able to use Outlook Web Access from the Internet.
What should you do on TestKing2?

A. Configure the default SMTP virtual server to forward all mail with unresolved recipients
to TestKing1.
B. Configure the default SMTP virtual server to send a copy of the NDRs to the e-mail
address of administrator@adatum.com.
C. Start the Microsoft Exchange Information Store service and mount the default mailbox
store.
D. Create an SMTP connector and associate the connector with the namespace of
adatum.com. Specify TestKing1 as a smart host.

Answer: C

Explanation:
The primary issue is that the NDR?s on TestKing2 are not getting relayed to TestKing1. Adding
the SMTP connector performs a ?reverse connector?, and will enable the NDR?s to be sent back
to TestKing1 for delivery to the users on the TestKing1 mail store.
Incorrect answers:
A: Simply sending all unresolved recipients is not sufficient. It is entirely possible that the
address will be resolved, but the receiving mailbox unable to deliver the message. This would
generate an NDR, but not be caught by the unresolved recipients configuration.
B: Sending a copy of the NDR?s to the Administrator will not allow the users to receive the
NDR?s.
C: The default mailbox store is already mounted. You know this because users are able to
receive email messages. The only thing that are not being delivered are the NDR?s.

85.QUESTION NO: 85

You are the Exchange administrator for TestKing. The network contains two Exchange
Server 2003 computers named TestKing1 and TestKing2. TestKing1 contains all user
mailboxes. TestKing2 is configured as a front-end server and is used for all Microsoft
Outlook Web Access client connections from the Internet.
Written TestKing security policy states that all messaging traffic from the Internet must be
encrypted, including traffic between TestKing1 and TestKing2. You configure TestKing2
to require HTTPS for all connections to Outlook Web Access. When you monitor network
traffic, you notice that traffic between TestKing1 and TestKing2 is not encrypted.
You need to ensure that all Outlook Web Access client traffic between TestKing1 and
TestKing2 is encrypted.
What should you do?

A. Configure TestKing2 to accept Kerberos authentication only.
B. Configure TestKing1 and TestKing2 to use IPSec for all connections between them.
C. Configure TestKing2 to require IPSec for all connections to Outlook Web Access.
D. Configure TestKing1 to require HTTPS for all connections to Outlook Web Access.

Answer: B

Explanation:
B: Configure TestKing1 and TestKing2 to use IPSec for all connections between them. - This is
the only way listed that will allow both servers to use encrypted communications.
Incorrect answers:
A: Kerberos Authentication Only - This is exactly what is says, Authentication only. Once the
servers are authenticated, the traffic passes without any form of encryption by default. Note also
that Kerberos is standard for Windows 200x servers.
C:Configure TestKing2 to require IPSec for all OWA connections - This is unnecessary since all
communications done via OWA are already encrypted via HTTPS. Further, this does nothing for
the traffic between the two servers.
D:Configure TestKing1 to use HTTPS for all OWA traffic - The question states that TestKing2
is a front end server. Therefore, no OWA traffic should penetrate to TestKing1 directly. In
addition, even if this were the case, all the traffic would be encrypted between TestKing1 and
OWA, and not between the servers as required.

86.QUESTION NO: 86

You are the Exchange administrator for TestKing. The network contains two Exchange
Server 2003 computers named TestKing1 and TestKing2. Both servers run Microsoft
Windows 2000 Server. TestKing1 functions as the mailbox server for all users. It is not
accessible from the Internet. TestKing2 is configured as a front-end server and is used only
when users need to connect to their mailboxes by using HTTP and IMAP4.
You need to disable all services on TestKing2 that are not required for the server to
function in its designated role.
Which service or services should you disable? (Choose all that apply)

A. IIS Admin Service
B. World Wide Web Publishing Service
C. Microsoft Exchange Information Store
D. Microsoft Exchange Post Office Protocol version 3 (POP3)
E. Microsoft Exchange Message Transfer Agent (MTA) Stacks
F. Microsoft Exchange Internet Message Access Protocol, Version 4 (IMAP4)

Answer: C,D,E

You can not disable IIS Admin Service this service allows administration of IIS components such as
FTP, Applications Pools, Web sites, Web service extensions and both Network News Transfer Protocol
(NNTP), and Simple Mail Transfer Protocol (SMTP) virtual servers. If this service is stopped or
disabled, you will not be able to run Web, FTP, NNTP, or SMTP sites
World Wide Web Publishing service is the generic service under IMAP and HTTP run,
You do not need Microsoft POP3 Service provides e-mail transfer and retrieval services. Administrators
can use this service to store and manage e-mail accounts on the mail server. When you install Microsoft
POP3 Service on the mail server, users can connect to the mail server and retrieve e-mail using an email
client that supports the POP3 protocol, such as Microsoft OutlookR messaging and collaboration
client. The Microsoft POP3 Service system service is combined with the SMTP Service, which allows
users to send outgoing e-mail, for full e-mail services.
The Exchange Information Store service supports data storage (mailboxes and public folders data) on
the server. Since a front end OWA server queries backend server for data, this service can be disabled
during regular operations.
Microsoft Exchange MTA Stacks
The MTA Stacks service supports message routing to foreign messaging system using X.400 and
gateway connectors. It is not a required service on a front end OWA server.
Exchange 2003 and Outlook 11 combined with Windows Server 2003 now supports RPC over
HTTP but the TRICK HERE is Exchange are running in servers that run Microsoft Windows 2000
Server same setting as Exchange 2000 apply
Reference:
SECURING AN EXCHANGE 2000 OWA FRONTEND SERVER WITH SECURITY TEMPLATES
OWA FrontEnd Incremental.inf?:
Service
Name
Default
Status
Default
Startup
Type
OWA FrontEnd
Incremental.inf
Template
Settings
IIS Admin Service Started Automatic Automatic
IPSEC Policy Agent Started Automatic Automatic
Microsoft Exchange Event Manual Disabled
Microsoft Exchange IMAP4 Started Automatic Disabled
Microsoft Exchange
Information
Store
Started Automatic Disabled
Microsoft Exchange Started Automatic Disabled
Management
Microsoft Exchange MTA
Stacks
Automatic Disabled
Microsoft Exchange POP3 Started Automatic Disabled
Microsoft Exchange Routing
Engine
Started Automatic Automatic
Microsoft Exchange Site
Replication
Service
Disabled Disabled
Microsoft Exchange System
Attendant
Started Automatic Disabled
Microsoft Search Started Automatic Disabled
Remote Procedure Call (RPC)
Locator
Started Manual Automatic
World Wide Web Publishing
Service
Started Automatic Automatic

87.QUESTION NO: 87

You are the Exchange administrator for TestKing. The Tokyo office has six servers that
run Exchange Server 2003. The Osaka office has four servers that run Exchange Server
2003. The servers are all in a single routing group.
The WAN administrator reports a large amount of e-mail traffic on the network
connection between the Tokyo and Osaka offices. The traffic is interfering with critical
line-of-business database applications that must run during business hours. The database
servers are in the Tokyo office, but many of the users are in the Osaka office. The large
amount of WAN traffic is caused by e-mail messages that have large attachments.
You need to ensure that large e-mail messages are delivered between offices only after
business hours.
What should you do?

A. Define global size limits for inbound and outbound messages.
B. Define message size limits on all SMTP virtual servers in both offices.
C. Create a routing group that contains the Exchange servers in the Osaka office. Create an
SMTP connector to connect the Osaka and Tokyo routing groups that schedules the
ETRN connection time.
D. Create a routing group that contains the Exchange servers in the Osaka office. Create a
routing group connector between the routing groups in the Osaka and Tokyo offices that
uses a specified delivery time for oversized messages.

Answer: D

The correct answer:
D:Create a routing group that contains Osaka Exchange Servers. Use a Routing Group
Connector that has a specified delivery time for oversized messages; Microsoft recommended
way of connecting between routing groups that are in the same organization
The incorrect answers:
A: Define Global Limits - Would help the problem, but would prevent any necessary large
messages from passing. Also, using only one group, there is a lot of unnecessary traffic
generated between servers.
B: Message size limits on inbound and outbound SMTP servers - Essentially, the same problems
as in "A"... Namely needed traffic prevention and absence of routing over a WAN link.
C:SMTP connector between Osaka and Tokyo - Designed for networks that are not well
connected. This does not seem to be the case here.

88.QUESTION NO: 88

You are the Exchange administrator for TestKing. The Exchange organization contains
two Exchange routing groups. Each routing group contains four Exchange Server 2003
computers. One Exchange server in each routing group hosts a routing group connector.
The company's Service Level Agreement (SLA) states that internal e-mail service should
not be disrupted by the failure of a single Exchange server.
You need to ensure that e-mail messages are delivered between the two routing groups even
if one of the Exchange servers fail. You want to achieve this goal by using the minimum
amount of administrative effort.
What should you do?

A. In each routing group, configure an additional SMTP virtual server on one Exchange
server that is not used by the routing group connector.
B. In each routing group, create an SMTP connector that forwards all mail for the SMTP
address space of "*" to the bridgehead server in the other routing group.
C. On the properties of each routing group connector, add an SMTP virtual server from
another Exchange server.
D. On an Exchange server that does not host the routing group connector, create an
additional routing group connector and use the same local and remote SMTP virtual
servers that are used by the existing routing group connector.

Answer: D

A Routing Group is a collection of "well-connected" Exchange Server computers. Messages sent between
any two servers within a Routing Group are routed directly from source to target. Full mesh, 24x7
connectivity is assumed. Any messages sent from a server in one Routing Group to a server in another
Routing Group must be routed to a bridgehead in the source Routing Group and over to a bridgehead in
the destination Routing Group.
To create a Routing Group connector, you must have more than one routing group. The routing groups
to be connected can be members of the same administrative group or of different administrative groups.
To create a Routing Group connector, you must have been assigned at least the Exchange Administrator
role in the administrative group where the new routing group or connector will exist. Because Routing
Group Connectors are uni-directional, you must have been assigned Exchange Administrator permissions
to the remote administrative group to create a bidirectional routing group connector to a routing group that
is outside the local administrative group.
Incorrect answers:
A:Create additional SMTP virtual Server - Does not give any redundancy, as no connection is
established if the link fails. In addition, another virtual SMTP server would not use the default
connections, and hence not do anything other than simple sit there.
B: Create a SMTP link in each group that forwards all SMTP traffic to the other bridgehead server - This
would work, but is more administration, and if the bridgehead server goes down, this link would collapse
as well.
C: On the properties of each routing group connector, add an SMTP virtual server from another server -
This utilizes the same link for connectivity, and hence has the same problem: If the link goes down, then
there is no backup. Therefore, there is no redundancy as required by the question.
References :
? KB 231731 XADM: Administrative Groups and Routing Groups
? KB 251825 XADM: Uninstalling Last Server in Routing Group Does Not Clean Up the RG
Connectors from Other RGs
? KB 266744 XADM: How to Create a Routing Group
? KB 267992 XADM: How to Configure a Routing Group Connector

89.QUESTION NO: 89

You are the Exchange administrator for TestKing. The Exchange organization contains
three Exchange Server 2003 computers that run Microsoft Windows Server 2003.
Each Exchange server is used by a separate business unit. Each business unit is located in a
separate routing group. The routing groups are connected by routing group connectors.
These routing group connectors are used to deliver internal e-mail messages. Each business
unit has its own connection to the Internet.
The network connections between the business unit servers are at almost 100-percent
utilization.
You need to ensure that each business unit uses its own Internet connection to deliver
Internet e-mail messages. Your solution must not affect the delivery of Internal e-mail
messages.
What should you do?

A. Configure the SMTP virtual server on each server to forward all mail to the SMTP smart
host that belongs to the ISP for the server's business unit.
B. Configure the SMTP virtual server on each server to use the IP address of an external
DNS server. Use the DNS server provided by each business unit's respective ISP.
C. In each routing group, create an SMTP connector that defined an SMTP address space of
* and restrict the connector scope to the routing group.
D. In each routing group, create an SMTP connector that defined an SMTP address space of
the ISP's domain used by the business unit. Configure the SMTP connector to allow
messages to be relayed to that domain.

Answer: C

The correct answer:
C: In each routing group, configure an SMTP connector and limit its scope to only that group -
Prevents other groups from using the link as well as forwarding all requests that are not handled
locally through that connector. (Note that the connectors between business units will probably
have preference since "*" is the most generic match, and the business unit connectors will match
local resources before this connector, so only internet traffic will get routed out.)
The incorrect answers:
A:Configure the SMTP virtual server to forward to smart host - This can not work because ALL
SMTP traffic would be routed there, not just the internet traffic as prescribed
B: Configure the SMTP virtual server to forward to the ISP's DNS server - This can not work
because ALL SMTP traffic would be routed there, not just the internet traffic as prescribed
D: In the routing group, create SMTP connector that defines address for ISP, and configure
connector to relay to that domain - Since the scope is not limited any request made to the internet
can use this link, regardless of its origin. Therefore, if another group's internet link was down, all
of their routing would go through this ISP, which is a clear violation of the requirements of the
question that state, "Each business unit uses its own internet connection to deliver internet email
messages."

90.QUESTION NO: 90

You are the Exchange administrator for TestKing. The Exchange organization contains a
single server that runs Exchange Server 2003. Microsoft Outlook 2002 and Outlook
Express are the only e-mail clients in use on the intranet. External users retrieve e-mail by
using Outlook Web Access.
Some users report that they receive error messages when they send e-mail to recipients
outside of the company. The error messages state that one of the recipients was rejected by
the Exchange server. You discover that this error occurs only for users of Outlook Express.
Users of Outlook 2002 can send messages to the same recipients without error.
You need to ensure that users of Outlook Express can successfully send e-mail messages to
all recipients inside and outside of the company. Your solution most not expose the
Exchange server to unnecessary security risks.
What should you do?

A. Configure the SMTP virtual server to allow relays only from IP addresses on the intranet.
B. Configure the POP3 virtual server to accept connections only from IP addresses on the
intranet.
C. Configure the SMTP virtual server to accept connections only from IP addresses on the
intranet.
D. Configure the SMTP connector to allow messages to be relayed to the domains on the
property page of the connector's address space.

Answer: A

Explanation:
Outlook 2002 will connect to Exchange 2003 using MAPI, Outlook express will connect using POP
Exchange connection schema are based on protocols
SMTP can be setup for send or deny relay but also we can send this based on virtual servers protocol like
http, POP and NNTP someone can think about A is a valid answer, but think about MS rule and specific
rule, less administrative effort and be specific on the topic, do not reply other than specific and they ask to
you about POP, for this reason I choose B as valid, because you already has needed to configure
Exchange protocol for your outlook express users, now you just need change relay option to permit relay
from your intranet
The incorrect answers:
A: The issue only applies to Outlook Express. Outlook users do not have the issue. Therefore, the
problem must lie in POP3, and not with SMTP.
C:The issue only applies to Outlook Express. Outlook users do not have the issue. Therefore, the
problem must lie in POP3, and not with SMTP.
D: This answer will work, but also open up the server to an attack by relaying messages without
regard to location or authenticity.

91.QUESTION NO: 91

You are the Exchange administrator for TestKing. The Exchange organization is shown in
the exhibit.
In the Paris routing group, TestKing2 runs Exchange Server 2003, and TestKing3 runs
Exchange Server 5.5. TestKing2 is configured as the bridgehead server for all routing
group connectors in the Paris routing group. TestKing3 is configured as the bridgehead
server for the X.400 connector in the Paris routing group. Mailboxes for all Paris users are
in TestKing3.
TestKing2 is shut down for repairs. Users who have mailboxes on TestKing1 report that
there is an unusual delay in the delivery of messages to Paris recipients. You discover that
messages between London users and Paris users are being forwarded to the servers in the
following sequence: TestKing1, TestKing4, TestKing5, TestKing6, and TestKing3.
You need to ensure that messages are delivered as quickly as possible between the London
and Paris routing groups. You do not want to alter the normal flow of messages between
any of the other sites or routing groups. (picture)
What should you do?

A. Increase the cost of all site connectors to 25.
B. Decrease the cost on the routing group connector between London and Paris to 5.
C. Decrease the cost of the X.400 connector between the London and Paris routing groups to
20.
D. Modify the routing group connector between the London and Paris routing groups to add
TestKing3 to the list of London routing group.

Answer: D

Correct answer:
There must be a routing group connector between routing groups if you want to be able to send mail
between them in this case we have two links they told us that TestKing2 is shut down for repairs.
Testking 2 is also the bridgehead server for all routing group connectors in the Paris routing
group.
They ask to you
You need to ensure that messages are delivered as quickly as possible between the London and
Paris routing groups.
Testking 2 is down new server in routing group is TestKing 3 the only way to go form London to paris will
be based on cost they told us that message flow is TestKing1, TestKing4, TestKing5, TestKing6, and
TestKing3, this is because the less cost 4 is applied to route the messages and in this way take more
time to deliver, but if we add TestKing3 to the list of London routing group connector and because this
server is Exchange 2003,and because by default the cost will be 10 the mail will be flow through testking
site connector between Tesking1 and testking4
Incorrect answers:
A:Increase the cost of all connectors to 25 - Disrupts the normal flow of mail for all other sites
B: Decrease cost of routing group connector between London and Paris to 5 - Would not help as the
other server in Paris is not a bridgehead server and does not automatically accept connections. (In 5.5,
bridgehead connections did not exist, but there would be an explicit site connector, and that connector
does not exist here.) Even if it did, the given value of 10 would have still worked, and mail would not take
the circular route that is currently the problem.
C: Decrease the cost of the London to Paris routing group cost to 20 - This would still be higher than the
link costs of the current route combined, and would be higher than the x.400

92.QUESTION NO: 92

You are the Exchange administrator for TestKing. The Exchange organization contains
three routing groups named New York, Chicago, and Seattle. Each routing group contains
a single Exchange Server 2003 computer. The three Exchange servers are named
TestKingNY, TestKingCH, and TestKingSE.
The relevant portion of the network is configured as shown in the exhibit.
Users report slow delivery of large e-mail messages between mailboxes on TestKingNY and
TestKingSE. You verify that all WAN links and servers are functioning properly.
TestKingNY can resolve the name TestKingSE by using DNS. You run the tracert
command to perform a test on TestKingNY and obtain the following results.
You need to increase the speed of e-mail delivery between TestKingNY and TestKingSE.
What should you do?

