Planning the Exchange Server 2010 Infrastructure

  • 12/22/2011

Answers

This section contains the answers to the Object Reviews and the Thought Experiments.

Objective 1.1: Review

  1. Correct Answer: D

    1. Incorrect: Active Directory Administrative Center allows administrators to perform simple tasks such as password reset and can search Active Directory for information. Although you can extend the tool with custom components, by default it cannot be used to view information about Active Directory site configuration.

    2. Incorrect: Active Directory Users and Computers can be used to view and manipulate user, computer, and group account information as well as manage organizational unit structure. You cannot use Active Directory Users and Computers to view or modify Active Directory site information.

    3. Incorrect: Active Directory Domains and Trusts can be used to view forest information as well as to establish trust relationships with other forests or Kerberos realms. You cannot use Active Directory Domains and Trusts to view or modify Active Directory site information.

    4. Correct: Active Directory Sites and Services can be used to verify current mappings between IP networks and specific Active Directory sites. You can also use this console to create mappings between IP networks and specific Active Directory sites.

  2. Correct Answers: B and C

    1. Incorrect: Both the primary DNS suffix and the DNS domain name must be included on the msDS-AllowedDNSSuffixes Active Directory attribute if Exchange is to function in an environment with a disjointed namespace.

    2. Correct: To ensure that the Exchange servers can properly communicate with Active Directory, it is necessary to ensure that both the primary DNS suffix and the DNS domain name are included on the msDS-AllowedDNSSuffixes Active Directory attributed on the domain object container.

    3. Correct: To ensure that the Exchange servers and clients can properly communicate in the disjointed namespace environment, you need to include both the primary DNS suffix and the DNS domain name in the DNS suffix search list group policy item.

    4. Incorrect: You must include both the DNS domain name and the primary DNS suffix in the DNS suffix search list group policy item to ensure that the Exchange servers and clients can properly communicate in the disjointed namespace environment.

  3. Correct Answers: A and D

    1. Correct: Tailspin Toys should use the cross-forest topology. This topology involves deploying Exchange in each forest and then using GAL synchronization to ensure that recipients from each forest are visible in every other forest.

    2. Incorrect: Tailspin Toys should not use the resource-forest topology because in this topology Exchange is only installed in one forest rather than all forests as suggested by the question text.

    3. Incorrect: Wingtip Toys should not use the cross-forest topology because Exchange should only be deployed in one forest at this organization.

    4. Correct: Wingtip Toys should use the resource-forest topology because in this topology Exchange is deployed in one forest and user accounts are stored in other forests.

  4. Correct Answer: D

    1. Incorrect: System Center Configuration Manager 2012 can be used for application, software update, and operating system deployment. You cannot configure System Center Configuration Manager 2012 to measure service availability as part of monitoring compliance with an SLA.

    2. Incorrect: System Center Data Protection Manager 2012 can be used to back up and restore organizational data. You cannot configure System Center Data Protection Manager 2012 to measure service availability as part of monitoring compliance with an SLA.

    3. Incorrect: System Center Virtual Machine Manager 2012 allows you to manage large deployments of virtual machines. You cannot configure System Center Virtual Machine Manager 2012 to measure service availability as part of monitoring compliance with an SLA.

    4. Correct: System Center Operations Manager 2012 can be used to monitor service availability. System Center Operations Manager 2012 can raise alerts in the event that specific services or servers fail.

  5. Correct Answer: C

    1. Incorrect: Forefront Threat Management Gateway 2010 is an advanced firewall product. You cannot use this product to support GAL synchronization in an Exchange cross-forest topology.

    2. Incorrect: Forefront Endpoint Protection 2012 is an anti-malware solution. You cannot use this product to support GAL synchronization in an Exchange cross-forest topology.

    3. Correct: Forefront Identity Life Cycle Manager 2010 can be used to implement GAL synchronization when Exchange Server 2010 is deployed in a cross-forest topology.

    4. Incorrect: Forefront Unified Access Gateway 2010 allows you to provide access to internal resources for external clients. You cannot use this product to support GAL synchronization in an Exchange cross-forest topology.

Objective 1.1: Thought Experiment

  1. You need to configure single sign-on prior to configuring directory synchronization.

  2. You need to ensure that the domain that you are federating can be resolved by hosts on the Internet. You need to configure User Principle Names for all users. You need to deploy Active Directory Federation Services.

