This page was exported from Latest Lead2pass Dumps For Sharing [ https://www.ensurepass.net ]
Export date: Fri Mar 22 16:19:07 2024 / +0000 GMT

Passed Microsoft 70-341 Exam with Pass4sure and Lead2pass PDF & VCE (31-40)



Case Study 4: Proseware, Inc (QUESTION 31 ~ QUESTION 37)
Overview
General Overview
Proseware, Inc., is an international manufacturing company that has 3,000 users. Proseware has a sales department, a marketing department, a research department, and a human resources department. Proseware recently purchased a small competitor named Contoso, Ltd.
Physical Locations
Proseware has two offices. The offices are located in New York and London. The offices connect to each other by using a WAN link. Each office connects directly to the Internet.
Contoso has one office in Chicago.
Existing Environment
Active Directory Environment
The network of Proseware contains an Active Directory forest named proseware.com. The forest contains a single domain and two sites named London and New York. Each site contains two domain controllers that run Windows Server 2008 R2. The domain controllers in the New York site are named DC1 and DC2. The domain controllers in the London site are named DC3 and DC4. All FSMO roles are hosted on DC3 and DC4. The network of Contoso contains an Active Directory forest named contoso.com. The forest contains five domain controllers and one site.
Exchange Server Organization

Proseware has an Exchange Server 2013 organization that contains two database availability groups (DAGs) named DAG-NYC and DAG-LON. The DAGs are configured as shown in the following table.

image
The certificate used for Exchange Server 2013 has a subject name of mail.proseware.com and a Subject Alternative Name (SAN) of autodiscover.proseware.com. Each mailbox database has three copies. All users connect to an active copy of the database on a server in their respective office. Native data protection is implemented. NTLM communication is used exclusively for Outlook Anywhere both internally and externally.
Problem Statements
Proseware identifies the following issues:
- Users report that sometimes, they fail to access the free/busy information of the other users. You also discover that some users fail to retrieve Autodiscover settings.
- Users in the London office report that during a 24-hour WAN outage, they could see only new users in the global address list (GAL) from Outlook Web App.
- The manager of the human resources department in the New York office cannot see new London office users in the GAL until several hours after the help desk confirms that the users were created.
- A hung MSExchangeOWAAppPool in Internet Information Services (IIS) on EX1 causes all of the database copies to fail over. Despite having the same CopyQueueLength and ReplayQueueLength as the copies on EX2, the copies on EX3, which have a higher activation preference, are activated, forcing user connections over the WAN.
- A custom application named Appl recently malfunctioned and sent hundreds of false positive email notifications that had a subject of System Alert: Sales Database Reaching Capacity to all of the users in the organization. While attempting to remove the email messages, an administrator ran the Search-Mailbox -DeleteContent command and erroneously deleted valid email messages from the mailboxes of some executives.
Requirements
Business Goal
Proseware identifies the following business goals:
- Reduce the costs associated with using bandwidth on the WAN links.
- Improve social media integration by using a Microsoft Outlook app that will be deployed to all of the users in the sales department.
Planned Changes
Proseware plans to make the following changes:
- Implement a lagged copy for the mailbox database of the executives.
- Implement an RBAC-linked role group for the administrators at Contoso to manage the mailboxes of the Proseware users.
Technical Requirements
Proseware identifies the following technical requirements:
- End users must be notified after one hour if the email messages that they send are not delivered.
- If mailbox database storage fails, the IT department must be able to recover old email messages that were sent up to five days earlier to the mailboxes of the executives.
- All new users hired at Contoso must have a user account in contoso.com and an Exchange Server mailbox in proseware.com. All new user accounts in contoso.com must have a user principal name (UPN) that ends with proseware.com.
- Administrators at Contoso must be able to create and manage recipient objects in the Exchange Server organization of Proseware by using their existing contoso.com administrator account. All Contoso recipient objects must reside in an organizational unit (OU) named proseware.com.
Security Requirements
The Chief Security Officer (CSO) introduces the following security requirements:
- All Outlook users who connect from the Internet must use Basic authentication only.
- All Outlook users who connect from the internal network must use NTLM authentication only.
SLA Requirements
Due to productivity losses during some recent maintenance windows, the Chief Information Officer (CIO) introduces a new service level agreement (SLA) requiring that all servers entering or exiting a maintenance window must be taken in and out of service properly.
The SLA contains the following requirements:
- All mounted databases on the server undergoing maintenance must be activated on another server.
- All message queues on the server undergoing maintenance must be empty before maintenance can begin.
- The server undergoing maintenance must be prevented from becoming a Primary Active Manager (PAM).
- Databases copies on the server undergoing maintenance must not be activated while maintenance is occurring.