A. Create a routing group connector between the Chicago and Seattle routing groups.
B. Create an SMTP connector in the New York routing group. Specify the Seattle routing
group on the Connected Routing Groups tab, and specify 131.107.30.10 as a smart host.
C. Request the ISP to remove the IP route to the 131.107.30.0 network on Router4 as the
ISP.
D. Request the network administrator to create an IP route to the 131.107.30.0 network on
Router1 in the New York subnet.
E. Increase the cost of the routing group connector between the New York and Chicago
routing groups to 20.
F. Decrease the cost of the routing group connector between the New York and Seattle
routing groups to 5.

Answer: D

Explanation:
The main problem is that the routing from 131.107.10.1 is going through the much slower
131.107.1.1 interface before continuing to Seattle. An IP route explicitly stating the correct route
for messages headed for Seattle should be created at the point where the message route is
incorrect. In this case, it?s 131.107.10.1.
Incorrect Answers:
A:Creating a routing group connector between Chicago and Seattle will not improve the
situation. The routing Group connector between New York and Seattle is already in place.
Adding another hop for the Exchange traffic to travail would not improve the situation.
B: Creating an SMTP connector in New Your may cause a lot more traffic, as any SMTP traffic
from New York would flow all the way to Seattle before being routed where it needs to go. In
most cases, this would not be Seattle. Further, the route taken would still go through the slow
links, as even though there is a routing group connector, it will still take the same physical route
to the destination.
C: There is no route currently for the 131.107.30.0 network on that router. Therefore, this route
can not be removed, and this can not be a viable answer.
E: Increasing the cost of the routing group connector to 20 will not have any effect. According
to the tracert, the problem is not that the mail is hitting the Chicago server before moving on. The
problem is that it is hitting a 128K link between the ISP and its internal routers instead of taking
the quicker internal routers only.
F: Decreasing the cost of the routing group connector between New York and Seattle will have
no effect for the same reason ?E? was incorrect; the route being taken is not as direct as it needs
to be for the messages to arrive as quickly as possible.

93.QUESTION NO: 93

You are the Exchange administrator for TestKing. The Exchange organization contains a
single Exchange Server 2003 computer. The network connects to the Internet via an ISP to
send and receive e-mail messages. All internal users connect to the Exchange server by
using HTTP. No SMTP connector is configured.
You monitor the performance and utilization of the Exchange server on an ongoing basis.
There is normally very little SMTP traffic to and from the server.
You notice a sudden increase in the workload of the server. When you investigate, you
discover a very large increase in the number of SMTP connections that are being made to
and from the server. There is no corresponding increase in the number of messages that
are sent or received by internal users.
You need to reduce the workload of the Exchange server to normal levels.
What should you do?

A. Restart the SMTP service.
B. Add an additional SMTP virtual server.
C. Disable the SMTP relay on the SMTP virtual server.
D. Configure an SMTP connector to connect to a smart host at the ISP.

Answer: C

Explanation:
C: Disable SMTP relay on the SMTP virtual server. - The server is suddenly being used as a
relay agent for an attack. Prohibiting the relay will cause the SMTP requests to cease. This is not
going to cause a problem as all current clients use HTTP to connect to the server.
Incorrect answers:
A: Restart the SMTP service - The service is functioning correctly. TOO correctly, in fact. Since
local clients use HTTP, the SMTP service is rarely used, the sudden increase can not be coming
from internal clients.
B: Add an additional SMTP server - Since internal clients do not use SMTP, adding another
SMTP server will only make the problem worse, as now the attacker can use two servers instead
of one!
D: Configure an SMTP connector to connect to a smart host at the ISP - This will not have any
effect on the problem as the issue is not with the connection, but with the incoming traffic. The
most important part of the question states that the internal users all connect via HTTP, and there
is a sudden increase in SMTP traffic. This can not be caused by your connection to your ISP.

94.QUESTION NO: 94

You are the Exchange administrator for TestKing. The Exchange organization contains
three routing groups named Berlin, Helsinki, and Madrid. Each routing group contains
one or more Exchange Server 2003 computers.
In the Berlin routing group, TestKing1 functions as the bridgehead server for a routing
group connector to the Helsinki routing group, and TestKing2 functions as the bridgehead
server for a routing group connector to the Madrid routing group. The topology of the
Exchange organization is shown in the following table.
Users report intermittent problems with slow delivery of e-mail messages between the
Helsinki and Madrid routing groups. You attempt to use Message Tracking Center on
TestKing10 to track the flow of a message sent from a mailbox on TestKing10 to a mailbox
on TestKing20. Even through the message is delivered, you can see its progress only as far
as TestKing1.
You need to be able to track messages sent from TestKing10 to TestKing20.
What should you do?

A. Enable message tracking on TestKing2 and TestKing20.
B. Run Message Tracking Center from the console on TestKing20.
C. Create a direct routing group connector between the Helsinki and Madrid routing groups.
D. Configure TestKing1 and TestKing2 as bridgehead servers for the routing group
connector between the Madrid and Berlin routing groups.
E. Configure Server1 and Server2 as bridgehead servers for the routing group connector
between the Helsinki and Berlin routing groups.

Answer: A

You can't expect to track a message if it passes invisibly between servers. In an Exchange Server
organization, you can search for a message only when you've already configured the Exchange Server
machines to generate message-tracking log files for you to interrogate.
Tracking is simple when a message remains on one server, more complicated when the message passes
across multiple servers en route to its final destination and even more complex when the message
passes out across the Internet or across another messaging system. Exchange 2003 can't force every
email system on the planet to generate and maintain tracking data in a common format and make that
data available to any program that might request the data. Therefore, your options are restricted to
tracking messages as they pass between servers within one Exchange Server organization.
When you enable tracking, every Exchange Server machine can maintain a set of message-tracking logs.
Each server creates a new log daily and names the log according to the date in yyyymmdd format (e.g.,
20000725.txt).
The logs reside on a network share called server_name.log (in Exchange 2003) or tracking.log (in
Exchange Server 5.5, Exchange Server 5.0, and Exchange Server 4.0). Prefixing the name of the
Exchange Server system creates the full name of the share.
For example, the full name of the share on an Exchange 2003 server named Excserver would read as
follows:
\\excserver\excserver.log

95.QUESTION NO: 95

You are the Exchange administrator for TestKing. The Exchange organization contains
two Exchange Server 2003 computers named TestKing1 and TestKing2. TestKing1
functions as a mailbox server. TestKing2 is configured as a front-end server and is used to
handle all Microsoft Outlook Web Access connections from the Internet. HTTPS is not
used for Outlook Web Access.
Users report that Outlook Web Access and MAPI clients are slow during times of peak
network usage. Network utilization of the Internet link does not reach capacity at these
times. Management authorizes you to add an additional Exchange server to the network, to
be named TestKing3.
You need to ensure that performance of Outlook Web Access is improved during peak
network usage.
What should you do?

A. Configure TestKing3 as an Exchange front-end server. Instruct half of the users to
connect to TestKing2 when using Outlook Web Access. Instruct the other half of the
users to connect to TestKing3 when using Outlook Web Access.
B. Configure TestKing3 as an Exchange front-end server. Configure a Network Load
Balancing cluster that contains both Exchange front-end servers. Instruct all users to
connect to the cluster name when they want to use Outlook Web Access.
C. Configure TestKing3 as an Exchange front-end server. Create an alias (CNAM) resource
record in DNS that maps to the IP addresses of both Exchange front-end servers. Instruct
all users to connect to the alias when they want to use Outlook Web Access.
D. Configure TestKing3 as an additional mailbox server. Move half of the user mailboxes to
TestKing3. Instruct all users to connect to TestKing2 when they want to use Outlook
Web Access.

Answer: D

Users report that Outlook Web Access and MAPI clients are slow during times of peak network usage, if
you add TestKing3 as new front end, configure NLB for tesking2 and tesking3, as mailtesking.com and
tell to users that use OWA to use mailtesking.com for their user connection, you will not reduce the load
just because http access use a *.stm, database and because mapi clients use *.edb, you will get a better
I/O disk performance for activity but will not reduce load in peak hours "D" option will reduce 50 % of
load in mail server Testking1 during peak hours
The incorrect answers:
A: Configure TestKing3 as a front end server. Instruct 1/2 to use TestKing3, the other half to use
TestKing2 - The problem is not network bandwidth, so dividing the users is not necessary for that reason.
In addition, HTTPS is not being used, so the load on the server should be fairly light. The question does
not mention how many users, but a front end server can service thousands of clients, so it is doubtful that
the server is being overworked.
B: Configure as a front end server and use NLB. Instruct the users to use the NLB server name to
connect. - Again, the problem is not with network bandwidth. The problem must lie someplace other than
the network or the front end server. The most likely scenario is that the back end server is overworked.
C: Create TestKing3 as a front end server. Create a CNAME record in DNS, and instruct the users to use
the alias - This option would not work as the DNS alias would be on a local DNS server and not anything
that would be accessible via the internet. In addition, the problem is not in the front end, but more likely in
the back end.

96.QUESTION NO: 96

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain named testking.com. The Exchange organization contains a single
routing group that consists of two Exchange Server 2003 computers named Exch1 and
Exch2. Exch1 is configured as a bridgehead server for SMTP traffic to and from the
Internet. Exch2 contains all user mailboxes.
TestKing purchases Foobar Inc., which is located in another city. The Foobar network
contains a single Lotus Notes server name Notes1. Notes1 can receive SMTP messages that
are addressed to foobar.com. IP routing is configured so that the WAN link will be used as
the default rote for all network traffic between computers in the two locations.
Contact objects for all Lotus Notes mailboxes in Foobar were previously created in the
testking.com domain. Each Contact object contains the foobar.com SMTP address of the
associated user. Each Contact object is updated with the Lotus Notes address of the
associated user. The network is configured as shown in the following diagram.
Users in TestKing report slow delivery of messages that are sent to users in Foobar. When
you track these messages, you discover that they are being sent by Exch1 as SMTP
messages over the Internet.
You need to ensure that messages sent to users in Foobar by users in TestKing will be sent
by using the Lotus Notes connector.
What should you do?

A. Configure the cost of the SMTP connector on Exch1 to be 20.
B. Configure the cost of the Lotus Notes connector on Exch2 to be 5.
C. Configure a Lotus Notes connector between Exch1 and Notes1.
D. Configure the SMTP connector on Exch1 to allow a maximum message size of 1,000 KB
for outgoing messages.
E. Configure the Contact objects for the Lotus Notes users to set the default e-mail address
for each contact to be the Lotus Notes address.

Answer: E

Explanation:
By default the cost of any Exchange connector is 10, showed diagram notes connector cost is 15, there is
not any reason because the primary or secondary address force email flow to got over internet
If Notes connector is well configured for foobar.com in tab address space and cost mail will flow first for
the connector to Foobar.com address space
Incorrect answers:
A: Increasing the cost of the SMTP connector will have no effect. The primary address for the contacts is
SMTP, so the message will take the default SMTP connection, which has been defined as the internet
connection. Therefore, this cost could be any number, and the routing would not change.
C: There is no need to create a connector between Exch1 and Notes1. There is already a connector in
place, and it is properly defined to deliver Notes messages back and forth across the WAN. The issue is
not with the connector, but with the message format of outgoing mail.
D: Allowing a maximum size for email messages will not change how the messages are being routed
without additional parameters. Those parameters are not mentioned here, but even if they were, the
messages would still not travel over the Notes link because they are formatted as SMTP messages.
Reference:
KB article 263845 ? ?How to Modify Recipient Settings in Exchange System Manager? and Exchange
Server 2003 Help -> E-Mail Addresses

97.QUESTION NO: 97

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain named testking.com. You administer a single Exchange routing group
named Mainoffice, which contains six Exchange Server 2003 computers.
All the Exchange servers in the Mainoffice routing group are located in the Mainoffice
Active Directory, which contains two Microsoft Windows Server 2003 controllers named
TESTKING1 and TESTKING2. TESTKING1 and TESTKING2 are configured as shown
in the following table.
Domain controller Roles
TESTKING1 Schema master
Domain naming master
Global catalog
TESTKING2 Infrastructure master
PDC emulator
RID master
Users in the Mainoffice routing group report that their mail delivery is frequently slow.
You discover a large number of Exchange-related errors and warning in the event logs.
The majority of these errors and warning have an event source of either MSExchangeAl or
MSExchangeDSAccess.
You need to ensure normal message delivery to local recipients in the Mainoffice routing
group.
What should you do?

A. Transfer the PDC Emulator FSMO role to TESTKING1.
B. Configure TESTKING2 as an additional global catalog server.
C. Configure all Exchange servers to use TESTKING2 as their configuration domain
controller.
D. Configure universal group membership caching on the Mainoffice Active Directory site.

Answer: B

Explanation:
They have Two Domain Controllers, Testking1 and Tesking2, service MSExchangeDSAccess is used
for Exchange 2000 and Exchange 2003 to query to a Domain controller who also is Global catalog, to
resolve any recipient, They have 6 exchange servers an just one DC as global catalog to manage the
load, adding a testking 2 as global catalog will permit to exchange to query to testking2 for any recipient
in the case that testking1 is not available
Adding the global catalog role to TestKing2 should enable Exchange to contact the global catalog
regardless of which server it uses to connect.
because MSExchangeDSAccess also you will get a Recipient Update Service in Exchange 2003 error
for MSExchangeAl service if testking1 is not available when rus run to update Exchange address book
Queue: Messages awaiting directory lookup
First Available: Exchange 2000/3
Description: This queue contains messages to recipients who have not yet been resolved against the
Microsoft Active Directory directory service. Messages are also held in this queue while distribution lists
are expanded.
Troubleshooting: Generally, messages accumulate in this queue because the advanced queuing engine
cannot categorize the message. The advanced queuing engine may not be able to access the global
catalog servers or to access the recipient information. Or, the global catalog servers are unreachable or
are performing slowly. Increase diagnostic logging for the MSExchangeDSAccess service and for the
MSExchangeTransport service to collect information about Categorizer components. To increase
diagnostic logging for a component, review the steps that are listed earlier in the "More Information"
section of this article.
References
How to Use Queue Viewer to Troubleshoot Mail Flow Issues KB 823489
No Such Object on the Server" Error Message Occurs When You Create a Recipient Update Service
822927
Event ID 2075 Occurs When You Try to Obtain a List of the Global Catalog Servers KB 312425
Error Message When You Restart Exchange Services If Global Catalog Cannot Be Contacted KB 273428
Exchange System Attendant Does Not Start and You Receive a "Global Catalog Servers Not
Responding" Error Message KB 322801

98.QUESTION NO: 98

You are the Exchange administrator for TestKing. The relevant portion of the network is
configured as shown in the exhibit:
Each subnet is configured as a separate routing group. TestKing1 through TestKing3 run
Exchange Server 2003.
When you monitor TestKing1, you discover that messages addressed to recipients on
TestKing3 remain in the delivery queues for a long time. You discover that these messages
are delivered over the WAN link between subnet A and subnet B. During business hours,
this WAN link often has no available bandwidth. However, the WAN link between subnet
A and subnet C usually has available bandwidth.
You need to ensure that messages sent from TestKing1 to TestKing3 are delivered as
quickly as possible. (picture)
What should you do?

A. Request the network administrator to increase the cost of the IP route between subnet A
and subnet B to 10.
B. Request the network administrator to decrease the cost of the IP route between subnet A
and subnet C to 10.
C. Increase the cost of the routing group connector between the subnet A and Subnet B
routing groups to 10.
D. Decrease the cost of the routing group connector between the subnet A and subnet C
routing groups to 1.

Answer: C

Explanation:
Messages are sent over routing group connectors with the lowest cost. Since the A-B-C route
has a lower cost than the A-C route, messages are sent over that route. Note that this is not
dependent on the site link costs. These are totally separate.
Incorrect Answers:
A: Changing the costs of the IP route will have no effect. Site connectors do not have anything
to do with IP connectors.
B: This answer is incorrect for the same reason as ?A?. Site connectors and routing connectors
are different, and may have costs that are completely opposite of each other.
D: Decreasing the routing group connector on the A-C subnet will only help the problem, but not
resolve it. By changing the connector cost to 1, messages will be placed in both outbound
queues equally. This will solve the problem for half of the messages, but the other half would
still be behind the bottleneck.

99.QUESTION NO: 99

You are the Exchange administrator for TestKing. The intranet is connected to the
Internet through a firewall.
The Exchange organization contains two servers named TestKing1 and OWA1. Both
servers run Exchange Server 2003. TestKing1 is configured as a mailbox server. OWA1 is
configured as a front-end server. OWA1 is configured to allow users to access their e-mail
by using Microsoft Outlook Web Access over SSL.
Internet users report that they cannot access OWA1. However, intranet users can use
either HTTP or HTTPS to access Outlook Web Access.
You need to ensure that all users can access Outlook Web Access by using only HTTPS.
What should you do?