  3. It will be necessary to deploy a computer to host the Directory Synchronization and an Exchange Server 2010 coexistence server.

Objective 1.2: Review

  1. Correct Answer: B

    1. Incorrect: You use authoritative domains for email domains where the intended recipient has a mailbox hosted within the same Exchange organization, or where the email domain is split across Exchange and another messaging system.

    2. Correct: You would configure an Internal Relay domain to ensure that your Exchange organization would accept messages and then route them to a third-party messaging system hosted on your organization’s internal network.

    3. Incorrect: You use an external relay domain when you want your Exchange organization to accept email messages and then route them to another messaging system.

    4. Incorrect: You use a reverse lookup zone to provide IP address to FQDN translation. This is created in DNS and is not something that you need to set up to ensure that your Exchange organization accepts messages and then routes them to a third-party messaging system hosted on the organization’s internal network.

  2. Correct Answers: A and D

    1. Correct: TCP port 25 is required for message transport between Edge Transport and Hub Transport servers.

    2. Incorrect: TCP port 135 is used for RPC communication between mailbox servers and Hub Transport servers. This port is not used for communication between Edge Transport servers and Hub Transport servers.

    3. Incorrect: TCP port 389 is used for LDAP communication between Hub Transport servers and Active Directory Domain Controllers. This port is not used for communication between Edge Transport servers and Hub Transport servers.

    4. Correct: TCP port 50636 is used by the edge synchronization process to replicate configuration data from Hub Transport servers to Edge Transport servers.

  3. Correct Answers: A and D

    1. Correct: You need to configure an internal relay domain and a Send connector when using a shared address space.

    2. Incorrect: You do not need to configure a remote domain when supporting a shared address space. Remote domains are used to configure message formatting options as well as whether out-of-office information is transmitted to remote recipients.

    3. Incorrect: You do not need to configure an external relay domain. External relay domains are used to route mail to organizations outside your internal network. In this case the organization is located on your internal network.

    4. Correct: You need to configure an internal relay domain and a Send connector when using a shared address space.

  4. Correct Answer: B

    1. Incorrect: The Set-ADSite cmdlet is used to configure Active Directory site properties in Exchange. You cannot use this cmdlet to configure an Exchange specific cost for an Active Directory IP site link.

    2. Correct: You can use the Set-ADSiteLink cmdlet to configure an Exchange specific cost for an Active Directory IP site link.

    3. Incorrect: The Get-ADSite cmdlet provides information about Active Directory sites. You cannot use this cmdlet to configure an Exchange specific cost for an Active Directory IP site link.

    4. Incorrect: The Get-ADSiteLink cmdlet allows you to view the properties of Active Directory IP site links. You cannot use this cmdlet to configure an Exchange specific cost for an Active Directory IP site link.

  5. Correct Answer: D

    1. Incorrect: Remote domains are used to control message formatting and out-of-office messages. You can’t use remote domains as a redundancy technology.

    2. Incorrect: Send connectors are used to route messages to locations outside the Exchange organization. You can’t use Send connectors as a redundancy technology.

    3. Incorrect: The transport dumpster is a redundancy feature that is used with database availability groups.

    4. Correct: Shadow redundancy is a transport server feature that ensures that email messages are not lost in transit if a transport server fails.

Objective 1.2: Thought Experiment

  1. You should configure an external relay domain because the Fabrikam mail servers are not located on your organization’s internal network.

  2. You configure message throttling to ensure that a transport server is not overwhelmed by too much message traffic.

  3. Use the Set-Transport cmdlet with the MaxConnectionRatePerMinute parameter to configure the maximum connection rate per minute for inbound connections.

  4. Use the Set-ADSite cmdlet to configure the Sydney site as a hub site.

  5. Use the Set-ADSiteLink cmdlet to configure Exchange costs for the Active Directory site links that connect the Melbourne and Brisbane sites to the Sydney site.

Objective 1.3: Review

  1. Correct Answers: A and C

    1. Correct: You need to ensure that a trust relationship is established between the resource forest and the domains that host accounts in the account forests. The easiest way to accomplish this is to set up forest trusts, although in environments with more complex security needs you may configure more selective trusts.