QUESTION 31
Hotspot Question
You are attempting to resolve the database activation issue. You need to identify why the database copies are activated on EX3 instead of EX2. Which command should you use? (To answer, select the appropriate options in the answer area.)

image
Answer:

image 

QUESTION 32
Drag and Drop Question
You need to identify which commands must be run to perform the maintenance window tasks. Which commands should you run? (To answer, drag the appropriate commands to the correct tasks. Each command may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)

image
Answer:

image 

QUESTION 33
You need to recommend which command must be run to remove the email notifications from all of the servers if App1 malfunctions again. Which command should you recommend? (To answer, configure the appropriate options in the answer area.)

image
Answer:

image 

QUESTION 34
You are implementing a solution to meet the security requirements for Outlook authentication. You purchase a new certificate that has a subject name of mail.proseware.com and SANs of autodiscover.proseware.com and oa.proseware.com. You create a host (A) record for oa.proseware.com in the public DNS zone. Remote users report that they fail to connect to their mailbox by using Outlook. You need to ensure that the remote users can connect to their mailbox from Outlook. The solution must meet the security requirements. Which two commands should you run? (Each correct answer presents part of the solution. Choose two.)

A.    Set-OutlookProvider EXPR -CertPrincipalName msstd:mail.proseware.com
B.    Set-OutlookAnywhere -ExternalHostName oa.proseware.com - ExternalClientAuthenticationMethod
Basic -ExternalClientsRequireSsI $true -InternalHostName mail.proseware.com – InternalClientAuthentication
Method NTLM -InternalClientsRequireSsI Strue
C.    Set-OutlookProvider EXPR -CertPrincipalName msstd:oa.proseware.com
D.    Set-OutlookAnywhere -ExternalHostName mail.proseware.com- ExternalClientAuthenticationMethod
Basic -ExternalClientsRequireSsI $true -InternalHostName oa.proseware.com -InternalClientAuthentication
Method NTLM -InternalClientsRequireSsI $true

Answer: AB
Explanation:
A
Subject name of the certificate is mail.proseware.com not oa.prosware.com
NOT C
Subject name of the certificate is mail.proseware.com not oa.prosware.com
B
ExternalHostName oa.proseware.com is correct as oa.proseware.com is a host (A) record in the public DNS zone.
NOT D
ExternalHostName mail.proseware.com is NOT correct as oa.proseware.com is a host (A) record in the public DNS zone.

QUESTION 35
You need to recommend which actions must be performed to meet the technical requirements for the new Contoso users. Which three actions should you recommend? (Each correct answer presents part of the solution. Choose three.)

A.    Configure UPN suffix routing.
B.    Configure Contoso to trust Proseware.
C.    Configure Proseware to trust Contoso.
D.    Run the New-Mailbox cmdlet and specify the -AccountDisabled parameter.
E.    Run the New-Mailbox cmdlet and specify the -LinkedMasterAccount parameter.
F.    Create a linked role group.

Answer: ACE
Explanation:
A
All new user accounts in contoso.com must have a user principal name (UPN) that ends with proseware.com
Configure UPN suffix routing
Name suffix routing is a mechanism that you can use to manage how authentication requests are routed across Active Directory forests that are joined by forest trusts.
NOT B
AS PER ABOVE DIAGRAM PROSEWARE NEEDS TO TRUST CONTOSO
C
AS PER ABOVE DIAGRAM PROSEWARE NEEDS TO TRUST CONTOSO
E
All new users hired at Contoso must have a user account in contoso.com and an Exchange Server mailbox in proseware.com
Use the New-Mailbox cmdlet to create a user in Active Directory and mailbox-enable this new user.
The LinkedMasterAccount parameter specifies the master account in the forest where the user account resides. The master account is the account to link the mailbox to.
The master account grants access to the mailbox. This parameter is required only if you're creating a linked mailbox.
A linked mailbox is a mailbox that's associated with an external account. The resource forest scenario is an example of a situation in which you would want to associate a mailbox with an external account. In a resource forest scenario, user objects in the Exchange forest have mailboxes, but the user objects are disabled for logon. You must associate these mailbox objects in the Exchange forest with enabled user objects in the external accounts forest.
NOT D
Need to use linked mailboxes.
Use the New-Mailbox cmdlet to create a user in Active Directory and mailbox-enable this new user.
The AccountDisabled parameter specifies whether to create the mailbox in a disabled state. You don't have to specify a value with this parameter.
NOT F
Need to use linked mailboxes.
You can use a linked management role group to enable members of a universal security group (USG) in a foreign Active Directory forest to manage a Microsoft Exchange Server 2013 organization in a resource Active Directory forest.
By associating a USG in a foreign forest with a linked role group, the members of that USG are granted the permissions provided by the management roles assigned to the linked role group.
For more information about linked role groups, see Understanding Management Role Groups.