A. Configure the firewall to permit Internet users to access port 443 on OWA1. Configure
the default Web site on OWA1 to require SSL.
B. Configure the firewall to permit Internet users to access port 80 on OWA1. Configure the
default Web site on TestKing1 to use port 443 for SSL communications.
C. Configure the firewall to allow Internet users to access port 993 on OWA1. Configure the
default Web site on TestKing1 to require SSL and 128-bit encryption.
D. Configure the firewall to allow Internet users to access port 143 on OWA1. Configure the
Exchange HTTP virtual server on OWA1 to enable forms-based authentication for
Outlook Web Access.

Answer: A

Explanation:
SSL utilizes port 443. The external firewall does not currently allow port 443 traffic to pass.
Opening up this port will take care of that issue. The default OWA site is currently not correctly
setup to use HTTPS. This is why internal clients can connect to OWA using HTTP. Modifying
the security on the OWA web site will solve this problem.
Incorrect Answers:
B: Port 80 is used for standard HTTP traffic. Allowing it will not satisfy the requirement of
HTTPS traffic being passed only.
C: Port 993 is used for secure IMAP traffic. Enabling it will not allow HTTPS traffic.
D: Port 143 is used for insecure IMAP traffic. It will have no effect on HTTPS traffic.

100.QUESTION NO: 100

You are the Exchange administrator for TestKing. All Exchange servers run Exchange
Server 2003. The relevant portion of the network configuration is shown in the exhibit.
TESTKINGC is a front-end server. Its only function is to enable Internet users to access
their Exchange mailboxes by using Microsoft Outlook Web Access over SSL. Internet users
report that they cannot access their mailboxes. They receive an error message stating that
the page or server cannot be located. You discover that internal users can access
TESTKINGC and can use Outlook Web Access.
You need to ensure that Internet users can access their e-mail. To achieve this goal, you
plan to reconfigure the Internet firewall so that Internet users can access only one port on
TESTKINGC. (picture)
Which protocol should be accessed by Internet users?

A. HTTP
B. IMAP4
C. HTTP SSL
D. IMAP4 SSL

Answer: C

Explanation:
HTTPS (HTTP SSL) is the Secure Sockets Layer connection for normal internet traffic. The
port that needs to be opened is port 443 on the external firewall. Once this is done, external
clients can connect without problems.
Note: Ports to open for OWA access in a perimeter Firewall architecture
Origin Destination Service Protocol and port
HTTP TCP 80
HTTPS TCP 443
IMAP4 TCP 143
Internal/External Perimeter network
IMAP4TLS TCP 993
DNS TCP, UDP 53
HTTP TCP 80
RPC EP
Mapper
TCP 135
KERBEROS TCP UDP 88
LDAP TCP 389
NETLOGON TCP 445
DSAccess (GC) TCP 3268
Perimeter
Network
Network
Internal/Private
TCP High Ports TCP 1024+
Incorrect Answers:
A:HTTP is standard internet traffic. Is uses port 80. It is NOT secure, and using it will violate
the requirement of the exam that OWA be accessed through SSL.
B: IMAP4 is another protocol used over the internet for mail. However, it is not secure, and does
not use the SSL layer.
D: IMAP4 is the secure (SSL) version of IMAP4. Technically, there is nothing in the answer
preventing this from being a viable answer. However, this is not the BEST answer, as the
HTTPS protocol is better suited, and all OWA features are available instead of IMAP4?s subset.

101.QUESTION NO: 101

You are the Exchange administrator for TestKing. The Exchange organization contains
two servers named TestKing1 and TestKing2. Both servers run Exchange Server 2003. The
relevant portion of the network is configured as shown in the exhibit.
TestKing1 is configured as a front-end server. TestKing1 supports only IMAP e-mail
clients. TestKing1 supports both IMAP4 and IMAP4 over SSL. TestKing2 is configured as
a back-end server. It hosts user mailboxes and public folders.
You need to ensure that all users can send and receive Internet e-mail messages by
accessing TestKing1. Your solution must not open any unnecessary network ports.
Which protocol or protocols should you open on the firewall? (Choose all that apply)

A. SMTP
B. POP3
C. HTTPS
D. IMAP4
E. IMAP4 over SSL
F. POP3 over SSL

Answer: A,D

Explanation:
You need to ensure that all users can send and receive Internet e-mail messages by accessing
TestKing1. In order to about to open more than necessary ports, we can close IMAP port and use https
but they told us TestKing1 supports only IMAP e-mail clients. and there is not any statement about to
Tesking1 reconfiguration in that way we can close IMAP port 143 and leave just IMAP over SSL port 993
Reference:
Ports to open for OWA access in a perimeter Firewall architecture
Origin Destination Service Protocol and port
HTTP TCP 80
HTTPS TCP 443
IMAP4 TCP 143
Internal/External Perimeter network
IMAP4TLS TCP 993
DNS TCP, UDP 53
HTTP TCP 80
RPC EP
Mapper
TCP 135
KERBEROS TCP UDP 88
LDAP TCP 389
NETLOGON TCP 445
DSAccess (GC) TCP 3268
Perimeter
Network
Network
Internal/Private
TCP High Ports TCP 1024+

102.QUESTION NO: 102

You are the Exchange administrator for TestKing. Exchange Server 2003 is implemented
as the companywide messaging system. The Exchange server runs Windows 2000 Server.
The relevant portion of the network is configured as shown in the exhibit.
TestKing e-mail policies state that Internet users must be able to securely download e-mail
messages, view downloaded e-mail messages on their local computers, send outbound email
messages, and access the company's internal e-mail address list.
You need to configure the firewall to meet these requirements.
Which three ports should you make accessible to Internet users? (Each correct answer
presents part of the solution. Choose three)

A. Global catalog LDAP
B. HTTPS
C. RPC endpoint mapper
D. IMAP4 SSL
E. SMTP

Answer: A, B, C

The trick in this question is Exchange is running on Windows 2000 Server we can not uses HTTS over
RPC new in Exchange 2003 and Windows 2003 Architectures and also the trick is that this is a very poor
question from a real world firewall architecture
In the Real world you just need to open HTPS with simple firewall architecture, why? so simple,
Exchange, Domain Controller and Global Catalog are in the same subnet after the firewall, but because
they tell you that you need to pick up three, you will need to access with https, exchange will need to
query to global catalog on port 3268, and also will need the RPC endpoint mapper.
NOTE:
This question in the exam is to be marked for comments, or the picture is wrong and the question is based in this
architecture
Securing Outlook
Web Access on
the Internet
The front?end and
back?end
architecture is
useful when
enabling users to
retrieve their mail
from the Internet. A
front?end server
can be placed
behind or in front of
a firewall, or a
perimeter network,
also called a
demilitarized zone
(DMZ). A perimeter
network provides
two layers of filtering, one between the Internet and the front?end server, and another between the front?
end server and the company's network. Different ports on the routers and firewalls must allow access to
back-end servers, depending on the location of the front-end server in relation to the firewall.
If you locate servers between the Internet and the firewall, it is required that more ports be opened, which
might compromise security.
Origin Destination Service Protocol and port
HTTP TCP 80
HTTPS TCP 443
IMAP4 TCP 143
Internal/External Perimeter network
IMAP4TLS TCP 993
DNS TCP, UDP 53
HTTP TCP 80
RPC EndPoint
Mapper
TCP 135
KERBEROS TCP UDP 88
LDAP TCP 389
NETLOGON TCP 445
DSAccess (GC) TCP 3268
Perimeter
Network
Network
Internal/Private
TCP High Ports TCP 1024+
By making the firewalls the only servers exposed to the Internet, you can control security with fewer
computers and secure the internal network by limiting the number of access points. Figure 25.3 illustrates
a deployment using a front?end server inside a firewall.
Figure 25.3 Front-end server protected by a firewall
Note that the designation of only one front-end server for multiple back?end servers creates a single point
of failure and a possible bottleneck.
Monitor this server or deploy more than one front-end server.
The front-end server should be configured to use SSL to encrypt data and passwords between the
client and the front?end server; otherwise passwords and data travel as cleartext.
SSL provides privacy between a Web browser and a Web server. This begins with a handshake phase
that negotiates the encryption and establishes a secure session between the client and the server. After
this process ends, all data that is sent between the Web browser and the Web server is encrypted.
SSL increases security, but also reduces performance. The installation of a front?end server to handle
SSL requests removes processor demand on back?end mailbox servers.
In front?end and back?end architecture, servers are optimized to perform single functions. The front-end
server processes all the HTTP and SSL requests and the back?end server manages data (mailbox
stores and public folder stores).
Advantages of a single firewall tier include:
Low cost: Because there is only one firewall, the hardware and licensing costs are low.
Simplified management: Management is simplified because there is only one firewall for the site or
enterprise.
Single logging source: All traffic logging is central to one device.
Disadvantages of a single firewall tier include:
Single point of failure: Depending on the number of redundant components, there may still be a single
point of failure for inbound and/or outbound Internet access.
Possible traffic bottleneck: A single firewall could be a traffic bottleneck depending on the number of
connections and throughput required.

103.QUESTION NO: 103

You are the Exchange administrator for TestKing. The network consists of as single Active
Directory domain named testking.com. Exchange Server 2003 is implemented as the
companywide messaging system. The relevant portion of the networks is configured as
shown in the exhibit.
TestKing1 is configured as a front-end server and as an incoming SMTP relay. It also hosts
Microsoft Outlook Web Access, which is used by Internet users to access company e-mail.
Users stop receiving e-mail messages from the Internet. You use the DNS name and IP
address to send test e-mail messages directly to TestKing1 from the Internet. However,
your e-mail messages are simply queued on TestKing1 along with a large number of other
messages.
You need to ensure that users can receive e-mail messages from the Internet.
What should you do?

A. Configure the external DNS mail exchanger (MX) resource record of the e-mail domain
to point to TestKing1.
B.Configure the internal firewall to allow TestKing1 to communicate with the Exchange
server and the global catalog server.
C. Configure the default SMTP virtual server on TestKing1 to use the Exchange server as a
smart host server.
D. Configure the default SMTP virtual server on TestKing1 to deliver all e-mail messages
that have unresolved recipients to the Exchange server.

Answer: B

Explanation:
TestKing1 is not able to see either the back-end Exchange Server or the Global Catalog server.
Opening the appropriate ports on the internal firewall should resolve the problem.
Incorrect answers:
A:Mail is being received by TestKing1. Since this is the case, the MX record must exist and be
correct.
C: Since no SMTP traffic is passing between the servers, setting up a smart host on TestKing1
will not work.
D: Messages sitting in the queue on TestKing1 have recipients. Therefore, this answer can not
be correct. Note that the users state that they are not receiving e-mail. If the messages had no
recipient, the users would not be aware that they were not getting their messages.

104.QUESTION NO: 104

You are the Exchange administrator for TestKing. Exchange Server 2003 is used as the
companywide messaging system. The relevant portion of the network is configured as
shown in the exhibit.
The front-end server provides e-mail access to HTTPS, IMAP4, and POP3 clients. The
front-end server also hosts a secure Web site for customers.
Some remote users report that they cannot access their e-mail from the Internet. You
discover that this problem affects only the users of the HTTPS e-mail clients. All users can
still access their e-mail from the internal network by using Microsoft Outlook directly
connected to the Exchange mailbox servers. You discover that the customer Web site is
accessible from the Internet by using HTTPS.
You need to ensure that all users can access their e-mail from the internal network and
from the Internet.
What should you do?

A. Allow the front-end server to initiate connections with all Exchange servers on the
internal network by using the IMAP4 SSL port.
B. Allow the front-end server to initiate connections with all Exchange servers on the
internal network by using the IMAP4 port.
C. Allow the front-end server to initiate connections with all Exchange servers on the
internal network by using the HTTP port.
D. Allow the front-end server to initiate connections with all Exchange servers on the
internal network by using the HTTPS port.

Answer: C

Explanation:
User can access with outlook, this means POP or IMAP access they can access to front-end
server a secure Web issue is due to front-end and back end servers can not communicating properly via
HTTPS. Because HTTPS is working correctly, in secure Web site, this means that communication
between External firewall an internal firewall over port 443 is closed,
We cannot choose here http; why, not Secure at all option, you already have two firewalls, are you going
to dismiss your security, I do not think so, answer is C
Reference:
Implementing and Maintaining an Exchange Server 2003 Environment
MOC Course 2400B book, Page 07-23 and 24.

105.QUESTION NO: 105

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain named testking.com. Exchange Server 2003 is used as the companywide
messaging system. The relevant portion of the network is configured as shown in the
exhibit.
TESTKING1 runs Microsoft Internet Security and Acceleration Server. TESTKING2 is
configured as a front-end server that runs Microsoft Outlook Web Access. TESTKING1 is
configured to permit Internet users to access their e-mail by using Outlook Web Access on
TESTKING2. TESTKING1 also permits Internet mail servers to send SMTP mail to
TestKing3.
Users report that they cannot access TESTKING2 from the Internet. However, the same
users can successfully access TESTKING2 from the internal network. You discover that all
Internet mail servers can successfully sent SMTP mail to TestKing3.
You need to ensure that all users can access TESTKING2 from the Internet and from the
internal network. (picture)
What should you do?

A. Configure the network adapter on TESTKING2 to use both 192.168.1.254 and
192.168.1.1 as default gateways.
B. Configure the network adapter on TESTKING2 to use 192.168.1.254 as the default
gateway. Configure a static route to the 172.168.1.0/16 network by using 192.168.1.1 as
the gateway.
C. Configure the perimeter network adapter on TESTKING1 to use 192.168.1.1 as the
default gateway. Configure the Internet-facing network adapter to use 10.1.1.254 as the
default gateway.
D. Configure the Internet-facing network adapter on TESTKING1 to use 10.1.1.254 as the
default gateway. On the perimeter network adapter, configure a static route to the
172.16.1.0/16 network by using 192.168.1.1 as the gateway.

Answer: B

Explanation:
After you set the external NIC on the ISA Server computer to use an Internet IP address, you need to configure ISA
Server to listen on that IP address for incoming Web requests. This configuration is necessary for ISA Server to
respond to Web page requests such as Outlook Web Access or Outlook Mobile Access traffic.
Make sure the IP address of the ISA Server computer's internal NIC is static. This configuration is necessary
because you need to configure secure network address translation (SecureNAT) clients, such as your inbound SMTP
server, and point them to the internal IP address of your ISA Server. If the IP address on your internal NIC changes,
you need to manually update those clients. When you use a static IP address, you avoid this problem.
After you place your ISA Server computer in the perimeter network and configure your internal and external NICs,
ISA Server is ready to start acting as the gatekeeper for inbound and outbound Internet traffic. To do this, you need
to configure inbound and outbound e-mail traffic to go through ISA Server.
All inbound Internet traffic bound to your Exchange servers, such as Microsoft Office OutlookR Web Access, RPC
over HTTP communication from Microsoft Office Outlook 2003 clients, Outlook Mobile Access, Post Office
Protocol version 3 (POP3), Internet Message Access Protocol version 4rev1 (IMAP4), and so on are processed by
ISA Server. When ISA Server receives a request from a client application such as Outlook 2003 to access
information on an Exchange server, ISA Server routes the request to the appropriate Exchange servers on your
internal network. The internal Exchange servers return the requested data to ISA Server, and then ISA Server sends
the information to the client through the Internet.
Figure 1 Deploying ISA Server as your advanced firewall server
Incorrect Answers:
A: Configuring two gateways is not a good idea. Messages can (and will) be sent to whichever gateway
happens to be chosen. Sometimes it will be correct, and other times it will not. In any event, this does not
lead to the best answer.
C: The perimeter network adapter on TestKing1 is functioning as it should. We know this because
internet SMTP mail is getting where it needs to go. Therefore, this can not be the correct answer.
D: The adapters on TestKing1 are functioning as they should. If they were not, TestKing3 would not be
getting SMTP mail. In addition, setting up the adapter this way would prevent TestKing3 from receiving
the SMTP mail, as it would be routed to TestKing2. Since TestKing2 is not configured to send SMTP mail
(only HTTP for OWA) the inbound mail will die at TestKing2.
Reference:
Using ISA Server 2000 with Exchange Server 2003 MS white paper

106.QUESTION NO: 106

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain named testking.com. The Exchange organization contains eight servers
that run Exchange Server 2003. All Exchange servers are member servers, and all are
located in the Computers container in Active Directory.
Written TestKing security polices specify the audit settings, event log settings, and security
policy settings that must be applied to all Exchange servers.
You need to ensure that the Exchange servers comply with the written security policies.
Your solution must require the minimum amount of administrative effort to maintain.
What should you do?

A. Create the policy settings by using the Local Security Policy tool. Apply the policy
settings to the Exchange servers.
B. Create a security template that matches the policy requirements. Run Secedit.exe to apply
the template to the Exchange servers.
C. Create a new organizational unit (OU) and move all Exchange servers into the OU.
Create a Group Policy object (GPO) that applies the policy settings. Link the GPO to the
OU.
D. Create a new Group Policy object (GPO) that defined the policy settings for the
Exchange servers. Link the GPO to the Domain Controllers organizational unit (OU). Set
a filter on the GPO to apply only to the Exchange servers.

