Objective 7.4 Exchange 2010

Question 1

The exam might expect you to know that you need to include directory, process, and file name extensions for both ______ and file-level scanning.

Answer 1

memory-resident

Question 2

If you use a file-level scanner, this can impact the ______ of your Exchange environment. For example, a scanner might scan a file when the file is being used. This can cause the scanner to lock or quarantine the file. If the scanner locks an Exchange log or a database file while Exchange tries to use it, this could result in a severe failure.

Answer 2

performance

Question 3

Exclusions help you to avoid many of the problems associated with ______ scanners.

Answer 3

file-level

Question 4

You can configure your file-level scanner to ensure that the appropriate ______ are in place for both memory-resident and file-level scanning.

Answer 4

exclusions

Question 5

If a Mailbox server is a member of a DAG, you should exclude the quorum disk and the %Winnt%\Cluster folder. Also on a witness server (typically a Hub Transport server), you should exclude the witness ______.

Answer 5

directory files

Question 6

You can create a transport rule to prevent emails from being sent that contain specific words in the subject field. You can use the ______ cmdlet with the SubjectContains Words parameter to create a transport rule that prevents email messages with qualifying words from being sent. Optionally, you can specify exceptions, such as if the sender is the company CEO.

Answer 6

New-TransportRule

Question 7

You can use a transport protection rule to ______ email messages with certain words in the subject.

Answer 7

IRM-protect

Question 8

The following command creates a rule that applies the Do Not Forward template to messages with the word private in the subject field: ______.

Answer 8

New-TransportRule -Name “Internal Private” -SubjectContainsWords “private” -ApplyRightsProtectionTemplate “Do Not Forward”

Question 9

The exam might test that you are aware that SCL has a value range of 0–9, with 0 indicating a ______ probability of spam, and 9 a ______ probability.

Answer 9

low,

very high

Question 10

You can use the EMS ______ cmdlet to determine the action taken at specified SCL thresholds.

Answer 10

Set-ContentFilterConfig

Question 11

The following EMS commands enable the delete action for an SCL threshold of 9 and the reject action for an SCL threshold of 7: ______.

Answer 11

Set-ContentFilterConfig -SCLDeleteEnabled $true -SCLDeleteThreshold 9

Set-ContentFilterConfig -SCLRejectEnabled $true -SCLRejectThreshold 7

Question 12

You can also enable the ______ action for a specified SCL threshold. However, you first need to configure a mailbox as the ______ mailbox.

Answer 12

quarantine,

quarantine

Question 13

You should be aware that a very large proportion of identity theft scams come from spoofed domains that have spoofed sender email addresses, and that The ______ is an industry initiative to counter spoofed domains by publishing SPF records.

Answer 13

Sender ID Federation

Question 14

You should know that the ______ agent is an anti-spam agent that is enabled by default on Exchange 2010 servers that have the Edge Transport server role installed. The exam might check that you know that the Sender ID agent is designed to combat spoofing.

Answer 14

Sender ID

Question 15

The Sender ID agent queries a sender’s DNS server. When an email message is received, the Edge Transport server queries the sender’s DNS server to verify that the ______ from which the message was received is authorized to send messages for the domain that is specified in the message headers.

Answer 15

IP address

Question 16

You should know that the ______ option in Outlook permits a user to generate a list of senders from whom it is considered safe to receive email messages.

Answer 16

Safe Senders

Question 17

The Blocked Senders (or Block Sender) list is also a client feature; it should not be confused with the ______ block list in Exchange.

Answer 17

real-time

Question 18

Safelist aggregation is the combination of shared ______ functionality between Outlook and Exchange. It collects information from the anti-spam Safe Recipients list, Blocked Senders lists, Contact Data, and Safe Senders list. The aggregated data is made available to the Edge Transport server.

Answer 18

anti-spam

Question 19

You should be aware that ______ IP block list providers are typically used by Exchange 2010 organizations.

Answer 19

third-party

Question 20

The exam might check that you know that IP block and allow lists are also known as ______ and ______, respectively, and that block lists are also known as RBLs because they are queried each time mail arrives from a new IP address.