    2. Incorrect: You do not need to install Exchange 2010 in the account forests to accomplish this goal. Exchange 2010 is installed in multiple forests.

    3. Correct: Linked mailboxes are created in the resource forest and linked to accounts in the account forests.

    4. Incorrect: You create linked mailboxes in the resource forest and not in the account forest.

  2. Correct Answer: D

    1. Incorrect: The New-Mailbox cmdlet is used to create mailboxes. In this case, you want to create a group which uses a query against an Active Directory attribute to populate its membership.

    2. Incorrect: The New-DistributionGroup cmdlet allows you to create a new distribution group. Distribution groups have static memberships and require manual membership changes, which is not appropriate given management’s requirements in this situation.

    3. Incorrect: The Set-DistributionGroup cmdlet is used to modify the properties of an existing distribution group. You cannot use the Set-DistributionGroup cmdlet to create a dynamic distribution group.

    4. Correct: Dynamic distribution groups can be configured using queries based on an Active Directory attribute, such as department membership. The membership of dynamic distribution groups is determined when the group is expanded on a Hub Transport server.

  3. Correct Answer: C

    1. Incorrect: You cannot use the New-MailboxDatabase cmdlet to modify the default mailbox database maximum size limit on an Exchange Server 2010 SP1 mailbox server. You can only modify this limit by editing the registry.

    2. Incorrect: You cannot use the Get-MailboxDatabase cmdlet to modify the default mailbox database maximum size limit on an Exchange Server 2010 SP1 mailbox server. You can only modify this limit by editing the registry.

    3. Correct: The default maximum mailbox database size on an Exchange Server 2010 SP1 mailbox database server is 1024 GB. You can increase this size by editing the registry.

    4. Incorrect: You cannot use the Set-MailboxDatabase cmdlet to modify the default mailbox database maximum size limit on an Exchange Server 2010 SP1 mailbox server. You can only modify this limit by editing the registry.

  4. Correct Answer: A

    1. Correct: Each Exchange Server 2010 SP1 mailbox server can only host one public folder database. This is irrespective of whether the server has an Enterprise or a Standard license. Five servers means a maximum of five public folder databases.

    2. Incorrect: Each Exchange mailbox server can only host one public folder database. Because there are only five mailbox servers, there is a maximum of five public folder databases.

    3. Incorrect: Each Exchange mailbox server can only host one public folder database. Because there are only five mailbox servers, there is a maximum of five public folder databases.

    4. Incorrect: Each Exchange mailbox server can only host one public folder database. Because there are only five mailbox servers, there is a maximum of five public folder databases.

  5. Correct Answers: A, C, and D

    1. Correct: You use the New-AcceptedDomain cmdlet to create a new accepted domain. This will be necessary if you want to use the email domain cohowinery.com in an email address policy.

    2. Incorrect: Get-EmailAddressPolicy lists the properties of an email address policy. You can’t use this cmdlet to create and apply a new email address policy.

    3. Correct: You use the New-EmailAddressPolicy to create a policy that will apply the cohowinery.com email domain in default reply-to addresses in the organization. It is also possible to modify the existing policy, but that option was not available.

    4. Correct: You use the Update-EmailAddressPolicy cmdlet to apply a new or modified email address policy.

Objective 1.3: Thought Experiment

  1. You should set up linked mailboxes in the Contoso.com Exchange organization for users with accounts in the Fabrikam.com forest.

  2. You can modify the existing email address policy or create a new email address policy.

  3. You should create a static distribution group. This will allow you to delegate the appropriate administrative privileges to Simone from Accounts Receivable.

  4. You should make Simone from Accounts Receivable the group owner, also known as the group manager.

  5. Set the approval setting to Owner Approval. This will allow Simone from Accounts Receivable to approve membership.

Objective 1.4: Review

  1. Correct Answer: A

    1. Correct: The LoadGen tool, also known as the Exchange Server Load Generator, allows you to test the adequacy of a CAS deployment for a specific number of clients.

    2. Incorrect: The Jetstress tool allows you to simulate mailbox database I/O and is suitable for testing mailbox server performance, but it does not allow you to simulate specific client load against a CAS deployment.

    3. Incorrect: The Exchange Best Practices Analyzer allows you to compare an Exchange deployment against best practices, but it does not allow you to simulate specific client load against a CAS deployment.