Answer: C

Explanation:
This question is not truly an Exchange question, but instead a Group Policy question. The fact
that these are Exchange Servers has no bearing on the question or its answer. The easiest
solution is to place all the Exchange servers into their own OU, then create a GPO and apply it to
the OU.
Incorrect Answers:
A: Applying the policy settings to one computer at a time is administrative intensive, and invites
mistakes in implementation. Therefore, this is not the best answer.
B: Creating a security template and applying the template to the Exchange servers also involves a
lot of administration, and as more servers are added, the template must be added to each one.
That disqualifies this as a possible answer.
D: Creating a GPO and linking it to the domain controllers OU will not work due to the fact that
the Exchange servers are in the Computers OU. It would be impossible to filter it to the
Exchange Servers for that reason alone. Additionally, a group policy can not be filtered to one
computer. It must be in an OU for filtering to apply.

107.QUESTION NO: 107

You are the Exchange administrator for TestKing. The network contains four Exchange
Server 2003 computers that are located in a single organizational unit (OU) in Active
Directory.
Users who work during the night shift report that the Exchange servers are often not
available at night. You use System Monitor and find out that the Exchange services have
been running for less than 24 hours.
You need to ensure that the security logs contain information necessary to isolate events
that affect server uptime.
What should you do?

A. Configure an audit policy that logs successful logon events.
B. Configure an audit policy that logs successful system events.
C. Configure a security policy that audits the use of global system objects.
D. For the Microsoft Exchange Information Store service, configure the diagnostic logging
category named General to the medium logging level.

Answer: C

System Services permit o control the Startup and permissions for system services
Audit: Audit the access of global system objects
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security
Options/Audit the access of global system objects
Description
This security setting determines whether to audit the access of global system objects.
If this policy is enabled, it causes system objects, such as mutexes (mutual exclusive), events,
semaphores (locking mechanisms used inside resource managers or resource dispensers), and DOS
devices, to be created with a default system access control list (SACL).
Also if Audit objects access is enabled audit
Description
This security setting determines whether to audit the event of a user accessing an object--for example, a
file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified.
If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the
event type at all. Success audits generate an audit entry when a user successfully accesses an object
that has an appropriate SACL specified. Failure audits generate an audit entry when a user
unsuccessfully attempts to access an object that has a SACL specified.
Incorrect answers :
A: Logon-related events when a user logs on interactively or remotely. These events are generated on
the computer to which the logon attempt was made. By Login successful events you get just who user
access with right access to do logon in the system
B: Tracks system events such as Windows logon network and power events. Notifies COM+ Events
D: Under MSExchangeIS there are several subcategories that you can increase diagnostic logging for.
Click the specific area that you want to increase diagnostic logging for, and then select the appropriate
level of diagnostic logging
Protocol Logging By setting the configuration properties of the virtual server associated with each
messaging transport protocol, you can protect your e-mail system in multiple ways. The Internet protocols
(SMTP, HTTP, and NNTP) enable you to use logging to track the commands the virtual server receives
from clients.
Reference:
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/enus/
Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/561.asp

108.QUESTION NO: 108

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain named testking.com. The network contains nine Exchange Server 2003
computers running on Microsoft Windows Server 2003 member servers. All Exchange
servers are in a single organizational unit (OU) named Exchange Servers. Only the
Exchange server computer objects are contained in the Exchange Servers OU.
Users in a group named Exchange Admins are exclusively responsible for managing the
Exchange organization. No other group, including the Enterprise Admins and Domain
Admins groups, has permissions to manage the Exchange organization.
You discover that the Domain Admins group is in the membership list of the Exchange
Admins group.
You need to ensure that any changes to group membership that would allow access to
manage the Exchange organization are recorded.
What should you do?

A. Configure the Default Domain Controllers Policy to include auditing successful policy
change events.
B. Create a Group Policy object (GPO) on the Exchange Servers OU to audit successful
policy change events.
C. Create a Group Policy object (GPO) on the Exchange Servers OU to audit successful
policy change events.
D. Create a Group Policy object (GPO) on the Exchange Servers OU to audit successful
directory service access events.

Answer: A

Directory Service Access A very general category. Basically, it refers to any time a user changes an
Active Directory object in this way we can see who add Domain Admins group to membership list of
the Exchange Admins group.
This need to be done to domain level access by default is not policy settings audit are not set in
member server, doing this to domain level Exchange OU will inherit this setting
The Account Policies security area receives special treatment in how it takes effect on computers in the
domain. All DCs in the domain receive their account policies from GPOs configured at the domain node
regardless of where the computer object for the DC is. This ensures that consistent account policies
are enforced for all domain accounts. All non-DC computers in the domain follow the normal GPO
hierarchy for getting policies for the local accounts on those computers. By default, member workstations
and servers enforce the policy settings configured in the domain GPO for their local accounts, but if there
is another GPO at lower scope that overrides the default settings, then those settings will take effect.
These GPOs, once created, are applied in a standard order: LSDOU, which stands for (1) Local, (2)
Site, (3) Domain, (4) OU,
Audit policy change
Description
This security setting determines whether to audit every incident of a change to user rights assignment
policies, audit policies, or trust policies.
If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the
event type at all. Success audits generate an audit entry when a change to user rights assignment
policies, audit policies, or trust policies is successful. Failure audits generate an audit entry when a
change to user rights assignment policies, audit policies, or trust policies fails.
To set this value to No auditing, in the Properties dialog box for this policy setting, select the Define
these policy settings check box and clear the Success and Failure check boxes.
Default:
? Success on domain controllers.
? No auditing on member servers.
References
Windows 2003 online doc
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/enus/
Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/520.asp
Microsoft Windows 2000 Security Configuration Guide
? Chapter 3 - Secure Configuration
http://www.microsoft.com/technet/Security/topics/issues/w2kccscg/w2kscgc3.mspx

109.QUESTION NO: 109

You are the Exchange administrator for TestKing. The Exchange organization contains
two servers that run Exchange Server 2003. All users send and receive e-mail messages by
using Microsoft Outlook.
All users in the customer service department are members of a global group named
CS_GG. Management plans to implement a new process for customer service. Customers
will request service by sending e-mail messages to a specified address. Customer service
users will receive and reply to these messages. In the source address field, each reply must
display CustomService as the alias. Replies must not display the personal e-mail addresses
of customer service users.
You create a mail-enabled distribution group named CustomService and add all customer
service users to this group. Members of the CustomService distribution group now receive
all e-mail requests for customer service. However, when they send replies, the replies
display their personal e-mail addresses as the return address.
You need to enable the customer service users to reply by using the CustomService e-mail
address instead of their personal e-mail address.
What should you do?

A. Modify the permissions on the CustomerService distribution group so that CS_GG has
Send As permissions on the distribution group.
B. Modify the CustomerService distribution group to accept messages only from
authenticated users.
C. Delete the CustomerService distribution group. Create a mail-enabled user account
named CustomerService. Modify the permissions on the CustomerService mailbox so
that CS_GG has permissions to send on behalf of the mailbox.
D. Modify the permissions on the CustomerService distribution group so that CS_GG has
Send To permissions on the distribution group.

Answer: A

Explanation:
The CustomerService group is mail enabled; meaning that is has a mailbox. Assigning the Send
As permission to the CS_GC membership will enable the CS_GC users to send mail as the
CustomerService ?user?. Note that since the group is mail enabled, there is a single mailbox for
the group that has been defined. Understand that the ?Send As? permission allows users to send
mail as another user. In this case, the ?user? is actually a group.
Incorrect answers:
B:Accepting messages only from authenticated users is designed to prevent people outside the
organization from sending messages to the organization. It will not affect messages sent by
already authenticated users, and hence will have no effect on the problem described.
C: The CS_GC group can not be given permission to ?Send on Behalf?. Only other users can be
given this permission. Therefore, this answer is not correct.
D: There is no ?Send To? permission. Therefore, this answer can be eliminated.
Reference: Implementing, Managing, and Maintaining Microsoft Exchange Server 2003 Course
book 2400B, Pages 04-35,36 and Microsoft Exchange Help -> Users and Computers ->
Exchange 2003 General Tab -> Delivery Options


110.QUESTION NO: 110

You are the Exchange administrator for TestKing. The company operates a main office
and one branch office. The network consists of a single Active Directory domain named
testking.com. The domain contains three servers that run Exchange Server 2003 in single
Exchange organization.
Two Exchange servers are located in the main office and are members of the Main Office
administrative group. The Third Exchange server is located in the branch office and is a
member of the Branch Office administrative group. User and group accounts for users in
the main office are located in the Main Office organizational unit (OU). User and group
accounts for users in the branch office are located in the Branch Office OU.
A new administrator is hired to perform the following administrative tasks:
.. Create and delete user accounts for branch office users.
.. Add and remove users from mail-enabled groups for branch office users.
.. Create and delete mailboxes on the Exchange server in the branch office.
.. View and manage queues on the Exchange server in the branch office.
You need to ensure that the new administrator can perform the required tasks. You must
assign only the minimum level of necessary permissions.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two)

A. Configure the permission on the Branch Office OU to grant full control of the OU to the
new administrator.
B. Add the new administrator to the Account Operators group in the domain.
C. Configure the permissions on the Branch Office OU to enable the new administrator to
manage user and group accounts in the OU.
D. Add the new administrator to the Server Operators group on the Exchange server in the
branch office.
E. Configure the permissions on the Branch Office administrative group to assign Exchange
View Only Administrator permission to the new administrator.
F. Configure the permissions on the Branch Office administrative group to assign Exchange
Administrator permissions to the new administrator.

Answer: C, F

Permissions over specific objects do need to be delegated to specific sets of administrators, The new
administrator need permissions on the branch offices OU to manage AD accounts, also because he need
to create and manage exchange mail box need to be exchange administrator,
Exchange Administrator
When you give a user or group Exchange Administrator permissions, the user and group can fully
administer Exchange Server computer information. A user who has Exchange Administrator permissions
has the following rights:
? Organization Rights:
o All permissions except Change permissions on the MsExchConfiguration container (this
object and its sub-containers).
o Deny Receive-As, and Send-As permissions on the Organization container (this object
and its sub-containers).
? Administrative Group Rights:
o Read, List object, List contents permissions on the MsExchConfiguration container (this
object only).
o Read, List object, List contents permissions on the Organization container (this object
and its sub-containers).
o All permissions except for Change permissions, Deny Send-As, Deny Receive-As
permissions on the Administrator Group container (this object and its sub-containers).
o All permissions except Change permissions on the Connections container (this object
and its sub-containers).
o Read, List object, List contents, Write properties permissions on the Offline Address Lists
container (this object and its sub-containers).
References:
XGEN: Exchange 2000 Role Permissions KB 289811
Overview of Exchange Administrative Role Permissions in Exchange 2003 823018
Design Considerations for Delegation of Administration in Active Directory MS white paper

111.QUESTION NO: 111

You are the Exchange administrator for TestKing. The Exchange organization contains
two back-end servers and four front-end servers. All Exchange servers run Exchange
Server 2003.
New written security polices require encryption for all Internet connections to the frontend
servers. You try to modify the configuration of each front-end server, but the SSL
encryption option is unavailable on each one.
You need to ensure that users can use SSL to secure Internet-based e-mail connections.
What should you do?

A. Obtain and install a server encryption certificate on each front-end server.
B. Obtain and install a server encryption certificate on each back-end server.
C. Install and configure the Key Management Service on a new front-end server.
D. Install and configure Microsoft Certificate Services on each back-end server.

Answer: A

The first step along the road to protecting your OWA traffic is to enable SSL on your Exchange 2000/3
server. The steps to do this are fairly simple: you need to get an SSL certificate, install it, and tell IIS to
use it for your Exchange server's OWA directory. You can use Microsoft's Certificate Server (included
with Windows 2000 Server and higher) to issue your own certificate , or you can buy a commercial
certificate from a third-party certificate issuer like VeriSign or Thawte.
Reference.
5-Minute Security Advisor - Configuring Outlook Web Access

112.QUESTION NO: 112

You are the Exchange administrator for TestKing. The network consist of a single Active
Directory domain named testking.com. All Exchange servers run Exchange Server 2003.
Microsoft Outlook 2003 is the only e-mail client in use.
New written security polices require encryption for all e-mail messages that contain
confidential information. A domain member named Irene tries to send an encrypted e-mail
message to an external user named Peter. However, Outlook displays the following
message:
You confirm that Peter has a digital encryption certificate suitable for sending secure email
messages.
You need to ensure that Irene can send encrypted e-mail messages to Peter.
What should you do?

A. Instruct Peter to send a digitally encrypted e-mail message to Irene.
B. Instruct Peter to send a digitally signed e-mail message to Irene.
C. Install and configure Microsoft Certificate Services. Instruct Irene to request a personal
encryption certificate from the Certificate Services server.
D. Install and configure a server encryption certificate on the Exchange server that contains
Irene's mailbox.

Answer: B

New written security polices require encryption for all e-mail messages that contain confidential
information but user has not get publish her certificate is not a Trusted root certificate and she is going to
send an email to an external user named Peter in the domain contoso.com
In the user try to send encrypted certificate without a valid thirty valid certificate you will get this
error
You will need to add the certificate to you outlook client
If you just use a certificate from your own organization tesking.com, the user in Contoso.com will get a
warning because Contoso.com has not a root certificate form tesking.com.
In that way the only possible answer is that peter send a signed certificate to Irene, in orther that Irene be
able to get the public key for peter communication
Outlook 2002/XP/2003 has the ability to sign and encrypt messages for delivery to internal or external
recipients. For this encryption you will need a certificate. If you want to deliver signed and/or encrypted email
to Internet recipients, you will need to use a recognized certificate (known as a Digital ID) from a
third-party vendor.
Once you have a certificate installed on the client, you can begin to send signed and encrypted messages
using S/MIME. You can only send encrypted mail to other users if you have access to their public key.
This is achieved by having the other user send you a signed message and then adding that user to your
contacts. You will now have their public key available.
If you wish to routinely send signed and encrypted messages between users inside your Exchange
organization, you should consider using the Key Management service.
This service uses Windows 2003 Certificate Services and provides access to public keys with secure,
centralized access to private keys. This gives clients seamless access to signed and encrypted
messages, allowing them to send these messages to any other security-enabled recipient in the global
address list (GAL).
Reference
Security Operations Guide for Exchange 2000 Server MS Book line .

113.QUESTION NO: 113

You are the Exchange administrator for TestKing. All Exchange servers run Exchange
Server 2003.
TestKing's new written security polices require encryption for all internal e-mail messages
that contain confidential information.
A domain administrator installs and configures a certification authority (CA) on the
network and uses a self-signed certificate to authorize the CA. Then you use the CA to issue
e-mail encryption certificates to all users. However, when internal users receive encrypted
e-mail messages from other internal users, they also receive a message indicating that the
encryption is not trusted.
You need to prevent this message from appearing, and you need to ensure that all users can
send encrypted messages to each other.
What should you do?

A. Instruct all users to send a digitally signed message to the Everyone distribution list.
B. Request a domain administrator to create a Group Policy object (GPO) that configures all
client computers to trust the CA.
C. Use the CA to create and publish a Certificate Trust List (CTL) on a network share that is
accessible to all users.
D. Export the root certificate of the CA to a file. Send the file in e-mail to all users and
instruct them to save it on their client computers.

Answer: B

A digital ID has two parts, a private key and a public key. The replaceable private key is usually stored on
your computer. You can export and import this private key to other computers in order to move your email
security settings from one computer to another. You can also make a backup copy of your private
key. The other component of your digital ID is a public key. You send this key to people from whom you
want to receive encrypted messages, as well as to those that you want to be able to verify your signed
messages
Exchange 2003 introduces a significant change by eliminating the Key Management server in favor of
functionality provided by Certificate Services in Microsoft Windows Server? 2003.
Windows Server 2003 Enterprise Edition to be an enterprise certification authority. The certification
authority is responsible for issuing digital certificates that provide S/MIME functionality.
Because Outlook settings are stored as part of the user profile on the local workstation, you need to
configure autoenrollment certificate for users
Reference
Encryption and Message Security Overview 286159
Quick Start Guide for SMIME for Exchange Server 2003 MS white paper
Implementing and Administering Certificate Templates in Windows Server 2003
(http://go.microsoft.com/fwlink/?LinkId=17802)

114.QUESTION NO: 114

You are the Exchange administrator for TestKing. The company operates two offices. Each
office has its own intranet. Each intranet consists of an Active Directory domain. Both
domains are members of the same forest.
Each intranet includes a single server that runs Exchange Server 2003. Each Exchange
server hosts the mailboxes for local users. The two intranets are connected to the Internet,
but not to each other. New written security polices state that all interoffice e-mail must be
secured so that Internet-based intruders cannot intercept and read it.
You need to ensure compliance with the new polices. Your solution must not affect the way
users send e-mail messages to internal or external recipients.
What should you do?

A. Configure each Exchange server to deliver interoffice e-mail messages directly to the
other Exchange server.
B. Instruct all users to configure their e-mail client to encrypt all outgoing messages.
C. Configure a VPN between the two offices. Configure the Exchange servers to send
interoffice e-mail messages through the VPN.
D. Configure the Exchange servers to use IPSec to encrypt all outgoing SMTP connections.

