Objective 3.3 Exchange 2010 Flashcards

Objective 3.3: Configure federated sharing.

1
Q

You can use the EMS ______ cmdlet to change the certificate that verifies a trust. If you want to change this certificate, you need first to discover the thumbprint of the new certificate. You deploy the certificate on all Hub Transport servers and Client Access servers in your Exchange organization, identify the certificate as the next certificate, and then use the Set-FederationTrust cmdlet with the PublishFederationCertificate switch to configure the trust to use this certificate as the current certificate. For example, the following two commands configure the federation trust named Microsoft Federation Gateway to use the certificate with the thumbprint AC00F-12CBA8358253F412FD0984B5CCAF2AF4F27 as the next certificate and then deploy it as the current certificate: ______.

A

Set-FederationTrust,

Set-FederationTrust -Identity “Microsoft Federation Gateway” -Thumbprint AC00F12CBA8358253F412FD0984B5CCAF2AF4F27

Set-FederationTrust –Identity “Microsoft Federation Gateway” -PublishFederationCertificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When you create a federation trust, you need to obtain the thumbprint of a trusted third-party CA that can validate the trust. For example, the following command creates a federation trust named Microsoft Federation Gateway using the thumbprint of an exportable certificate: ______.

A

New-FederationTrust -Name “Microsoft Federation Gateway” –Thumbprint AC00F12CBA8358253F412FD0984B5CCAF2AF4F27

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The domain used for establishing a federation trust must be resolvable from the ______. A locally generated self-signed certificate ______ be used for this purpose.

A

Internet,

cannot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Remember that you need to obtain an ______ certificate from a trusted external CA before you can create a federation trust.

A

X.509

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You should be aware that in order to use the Microsoft Federation Gateway, you must enroll your ______ cluster.

A

Active Directory Rights Management Services (AD RMS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You can enroll by using the default AD RMS cluster certificate. You can also enroll with a valid trusted certificate, provided you know the thumbprint of that certificate. For example, the following command enrolls by using the default AD RMS cluster certificate: ______.

The second command enrolls by using a certificate with the thumbprint of AC00F12CBA8358253F412FD0984B5CCAF2AF4F27: ______.

A

Install-RmsMfgEnrollment

Install-RmsMfgEnrollment -CertificateThumbprint AC00F12CBA8358253F412FD0984B5CCAF2AF4F27

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You need to configure DNS with a ______ resource record that provides proof-of-ownership for your domain name.

A

TXT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You can obtain the application identifier by using the EMS ______ cmdlet. For example, the following command retrieves properties (including identifiers) of federation trusts configured for the organization: ______.

A

Get-FederationTrust,

Get-FederationTrust | FL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Remember that the proof-of-ownership (or application identifier) is stored in DNS as a ______ resource record.

A

TXT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The exam might test that you know how to create and configure an organizational relationship. You can use the ______ Wizard in the EMC for this task. If instead you choose to use the EMS, you must access the Federated Organization Identifier (OrgID) by using the EMS ______ cmdlet. You then pipe the output from this cmdlet into the ______ cmdlet. For example, the following command creates an organization relationship with the Contoso organization, enabling free/busy information and specifying that the requesting organization receives free/busy, subject, and location information from the target organization: ______.

A

New Organizational Relationship,

Get-FederationInformation,

New-OrganizationRelationship

Get-FederationInformation -DomainName Contoso.com | New-OrganizationRelationship -Name “Contoso” -FreeBusyAccessEnabled $true -FreeBusyAccessLevel -LimitedDetails

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

If you enable the sharing of free/busy information, you can configure one of three levels of access. You can configure the following levels of access: ______.

A
  1. No Calendar sharing
  2. Calendar sharing with free or busy information only
  3. Calendar sharing with free or busy information, plus subject and location
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You can use the ______ cmdlet to change settings of an organizational relationship. For example, the following command disables the organization relationship with Contoso: ______.