    4. Incorrect: The Remote Connectivity Analyzer allows you to verify that ActiveSync, Exchange Web Services, Outlook, and Internet Email work correctly, but it cannot be used to simulate specific client load against a CAS deployment.

  2. Correct Answer: C

    1. Incorrect: It is necessary to have a Client Access Server in each site where there is a mailbox server. Deploying one Client Access Server would be insufficient when the proposed design has five sites with mailbox servers.

    2. Incorrect: It is necessary to have a Client Access Server in each site where there is a mailbox server. Deploying four Client Access Server would be insufficient when the proposed design has five sites with mailbox servers.

    3. Correct: It is necessary to have a Client Access Server in each site where there is a mailbox server. Because there are five sites, a minimum of five Client Access Servers are necessary.

    4. Incorrect: It is necessary to have a Client Access Server in each site where there is a mailbox server. Although having seven Client Access Servers would provide redundancy in the event that a Client Access Server failed, five Client Access Servers is the minimum amount necessary.

  3. Correct Answer: A

    1. Correct: The mailbox servers are only in a single site, so you only need to deploy a single Client Access Server to support this configuration.

    2. Incorrect: You only need to deploy a single Client Access Server to support this configuration.

    3. Incorrect: You only need to deploy a single Client Access Server to support this configuration.

    4. Incorrect: You only need to deploy a single Client Access Server to support this configuration.

  4. Correct Answer: A

    1. Correct: Microsoft’s theoretical optimum ratio is that there are three processor cores on a site’s Client Access Servers for every four processor cores on a site’s Mailbox servers.

    2. Incorrect: Microsoft’s theoretical optimum ratio is that there are three processor cores on a site’s Client Access Servers for every four processor cores on a site’s Mailbox servers.

    3. Incorrect: Microsoft’s theoretical optimum ratio is that there are three processor cores on a site’s Client Access Servers for every four processor cores on a site’s Mailbox servers.

    4. Incorrect: Microsoft’s theoretical optimum ratio is that there are three processor cores on a site’s Client Access Servers for every four processor cores on a site’s Mailbox servers.

  5. Correct Answer: C

    1. Incorrect: Configuring the Autodiscover service for Internet Access allows clients on external networks to be configured automatically through Autodiscover. Taking this step will not ensure that Outlook 2010 clients get Autodiscover information from the closest Active Directory site.

    2. Incorrect: Configuring the Autodiscover for multiple forests allows users running Outlook 2007 or Outlook 2010 in one forest to access Client Access Servers in a remote forest. Taking this step will not ensure that Outlook 2010 clients get Autodiscover information from the closest Active Directory site.

    3. Correct: Configuring the Autodiscover service for Site Affinity ensures that Outlook 2007 and Outlook 2010 clients get Autodiscover information from the closest Active Directory site.

    4. Incorrect: Configuring the Exchange ActiveSync Autodiscover settings allows automatic configuration of ActiveSync clients. Taking this step will not ensure that Outlook 2010 clients get Autodiscover information from the closest Active Directory site.

Objective 1.4: Thought Experiment

  1. You must deploy Client Access Serves in the Auckland, Wellington, Dunedin, and Christchurch sites.

  2. You can ensure that clients using Autodiscover are provisioned with profile information from the closest Active Directory site by configuring site affinity.

  3. You can configure CAS to use the same name for all services, you can use certificates that support SANs, or you could configure the CAS with wildcard certificates.

  4. You should deploy Outlook Anywhere because you want to allow remote access to Exchange mailboxes for clients running Outlook 2010 without configuring VPN or DirectAccess.

  5. Because you need to support users accessing Outlook Web App from personal computers, you should use a trusted third-party CA, which will minimize the problems involved in getting clients to trust the certificates.

Objective 1.5: Review

  1. Correct Answer: A

    1. Correct: The Exchange Server Load Generator 2010 allows you to test a simulated client workload against all aspects of an Exchange Server 2010 deployment. You can use this tool to determine how many clients a simulated Exchange Server 2010 deployment can comfortably handle.

    2. Incorrect: The Exchange Server Jetstress 2010 tool allows you to benchmark mailbox server storage, but does not allow you to test other aspects of an Exchange Server deployment.