QUESTION 36
Hotspot Question
You need to recommend a solution to resolve the Autodiscover and the free/busy information issues. Which command should you include in the recommendation? (To answer, configure the appropriate options in the answer area.)

image 

Answer:

image 

QUESTION 37
You need to recommend a solution to resolve the issue of the human resources department manager. What should you include in the recommendation?

A.    Run Set-ADServerSettings -ConfigurationDomainController dcl.proseware.com on all of the Exchange
servers in the London site.
B.    Move the PDC emulator to the New York office.
C.    Modify the replication interval on the Active Directory site link.
D.    Schedule a task that runs the Update-AddressList command to run once per hour.

Answer: C
Explanation:
NOT A
Set-ADServerSettings
Use the Set-AdServerSettings cmdlet to manage the Active Directory Domain Services (AD DS) environment in the current Exchange Management Shell session.
The Set-AdServerSettings cmdlet replaces the AdminSessionADSettings session variable that was used in Microsoft Exchange Server 2007.
The ConfigurationDomainController parameter specifies the fully qualified domain name (FQDN) of the configuration domain controller to be used for reading Exchange configuration information in this session.
NOT B
Issue is related to AD Site replication
NOT D
Will not improve the site replication
You can use the Shell to update a global address list (GAL). A GAL is a directory that contains entries for every group, user, and contact within an organization's implementation of Microsoft Exchange.
C
You must set the site link replication interval property to indicate how frequently you want replication to occur during the times when the schedule allows replication. For example, if the schedule allows replication between 02:00 hours and 04:00 hours, and the replication interval is set for 30 minutes, replication can occur up to four times during the scheduled time. The default replication interval is 180 minutes, or 3 hours.
Consider the following criteria to determine how often replication occurs within the schedule window:
A small interval decreases latency but increases the amount of WAN traffic.
To keep domain directory partitions up to date, low latency is preferred.

QUESTION 38
You have an Exchange Server 2013 organization that contains two Client Access servers named SERVER1 and SERVER2 and two Mailbox servers named SERVER3 and SERVER4. You have a firewall that controls all of the traffic between the internal network and the Internet. SERVER3 and SERVER4 are prevented from communicating with Internet hosts. SERVER1 and SERVER3 are in a site named Main. SERVER2 and SERVER4 are in a site named Main_2. All outbound email is sent through SERVER1. Main fails. You discover that email messages for the Internet are queued on SERVER4. You create a new send connector in Main_2. You discover that all of the outbound email is queued on SERVER4 and is not delivered to the Internet. You verify that the client computers on the network can receive email messages from the Internet successfully. You need to ensure that the email messages are delivered successfully to the Internet. Which cmdlet should you run?

A.    Set-SendConnector
B.    Set-TransportService
C.    Set-ExchangeServer
D.    Set-ADSite

Answer: A
Explanation:
Mailbox Server
In an Exchange Server 2013 organization the Mailbox server role is responsible for sending outbound email via a Send Connector.