Answer: C

Using a VPN connection will be avoid interception an read, do not provide real encryption, but you can
monitor any attempt to break the vpn tunnel
Incorrect answers
A is not valid you can intercept mail and read it because are in plane text
B is not valid without more steps like to configure a PKI structure
D IPSEC is used to encrypt all IP traffic not for SMTP connections

115.QUESTION NO: 115

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain named testking.com. A server named Exch1 runs Exchange Server 2003
and hosts all user mailboxes. Exch1 also sends and receives SMTP e-mail messages to and
from the Internet. Exch1 is protected by a firewall that connects the intranet to the
Internet.
Users report that they receive a large number of unsolicited e-mail messages every day.
You discover that all users receive the same unsolicited e-mail messages, which are sent to a
universal distribution group in the domain.
You need to ensure that distribution groups cannot be used to send e-mail messages from
the Internet to company users. Your solution must not affect the ability of company users
to send and receive legitimate e-mail messages.
What should you do?

A. Convert the universal distribution groups to universal security groups.
B. Configure the distribution groups so that messages are only accepted from authenticated
users.
C. Configure Exch1 to reject incoming SMTP traffic from external IP addresses.
D. Configure Exch1 to send and receive SMTP traffic to and from the firewall. Configure
the firewall to reverse publish the SMTP port on Exch1.

Answer: B

116.QUESTION NO: 116

You are the Exchange administrator for TestKing. The network consists of an intranet
segment and a perimeter network. A server named ISA1 runs Microsoft Internet Security
and Acceleration (ISA) Server and connects the perimeter network to the Internet.
The network contains two servers named Exch1 and TestKing1. Both servers run
Exchange Server 2003. Exch1 is connected to the perimeter network and is configured as
front-end server. Exch1 also hosts Microsoft Outlook Web Access. Mail Access. TestKing1
is connected to the intranet and is configured as a back-end server. TestKing1 hosts all user
mailboxes. The firewall between the intranet and the perimeter network is configured to
allow RPC communications between TestKing1 and Exch1.
A company investigator discovers that confidential e-mail messages are sometimes
intercepted when remote users connect to Outlook Web Access on Exch1.
You need to ensure that all Outlook Web Access communications from the Internet are
encrypted. Your solution must require the minimum amount of encryption-related
processing on Exch1.
What should you do?

A. Configure ISA1 to allow HTTPS traffic between the Internet and Exch1. Instruct
employees to connect to Exch1 by using HTTPS instead of HTTP.
B. Configure ISA1 to reverse proxy Outlook Web Access from Exch1. Configure Exch1 and
ISA1 to use IPSec encryption when the communicate.
C. Install a server encryption certificate on ISA1. Configure ISA1 to reverse proxy Outlook
Web Access from Exch1 and to require SSL encryption. Configure ISA1 to transmit
unencrypted data to Exch1. Instruct employees to connect to connect to Exch1 by using
HTTPS instead of HTTP.
D. Install a server encryption certificate on Exch1. Configure ISA1 to open the HTTPS port
for incoming traffic from the Internet to Exch1, and to allow outgoing HTTPS replies
from Exch1 to the Internet. Configure the Outlook Web Access virtual server to require
SSL encryption for all connections.

Answer: D

You need to ensure that all Outlook Web Access communications from the Internet are encrypted this
means:
Encrypt traffic between configure Exch1 (Front end server) and TestKing 1 backend server) to use IPSec
encryption when communicate and to configure ISA
Incorrect answers:
A- This option do not encrypt front end back end traffic You must enforce encryption.
B- You need to Encrypt traffic between configure Exch1(Front end server) and TestKing 1 backend
server).
C- With this option you will have unencrypted data going to Exch1 and users are connecting to Exch1,
The option to use ISA in this way is not needed.
Reference
Using ISA Server 2000 with Exchange Server 2003 MS white Paper
Exchange Server 2003 Message Security Guide.doc MS white paper

117.QUESTION NO: 117

You are the Exchange administrator for TestKing.
The Exchange organization contains a single Exchange Server 2003 computer named
TestKingA. The company employs 1,000 users.
Six hundred of the users are remote users who access TestKingA by using POP3 and
IMAP4 clients over the company Internet connection.
On Monday morning, the company ISP informs you that 1 million unsolicited e-mail
messages were sent from your network over the preceding two days.
Such activity violates the terms of service of your ISP.
The problem must be resolved immediately.
You verify that the e-mail messages were not sent by any users on your network.
You suspect that an external intruder used TestKingA to send the e-mail messages.
You need to ensure that this problem cannot happen again.
Your solution must not affect the ability of company users to send and receive legitimate email
messages.
What should you do?

A. Configure TestKingA to prohibit SMTP relaying.
B. Configure TestKingA and Active Directory to permit only authenticated users to send email
messages to user groups and distribution lists in the domain.
C. Configure TestKingA to permit SMTP relaying only for authenticated users. Instruct all
remote users to configure their e-mail clients to authenticate when they send e-mail
messages.
D. Configure the network so that only outgoing SMTP traffic and replies to incoming SMTP
traffic are allowed to leave the network.

Answer: C

Explanation:
Relaying occurs when there is an inbound connection to your Simple Mail Transfer Protocol
(SMTP) server that is used to send e-mail messages to external domains. With unsolicited
commercial e-mail messages, a single e-mail message that is sent to your SMTP server with
multiple recipients in domains that are external to your organization is an example of relaying.
When the SMTP server is configured to use anonymous authentication, the messaging system
that is used to propagate the unsolicited commercial e-mail messages accepts the inbound
message as typical. After the message is accepted, the SMTP server recognizes that the message
recipients belong to external domains, and then the SMTP server delivers the messages. The
unauthorized users who send unsolicited commercial e-mail messages only have to send one
inbound message to your SMTP server for it to be delivered to thousands of recipients. This may
result in decreased performance and congested queues. Additionally, this may annoy the
recipients when the messages arrive.
To prevent relaying, do not grant relay permissions to other hosts. However, there are situations
when relaying is required. You may have Post Office Protocol 3 (POP3) and Internet Message
Access Protocol 4 (IMAP4) clients who rely on SMTP for message delivery. These clients may
have legitimate reasons for sending e-mail messages to external domains. To work around this
issue, create a second SMTP virtual server that is dedicated to receiving e-mail messages from
POP3 and from IMAP4 clients. You can configure this additional SMTP virtual server to use
authentication that is combined with Secure Sockets Layer (SSL) based encryption, and then
configure it to permit relaying for authenticated clients.
Note By default, the Default SMTP Virtual Server in Exchange 2003 is configured to prevent
relaying of e-mail messages through the virtual server.
To prevent computers from relaying messages through the SMTP virtual server:
1. Click Start, point to Programs, point to Microsoft Exchange, and then click System
Manager.
2. Expand Servers, expand ServerName, and then expand Protocols.
3. Expand SMTP, right-click Default SMTP Virtual Server, and then click Properties.
4. Click the Access tab, and then click Relay.
5. In the Relay Restrictions dialog box, click Only the list below (if it is not already
selected), and then make sure that the Computers list is empty.
If you are not using any POP3 and IMAP4 clients with this virtual server, click to clear
the Allow all computers which successfully authenticate to relay, regardless of the
list above check box, and then click OK.
6. Click OK.
This box is in the SMTP Virtual Server Properties -> Access -> Relay button
Incorrect answers:
A:Prohibiting SMTP relaying would prohibit the OWA users for sending or receiving mail, as
they must relay since they are outside the organization.
B:Allowing only authenticated users to send and receive in the domain would not work because
the e-mail in question went outside the organization. The unsolicited e-mail did not go to users
and groups in the domain. Even if it did, this answer is not optimal since this would also prevent
external clients from sending valid e-mail to the organization.
D: Configuring the network in this way would prevent users from sending e-mail into the
organization. A good example of why this would be necessary is if a lawyer?s client needed to
write for more information. The client?s initial request would be blocked in this configuration.
Reference
HOW TO: Prevent Unsolicited Commercial E-Mail in Exchange 2003 KB 821746

118.QUESTION NO: 118

You are the Exchange administrator for TestKing. All Exchange servers run Exchange
Server 2003.
Users report that a large number of unsolicited e-mail messages are delivered directly to
their company e-mail addresses.
You need to reduce the number of unsolicited e-mail messages received by company users,
without affecting their ability to send and receive legitimate e-mail messages. You cannot
install any additional software on the Exchange servers.
What should you do?

A. Configure the Exchange servers to perform reverse DNS lookups for all incoming SMTP
connections.
B. Write an Exchange server-side script that performs reverse DNS lookups on all incoming
SMTP connections and rejects connections when the reverse lookup fails.
C. Enable the junk mail feature on all e-mail client applications. On client applications that
do not have junk mail features, install mail-filtering software.
D. Configure size limits for all mailboxes so that new mail cannot be received when the
mailbox exceeds its size limit.
E. Enable client-side mail filtering to delete all e-mail messages that do not contain the full
e-mail addresses of the appropriate recipient.

Answer: C

Explanation:
Enabling junk mail filters on clients? machines or installing it for clients that do not have the
capability is the optimal solution. This is more due to the fact that the other answers are
incorrect more than this being the best answer. See the incorrect explanations below:
Incorrect choices:
A:According to the Exchange Help, the reverse DNS lookup will simply add a tag to the
message header stating where the DNS lookup came from. It will not stop incoming messages
from being delivered in any way, shape or form.
B: Similar to ?A?, but with a major drawback: Typically unsolicited (or spam) e-mail has a valid
DNS lookup. It is relayed from a valid server to you. Therefore, a script to reject connections
where reverse DNS fails would not work since the reverse lookup would succeed in those cases.
D: Configuring limits would stop ALL mail once the limit is reached. Since in large part the
mailbox would be filled with unsolicited mail, there would be two issues to resolve instead of
one.
E: Enabling client side filtering to delete messages can cause problems if the user is part of a
group. In many cases, the group membership is not explicitly defined upon delivery. This would
cause all mail coming to the user from these groups to be deleted without ever being seen.
Reference: Exchange Server 2003 Help -> Reverse DNS lookups

119.QUESTION NO: 119

You are the Exchange administrator for TestKing.
The company network consists of a single Active Directory domain that contains two
domain controllers.
A member server named Exch1 runs Exchange Server 2003 and hosts all user mailboxes.
All member servers and domain controllers implement security auditing.
A user named Dr King reports that some of his e-mail messages are missing.
Other messages are marked as read, although King did not read them.
You suspect that an unauthorized user is accessing King's mailbox when King is out of the
office.
You need to save the appropriate log file or event log file to provide evidence of a security
breach.
What should you do?

A. Save the security event log from Exch1.
B. Save the application event log from Exch1.
C. Save the message tracking log and the SMTP communications log from Exch1.
D. Save the security event log and the application event log from one domain controller.

Answer: D

They do not tell us if domain controllers are windows 2000 or windows server 2003, but first you
need to setup the security audit in the domain controllers or best and less work in the domain
controllers policy, after setup security policy you will can lookup for security break
Wrong answers:
A: Security log will be local server related
B: Application log will be local related
C: Track messages is used to track bad mail delivery

120.UESTION NO: 120

You are the Exchange administrator for TestKing.
The Exchange organization contains two Exchange Server 2003 computers named
TestKing1 and TestKing2.
Both servers are located on the company's intranet.
An ISA Server computer named ISA1 connects the intranet to the Internet.
TestKing1 is not accessible from the Internet.
TestKing2 sends and receives all Internet e-mail for all users.
TestKing2 is accessible from the Internet only by using SMTP.
TestKing2 is the target of a series of Internet-based denial of service (DoS) attacks.
Each attack makes TestKing2 unavailable to internal users for a long time.
You need to reduce the impact of future DoS attacks on the Exchange servers.
Your solution must not affect the ability of users to access, send, and receive e-mail.
What should you do?

A. Configure ISA1 to distribute incoming SMTP packets evenly between TestKing1 and
TestKing2.
B. Configure ISA1 to pass all inbound SMTP traffic through the ISA SMTP filter.
C. Configure ISA1 to drop all incoming SMTP packets.
D. Configure TestKing2 to perform reverse DNS lookups on all incoming SMTP
connections.
E. Modify your public DNS zone so that both Exchange servers have mail exchanger (MX)
resource records with a priority of 10.

Answer: B

Explanation:
When you configure inbound Internet mail, you configure ISA Server to manage mail from the
Internet to your internal users. Instead of your SMTP gateway server receiving inbound mail in
the perimeter network, you configure ISA Server to receive the incoming SMTP traffic and
forward it to the SMTP server on your internal network
Inbound traffic sent through the SMTP filter on an ISA server will drop all packets that do not
meet the required criteria.
Figure 1 Deploying ISA Server as your advanced firewall server
Incorrect answers:
A: Distributing packets between the servers will not prevent the DDoS attacks from occurring.
In fact, the next DDoS attack would be worse, as both servers would then be affected. The
DDoS packets would be spread across both servers instead of just one. Therefore, this can not be
the correct answer.
C: Dropping all incoming SMTP packets would indeed stop the DDoS attacks. Unfortunately,
all incoming mail would also be stopped. This is a violation of the last requirement of the
question, so this can not be a correct answer.
D: Reverse DNS lookups will not prevent the attack. It can be used to show where the DDoS
attacks are originating. The reverse lookup function will only attach the originating address to
the email message. It in-and-of itself will not stop any form of attack. Therefore, this can not be
the correct answer.
E: Setting the MX records to have the same value will distribute incoming internet traffic to both
servers. This will result in the same problem as ?A?. The next DDoS attack would be worse
since the attack is spread across two systems.
Reference :
ISA Server 2000 Feature Pack 1
Using ISA Server 2000 with Exchange Server 2003

121.QUESTION NO: 121

You are the Exchange administrator for TestKing. The Exchange organization contains a
single Exchange Server 2003 computer named TestKing1. TestKing1 is connected to a
perimeter network. The relevant portion of the network is configured as shown in the
exhibit.
TestKing1 hosts Microsoft Outlook Web Access and all user mailboxes. To access
TestKing1, intranet users use Outlook, and Internet users use Outlook Web Access.
TestKing1 is the target of a series of HTTP-based denial of service (DoS) attacks from the
Internet. Each attack makes TestKing1 unavailable to all users for a long time.
You need to implement a solution that will protect TestKing1 from DoS attacks. You need
to ensure that Inter users can use Outlook Web Access to access their e-mail. Even during
an attack, TestKing1 must be available to intranet users. Your solution must not
compromise the security of the internal network.
What should you do?

A. Move TestKing1 to the intranet. Configure both firewalls to allow HTTP traffic from the
Internet to pass to TestKing1.
B. Move TestKing1 to the intranet. Install a new server that runs Exchange Server 2003 on
the perimeter network. Name the server TestKing2 and configure it as a front-end server
that hosts Outlook Web Access.
C. Configure the internal firewall to block all HTTP traffic from the Internet. Configure the
external firewall to block all HTTP traffic from the intranet.
D. Install a new server that runs Exchange Server 2003. Move half of the mailboxes from
TestKing1 to the new Exchange server.

Answer: B

Explanation:
In a two firewall setup, the best solution is to have all mailboxes on the internal network, and
only required ports through the internal firewall to the Exchange server. Installing another
Exchange Server on the perimeter and allowing only OWA access will prevent TestKing1 from
being attacked directly, and will enable the users of TestKing1 to work even if the OWA server
comes under attack.
Incorrect answers:
A: Allowing HTTP traffic to pass to the internal network would not stop the DDoS attacks. The
firewall would in fact be useless if all internet traffic was allowed to pass right to the internal
network.
C: Blocking all HTTP traffic would prevent the OWA users from accessing their mail remotely.
This is a clear violation of the question.
D:Moving half of the mailboxes to a new Exchange server would alleviate half the problem.
However, OWA users would not be able to connect to the new mailbox (it has no associated MX
record), the users on TestKing1 would still receive DDoS attacks, and the servers would still be
sitting in the perimeter network and open to compromise. For these reasons, this answer can not
be correct.

122.QUESTION NO: 122

You are the Exchange administrator for TestKing.
TestKing has a perimeter network that is protected by firewalls.
The perimeter network contains all computers that are accessible from the Internet.
One of these computers is an Exchange Server 2003 front-end server named TestKing1.
TestKing1 handles all communication between the Internet and the company's Exchange
organization.
TestKing1 is used for all Microsoft Outlook Web Access connections and also functions as
a bridgehead server for incoming SMTP traffic.
The secure server IPSec policy has been configured on TestKing1 to limit the TCP ports to
which network connections can be made.
Written company policy specifies that SSL encryption must be used for all Outlook Web
Access sessions.
Users report that they cannot access e-mail messages by using Outlook Web Access over
the Internet.
You verify that you can open Outlook Web Access locally using a Web browser on
TestKing1.
You test connectivity to TestKing1 from another computer in the perimeter network.
You discover the following facts.
.. You cannot open Outlook Web Access.
.. You can connect to TestKing1 by using SMTP.
.. You cannot connect to TestKing1 by running the ping command.
.. You can open the other Web sites on TestKing1 that do not require SSL encryption.
You need to ensure that users can connect to Outlook Web Access on TestKing1.
Your solution must comply with company security policy.
What should you do?

A. Disable SSL on the Exchange HTTP virtual server.
B. Configure the IPSec policy on TestKing1 to allow incoming HTTPS traffic.
C. Configure new filters on the firewalls that protect the perimeter network to allow
incoming HTTPS traffic.
D. On TestKing1, create a new Exchange HTTP virtual server that is configured to require
SSL encryption of traffic.

