70-285 Designing a Microsoft Exchange Server 2003 Organization Practice Tests

Demo Question 4.

Answer: B, C, D

Explanation: OWA enables users to access their Exchange Server 2003 mailbox by using a Web browser such as Microsoft Internet Explorer. OWA can also provide access to mailbox data from UNIX, Macintosh, and Microsoft Windows(r)-based computers without the installation of any messaging client. These users can view and work with any public folder, mailbox, global address list, or calendar from the Web interface. By default, OWA is configured to use HTTP. This means that all user logon information is passed in clear text to the computer running Exchange Server 2003. This issue can be easily addressed by using SSL to encrypt all user sessions. However, some clients may cache the user logon credentials so that if the user does not close all Web browser sessions, another user may be able to access the user's e-mail without logging on. This security concern is addressed by reducing the timeout for cached credentials with forms-based authentication. The steps for securing OWA communications by using SSL are as follows: 1. Install a Web Server certificate on an Exchange server. 2. Enable SSL listening ports on the Exchange server. 3. Configure SSL in the e-mail applications. A number of authentication methods are available for Outlook Web Access. You must select an authentication method depending on the capabilities of the client operating system and the specific security policies. You can enable or disable these authentication methods by using the IIS Manager and modifying the properties of the virtual directories that are used by OW A. Anonymous access is disabled by default on the Exchange Server virtual directories that provide access to mailbox or public folder contents. You can enable anonymous access to provide limited access for specific public folders and directory information. Anonymous authentication is supported by all clients, and it is an easy way to allow access to unsecured content in public folders. Basic authentication uses clear text to perform a simple challenge and response authentication. Basic authentication requires users to specify their user name, domain, and password to gain access to mailbox data. If you are going to enable basic authentication to provide access to OWA, you must implement SSL to encrypt the user name and password. Integrated Windows authentication provides the highest level of security for clients running Internet Explorer 5.0 or later because it uses Kerberos protocol version 5 to authenticate users. If you deploy OWA in a front-end and back-end server topology, only anonymous and basic authentication are supported on the front-end server. You cannot use Integrated Windows authentication. The only option for securing authentication traffic between the OWA client and the front-end server is to deploy SSL. Topic 12, The School of Fine Art, Scenario BACKGROUND 1. Overview The School of Fine Art is a creative learning school that specializes in modern art. Primary hours of operation are 8:00 A. M. to 5 P.M. Users include faculty members, students, and employees. All users must be able to access their e-mail messages at all hours 1. Physical Locations The school's main office is in Chicago. There are 150 campuses located throughout the United States. The main office includes 2,500 users. Each campus has approximately 30 faculty members who are network users. 1. Planned Changes Users must be able to retrieve their e-mail messages from any supported device that is connected to the Internet. Both wired and wireless connectivity must be supported. PROBLEM STATEMENTS Users cannot currently access their e-mail messages remotely by using Microsoft Outlook. EXISTING MESSAGING ENVIRONMENT 1. Administrative Structure 1. There is one Exchange 2000 Server administrative group for the Exchange servers in the main office. There are 150 additional Exchange 2000 Server administrative groups, with one group for each campus. These groups were created when the company upgraded from Exchange Server 5.5. 2. All Information Technology (IT) administrative roles are centralized in the main office. 3. The campus office are administered by a team named Campus Admin, which is also located in the main office. The Campus Admin team has Exchange Full Administrator permission for the 150 Campus administrative groups. 4. The main office servers are administered by a team named Main Office Admin. The Main Office Admin team has Exchange Full Administrator permission for all administrative groups. 1. Messaging Infrastructure 1. Currently, the School of Fine Art is using Exchange 2000 Server as its messaging platform. The Exchange servers are grouped into five main routing groups. The main office routing group contains all of the servers in the main office. The servers for the 150 campus locations are in routing groups based on regions of the country. 2. The routing group topology is shown in the following diagram. 3. All campus Exchange servers have a single mailbox store for all users in that campus location. 4. The Exchange servers at the main office have two mailbox stores that have the users divided equally based on the first letter of their last name. Both stores are in a single storage group. 5. Exchange servers at all campus locations are backed up daily by performing a local backup. A centralized network backup tool is used for the Exchange servers at the main office. The current backup solution can back up and restore at a rate of 14 GB per hour. 6. There is one public folder server that is widely used. 1. E. mail Clients 1. Users access their e-mail messages by using Outlook 2000 and Microsoft Outlook Web Access. 2. E. mail clients access Outlook Web Access by using SSL from the Internet and while using the company network. 3. Outlook Web Access is deployed on the front-end servers located in the perimeter network. 4. There are no mailbox size limits. SUPPORTING INFRASTRUCTURE 1. Directory Services 1. Active Directory is deployed in a single domain named corp.fineartschool.net. 2. Each campus office is considered a single site and has a site connector back into the main office site. 1. Network Infrastructure 1. Each campus office is connected directly to the main office. Connection speeds vary from 512 Kbps to 1540 Kbps. All LAN connections are 100 Mbps. 2. Each campus office has a single multifunction server that is the Exchange 2000 server and a global catalog server. 3. The relevant potion of the network is shown in the following diagram. BUSINESS REQUIREMENTS 1. Business Factors 1. The company requires end users to be able to access to their e-mail messages from any supported device. 2. Sales personnel need to be able to read and send e-mail messages and schedule meetings while they are offline. The company wants e-mail messages and meeting requests to be sent automatically when the sales personnel connect to the Exchange servers from remote locations. 1. Security 1. The Exchange environment includes mailboxes for only faculty members and no other users. The company requires security measures to be put into place to protect the messaging environment from external and internal users. 2. There are currently no message attachments being blocked. The company wants attachment types that can invoke a virus attack to be blocked at the SMTP gateway level. 3. The company wants viruses to be stopped before they reach the Exchange environment. 4. All mailbox data that a user accesses from the Internet must be encrypted to ensure security. 1. Interview Chief Information Officer: 1. We plan to implement new service level agreements that will require us to restore mailboxes within one hour of a request. 2. We currently cannot do this in regard to availability and recovery. 3. We need to make our internal network more secure by limiting the traffic into our internal network to secure Web traffic and SMTP traffic only. 4. We need to limit the cost of hardware and software while still achieving our technical goals. 5. We need to be able to apply service packs and security updates without affecting users' access to their mailboxes. Messaging Expert: 1. We need to move all mail functions and servers into the main office data centers. 2. We must have redundant servers for all messaging functions. 3. We must design a solution that has the most flexibility for future growth without having to redesign mailbox servers. 4. We must also have dedicated servers for each mail function. 5. We also cannot afford to lose a single e-mail item if a database becomes corrupt. Messaging Administrator: 1. The administrative model must be streamlined. Our current administrative group structure at times makes it difficult to find a server quickly. TECHNICAL REQUIREMENTS 1. Messaging Infrastructure 1. Service-level agreements require mailboxes to be restored within one hour. 2. Users must be able to send and receive e-mail messages in the event of a single mailbox server failure. 1. Supporting Infrastructure 1. No changes are planned for the network topology. 2. As a part of the migration, the functional level of the Active Directory forest will be upgraded to Windows Server 2003. 1. E. mail Client Infrastructure 1. Outlook 2003 will be deployed to all client computers. 2. Outlook Web Access 2003 and Outlook Mobile Access will also be deployed. 3. Microsoft Outlook Express will not be a supported e-mail client. Topic 12, The School of Fine Art (4 Questions)