    3. Incorrect: The Exchange Server Remote Connectivity Analyzer allows you to test client connectivity configuration, but does not allow you to test an Exchange server deployment against a simulated number of clients.

    4. Incorrect: The Exchange Server Best Practices Analyzer allows you to diagnose an existing deployment against Exchange best practices. You cannot use this tool to determine the capacity of an Exchange deployment.

  2. Correct Answer: C

    1. Incorrect: You must install the Client Access Server role first when transitioning from Exchange 2003 to Exchange 2010. You install the Hub Transport server role after installing the Client Access Server role.

    2. Incorrect: You must install the Client Access Server role first when transitioning from Exchange 2003 to Exchange 2010. You install the Mailbox server role after you have installed the Client Access and Hub Transport server roles.

    3. Correct: You must install the Client Access Server role first when transitioning from Exchange 2003 to Exchange 2010.

    4. Incorrect: You must install the Client Access Server role first when transitioning from Exchange 2003 to Exchange 2010. You install the Edge Transport server role after you have installed the Client Access, Mailbox, and Hub Transport server roles.

  3. Correct Answer: D

    1. Incorrect: When transitioning from an Exchange 2003 environment to an Exchange 2010 environment, the Edge Transport server role is installed after the other roles have been deployed.

    2. Incorrect: When transitioning from an Exchange 2003 environment to an Exchange 2010 environment, the Edge Transport server role is installed after the other roles have been deployed.

    3. Incorrect: When transitioning from an Exchange 2003 environment to an Exchange 2010 environment, the Edge Transport server role is installed after the other roles have been deployed.

    4. Correct: When transitioning from an Exchange 2003 environment to an Exchange 2010 environment, the Edge Transport server role is installed after the other roles have been deployed.

  4. Correct Answers: A, B, and C

    1. Correct: You must plan to deploy the Client Access, Hub Transport, and Mailbox server roles before it is possible to migrate mailboxes from Exchange 2007 to Exchange 2010 Mailbox servers.

    2. Correct: You must plan to deploy the Client Access, Hub Transport, and Mailbox server roles before it is possible to migrate mailboxes from Exchange 2007 to Exchange 2010 Mailbox servers.

    3. Correct: You must plan to deploy the Client Access, Hub Transport, and Mailbox server roles before it is possible to migrate mailboxes from Exchange 2007 to Exchange 2010 Mailbox servers.

    4. Incorrect: The design will not use an Edge Transport server, so it is not necessary to deploy this role prior to migrating mailboxes from Exchange 2007.

  5. Correct Answer: C

    1. Incorrect: The Exchange Remote Connectivity Analyzer allows you to verify remote connectivity to a Client Access Server. You can’t use this tool to determine whether Exchange 2003 and Exchange 2007 are ready for the deployment of Exchange 2010.

    2. Incorrect: The Exchange Best Practices Analyzer allows you to examine your organization’s environment to determine whether your Exchange configuration complies with best practices. You can’t use this tool to determine whether Exchange 2003 and Exchange 2007 are ready for the deployment of Exchange 2010.

    3. Correct: The Exchange Pre-Deployment Analyzer can examine your organization’s environment to determine whether Exchange 2003 and Exchange 2007 are ready for the upgrade or transition to Exchange 2010.

    4. Incorrect: The Exchange Server Jetstress 2010 tool allows you to analyze mailbox server storage to assess performance characteristics under a specified load. You can’t use this tool to determine whether Exchange 2003 and Exchange 2007 are ready for the deployment of Exchange 2010.

Objective 1.5: Thought Experiment

  1. You should plan to upgrade the Auckland site at Wingtip Toys first because this site is Internet-facing.

  2. You should plan to upgrade the Melbourne and Sydney Tailspin Toys sites first because these sites are Internet-facing.

  3. You will need to deploy Edge Transport servers in the Melbourne, Sydney, and Auckland sites because these sites are Internet-facing.

  4. You should use the cross-forest topology because both Wingtip Toys and Tailspin Toys will retain their own Exchange 2010 organizations.

  5. You should use Forefront Identity Manger 2010 to perform GAL synchronization between the Wingtip Toys and Tailspin Toys Exchange organizations given that a trust exists between them.

  6. You should deploy the Client Access Server role at the Melbourne, Sydney, and Auckland sites first.

  7. You will decommission the Wingtip Toys back-end servers first.