image
When this option is enabled outbound email that is being sent via a Send Connector does not go directly out from the Mailbox server, and instead is proxied through a Client Access server in the site. There is nothing complicated going on here, the Client Access server simply acts as a proxy for the connection so that the receiving host out on the internet sees the connection as coming from the Client Access server name and IP address rather than the Mailbox server. IN THIS QUESTION THE CLIENT ACCESS SERVER (SERVER1) IS ACTING AS A PROXY SERVER FOR THE MAILBOX SERVERS.
NEED TO CHANGE THE SEND CONNECTOR SETTINGS IN ORDER FOR MAIL TO FLOW OUT FROM SERVER4 TO THE INTERNET.
Correct Answer A
Set-SendConnector
Use the Set-SendConnector cmdlet to modify a Send connector.
EXAMPLE 1
This example makes the following configuration changes to the Send connector named
Contoso.com Send
Connector:
Sets the maximum message size limit to 10 MB.
Changes the connection inactivity time-out to 15 minutes. Set-SendConnector "Contoso.com Send Connector" -MaxMessageSize 10MB - ConnectionInactivityTimeOut
00:15:00
Send Connector
In Microsoft Exchange Server 2013, a Send connector controls the flow of outbound messages to the receiving server.
They are configured on Mailbox servers running the Transport service. Most commonly, you configure a Send connector to send outbound email messages to a smart host or directly to their recipient, using DNS.
Exchange 2013 Mailbox servers running the Transport service require Send connectors to deliver messages to the next hop on the way to their destination. Send connectors that are created on Mailbox servers are stored in Active Directory and are available to all Mailbox servers running the Transport service in the organization.

image

image

image

NOT B
Set-transportservice
Use the Set-TransportService cmdlet to set the transport configuration options for the Transport service on Mailbox servers or for Edge Transport servers. This example sets the
TransientFailureRetryCount parameter to 3 and sets the TransientFailureRetryInterval parameter to 30 seconds for the Transport service on a Mailbox server named Mailbox01.
Set-TransportService Mailbox01 -TransientFailureRetryCount 3 -TransientFailureRetryInterval
00:00:30
NOT C
Will not resolve the issue
Set-ExchangeServer
Use the Set-ExchangeServer cmdlet to set Exchange attributes in Active Directory for a specified server.
For information about the parameter sets in the Syntax section below, see Syntax.
EXAMPLE 1
This example disables error reporting on the specified server. Set-ExchangeServer -Identity TestServer.Contoso.com -ErrorReportingEnabled: $false NOT D
Will not resolve the issue
Set-ADSite
Use the Set-AdSite cmdlet to configure the Exchange settings of Active Directory sites.
EXAMPLE 1
This example configures the Active Directory site named Default-First-Site-Name as a hub site. Set-AdSite Default-First-Site-Name -HubSiteEnabled $true

QUESTION 39
You have an Exchange Server 2013 organization named adatum.com. The organization contains five Mailbox servers and two Client Access servers. You need to ensure that an administrator named user1 receives a daily email message that contains a log of all the Exchange Server administrative actions. Which cmdlet should you use in a scheduled task?

A.    Search-AdminAuditLog
B.    Set-Mailbox
C.    New-AdminAuditLogSearch
D.    Set-ExchangeServer
E.    Set-AdminAuditLogConfig

Answer: C
Explanation:
NOT A
Use Search-AdminAuditLog for searching through the audit logs.
Search-AdminAuditLog
Use the Search-AdminAuditLog cmdlet to search the contents of the administrator audit log. For information about the parameter sets in the Syntax section below, see Syntax.
EXAMPLE 1
This example finds all the administrator audit log entries that contain either the New-RoleGroup or the New-ManagementRoleAssignment cmdlet.
Search-AdminAuditLog -Cmdlets New-RoleGroup, New-ManagementRoleAssignment NOT B
Set-Mailbox
Use the Set-Mailbox cmdlet to modify the settings of an existing mailbox. You can use this cmdlet for one mailbox at a time.
To perform bulk management, you can pipeline the output of various Get- cmdlets (for example, the Get-Mailbox or Get-User cmdlets) and configure several mailboxes in a single-line command. You can also use the Set-Mailbox cmdlet in scripts.
For information about the parameter sets in the Syntax section below, see Syntax.
EXAMPLE 1
This example delivers John Woods's email messages to John's mailbox and also forwards them to Manuel Oliveira's (manuel@contoso.com) mailbox.
Set-Mailbox -Identity John -DeliverToMailboxAndForward $true -ForwardingSMTPAddress manuel@contoso.com
NOT D
Set-ExchangeServer
Use the Set-ExchangeServer cmdlet to set Exchange attributes in Active Directory for a specified server.
For information about the parameter sets in the Syntax section below, see Syntax.
EXAMPLE 1
This example disables error reporting on the specified server. Set-ExchangeServer -Identity TestServer.Contoso.com -ErrorReportingEnabled: $false NOT E
NOT Set-AdminAuditLogConfig
Use the Set-AdminAuditLogConfig cmdlet to configure the administrator audit logging configuration settings.
EXAMPLE 1
This example enables administrator audit logging for every cmdlet and every parameter in the organization, with the exception of Get cmdlets.
Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogCmdlets * - AdminAuditLogParameters *
C
New-AdminAuditLogSearch
Use the New-AdminAuditLogSearch cmdlet to search the contents of the administrator audit log and send the results to one or more mailboxes that you specify. For information about the parameter sets in the Syntax section below, see Syntax.
EXAMPLE 1
This example finds all the administrator audit log entries that match the following criteria and sends the results to the david@contoso.com and chris@contoso.com SMTP addresses:
Cmdlets Set-Mailbox Parameters UseDatabaseQuotaDefaults, ProhibitSendReceiveQuota, ProhibitSendQuota StartDate 01/24/2012 EndDate 02/12/2012 New-AdminAuditLogSearch -Name "Mailbox Quota Change Audit" -Cmdlets Set-Mailbox -Parameters UseDatabaseQuotaDefaults, ProhibitSendReceiveQuota, ProhibitSendQuota -StartDate 01/24/2012 - EndDate
02/12/2012 -StatusMailRecipients david@contoso.com, chris@contoso.com