Answer: B

Explanation:
The issue in this case is that the Secure Server IPSec policy is not allowing traffic to flow into
the server unencrypted via IPSec.
IPSEC default rules permit
IP Protocol ID 50:
For both inbound and outbound filters. Should be set to allow Encapsulating Security Protocol
(ESP) traffic to be forwarded.
IP Protocol ID 51:
For both inbound and outbound filters. Should be set to allow Authentication Header (AH)
traffic to be forwarded.
UDP Port 500:
For both inbound and outbound filters. Should be set to allow ISAKMP traffic to be forwarded.
L2TP/IPSec traffic looks just like IPSec traffic on the wire. The firewall just has to allow IKE
(UDP 500) and IPSec ESP formatted packets (IP protocol = 50).
Since HTTPS traffic does not communicate via IPSec, this traffic is being dropped.
In addition, the IPSec Secure Server policy does not allow for ICMP traffic, which explains why
the Ping command does not work.
Adding the allowance of HTTPS traffic will enable the server to communicate successfully.
Incorrect Answers:
A:Disabling SSL on the server will break company policy by preventing the OWA clients from
connecting securely. Therefore, this answer can not be correct.
C:Since you can not connect to TestKing1 from another computer in the perimeter network, the
firewall can not be the problem. Therefore, this answer can not be correct.
D. Creating another HTTP virtual server on TestKing1 would not resolve the problem. This
virtual server would have the same issues that the original server had. There is no reason to
believe that another virtual server would resolve the problem since the issue exists within the
perimeter network.
Reference
How to Enable IPSec Traffic through a Firewall 233256

123.QUESTION NO: 123

You are the Exchange administrator for TestKing. The network consists of two subnets. All
client computers are located in one subnet. All servers are located in a central data center
that uses a single IP subnet. The data center contains the hosts shown in the following
table.
Host name Role IP address
Router1 Router 10.1.1.1
Router2 Router 10.1.1.2
Router3 Router 10.1.255.1
DC1 Domain controller 10.1.10.1
DC2 Domain controller 10.1.10.2
TestKing1 Mail server 10.1.11.1
TestKing2 Mail server 10.1.11.2
You install Exchange Server 2003 on a new computer in the data center. The computer is
named TestKing3. After installation, the network administrator makes some changes to the
TCP/IP settings of TestKing3 as shown in the following table.
Parameter Value
IP address 10.1.1.3
Subnet mask 255.255.255.0
Default gateway 10.1.1.2
You discover that TestKing3 cannot communicate with any of the other servers. You test
network connectivity on TestKing3 by using the ping command. When you attempt to ping
DC1, you receive the following error message: "Destination host unreachable".
You need to ensure that TestKing3 can communicate with all computers on the network.
What should you do?

A. Change the IP address of TestKing3 to 10.1.10.3.
B. Change the IP address of TestKing3 to 10.1.11.3.
C. Change the subnet mask of TestKing3 to 255.255.0.0.
D. Change the default gateway of TestKing3 to 10.1.1.1.

Answer: C

The new server can not connect to the other servers due to the fact that is is on the 10.1.1.x
subnet. In order to allow the other servers to see this server, it must be placed in the same
network group. The only way to do this from the choices listed is to change the subnet mask to
255.255.0.0. This will place the server in the correct network group.
Incorrect Answers:
A: Changing TestKing3?s IP address to 10.1.10.3 will not resolve the problem because the server
is physically connected to another network. In order for this solution to work, the default
gateway would also have to be changed.
B: Changing TestKing3?s IP Adress to 10.1.11.3 is incorrect for the same reason as ?A?.
Namely, moving the computer?s IP address will not resolve the problem unless the default
gateway is also changed to the proper subnet.
D: By reassigning the default gateway, the server is effectively being moved to another subnet.
If the IP address is not changed to match, the server will still not be able to connect.

124.QUESTION NO: 124

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain named testking.com. Exchange Server 2003 is used as the messaging
system.
The default recipient policy is configured to generate SMTP addresses based on the format
of givenname_surname@testking.com, in which givenname is the user's given name or
personal name and surname is the user's surname or last name.
A user named Tess Edwards marries and changes her name to Tess King. You need to
ensure that Tess's new e-mail address and associated friendly name appear in her out
bound e-mail address. Tess's original e-mail address must remain valid for inbound e-mail.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two)

A. Change the pre-Microsoft Windows 2000 user logon name to Tess_King.
B. Change the user principal name (UPN) attribute to Tess_King@testking.com.
C. Change the last name attribute to King.
D. Change the display name attribute to Tess King.

Answer: C, D

Explanation:
In the default Recipient Policy, the string used is %r._%g.%s where %r is a replacement
variable, %g stands for given name, and %s stands for surname. These names are taken from
AD?s First Name and Last Name attributes. In order for the new e-mail address to be used for
Tess, the last name attribute must be changed. When this happens, the new e-mail address will
be generated. In addition, changing the display name attribute will change her friendly name to
the new address. This is needed as this attribute is what Exchange uses to display the friendly
name.
Incorrect Answers:
A: The pre-MS Windows 2000 logon name is only used for authentication on Windows 3.5x and
Windows NT 4 domains. Changing this will not change any of the attributes that is used in
Exchange.
B: Changing the UPN attribute will not change her address in Exchange. Note the default
Recipient Policy string used above. Since this does not use the UPN name to generate its SMTP
address, this can not be used to change her name now.

125.QUESTION NO: 125

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain named testking.com. Exchange Server 2003 is used as the companywide
messaging system. The Exchange organization contains one administrative group and one
routing group.
The company has one office in Hong Kong and another in Osaka. The Hong Kong office
has 2,000 users. The Osaka office has 500 users. The two offices are connected by a VPN
that uses a highly utilized Internet connection. The Osaka office contains a single Exchange
server and the Hong Kong office contains four Exchange servers. Each office has one mailenabled
global security group that contains all users in that office. These groups are named
All Hong Kong and All Osaka.
When users in Osaka send e-mail messages to the All Hong Kong group, some recipients
receive the messages after a few minutes, but other recipients receive them after a few
hours.
You need to ensure that e-mail messages sent to the All Hong Kong group are delivered to
all users as efficiently as possible.
What should you do?

A. Convert the All Hong Kong group to a mail-enabled universal security group.
B. In each office, create a separate routing group and place the local Exchange servers in
that group. Create routing group connectors to send messages between the two groups.
C. Configure the All Hong Kong group to use an expansion server in the Hong Kong office.
D. Configure the All Hong Kong group to use an expansion server in the Osaka office.

Answer: B

Explanation:
Sending messages when there is only one routing group means that the server will attempt to
send the message directly, rather than funneling the message through a bridgenead connection.
When this is the case, the messages will hang in the outbound queue until a path to the
destination server is clear, and not before. Creating routing groups and connectors will send the
messages to the dedicated bridgehead servers. Note that this is the Microsoft recommended
configuration between Exchange servers when the links are slow or unreliable.
Incorrect Answers:
A: Converting the group to a universal group will not resolve the situation. The messages will
still attempt to go directly from server to server over the overutilized link. Some messages will
arrive quickly, and others will still be delayed as the link saturation increases and decreases.
C: Using an expansion server in the Hong Kong office will not help the situation, and in fact
could make it worse. Since there is no bridgehead server, messages will leave the new server and
attempt to connect to the destination directly. Without the traffic control capability of the
bridgehead server, the link will become even more utilized.
D: Incorrect for the same reason as ?C?. No bridgehead means no traffic regulation between
sites, and this will result in further delays in message delivery.

126.QUESTION NO: 126

You are the Exchange administrator for TestKing.
The network consists of a single Active Directory domain named testking.com.
All Exchange servers run Exchange Server 2003.
Microsoft Outlook is the only e-mail client in use.
The domain contains 1,000 Contact objects that represent customers, vendors, and
independent contractors.
The domain also contains 5,000 mailbox-enabled user accounts for company users.
Users report that they are often unable to distinguish between external recipients and
internal recipients when they address e-mail.
Management requests that you provide a way to separate internal e-mail addresses from
external e-mail addresses in the Outlook Select Names dialog box.
You need to ensure that all user accounts and Contact objects appear in Outlook.
You also need to ensure that users can easily distinguish between internal and external email
addresses.
Your solution must require the minimum amount of administrative effort to maintain the
external e-mail addresses.
What should you do?

A. Create a universal distribution group named External. Add all Contact objects to the
External group.
B. Create new address lists for internal and external recipients. Configure the filters on each
view to display only the appropriate objects.
C. Create a new organizational unit (OU) named External. Move all Contact objects to the
new OU.
D. Create an Outlook Address Book that contains all external recipients. Delete all Contact
objects form the domain and distribute the new address book to all internal users.

Answer: B

Explanation:
You must create multiple Global Address Lists. The address lists typically have different user
accounts listed in them based on the Lightweight Directory Access Protocol (LDAP) filter that
you create. By default, all the users in the Exchange 2003 organization can view all the defined
Global Address Lists.
By creating different views you can easily maintain the external e-mail addresses in one; and
internal e-mail addresses in other

127.QUESTION NO: 127

You are the Exchange administrator for Northwind Traders. The network consists of a
single Active Directory domain that contains a single Exchange organization. The
Exchange servers are named Exch1, Exch2, and Exch3. All three run Exchange Server
2003 and host user mailboxes.
You discover that users who have mailboxes on Exch1 cannot send e-mail messages to users
who have mailboxes on Exch2. All other e-mail messages flow normally. You run the ping
and the nslookup commands on Exch1. The output from the commands is shown in the
exhibit.
You need to ensure that e-mail messages can be sent between all Exchange servers in the
Exchange organization.
What should you do?

A. Remove the entry for Exch2 from the Hosts file on Exch1.
B. Remove the entry for Exch2 from the Lmhosts file on Exch1.
C. Manually add the new IP address for Exch2 to the DNS zone for your domain.
D. Force a re-registration of the DNS resource records on Exch2.

Answer: A

Explanation:
The issue is contained on only Exch1. This is known because users on Exch3 do not have
problems sending to Exch2. Therefore, the possible answers can only be ?A? or ?B?. According
to Microsoft Help -> Managing Core Network Services -> TCP/IP -> Concepts -> Resources ->
TCP/IP Databases, the LMHosts file is used for NetBIOS to IP resolution, and the Hosts file is
used for host name to IP resolution. As the NetIOS name is being returned incorrectly, the
answer must be ?B?. (The NetBIOS name EXCH2 is not matching the FQDN of
Exch2.NorthwindTraders.com.)

128.QUESTION NO: 128

You are the Exchange administrator for TestKing.
The network consists of a single Active Directory domain named testking.com.
The domain contains two domain controllers.
Each domain controller runs Microsoft Windows Server 2003 and is configured as a DNS
server. The network contains a single Exchange organization that contains three servers
named TestKing1, TestKing2, and TestKing3.
All three servers run Exchange Server 2003.
TestKing merges with a company named Trey Research.
Trey Research's network consists of a single Active Directory domain treyresearch.com.
Trey Research has a single Exchange organization that contains two servers named Mail1
and Mail2. Both servers run Exchange Server 2003.
A T1 connection is configured between the two company networks. The relevant portion of
the resulting network configuration is shown in the exhibit.
You configure a secondary DNS zone for the treyresearch.com zone on the DNS servers at
TestKing.
You configure an SMTP connector with an address space of treyresearch.com.
The SMTP connector is configured to use DNS for message delivery.
You send a test e-mail message to a user at Trey Research.
The message is not delivered and you receive a non-delivery report (NDR).
You need to ensure that you can send e-mail messages from TestKing to Trey Research
across the T1 connection.
What are two possible ways to achieve this goal? (Each correct answer presents a complete
solution. Choose two)

A. Configure the SMTP virtual server used by the SMTP connector to use one of the DNS
servers at testking.com as an external DNS server.
B. Add mail exchanger (MX) resource records for treyresearch.com on the DNS servers at
Trey Research.
C. Configure the SMTP connector to use Mail1.treyresearch.com as a smart host.
D. Remove the secondary zone for the treyresearch.com DNS domain. Configure a
conditional forwarder on TestKing's DNS servers to forward all name resolution queries
for hosts in treyresearch.com to the DNS servers on the Trey Research network.
E. Remove the secondary zone for the treyresearch.com DNS domain. Add a stub zone for
the treyresearch.com DNS domain on the DNS servers at A. Datum Corporation.

Answer: B, D

Correct answers :
B:In pure Exchange AD organizations MX record must be manually added to DNS, by adding
an MX record when smtp content reach Trey Research network will query for their MX record to
send the mail
D: By configuring a DNS stub zone of treyresearch.com, testking.com DNS will know with dns
are authoritative for domain reyresearch.com and will forward to them any query
Incorrect answer:
A: If they have not an MX record for their Exchange server this will not work, also this will
cause NDR for their own domain
B: Smart host in connectors can handle message delivery on a per-domain basis not for different
domains spaces
C: By having a secondary zone you can not add an MX record for Exchange server?s in
treyresearch.com domain
Reference :
MS article 821911, How to Configure Exchange Server 2003 to Use a Smart Host IP Address .

129.QUESTION NO: 129

You are the Exchange administrator for TestKing.
The network consists of a single Active Directory domain named testking.com.
The domain contains two domain controllers named DC1 and DC2, which are also
configured as DNS servers.
The Exchange organization contains two servers, named TestKing1 and TestKing2 that
run Exchange Server 2003.
TestKing acquires a subsidiary named Humongous Insurance and opens a new office for
the subsidiary.
You deploy a new domain controller named DC1 in a new domain tree at the new office.
You configure DC1 as a DNS server.
The relevant portion of the resulting network configuration is shown in the Network
exhibit.
You install Windows Server 2003 on a new computer in the new office.
You name the new server Exch3 and join it to the humongousinsurance.com domain.
You begin to install Exchange Server 2003 on Exch3.humongousinsurance.com.
However, the installation fails, and you receive the message shown in the Error Message
exhibit.
You need to ensure that you can successfully complete the installation of
Exch3.humongousinsurance.com.
What should you do?

A. Configure DC1.humongousinsurance.com as a global catalog server.
B. Configure Exch3.humongousinsurance.com to use one of the DNS servers at Woodgrove
Bank for DNS services.
C. Configure a secondary zone for testking.com on the DNS server at Humongous
Insurance.
D. Configure a conditional forwarder for the humongousinsurance.com zone at the DNS
servers at TestKing so that all queries for humongousinsurance.com are forwarded to
DC1.humongousinsurance.com.

Answer: A

Explanation:
This error happen when Setup cannot locate a qualifying Global Catalog server to connect
exchange need in at least one domain that contains a Global Catalog server that belongs to the
local or an adjacent Windows site
References
"Multiple Components Cannot Be Assigned the Requested Action" Error Message During
Exchange 2003 Installation KB 822439
http://support.microsoft.com/default.aspx?scid=kb;en-us;822439
"Setup Encountered an Error While Trying to Contact the Windows Active Directory" Error
Message When You Try to Install Exchange Server 2003 to an Existing Windows 2000 Domain
KB 822452
http://support.microsoft.com/default.aspx?scid=kb;en-us;822452
Cannot Install Exchange Server 2003 in a Child Domain after You Run SETUP /DOMAINPREP
KB 817378
http://support.microsoft.com/default.aspx?scid=kb;en-us;817378

130.QUESTION NO: 130

You are the Exchange administrator for Proseware. Inc.
The company has a business partner named TestKing. Each business partner has its own
office, and a separate Active Directory forest is deployed in each office.
The relevant portion of the network is configured as shown in the exhibit.
The Proseware, Inc, network consists of a single Exchange organization that contains three
servers named Exch1, Exch2, and Exch3.
All three servers run Exchange Server 2003.
Exch1.proseware.com is configured as an SMTP bridgehead server for all Internet e-mail.
The TestKing network consists of a single Exchange organization that contains two servers
named TestKing1 and TestKing2. Both servers run Exchange Server 2003.
TestKing1.testking.com is configured as an SMTP bridgehead server for all Internet email.
The IP configuration of TestKing1.litware.com is shown in the following table.
Exchange server DNS server IP address
TestKing1.testking.com Internal 10.10.50.20
TestKing1.testking.com Internet 131.107.196.20
An SMTP connector is configured to use DNS to deliver e-mail from Proseware, Inc., to
TestKing. All e-mail between the two offices is sent across a WAN connection. Users report
that e-mail delivery frequently fails or takes an unacceptably long time. You discover that
the WAN connection between the two offices is unreliable.
You need ensure that e-mail services use the WAN connection when it is available and that
services continue even of the connection becomes unavailable.
What should you do?

A. Configure the SMTP connector on Exch1.proseware.com to use a smart host for e-mail
delivery. Configure the smart host as 131.107.196.20.
B. Configure the SMTP connector on Exch1.proseware.com to use a smart host for e-mail
delivery. Configure the smart host as 10.10.50.20.
C. Add a host (A) resource record and a mail exchanger (MX) resource record for
TestKing1.testking.com to the Internet DNS server. Configure the MX record with a
priority value that is higher than that of the existing MX record.
D. Add a host (A) resource record and a mail exchanger (MX) resource record for
TestKing1.testking.com to the internal DNS server. Configure the MX record with a
priority value that is higher than that of the existing MX record.