A

Set-OrganizationRelationship,

Set-OrganizationRelationship -Identity “Contoso” -Enabled $false

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You can use the EMS ______ cmdlet to configure federated organization identifiers. You configure a federated organization identifier to create an account namespace for your Exchange organization with the Microsoft Federation Gateway and enable federation so that you can make use of the facilities that federation provides. For example, the following command configures and enables a federated organization identifier for the Adatum.com Exchange organization: ______.

A

Set-FederatedOrganizationIdentifier,

Set-FederatedOrganizationIdentifier -DelegationFederationTrust “Microsoft Federation Gateway” -AccountNamespace “Contoso.com” -Enabled $true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You might need to register multiple domain names in your Active Directory forest with Microsoft Federation Gateway. Although you can use a wildcard certificate, such as *.adatum.com, there are security implications in doing this. A more secure alternative is to list each of the required domains as ______ in the trusted X.509 certificate.

A

SANs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You use the EMS Get-Mailbox cmdlet to obtain the mailbox or mailboxes to which you want to apply the sharing policy and the EMS ______ cmdlet to apply the policy. For example, the following command configures all mailboxes associated with the Marketing department to use the Adatum Marketing federated sharing policy: ______.

A

Set-Mailbox,

Get-Mailbox –Filter {Department –eq “Marketing”} | Set-Mailbox –SharingPolicy “Adatum Marketing”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

To enable federated sharing, you need to register your organization with the Microsoft Federation Gateway. You then configure a federated sharing relationship with another organization that also registers with the Microsoft Federation Gateway, which acts as a ______ for all connections that the organizations make with each other.

A

hub

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

When you enable federation sharing, all interorganizational communication is sent through your organization’s ______ servers so that federated sharing works with any client that can connect to Exchange 2010, including OWA, Outlook 2003, Outlook 2007, and Outlook 2010.

A

Exchange 2010

18
Q

To implement federated sharing, you need to establish the following three components in Exchange 2010: ______.

A
  1. A federation trust
  2. An organization identifier
  3. A sharing relationship with the organizations with which your organization shares data
19
Q

You can use the EMS ______ cmdlet to add a specified domain to an existing federation trust. For example, the following command adds the domain mail.adatum.com:

A

Add-FederatedDomain,

Add-FederatedDomain –DomainName mail.adatum.com

20
Q

You configure the properties of a trust by using the ______ cmdlet (not the New-FederationTrust cmdlet).

A

Set-FederationTrust

21
Q

You should know that a federated organization defines what authoritative ______ in an Exchange organization are available for federation.

A

domains

22
Q

You should be aware that the first domain you specify with the organization identifier is known as the account ______.

A

namespace

23
Q

An organization’s federated organization identifier is generally created by using the organization’s primary domain name and configuring the AccountNamespace parameter of the ______ cmdlet with this value.

A

Set-FederatedOrganizationIdentifier

24
Q

Before you can configure a sharing relationship with another organization, both organizations must configure a federation trust with the Microsoft ______ Gateway.

A

Federation

25
Q

You can use the EMS ______ cmdlet to create a relationship with an external Microsoft Exchange Server 2010 organization. For example, the following command creates an organization relationship with the Adatum.com forest; free/busy access is enabled and the requesting organization receives time, subject, and location information from the target organization: ______.

A

New-OrganizationRelationship,

Get-FederationInformation -DomainName Adatum.com | New-OrganizationRelationship -Name “Adatum” -FreeBusyAccessEnabled $true -FreeBusyAccessLevel -LimitedDetails.

26
Q

The default sharing policy is not assigned to any mailboxes by default. If you want to enable users to participate in federated sharing, you can add their ______ to the default sharing policy or create a new sharing policy.

A

mailboxes

27
Q

Creating or configuring a sharing policy requires that a ______ trust has been created between your Exchange 2010 organization and the Microsoft Federation Gateway and the federated organization identifier is configured.

