Download Free Microsoft 70-663 PDF and VCE Updated Today 51-60

Vendor: Microsoft
Exam Code: 70-663
Exam Name: Pro: Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010
Version: 14.91

QUESTION 51
Your company contains an internal network and a perimeter network. The internal network
contains an Active Directory forest. The company has a single domain.
You plan to deploy 10 Edge Transport servers on the perimeter network.
You need to recommend a solution for the Edge Transport server deployment. The solution must meet the following requirements:

– Allow administrators to apply a single security policy to all Edge Transport servers
– Reduce the Administrative overhead that is required to manage servers
– Minimize the attack surface of the internal network

What should you recommend?

A.    Implement Network Policy and Access Services (NPAS).
B.    Implement Active Directory Federation Services (AD FS).
C.    Create a new Active Directory domain in the internal forest and then join all Edge Transport servers
to the new domain.
D.    Create an Active Directory forest in the perimeter network and then join all Edge Transport servers
to the new domain.

Answer: D
Explanation:
The Edge Transport Server role in Exchange Server 2007 is designed to be installed in your organization’s perimeter network (aka DMZ or screened subnet). The Edge Transport Server is the only Exchange 2007 server role that should not be part of your corporate Active Directory on your internal network; it should instead be installed on a stand-alone server in a workgroup or as a domain member in an Active Directory dedicated to servers located in the perimeter network as shown in Figure 1.

wps5901.tmp

Although the Edge Transport Server role is isolated from Active Directory on the internal corporate production network, it is still able to communicate with the Active Directory by making use of a collection of processes known as EdgeSync that run on the Hub Transport Server and which, since it is part of the Active Directory, have access to the necessary Active Directory data. The Edge Transport server uses Active Directory Application Mode (ADAM) to store the required Active Directory data, which is data such as Accepted

Domains, Recipients, Safe Senders, Send Connectors and a Hub Transport server list (used to generate dynamic connectors so that you do not need to create them manually).

It is important to understand that the EdgeSync replication is encrypted by default, and that the replication is a one-way process from Active Directory to Active Directory Application Mode (ADAM), this means that no data is replicated from ADAM to AD.

The first time EdgeSync replication occurs, the ADAM store is populated, and after that data from Active Directory is replicated at fixed intervals. You can specify the intervals or use the default settings, which when speaking configuration data is every hour and every 4th hour for recipient data.
http://www.msexchange.org/articles_tutorials/exchange-server-2007/planning- architecture/uncoveringexchange-2007-edge-transport-server-part1.html

QUESTION 52
You have an Exchange Server 2010 organization.
Your company’s compliance policy states that the following occurs when a user leaves the company:

– The user account is disabled
– The user account and mailbox are deleted after six months
– All e-mail messages in the mailbox are retained for three years

You need to recommend a solution to retain the e-mail messages of users who leave the company.
The solution must meet the following requirements:

– Ensure that a group named Group1 can manage the process
– Minimize disk space required to store the mailbox database

What should you recommend?

A.    Assign the Mailbox Search management role to Group1 and then create a retention policy.
B.    Assign the Mailbox Search management role to Group1 and then create a managed folder mailbox
policy.
C.    Assign the Mailbox Import Export management role to Group1 and then configure Personal Archives
for each mailbox.
D.    Assign the Mailbox Import Export management role to Group1 and then instruct Group1 to export
mailboxes to personal folder (.pst) files.

Answer: D
Explanation:
To create the role group we need to run the following:
New-RoleGroup "Mailbox Import-Export Management" -Roles "Mailbox Import Export" This will create a group called ""Mailbox Import-Export Management"", every user added to this group will have the right to run the import/export cmdlets, adding a user can be done by running the following:
Add-RoleGroupMember "Mailbox Import-Export Management" -Member <user account> To export a mailbox:

wps9AD2.tmp

wpsAD88.tmp

QUESTION 53
Your network consists of a windows Server 2003 Active Directory forest that contains a windows Server 2003 enterprise certification authority (CA).
You have an Exchange Server 2003 organization.
Users access their mailboxes by using Windows Mobile 5.0 and Windows Mobile 6.1 devices.
You plan to transition the organization to Exchange Server 2010.
You need to plan a certificate solution for the Exchange Server 2010 deployment. The solution must minimize the amount of effort required to connect all mobile devices to the organization.
What should you include in the plan?

A.    Create a self-signed certificate and install it on the Client Access server.
B.    Obtain a wildcard certificate from a trusted third-party CA and install it on the Client Access server.
C.    From an internal CA obtain a certificate that contains multiple names and install it on the Client Access
server.
D.    From a trusted third-party CA obtain a certificate that contains multiple names and install it on the Client
Access server.

Answer: D
Explanation:
Windows Mobile devices will need certificates from a trusted third-party CA to function properly with ActiveSync
Using a trusted cert from a third-party CA will prevent you from having to import the certificate on every mobile phone in your environment
http://blogs.technet.com/b/exchange/archive/2009/12/08/3408985.aspx
http://www.techrepublic.com/blog/networking/exchange-2007-activesync-and-windows-mobile-5-and-ssl/289

QUESTION 54
You have an Exchange 2010 organization.
Your company’s security policy states that all connections to Outlook Web App (OWA) must use smart card authentication.
You need to recommend a solution to meet the security policy requirements.
Which two possible ways to achieve this goal should you recommend? (Each correct answer presents a complete solution. Choose two.)

A.    Require certificate-based authentication for all Internet-facing Client Access servers.
B.    Require Windows Integrated Authentication for all Internet-facing Client Access servers.
C.    Deploy an Edge Transport server and then disable Windows Integrated Authentication.
D.    Deploy a server that runs Microsoft Internet Security and Acceleration (ISA) Server and enable
Kerberos constrained delegation.