QUESTION 40
You have an Exchange Server 2013 organization. You plan to deploy Exchange ActiveSync for mobile devices. Each mobile device will be authenticated by using certificates issued by an internal certification authority (CA). You need to configure the organization to authenticate the mobile devices by using the certificates. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    From Internet Information Services (IIS) Manager on each Client Access server, configure the
Microsoft-Server-ActiveSync virtual directory to require client certificates.
B.    From Exchange Admin Center, configure the Microsoft-Server-ActiveSync virtual directory to require
client certificates.
C.    From Internet Information Services (IIS) Manager on each Client Access server, enable Active Directory
Client Certificate Authentication.
D.    From Internet Information Services (IIS) Manager on each Mailbox server, enable Active Directory Client
Certificate Authentication.

Answer: BC
Explanation:
NOT A
Enable Active Directory Client Certificate Authentication within IIS but configure the Microsoft- Server-ActiveSync virtual directory to require client certificates is performed in Exchange Admin Center
NOT D
IIS is configured on the Client Access Server not the Mailbox Server B
After you've installed the Exchange 2013 Client Access server, there are a variety of configuration tasks that you can perform.
Although the Client Access server in Exchange 2013 doesn't handle processing for the client protocols, several settings need to be applied to the Client Access server, including virtual directory settings and certificate settings.
http://technet.microsoft.com/en-us/library/gg247612(v=exchg.150).aspx Exchange Server 2013 automatically configures multiple Internet Information Services (IIS) virtual directories during installation.
This topic contains information about the default IIS authentication settings and default Secure Sockets Layer (SSL) settings for the Client Access and Mailbox servers. The following table lists the default settings on a stand-alone Exchange 2013 Client Access server. Default Client Access server IIS authentication and SSL settings Virtual directory Authentication method SSL settings
Management method
Microsoft-Server-ActiveSync Basic authentication SSL required Requires 128-bit encryption EAC or Shell

image

image

C
Configure certificate-based authentication for Exchange ActiveSync
http://blogs.technet.com/b/exchange/archive/2012/11/28/configure-certificate-based- authentication-forexchange-
activesync.aspx
Client Access Server Configuration
To configure the Client Access server to enforce certificate based authentication :
1. Verify if Certificate Mapping Authentication is installed on the server. Right click on Computer in the start menu and choose Manage.
Expand Roles and click on Web Server (IIS)
Scroll down to the Role Services section. Under the Security section you should see Client Certificate Mapping

image

image
Authentication installed.

If you don't see Client Certificate Mapping Authentication installed, click add Role Services > (scroll) Security and select Client Certificate Mapping Authentication and then click Install.
Reboot your server.

image 

If you want to pass Microsoft 70-341 successfully, donot missing to read latest lead2pass Microsoft 70-341 practice exams.
If you can master all lead2pass questions you will able to pass 100% guaranteed.

http://www.lead2pass.com/70-341.html

 

 


Post date: 2014-06-06 08:01:51
Post date GMT: 2014-06-06 08:01:51
Post modified date: 2014-06-06 08:01:51
Post modified date GMT: 2014-06-06 08:01:51

Powered by [ Universal Post Manager ] plugin. MS Word saving format developed by gVectors Team www.gVectors.com