Answer 20

blacklists, and

whitelists

Question 21

You can test the IP Block list providers by using the EMS ______ or the ______ cmdlets.

Answer 21

Test-IPAllowListProvider,

Test-IPBlockListProvider

Question 22

The following tests the connectivity to the fictitious IP Block list provider FictitiousProviderName, and then issues a lookup request to that provider by using the IP address 192.168.10.1: ______.

Answer 22

Test-IPBlockListProvider -IPAddress 192.168.10.1 -Identity FictitousProviderName

Question 23

Messages received from SMTP servers on the block list will be ______ if they also appear on the allow list.

Answer 23

discarded

Question 24

If you have more than one Edge Transport server in your organization, you need to load a new or updated ______ from a provider on to all your Edge Transport servers.

Answer 24

Real-time block list (RBL)

Question 25

You can add IP addresses, IP subnets, or IP address ranges to the IP ______ list. You can also specify a list of IP allow list providers. These providers supply IP addresses for your IP allow list.

Answer 25

allow

Question 26

For example, the following EMS command adds the IP address 10.20.0.241 to the IP allow list: ______.

Answer 26

Add-IPAllowListEntry -IPAddress 10.20.0.241

Question 27

You should be aware that domain ______ publish Sender Policy Framework (SPF) records on their DNS servers and that SPF records identify authorized outbound email servers. If an SPF record is configured on the sender’s DNS server, the Edge Transport server parses the SPF record and determines whether the IP address from which the message was received is authorized to send email on behalf of the domain specified in the message.

Answer 27

administrators

Question 28

The exam might test that you know that a ______ is determined by analyzing HELO/EHLO SMTP commands, using reverse DNS Lookup, analyzing the SCL on messages from a specific sender, and performing a sender open proxy test.

Answer 28

Sender reputation level (SRL)

Question 29

You should be aware that SRL uses a numeric value from 0–9. A value of 0 indicates that a sender is ______ to be a spammer; a value of 9 means the sender is ______ to be a spammer. You should also know that you can configure a block threshold.

Answer 29

unlikely,

most likely

Question 30

You can use the EMC to configure sender reputation Properties on an Edge Transport server. You can also use the EMS ______ cmdlet.

Answer 30

Set-SenderReputationConfig

Question 31

The following command sets the SRL block threshold to 7 and specifies that a sender remains on the block list for 48 hours: ______.

Answer 31

Set-SenderReputationConfig -SrlBlockThreshold 7 -SenderBlockingPeriod 48

Question 32

The following command configures sender reputation to perform an open proxy test for determining sender confidence: ______.

Answer 32

Set-SenderReputationConfig -OpenProxyDetectionEnabled $true

Question 33

You are expected to know that anti-spam agents, such as the Sender ID agent, typically run on Edge Transport servers, because it is preferable to detect and delete or quarantine unsolicited email ______ it enters your internal network.

Answer 33

before

Question 34

You should, however, know what steps to take to configure anti-spam functionality on a Hub Transport server. Small organizations that do not use ______ servers need to run anti-spam functionality on their Hub Transport servers.

Answer 34

Edge Transport

Question 35

You need to run the ______ script on a Hub Transport server to enable anti-spam functionality. Anti-spam features are available on Edge Transport servers by default.

Answer 35

Install-AntiSpamAgents.ps1

Question 36

To enable them on a Hub Transport server, you run the following command from the %system drive%\Program Files\Microsoft\Exchange Server\V14\Scripts folder on the relevant server: ______. You then restart the Transport service by issuing the following EMS command: ______.

Answer 36

./install-AntispamAgents.ps1,

Restart-Service MSExchangeTransport

Question 37

You need to know what steps to take to configure an existing mailbox as a quarantine mailbox. You also need to know how to specify a Spam Confidence Level (SCL) threshold so that messages that meet or exceed this threshold are sent to the ______ mailbox. The messages are sent as NDRs to this mailbox.

Answer 37

quarantine

Question 38

You can use the EMC New Mailbox Wizard or the EMS New-Mailbox cmdlet to create the mailbox you intend to configure as a quarantine mailbox. However, you need to use the EMS ______ cmdlet to configure that mailbox to receive quarantined messages.