Answer: AD
Explanation:
We need to enable certificate-based authentication in IIS for the server itself. The first step it to open IIS, then navigate to the server node. Select Authentication under the IIS heading, then after selecting Active Directory Client Certificate Authentication, choose Enable:

The second step is to enable certificate-based authenticate for the website.
C:\WINDOWS\SYSTEM32\INETSRV\APPCMD.EXE set config "Default Web Site" – section:system.
webServer/security/authentication/clientCertificateMappingAuthentication /enabled:"True" /commit: apphost

Third, from EMC select the Client certificate authentication options;

wpsDD50.tmp

ISA Server 2006 introduces support for Kerberos constrained delegation to enable published Web servers to authenticate users by Kerberos after their identity has been verified by ISA Server using a non-Kerberos authentication method. When used in this way, Kerberos constrained delegation eliminates the need for requiring users to provide credentials twice. For example, because it is unrealistic to perform Kerberos authentication over the Internet, SSL certificates might be used for authenticating users at the ISA Server computer. After ISA Server verifies the user’s identity, ISA Server cannot pass the SSL client certificate provided by the user to a published server, but it can impersonate the user and obtain a Kerberos service ticket for authenticating the user (client) to a published Web server.

wps2EA.tmp

wps18AC.tmp

QUESTION 55
You have an Active Directory domain named contoso.local.
You plan to deploy an Exchange Server 2010 organization that will contain the following server:

– Two Edge Transport servers named Edge1.contoso.com and Edge2.contoso.com
– Two Hub Transport servers named hub1.contoso.local and hub2.contoso.local

You need to design a solution that ensures that e-mail messages from the Internet can be delivered to internal recipients if a single Edge Transport server fails.
What should you include in the design?

A.    two Remote Domains
B.    two SRV resource records
C.    two EdgeSync Subscriptions
D.    two mail exchange (MX) records

Answer: D

QUESTION 56
You have Exchange Server 2003 organization. The organization contains a front end server named FE1 and a back end server accessible from the Internet by using mail.contoso.com.
You plan to transition the organization to Exchange Server 2010.
You will deploy a Mailbox server named MIX1 and a Client Access server named CAS1. Users will access Outlook Web Access and Outlook Web App (OWA) by using the URL. https://mail.contoso.com.
You need to recommend a DNS configuration for the external name of mail.contoso.com.
Which server should be associated with the name mail.contoso.com?

A.    BE1
B.    CAS1
C.    FE1
D.    MIX1

Answer: B
Explanation:
One of the first steps in transition is to install CAS2010 and point DNS records to it.

wps42AA.tmp

wps6142.tmp

QUESTION 57
You have an Exchange Server 2010 organization. Your network is separated from the Internet by a firewall.
You need to identify the ports that must be opened on the firewall to allow clients from the Internet to use the following connections:

– Outlook Anywhere
– Outlook Web App (OWA)
– Exchange ActiveSync
– IMAP4 over Secure Sockets Layer (SSL)

Which TCP ports should you identify?

A.    25, 443 and 993
B.    26, 443 and 995
C.    25, 80, 143 and 3269
D.    80, 143, 443 and 389

Answer: A
Explanation:
Exchange Ports

wps87F5.tmp

wpsA027.tmp

QUESTION 58
You have an Exchange Server 2010 Hub Transport server named Hub1.
You install an application on a third-party server named Server1.
You discover that the application cannot authenticate to remote servers.
You need to ensure that the application can relay e-mail messages by using Hub1.
What should you do?

A.    Create a new Send connector
Add the TCP/IP address of Server1 to the Send connector Modify the permissions for the
Send connector
B.    Create a new Receive connector
Add the TCP/IP address of Server1 to the Receive connector Modify the permissions for the
Receive connector
C.    Add the TCP/IP address of Server1 to the default Receive connector Create a message classification
Create a transport rule
Add the TCP/IP address of Server1 to the Client Receive connector
D.    Create a remote domain
E.    Create a transport rule

Answer: B

QUESTION 59
You have an Exchange Server 2010 organization that contains two Client Access servers.
You deploy a Microsoft Internet Security and Acceleration (ISA) Server.
You need to recommend a high availability solution for the Client Access servers. The solution must meet the following requirements:

– Ensure that Outlook Web App (OWA) connections are available if a single Client Access server fails
– Ensure that client access services are available if a single service fails on a Client Access server

What should you recommend?

A.    Deploy a hardware load balancer.
B.    Deploy Windows Network Load Balancing.
C.    Publish each Client Access server in a separate publishing rule.
D.    Publish both Client Access servers in a single publishing rule as a Web server farm.

Answer: D

QUESTION 60
You have an Exchange Server 2010 organization.
Your company acquires two companies named Contoso, Ltd and N—- Traders.
You need to ensure that users from Contoso have only contoso.com e-mail addresses and users from Northwind Traders have only traders.com e-mail addresses.
What should you create and configure?

A.    two accepted domains and two e-mail address policies
B.    two remote domains and two accepted domains
C.    two transport rules and two address remote entries
D.    two Receive connectors and two address lists

Answer: A
Explanation:
E-mail address policies generate the primary and secondary e-mail addresses for your recipients so they can receive and send e-mail.
This default policy specifies the recipient’s alias as the local part of the e-mail address and uses the default accepted domain.

wpsDD76.tmp

If you want to specify additional e-mail addresses for all recipients or just a subset, you can modify the default policy or create additional policies.

wpsF48F.tmp

When creating a new address policy you select from the list of accepted domains:

wps1605.tmp

If you want to pass Microsoft 70-663 exam successfully, donot missing to read latest lead2pass Microsoft 70-663 dumps.
If you can master all lead2pass questions you will able to pass 100% guaranteed.

http://www.lead2pass.com/70-663.html