Objective 7.3 Exchange 2010

Question 1

The exam might check that you know how to configure S/MIME to ______ emails and attachments so that only the intended recipient can open and read them.

Answer 1

encrypt

Question 2

You can obtain a certificate either from your organization’s internal CA or from a trusted third-party CA. An internal certificate can be used in-house only. Typically, S/MIME clients require the installation of a certificate before permitting users to send ______ messages.

Answer 2

encrypted

Question 3

OWA users can use S/MIME to encrypt ______ messages and attachments.

Answer 3

outgoing

Question 4

OWA users can digitally sign a message such that its recipients can verify the identity of the sender and that the message has not been ______.

Answer 4

tampered with

Question 5

Users must have a digital ID and must install the ______ control for OWA before they can send encrypted and digitally signed messages or read encrypted messages by using the OWA client.

Answer 5

Secure Multipurpose Internet Mail Extensions (S/MIME)

Question 6

You can use the EMS ______ cmdlet to enable or disable S/MIME in OWA. You must use Internet Explorer 7 or higher and ensure that SSL is used by the OWA directory.

Answer 6

Set-OWAVirtualDirectory

Question 7

The following command enables S/MIME for OWA: ______.

Answer 7

Set-OWAVirtualDirectory -Identity “owa (Default Web Site)” -SMimeEnabled $true

Question 8

You can enable or disable S/MIME for OWA by configuring the OWA (Default Web Site) ______ dialog box in the EMC.

Answer 8

Properties

Question 9

By default, S/MIME is enabled. You can also use the EMS. The following command disables S/MIME on the OWA virtual directory, in the default IIS website, on the local server: ______.

Answer 9

Set-OWAVirtualDirectory -Identity “owa (Default Web Site)” -SMimeEnabled $false

Question 10

You are expected to know that connections between SMTP servers on an organizational internetwork or the Internet rely on ______ for mutual authentication.

Answer 10

MTLS

Question 11

You should be aware that in an MTLS connection, the server originating a message and the server receiving it exchange ______ from a mutually trusted CA.

Answer 11

certificates

Question 12

There are five steps required to implement MTLS. You need to: ______.

Answer 12

1. generate a certificate request for the required certificates;
2. import certificates to the Edge Transport servers;
3. configure outbound domain security;
4. configure inbound domain security; and
5. test domain-secure mail flow.

Question 13

You can test for the proper configuration of MTLS by enabling ______ logging on the connectors used to send and receive domain-secured emails.

Answer 13

verbose

Question 14

For example, the following command enables verbose logging on a Receive connector named Internet: ______.

Answer 14

Set-ReceiveConnector Internet -ProtocolLoggingLevel Verbose

Question 15

The following command enables verbose logging on a Send connector named InternetSend: ______.

Answer 15

Set-SendConnector InternetSend -ProtocolLoggingLevel Verbose

Question 16

You can generate certificate requests by using the EMS ______ cmdlet. You can configure the request so that other services can use the same certificate and key pair. Issuing the cmdlet without parameters generates a selfsigned certificate. This certificate can be used for direct trust authentication and encryption between Edge Transport servers and Hub Transport servers.

Answer 16

New-ExchangeCertificate

Question 17

You can use the ______ tool to test the certificate structure. It can also be used to verify a CRL.

Answer 17

Certutil

Question 18

The following command issued at an elevated command prompt verifies a certificate chain: ______.

Answer 18

Certutil -verify c:<certificatefilename>.cer</certificatefilename>

Question 19

______ organizations manage the accounts used to access shared resources.

Answer 19

Account

Question 20

______ organizations, on the other hand, form the partnerships in single-sign on (SSO) scenarios.

Answer 20

Resource

Question 21

An organization that has resources can use AD FS to simplify the authentication process to these resources by forming ______ that account organizations then join.

Answer 21

partnerships

Question 22

A ______ is a statement that the federation server makes about a user or client.

Answer 22

claim

Question 23

Claims can be based on several different values, such as user names, certificate keys, membership of security groups, and so on. They are included in the signed security token that AD FS sends to the web application and are used for ______.

Answer 23

authorization

Question 24

AD FS communications must be encrypted at all times, and this requires several ______ types.

Answer 24

certificate

Question 25

A federation server requires both a server ______ certificate and a ______ certificate. In addition, the trust policy requires a ______ certificate. The server authentication certificate is an SSL authentication certificate that is typically requested and installed through IIS Manager. Many AD FS roles are outward facing. Therefore, the certificates should be from a trusted CA.

Answer 25

1. authentication, 2. token-signing, 3. verification

Question 26

Federated identity is the process of authenticating a user’s \_\_\_\_\_\_.

Answer 26

credentials

Question 27

With identity federation, users in one domain can securely access data or systems of another domain by using SSO. AD FS relies on the following three role services to support identity federation: \_\_\_\_\_\_.

Answer 27

1. Federation Service; 2. Federation Service Proxy; and 3. Windows Token-Based Agent.

Question 28

You need to know that transport protection rules are used to ______ email content, encrypt certain emails, and use AD RMS XrML-based policies to control who or what has access to certain content.

Answer 28

inspect

Question 29

AD RMS uses transport rules to protect content through the use of conditions and exceptions. If an email message meets any condition and no exceptions, the message will be ______ protected.

Answer 29

IRM

Question 30

If you remove and AD RMS template, then you must manually ______ any transport protection rules that use this template. If you do not, then the AD RMS will not properly license the content and an NDR will be delivered to the sender.

Answer 30

modify

Question 31

What EMS cmdlet can you use to request certificates that you can use for TLS or MTLS?

Answer 31

The **New-ExchangeCertificate** cmdlet.

Question 32

What utility can you use from an elevated command prompt to test the certificate structure?

Answer 32

You would use the **Certuil.exe** tool.

Question 33

You want to test for the proper configuration of MTLS. What EMS command do you issue to enable verbose logging on a Receive connector named Internet that’s used to receive domain-secured email?

Answer 33

You issue the **Set-ReceiveConnector Internet -ProtocolLoggingLevel Verbose** command.

Question 34

What certificate types are required for AD FS federation?

Answer 34

A federation server requires both a server authentication certificate and a token-signing certificate. In addition, the trust policy requires a verification certificate.

Question 35

What EMS cmdlet do you issue to enable S/MIME for OWA?

Answer 35

You issue the **Set-OWAVirtualDirectory -identity “owa (Default Web Site)” -SMimeEnabled $true** command.