Answer: C

Explanation:
You need to configure an MX record for server
TestKing1.testking.com Internet 131.107.196.20
you will need to assign a different MX priority, like 20, In this way smtp connector will use
default value 10 to flow messages if connection fail smtp will try second value to flow mail
Incorrect Answers :
A: Do not solve the problem because still using a smart host over smtp in this way still using
unreliable
connection
B: In a smart host of 10.10.50.20 is configured you will configure the internal network card
TestKing1.testking.com Internal 10.10.50.20
D: If you configure a DNS MX record for internal network card you are wrong, configuring your
MX record because in this way you use your internal network card nor you?re external to flow
mail

131.QUESTION NO: 131

You are the Exchange administrator for TestKing. TestKing operates a main office in
Toronto and five branch offices in Europe.
The network consists of a single Exchange organization that contains three servers that run
Exchange Server 2003. All three Exchange servers are located in the main office. Microsoft
Outlook is the only e-mail client application in use. All client computers run either
Microsoft Windows XP Professional, Windows 2000 Professional, or Windows 98.
You deploy a new Exchange Server 2003 computer in the main office. You move 25 percent
of user mailboxes to the new Exchange server. Some users in a branch office now report
that they cannot open Outlook. They receive an error message indicating that their
Exchange server cannot be located. You discover that the only users who experience this
problem are users whose computers run Windows 98 and whose mailboxes are located on
the new Exchange server.
You need to ensure that all users can successfully access Outlook.
What should you do?

A. Configure Outlook on the affected computers to use the new Exchange server.
B. Configure the new Exchange server to register with a WINS server.
C. Add a host (A) resource record and a mail exchanger (MX) resource record for the new
Exchange server to the DNS zone.
D. Configure the other three Exchange servers with an Lmhosts file entry for the new
Exchange server.

Answer: B

Explanation:
Windows98 does not use TCP/IP natively. It uses WINS for NetBIOS name lookups. Adding a
WINS address for the Exchange server should resolve the problem.
Incorrect Answers:
A: Outlook should not need to be modified. All clients other than Win98 clients can connect
successfully. Assuming that all users are using the same version of Outlook, this can not be the
problem.
C: Configuring an MX record will not resolve the problem. As all other users are able to
connect, and all connections are occurring within the organization, the MX record is not needed.
D: Configuring the servers with an LMHosts file will not help the clients connect. It is
designed to do NetBIOS -> IP address lookups on a computer that can not do those lookups for
itself. As the server is not having a problem, adding an LMHosts file to the server will not
resolve the problem.

132.QUESTION NO: 132

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain named testking.com. The company operates an office in Dallas and an
office in Toronto. Both offices are part of a single routing group and a single Exchange
organization. The relevant portion of the network is configured as shown in the exhibit.
DC1 through DC4 are domain controllers. TestKingA through TestKingD are Exchange
Server 2003 computers. The SMTP virtual server on TestKingA is configured as a
bridgehead server for an SMTP connector in the Dallas office. The SMTP virtual server on
TestKingC is configured as a bridgehead server for an SMTP connector in the Toronto
office. The two SMTP connectors are configured with the same cost.
New e-mail polices state that that all outbound and inbound Internet e-mail must be
distributed equally between the two Internet connections. Outbound Internet e-mail
already complies with the new policies. However, all inbound Internet e-mail is received
through the Internet connection in Dallas.
You need to ensure that inbound Internet e-mail also complies with the new polices.
What should you do?

A. Configure an additional host (A) resource record and mail exchanger (MX) resource
record for the TestKing.com domain on the Internet DNS servers. Configure the MX
record with the same priority value as that of the existing MX record.
B. Configure an additional host (A) resource record and mail exchanger (MX) resource
record for the TestKing.com domain on the Internet DNS servers. Configure the MX
record with a priority value that is higher than that of the existing MX record.
C. Add the TestKing.com namespace to the SMTP connector in Toronto.
D. Increase the cost of the SMTP connector in Toronto.

Answer: A

Explanation:
To evenly distribute incoming e-mail from outside the organization, a new MX record must be
created, pointed to the Toronto server (TestKingC). The MX record must have the same value as
the existing record. If this is not the case, messages will be delivered to the connector with the
lower cost. As the inbound mail must be distributed evenly, the answer must be ?A?.
Incorrect Answers:
B:Creating a new MX record will enable another path for inbound messages to flow. However,
assigning a higher cost will prevent the connection from ever being used unless the original link
goes down. Since the messages are not distributed evenly, this can not be the correct answer.
C: Adding the namespace to the SMTP connector in Toronto will forward all outbound mail
destined for Toronto to go there without passing through the internet. Since the question states
that the incoming mail is already functioning as intended, this step can not be correct.
D: Increasing the cost of the SMTP connector in Toronto will not have any noticeable effect.
The connector is designed to handle mail flow between the two sites, and will not affect
incoming mail from the internet.

133.QUESTION NO: 133

You are the Exchange administrator for TestKing. The company has a business
partnership with Trey Research. Each company has its own Active Directory domain. The
domains are named testking.com and treyresearch.com, respectively. TestKing and Trey
Research are in the same Exchange organization. The organization contains three servers
that run Exchange Server 2003. One Exchange server is configured with an SMTP
connector for all Internet e-mail.
Most users have SMTP addresses of alias@testking.com. However, some users have SMTP
addresses of alias@treyresearch.com. The alias@treyresearch.com users report that they
cannot receive e-mail messages from the Internet. However, they can send and receive email
messages internally. They can also send e-mail messages to Internet recipients.
You need to ensure that all users can send and receive Internet e-mail messages.
What should you do?

A. Create a recipient policy that adds the alias@treyresearch.com SMTP address for all Trey
Research users.
B. Add the user principal name (UPN) suffix for treyresearch.com to the forest.
C. Add the treyresearch.com namespace to the SMTP connector at testking.com.
D. Add a mail exchanger (MX) resource record to the treyresearch.com domain on the
appropriate DNS servers.

Answer: D

Explanation:
All mail is flowing correctly with the exception on inbound mail for treyresearch.com. The only
possible explanation for this is that the external DNS servers do not know how to handle
incoming mail for this domain. The way to resolve this is to add an MX record to the external
DNS server for the treyresearch.com domain.
Incorrect Answers:
A: Adding alias@treyresearch.com to the recipient policy will add another SMTP address to the
list of possible mail addresses. This will not allow users to receive mail on that address. Even if
it did, the answer would still be incorrect since only a few users are using Treyresearch, and
these users already have this as an SMTP address.
B: Adding a UPN suffix will not affect e-mail flow in any way. It is used to help streamline
domain naming in a forest. Therefore, this can not be the correct answer.
C: Adding the treyresearch namespace to the SMTP connector will not resolve the problem, as
the SMTP connector is used only for connections between sites, and has no effect on incoming email
from outside the organization.

134.QUESTION NO: 134

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain named testking.com. The Exchange organization contains three servers
that run Exchange Server 2003. One Exchange server is configured with an SMTP
connector for all Internet e-mail. The SMTP connector is configured to use DNS for e-mail
delivery. TestKing's DNS server is named DNS1.testking.com.
TestKing enters into a business partnership with Fabrikam, Inc. This company has its own
Active Directory domain, which is named fabrikam.com. This company's DNS server is
named DNS1.fabrikam.com.
Users report that they cannot send Internet e-mail messages to recipients at Fabrikam, Inc.
However, they can send Internet e-mail messages to other recipients, and they can receive
Internet e-mail messages from users at Fabrikam, Inc.
You use nslookup command to view the DNS information for fabrikam.com. The output is
shown in the exhibit.
You need to ensure that users can send Internet e-mail messages to Fabrikam, Inc. Your
solution must not affect other e-mail delivery.
What are two possible ways to achieve this goal? (Each correct answer presents a complete
solution. Choose two)

A. Delete the fabrikam.com zone from DNS1.testking.com.
B. Configure the SMTP connector to use an SMTP server at fabrikam.com as a smart host
for e-mail delivery.
C. Add the mail exchanger (MX) and host (A) resource records for fabrikam.com to the
fabrikam.com zone on DNS1.testking.com.
D. Configure DNS1.treyresearch.com with a conditional forwarder for fabrikam.com.
Configure the forwarder record to use DNS1.fabrikam.com.
E. Add the testking.com address space to the SMTP connector.

Answer: C, D

Explanation:
C: Adding an MX record for Fabrikam to the DNS1.testking.com will enable the Exchange
Server to find the Fabrikam domain from within TestKing and will allow internet mail to travel
to Fabrikam from TestKing.
D:Configuring DNS1 as a forwarder to Fabrikam will enable all requests for the Fabrikam
domain from TestKing to be sent to Fabrikam for resolution. Since Fabrikam has records for its
own MX servers for internet mail, the messages will be delivered.

135.QUESTION NO: 135

You are the Exchange administrator for TestKing.
The network consists of a single Active Directory domain named testking.com.
The domain contains a single domain controller named DC1.
The Exchange organization contains a single Exchange Server 2003 computer named
TestKing1 that hosts all user mailboxes. TestKing opens a new branch office.
The new office is connected to the main office by means of VPN connection.
The branch office contains a domain controller named DC2 and an Exchange Server 2003
computer named TestKing2.
The VPN connection is configured to allow all network traffic only between DC2,
TestKing2, and the main office.
The branch office contains five users.
You create mailboxes for these users on TestKing2.
The users report that they can access their e-mail by using Microsoft Outlook 2002, but
that they cannot display the Global Address List (GAL).
The users also report that Outlook cannot resolve e-mail addresses when they send e-mail
messages.
You need to ensure that the branch office users can perform these tasks.
What should you do?

A. Configure the VPN to permit global catalog queries between the branch office network
and the main office network.
B. Configure TestKing2 to force the selection of DC1 as a global catalog server.
C. Configure the VPN to permit LDAP traffic (port 389) from the branch office network to
the main office network.
D. Configure TestKing2 to have a static TCP/IP route from the branch office network to the
main office network.

Answer: A

Explanation :
By default traffic to query a DC Global catalog (port 3268) is not permit with a normal VPN
configuration
Global Catalog Server TCP 3269
Global Catalog Server TCP 3268
LDAP Server TCP 389
LDAP Server UDP389
LDAP SSL TCP 636
LDAP SSL UDP636
Randomly allocated high TCP ports TCP random port number
You will need to setup your VPN Filter rule to permit 3268 port traffic to query a catalog global
DC to search for address book
Incorrect Answers :
B: Force DSaccess to query DC1 with not solve nothing, because is a traffic problem for LDAP
global catalog queries
C: Trick answer
Protocol: LDAP Port (TCP/UDP): 389 (TCP)
Description: Lightweight Directory Access Protocol (LDAP), used by Active Directory, Active
Directory Connector, and the Microsoft Exchange Server 5.5 directory.Global Catalog queries
are LDAP queries, but this queries go for 3268 port not
Protocol: LDAP Port (TCP/UDP): 3268 (TCP)
Description: Global catalog. The Windows 2000 Active Directory global catalog (which is
really a domain controller "role") listens on TCP port 3268. When you are troubleshooting issues
that may be related to a global catalog, connect to port 3268 in LDP
D: To have an static route just permit to avoid to configure one protocol as OSPF for routing
Reference :
XGEN: TCP/UDP Ports Used By Exchange 2000 Server 278339
Port Requirements for the Microsoft Windows Server System 832017
XCCC: Exchange 2000 Windows 2000 Connectivity through Firewalls 280132
VPN servers and firewall configuration Windows Server 2003 Help

136.QUESTION NO: 136

You are the network administrator for TestKing.
The company operates a main office and a one branch office.
Both offices are connected to the Internet and use a VPN for interoffice communications.
The relevant portion of the network is configured as shown in the exhibit.
The network consists of a single Active Directory domain named testking.com.
Each office has one domain controller.
Each office also has one Exchange Server 2003 computer, which hosts all mailboxes for
users in that office.
Users in the branch office report that sending e-mail messages from TestKing2 sometimes
requires several minutes.
However, the problem does not occur consistently.
You discover that a large quantity of LDAP queries is passed from the branch office to
DC1.
You verify that DC2 is configured as a global catalog server.
You need to reduce the LDAP traffic sent across the VPN.
What should you do?

A. Promote TestKing2 to domain controller.
B. Configure TestKing2 to force the selection of DC2 as a global catalog server.
C. Add the fully qualified domain name (FQDN) and IP address of DC2 to the Hosts file on
TestKing2.
D. Modify Active Directory to place both office networks in the same site.

Answer: B

Explanation :
Exchange use Dsaccess service to find a set of available directory service servers into the
following three (possibly overlapping) categories: global catalog servers, domain controllers, and
the configuration domain controller.
For each available directory service server, DSAccess opens LDAP connections dedicated solely
on behalf of each process that is using DSAccess. DSAccess updates these LDAP connections
with directory service state information (Up, Slow, or Down) that it detects, and channels
requests based on this state information. The set of LDAP connections to those available domain
controllers and global catalogs and their associated states forms the profile of the process. For
reliability and scalability, DSAccess supports a load-balancing mechanism to distribute user
context directory service requests in a round-robin fashion among these LDAP connections.
This means that TestKing2 is DSAccess is configured to query DC1 and generate a large
quantity of LDAP queries to fix that you must change dcsaccess order and point to DC2
Figure The Directory Access tab in server Properties
Reference
Understanding and Troubleshooting Directory Access MS Book Online
Microsoft Exchange 2000 Server Service Pack 2 Deployment Guide

137.QUESTION NO: 137

You are the network administrator for TestKing.
TestKing operates a main office and one branch office.
The network consists of a single Active Directory domain named testking.com.
The two offices are connected by a dedicated frame-relay line.
Each office contains one domain controller.
Each domain controller runs the DNS Server service and hosts and Active Directoryintegrated
zone.
In each office, all computers are configured to use the local DNS server for DNS name
resolution.
Each office contains one Exchange Server 2003 computer, which hosts all user mailboxes
for that office.
The domain controller and the Exchange server in the main office are named DC1 and
TestKingA, respectively.
The domain controller and the Exchange server in the branch office are named DC2 and
TestKingB, respectively.
Monday morning, users in the branch office report that they cannot connect to TestKingB.
You discover that no Exchange services will start on TestKingB.
When you restart TestKingB, the services fail to start.
You discover that the frame-relay line between the two offices is in a state of failure.
After restoring the frame-relay line, you restart TestKingB.
All Exchange services start successfully.
You need to ensure that failures in the frame-relay line will not prevent either Exchange
server from starting normally.
What should you do?

A. Configure TestKingB to have a static route to DC2.
B. Configure TestKingB to force the selection of DC1 as a global catalog server.
C. Modify the Active Directory configuration so that DC2 is a global catalog server.
D. Remove all existing Active Directory connection objects, and manually create a new
connection object between DC1 and DC2.

Answer: C

Explanation:
The Exchange services will fail if a global catalog can not be contacted. Enabling a GC on the
domain controller in the remote office will enable the functionality of the Exchange server even
if the link fails.
Reference
XADM: The Information Store Service May Fail to Start and an Error Message May Be
Displayed KB 303186
How to Troubleshoot Exchange Server 2003 System Attendant When It Does Not Start 821907

138.QUESTION NO: 138

You are the Exchange administrator for TestKing.
The network consists of a single Active Directory domain named testking.com.
The domain contains four domain controllers named DC1 through DC4.
DC1 holds all operations master roles and is the only global catalog server.
The network also includes three Exchange Server 2003 computers, which run Microsoft
Windows Server 2003.
The Exchange servers collectively contain 8,000 user mailboxes.
TestKing acquires another company and migrate 7,500 new users to TestKing.
The new users work in a separate branch office that contains two new domain controllers.
The branch office is connected to TestKing's main office by a T1 line.
The new domain controllers are not configured as global catalog servers, and they do not
host any operations master roles.
You distribute the mailboxes for the new users evenly across the three existing Exchange
servers. All users now report that e-mail access is extremely slow.
Users in the branch office report that e-mail is often so slow that it is unusable.
All users report that address book resolution is extremely slow and that sometimes it fails.
You need to ensure that all users have responsive e-mail service.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two)

A. Configure an additional domain controller in each office as a global catalog server.
B. Configure one domain controller in the branch office to host the PDC emulator role.
C. Install the two new Exchange servers in the branch office. Move all mailboxes for branch
office users to the new Exchange servers.
D. Install an additional domain controller in the branch office. Configure the new domain
controller as a DNS server. Configure all client computers in the branch office to use the
new domain controller for DNS name resolution.
E. Install an additional Exchange server in the main office. Move all mailboxes for branch
office users to the new server. Disable POP3, HTTP, and IMAP access on the new server.

Answer: A, C

Explanation :
They have too many users to be handled by one Global Catalog, configuring a new dc for branch
offices will solve part of the problem, configuring a DNS to be queried by branch offices solve
the resolution traffic
Reference
Designing and Deploying Directory and Security Services guide
Planning Operations Master Role Placement
How to Troubleshoot Query-Based Distribution Groups 822897

139.QUESTION NO: 139

You are the Exchange administrator for TestKing. All network computers are members of
a single Active Directory domain named testking.com. The relevant portion of the network
is configured as shown in the exhibit.
***MISSING***
DC1 is a domain controller. TestKing1 and TestKing2 run Exchange Server 2003. Users at
each office use the local Exchange server for e-mail.
Users at the branch office report that when they create e-mail messages, there are
occasionally problems resolving e-mail addresses to names. When these problems occur, an
administrator at the branch office restarts TestKing2. If the administrator tries to restart
TestKing2 immediately, the Exchange services fail to start. If the administrator waits 10
minutes before restarting TestKing2, the Exchange services usually start correctly and the
problems disappear. (picture)
When these problems occur, users can still log on to their client computers. You receive no
response when you attempt to ping TestKing1 from TestKing2.
You need to prevent these e-mail problems and server problems from occurring.
What are two possible ways to achieve this goal? (Each correct answer presents a complete
solution. Choose two)

A. Install a backup frame-relay line between the main office and the branch office.
B. Configure the routers between the main office and the branch office to place a high
priority on LDAP traffic.
C. Create a VLAN that places both offices networks in a single logical IP address range.
D. Install a domain controller at the branch office. Configure the new domain controller to
host the global catalog.
E. Configure TestKing2 as a front-end server only. Move all user mailboxes to TestKing1.