A

federation

28
Q

You can use the EMS ______ cmdlet to create a sharing policy and the Set-SharingPolicy cmdlet to modify a policy. For example, the following command creates a sharing policy called Blue Sky Airlines for the mail.BlueSkyAirlines.com domain, which is external to your organization. This policy allows users in the mail.BlueYonderAirlines.com domain to see detailed free/busy information and contacts. By default, the policy is enabled: ______.

A

New-SharingPolicy,

New-SharingPolicy -Name “Blue Sky Airlines” -Domains ‘mail.BlueYonderAirlines.com: CalendarSharingFreeBusyDetail, ContactsSharing’

29
Q

The following command modifies a sharing policy named Contoso for the contoso.com domain, which is external to your organization. Users in the Contoso domain can see your users’ availability (free/busy) information: ______.

A

Set-SharingPolicy -Identity Contoso -Domains ‘contoso.com: CalendarSharingFreeBusySimple, Contacts’

30
Q

You can use the ______ cmdlet (not the Set-SharingPolicy cmdlet) to get details about a sharing policy. For example, the following command displays all the available information for the sharing policy for Blue Yonder Airlines: ______.

A

Get-SharingPolicy,

Get-SharingPolicy “Blue Yonder Airlines” | FL

31
Q

If you no longer require a sharing policy, you can remove it by using the EMS ______ cmdlet. However, you cannot remove a sharing policy that has ______ assigned to it, and you first need to assign them to another policy.

A

Remove-SharingPolicy,

mailboxes

32
Q

You can use the EMS ______ cmdlet to list role assignees. The following command lists details of the federated sharing management role, including a list of groups, users, or universal security groups assigned to the role: ______.

A

Get-ManagementRoleAssignment,

Get-ManagementRoleAssignment -Role “Federated Sharing” | FL

33
Q

You can add assignees, both users and groups, to the federated sharing management role. For example, the following command assigns the federated sharing role to the Adatum Federation role group and applies the Organization predefined scope: ______.

A

New-ManagementRoleAssignment -Name “Federated Sharing Adatum Federation” -SecurityGroup “Adatum Federation” -Role “Federated Sharing” -RecipientRelativeWriteScope Organization

34
Q

You can remove role groups, users, and universal security groups from this management role. However, there must always be at least one ______ role assignment for this role granted to a role group or universal security group.

A

delegating

35
Q

If you remove the role assignment between the management role group and the federated sharing management role, all members of the role group lose the ability to manage federated sharing. If you want to remove the permissions from one member only, you need instead to remove that member from the management role group. The following command removes the management role assignment named Federated Sharing Adatum Federation from the federated sharing role group: ______.

A

Remove-ManagementRoleAssignment “Federated Sharing Adatum Federation”

36
Q

You are configuring federation for the contoso.com domain. You have stored the application identifier (or proof-of-ownership) used for the federated trust in a DNS record. What type of DNS record do you use?

A

A DNS TXT resource record.

37
Q

What EMS command do you issue to create an organizational relationship with the Adatum organization, enabling free or busy information and specifying that the requesting organization receives free/busy, subject, and location information from the target organization?

A

You issue the following command:

Get-FederationInformation -DomainName Adatum.com | New-OrganizationRelationship -Name “Adatum” -FreeBusyAccessEnabled $true -FreeBusyAccessLevel –LimitedDetails

38
Q

What type of certificate do you need to establish a federation trust?

A

You need to submit a valid X.509 certificate issued by an external CA trusted by Windows Live Domain Services.

39
Q

What EMS command do you issue to list details of the federated sharing management role, including a list of groups, users, and universal security groups assigned to the role?

A

You issue the following command:

Get-ManagementRoleAssignment -Role “Federated Sharing” | FL

40
Q

What EMS cmdlet can you use to create a sharing policy, and what EMS cmdlet lets you modify such a policy?

A

You use the New-SharingPolicy cmdlet in the EMS to create a sharing policy and the Set-SharingPolicy cmdlet to modify a policy.