Answer 38

Set-ContentFilterConfig

Question 39

The following EMS command sets the mailbox spamquarantine@adatum.com as the quarantine mailbox: ______.

Answer 39

Set-ContentFilterConfig -QuarantineMailbox spamquarantine@adatum.com

Question 40

The following command specifies the quarantine action for an SCL threshold of 5: ______.

Answer 40

Set-ContentFilterConfig -SCLQuarantineEnabled $true -SCLQuarantineThreshold 5

Question 41

You can use the EMS ______, ______, and ______ cmdlets to modify your content filtering settings.

Answer 41

1. Set-ContentFilterConfig,
2. Add-ContentFilterPhrase, and
3. Remove-ContentFilterPhrase

Question 42

The following EMS commands allow all messages that contain the word “hovercraft” and block all messages that contain the phrase “lose weight”: ______.

Answer 42

Add-ContentFilterPhrase -Phrase “hovercraft” -Influence GoodWord

Add-ContentFilterPhrase -Phrase “lose weight” -Influence BadWord

Question 43

The following EMS command creates an exception for DonHall@adatum.com so that messages sent to this recipient are not checked by the content filter agent: ______.

Answer 43

Set-ContentFilterConfig -BypassedRecipients DonHall@adatum.com

Question 44

The following EMS command creates an exception for the senders PatrickHines@fabrikam.com and RussellKing@fabricam.com so that messages received from these senders are not checked by the content filter agent: ______.

Answer 44

Set-ContentFilterConfig -BypassedSenders PatrickHines@fabrikam.com,RussellKing@fabricam.com

Question 45

You can use the ______ cmdlet to bypass content filtering for all messages received from specific domains.

Answer 45

Set-ContentFilterConfig

Question 46

The following command creates an exception for the domain contoso.com so that messages received from this domain are not checked by the content filter agent: ______.

Answer 46

Set-ContentFilterConfig -BypassedSenderDomains contoso.com

Question 47

The following command creates an exception for the domain fabricam.com and all its subdomains and for the domain treyresearch.com: ______.

Answer 47

Set-ContentFilterConfig -BypassedSenderDomains *.fabrikam.com,treyresearch.com

Question 48

You can ensure that attachments that have specified file types are filtered and do not enter user mailboxes. You can use the ______ cmdlet for this purpose.

Answer 48

Add-AttachmentFilterEntry

Question 49

The following command blocks all email attachments that have a file name with an .exe file type: ______.

Answer 49

Add-AttachmentFilterEntry -Name *.exe -Type FileName

Question 50

Remember that to block attachments containing graphic files such as JPEG files, you need to set the Name parameter to ______ and the Type parameter to ContentType.

Answer 50

image/jpeg

Question 51

What EMS command creates a transport protection rule called Internal-Confidential that applies the Do Not Forward template to messages with the word “confidential” in the subject field?

Answer 51

The New-TransportRule -Name “Internal-Confidential” -SubjectContainsWords “confidential” -ApplyRightsProtectionTemplate “Do Not Forward” command.

Question 52

What EMS cmdlet do you use to configure the action taken at specified SCL thresholds?

Answer 52

The Get-ContentFilterConfig cmdlet.

Question 53

Your organization has two Edge Transport servers. The settings in these servers are not cloned. You add a list of IP addresses to the block list on one of these servers, but your users continue to receive email messages from these addresses. What do you need to do?

Answer 53

You need to add the same IP addresses to the block list on the other Edge Transport server.

Question 54

You want to filter out all JPEG attachments so that they do not appear in your users’ mailboxes. What EMS command do you issue on your Edge Transport servers?

Answer 54

You issue the Add-AttachmentFilterEntry -Name image/jpeg -Type ContentType command.

Question 55

Your organization manufactures bicycles. You want all incoming email messages with the word “bicycle” in the content to be delivered. What command do you issue on your Edge Transport servers?

Answer 55

You issue the Add-ContentFilterPhrase -Phrase “bicycle” -Influence GoodWord command.