Answer: A, D

Explanation:
A: Adding an additional frame relay line will help since the issue lies with the Global Catalog
not responding in a timely manner. When the administrator reboots the server immediately, the
probable cause for it not coming back successfully is that the WAN link is saturated and
Exchange can not contact a Global Catalog. Adding a line will lessen the load and allow the
contact of the GC.
D: Adding a Global Catalog server to the branch office will allow the name attributes to be
looked up quicker and locally in the GC. Since the resolution would not be dependent upon the
WAN connection, the name resolution would occur, and if the Exchange server had to be
restarted, it could be using the local GC as its contact.

140.QUESTION NO: 140

You are the Exchange administrator for TestKing. The Exchange organization contains a
single Exchange Server 2003 computer named TestKing1. A domain controller named DC1
runs the DNS Server service and hosts an Active Directory-integrated DNS zone. All client
computers run Microsoft Windows XP Professional. Microsoft Outlook 2003 is the only email
client in use.
The company opens a new branch office. The branch office network contains a member
server named Server1 that runs Windows Server 2003 and the DNS Service. At the main
office, you install Exchange Server 2003 on a new server named TestKing2. You ship
TestKing2 to the branch office, where it is connected to the local network. TestKing2 is
configured to use Server1 for DNS name resolution. The relevant portion of the new
network configuration is shown in the exhibit.
When you start TestKing2 for the first time in the branch office, some Exchange services
fail to start. You find the following message in the application event log on TestKing2:
Process MAD.EXE. Dsaccess could not find any Global Catalog servers in the enterprise.
Promote one or more of your Domain Controllers to a Global Catalog to allow DSAccess to
function properly. (picture)
You confirm that DC1 is configured as a global catalog server, and that all computers in
the branch office can connect to DC1 by using its IP address.
You need to solve this problem and ensure that all Exchange services start without error.
What should you do?

A. Configure Server1 to host a secondary DNS zone and to use DC1 as its primary.
B. Configure the routers between the two office networks to use static routes.
C. Configure the DNS zones on Server1 and DC1 to allow dynamic updates.
D. Configure TestKing2 to use static host file entries that point to DC1 and TestKing1.

Answer: A

Explanation:
TerstKing2 is looking in its local zone for a Global Catalog server. Since one is not available
and its queries are not able to traverse the WAN, the lookup is failing. Providing the host file
entries to DC1 and TestKing1 will enable the server to reach the Global Catalog server.
Remember that the question stated that all the computers are able to reach DC1 via IP address.
Adding an entry in the Hosts file will give the corresponding server name, and will enable
Exchange to see this server.
Incorrect Answers:
A: Configuring the DNS service on TestKing2 to be a secondary server will not work, as there is
still no Global Catalog anyplace that TestKing2 can reach.
B: Since the computers in the remote office can see DC1, the routes between the networks must
be correct.
C: Configuring the zones on DNS1 to allow dynamic updates will have no effect here since the
problem lies in TestKing2 not being able to contact a GC and not with it registering its dynamic
IP address.

141.QUESTION NO: 141

You are the Exchange administrator for TestKing. The network consists of a single Active
Directory domain that contains three domain controllers. All domain controllers and
member servers are located in a single subnet that is separate from the subnet that contains
client computers. The Exchange organization contains one Exchange Server 2003 computer
named TestKing1. TestKing1 hosts all user mailboxes. Microsoft Outlook is the only e-mail
client in use.
You install a new, redundant network adapter on TestKing1 and on each domain
controller. Each new network adapter has its own IP address. You connect all four new
network adapters to the server subnet.
Users immediately begin to report intermittent problems when they try to send e-mail
messages or view the global address list (GAL). They receive the following error message:
"Network problems are preventing connection to the Microsoft Exchange Server
computer. Contact your system administrator if this condition persist."
You confirm that all client computers can use the ping command to connect to all servers
by name and to all network adapters by IP address.
You need to ensure that all users can send e-mail and view the GAL.
What should you do?

A. Reconfigure the network adapters on TestKing1 so that IP filtering allows SMTP and
RPC traffic on both network adapters.
B. On the domain controllers, reconfigure the network adapters so that file and print sharing
is bound to all network adapters on all domain controllers.
C. On the domain controllers, modify the permissions on the SYSVOL share to assign the
Full Control permission to the Everyone group.
D. Reconfigure the Active Directory structure so that the IP addresses used by servers are
located in one site and the IP addresses used by client computers are located in another
site.

Answer: B

Explanation:
File and Print Sharing disabled can cause Event 8032 messages when you add a second card to a
DC you must check that File and Print sharing is bound ONLY to the intranet adapter, and that
the intranet adapter is First in the binding order, also if you have not enabled File and Printer
Sharing some NetBIOS traffic, is missing Outlook still having some issues to locate Exchange
servers without netbios support this is supposed to be fixed in Exchange 2003 sp1 and Office
2003 sp1, just to use DNS resolution

142.QUESTION NO: 142

You are the Exchange administrator for TestKing. The company operates a main office
and two branch offices. The network consists of a single Active Directory domain and a
single Exchange organization. All Exchange servers run Exchange Server 2003.
Each office contains one domain controller and one Exchange server. Domain controllers
are named DC1 through DC3. Exchange servers are named TestKing1 through TestKing3.
DC1 is configured as a global catalog server. DC1 runs the DNS Server service and hosts
and Active Directory-integrated DNS zone. DC1 is used by all network computers for DNS
name resolution. DC2 and DC3 are configured as domain controllers only.
Users report intermittent problems when they try to send e-mail messages or access the
global address list (GAL). You discover that the T1 lines between the main office and the
branch offices sometimes fail for one hour or longer.
You need to configure the network so that all Exchange servers can start normally and all
users can send e-mail messages and access the GAL, even if a single T1 line fails.
What should you do?
To answer, drag the appropriate domain controller roles to the correct office locations in
the work area.

Answer:
Does not matter that the graphic is not complete they told us DC2 and DC3 are configured as
domain controllers DC1 is configured as a global catalog server and Each office contains one
domain controller and one Exchange server
They ask You need to configure the network so that all Exchange servers can start normally
and all users can send e-mail messages and access the GAL, even if a single T1 line fails.
to avoid problem when the line is dropped Each office should have a Global Catalog server.
The logical answer is to add a GC to each site.
To determine if DNS is also needed at each site, the rest of the diagram is needed. However, it is
unlikely that a DNS server will be needed since all computers use DC1 for resolution, and the
question makes no mention of adding DNS servers to clients for name resolution.

143.QUESTION NO: 143

You are the Exchange administrator for Trey Research. The internal network is connected
to the Internet through a Network Address Translation (NAT) router. The registered DNS
zone named treyresearch.com is hosted at an external ISP named Contoso.com.
Contoso.com used the DNS domain name contoso.com for network resources. Contoso.com
manages the content of treyresearch.com zone. The content of the treyresearch.com zone is
shown in the exhibit.
A computer named Server20 is the only computer in Trey Research that is accessible from
the Internet. Server20 runs Exchange Server 2003 and is used as the bridgehead server for
all SMTP traffic between the internal network and the Internet. Three other Exchange
servers host user mailboxes.
Trey Research employs 50 technicians who work on site at customer locations. At the
customer locations, the technicians connect to the Internet through a HTTP proxy only.
You want these technicians to access their mailboxes by using Microsoft Outlook Web
Access, so you instruct them to connect to the URL http://mail.treyresearch.com/exchange.
The technicians report that they receive an error message when they attempt to connect to
the URL from any computer at customer locations. However, the technicians can use the
URL to connect successfully to Outlook Web Access when they are logged on to a computer
on the internal network at the Trey Research location. There are no other problems
relating to other messaging traffic between the internal network and the Internet.
You need to enable the technicians to access their mailboxes from customer locations.
What should you do?

A. Instruct the technicians to use the URL http://smtp.treyresearch.com/exchange when they
need to access their mailboxes.
B. Instruct the technicians to use the URL http://server20.treyresearch.com/exchange when
they need to access their mailboxes.
C. Configure Routing and Remote Access on Server20. Instruct the technicians to make a
VPN connection to Server20 when they need to access their mailboxes.
D. Configure the HTTP virtual server on Server20 to use TCP port 8080. Instruct the
technicians to use the URL http://mail.treyresearch.com:8080/exchange when they need
to access their mailboxes.

Answer: A

Explanation:
They show in the mail DNS mail CName record is for as server20.treyresearch.com, CNAME is
a dns alias for a record that point to another record that will be used for lookup service
TRICK: You will need to use Exchange 2000 SP2, or higher, there was a bug in previous
versions, that do not permit to do this

144.QUESTION NO: 144

You are the Exchange administrator for TestKing. The relevant portion of the network is
configured as shown the following diagram.
The network serves two offices, one in London and one in Paris. Each office contains a
single Exchange Server 2003 computer in its own routing group. The routing groups are
connected by a routing group connector.
The only network traffic between the two offices is e-mail messages. There is a permanent
WAN link that connects the two offices. The WAN link is connected to a hardware router
in each office. The two hardware routers each also have an ISDN dial-up interface.
Demand-dial routing is defined between the two offices.
You view network utilization statistics in the Paris office, and you discover that traffic from
the Paris Exchange server frequently causes the ISDN link to connect. There is little
utilization of the permanent WAN link between the two offices. The WAN link has been
very reliable and has suffered no downtime.
You need to ensure that the ISDN link is used only when the permanent WAN link fails.
What should you do in the Paris office?

A. Request the network administrator to remove the IP route that uses the ISDN link from
the routers.
B. Request the network administrator to reconfigure the routers, so that the IP route that uses
the ISDN link is assigned a higher cost than the permanent WAN link.
C. Request the network administrator to reconfigure the routers, so that the IP route that uses
the ISDN link is assigned a lower cost than the permanent WAN link.
D. On the Exchange server, create a TCP/IP static route to the London Exchange server.
E. On the Exchange server, replace the routing group connector with an SMTP connector
that uses the ETRN command.
F. On the Exchange server, replace the routing group connector with an SMTP connector
that uses the London Exchange server as a smart host.

Answer: B

Explanation:
When you assign a higher cost to a route, this route only will be used if the primary line fails

142.QUESTION NO: 145

You are the Exchange administrator for TestKing. The network consists of two sites. Each
site has its own IP subnet. Each site contains a computer that runs Exchange Server 2003.
The two Exchange servers are named TestKing1 and TestKing2. The configuration of the
network and the servers is shown in the following diagram.
Users in each site have mailboxes on the Exchange server in their own site. Users in site A
report that they can connect successfully to TestKing1, but that e-mail sent to users in Site
B is not delivered.
You test connectivity between the sites by using the ping command. When you attempt to
ping TestKing1 from TestKing2, you receive the following error message: "Destination
host unreachable".
You need to ensure that mail delivery occurs between the two Exchange servers.
What should you do?

A. Reconfigure the subnet mask on TestKing1 to be 255.255.255.224.
B. Reconfigure the default gateway address on TestKing1 to be 131.107.1.33.
C. Reconfigure the subnet mask on TestKing2 to be 255.255.255.240.
D. Reconfigure the default gateway address on TestKing2 to be 131.107.1.33.

Answer: D

Explanation:
Site A IP address 131.107.1.10 mask 255.255.255.240, their 3 first bytes are fixed
240 means in binary -> 1111.0000 (jump 24^16) router goes to 131.107.1.0-15, 131.107.1.16-31,
131.107.1.32-47, where 131.107.1.0-15 is own subnet in this segment the IP address 131.107.1.0
is the network address and IP address 131.107.1.15 is broadcast address, rest of IP are for HOST
in this case exchange 131.107.1.10 and 131.107.1.1 router
Site B network address is 131.107.1.32 mask 255.255.255.240 go from 131.107.1.32 to
131.107.1.47 where 131.107.1.32 is the network address and 131.107.1.47 broadcast address the
other IP are for host in this case 131.107.1.40 for exchange and 131.107.1.33 for router

146.QUESTION NO: 146

You are the Exchange administrator for TestKing. The Exchange organization contains
four Exchange Server 2003 computers.
The computer objects for the Exchange servers are contained in an organizational unit
(OU) named ExchangeServers. All client computers run either Microsoft Windows NT
Workstation 4.0, Windows 2000 Professional, or Windows XP Professional. Half of the
Windows NT Workstation computers are members of a trusted Windows NT 4.0 domain.
The computer objects for the client computers are contained in an OU named Clients.
A new written TestKing policy states that all data communication between the Exchange
servers must be encrypted. The policy does not require communication between client
computers and the Exchange servers to be encrypted.
On the ExchangeServers OU, you configure a Group Policy object (GPO) that assigns the
Secure Server (Require IP Security) default IPSec policy. You assign the default IPSec
policy to all client computers.
Users of Windows NT Workstation computers report that they can no longer send or
receive e-mail messages. Users of Windows 2000 Professional computers and Windows XP
Professional computers are able to send and receive e-mail messages.
You need to ensure that users on all client computers can send and receive e-mail messages.
Your solution must follow company policy.
What should you do?

A. Upgrade all Windows NT Workstation computers to Windows XP Professional.
B. Create and configure a new GPO that assigns the Client (Respond only) IPSec policy,
and link the GPO to the Clients OU.
C. Disable the IPSec policy that is linked to the ExchangeServers OU. Configure the
Exchange servers to enable SSL for connections to all virtual servers.
D. Modify the IPSec policy that is linked to the ExchangeServers OU to set an IP filter list
that specified the IP addresses of the Exchange servers only.

Answer: D

Explanation:
You need to ensure that users on all client computers can send and receive e-mail messages.
Your solution must follow company policy Require IP Security means
For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured
communication with untrusted clients.
IPSec is disabled by default; three settings
1. Client (Respond only) Means 'I will speak IPSec if you wish'.
2. Server (Request Security) Means 'I would like to speak IPSec, but if you cannot
comprehend IPSec then I will speak normally.
3. Secure Server (Require Security) Means 'I will only speak with clients who understand
IPSec'.
Operating systems older than MicrosoftR WindowsR 2000 do not provide built-in support for
IPSec. These include MicrosoftR WindowsR 98, WindowsR Millennium Edition, and
MicrosoftR Windows NTR. If you have computers running these operating systems in your
environment, make sure they are not required to use IPSec because the enforcement of IPSecsecured
communications denies them access to resources.
The trick in this question is that IPSEC can be used with or without encryption, and the problem
is that legacy clients can not understand IPSEC Server (Require Security) policy, they can
upgrade all Windows NT Workstation computers to Windows XP Professional that mean answer
A
or change the policy to Server (Request Security). Also because by default IPSEC policy affect
all traffic
you will need to filter to affect only to exchange server
That mean answer D, less administrative effort and license price tell D is correct

147.QUESTION NO: 147

You are the Exchange administrator for TestKing. The New York and Chicago offices each
have a routing group that contains an Exchange Server 2003 computer. The two Exchange
servers are named NewYorkMail and ChicagoMail.
You add a new office named Seattle to the network. The Seattle office has a routing group
that contains an Exchange Server 2003 computer named SeattleMail. The relevant portion
of the network is configured as shown in the exhibit.
The internal network is accessible from the Internet only through a Network Address
Translation (NAT) router. The NAT router has filters that limit the types of network
connections allowed onto the internal network. The filters allow access by using all
protocols that can be used for Exchange client computers to retrieve e-mail messages from
mail servers on the internet network.
External IP address *missing*
IP address
Purpose
131.107.1.1 None External IP address of router
131.107.1.11 192.168.1.11 Makes TestKing11 accessible from Internet
131.107.1.12 192.168.1.12 Makes TestKing12 accessible from Internet
Users report that they cannot retrieve e-mail messages when connected remotely over the
Internet. They establish a VPN connection to TestKing11 and then attempt to connect to
131.107.1.1 by using their mail client. They receive an error message stating that the server
cannot be found.
You need to provide users with the correct IP address to configure when they user their
mail client to retrieve e-mail messages on TestKing12 over the Internet.
Which IP address should users connect to after their VPN connection is established?

A. 131.107.1.11
B. 192.168.1.11
C. 131.107.1.12
D. 192.168.1.12

Answer: D

Explanation:
They access to Tesking11 that means they access to 192.168.1.11, they try to access to
131.107.1.1 that means try to access to the router they need to access to testking12 192.168.1.12
They give to us the solution in the table
131.107.1.12 192.168.1.12 Makes TestKing11 accessible from Internet
Nat translation for public IP 131.107.1.12 is internal 192.168.1.12 that is tesking12 IP

Вверх ^ ген. 0.182 Дата сервера 03:26 04-07-2009 Разработал Zip © 2006 Вверх ^
Microsoft 70-284
Форум
Бреиндампы пользов.
Microsoft
10-184 (13)
70-086 (10)
70-210 (312)
70-214 (8)
70-215 (229)
70-216 (106)
70-217 (188)
70-218 (136)
70-219 (128)
70-220 (116)
70-221 (131)
70-222 (43)
70-223 (34)
70-224 (118)
70-225 (12)
70-226 (5)
70-227 (42)
70-228 (134)
70-229 (158)
70-244 (28)
70-270 (100)
70-271 (6)
70-272 (5)