70-284: Implementing and Managing Microsoft Exchange Server 2003

QUESTION 1
You work as the Exchange administrator at ABC.com. The ABC.com network has an Active
Directory domain named ABC.com.
The ABC.com Exchange organization contains two Exchange Server 2003 computers named
ABC-SR11 and ABC-SR12 respectively. ABC-SR11 is configured as the mailbox server and ABCSR12
is configured as the front-end server. ABC-SR12 has Microsoft Outlook Web Access over
SSL installed to allow ABC.com employees to access their e-mail.
The ABC.com intranet is connected to the Internet via a firewall. When several employees
complain that they are unable to access ABC-SR12, you investigate the issue and find that
employees are able to access Outlook Web Access using https: or HTTPS.
You have been instructed to make sure that the ABC.com employees are only able to use HTTPS
to access Outlook Web Access.
Which of the following actions should you take?

A. You should reconfigure the firewall to allow ABC.com employees to access port 443 on ABCSR12,
and then configure the default Web site on ABC-SR12 to require SSL connections.
B. You should reconfigure the firewall to allow ABC.com employees to access port 80 on ABCSR12,
and then configure the default Web site on ABC-SR12 to use port 443 for SSL connections.
C. You should reconfigure the firewall to allow ABC.com employees to access port 993 on ABCSR12,
and then configure the default Web site on ABC-SR12 to require SSL connections and 128-
bit encryption.
D. You should reconfigure the firewall to allow ABC.com employees to access port 143 on ABCSR12,
and then configure the Exchange https: virtual server on ABC-SR12 to enable forms-based
authentication for Outlook Web Access.

Answer: A

Explanation: SSL utilizes port 443. The external firewall does not currently allow traffic on port
443 to pass. Opening up this port will take care of that issue. The default OWA site is currently not
correctly setup to use HTTPS. This is why internal clients can connect to OWA using https:.
Modifying the security on the OWA web site will solve this problem.
Reference:
MS white paper Exchange Server 2003 RPC over https: Deployment Scenarios
MS white paper Exchange Server 2003 Client Access Guide
MS white paper Exchange 2003 Front-End Back-End Topology


QUESTION 2
You work as the network Exchange administrator at ABC.com, who has their headquarters located
in Miami. The ABC.com network has an Active Directory domain named ABC.com. All servers on
the ABC.com network run Windows Server 2003 and all client computers run Windows XP Professional.
The ABC.com network includes a server named ABC-EX01, which runs Microsoft Exchange Server 2003.
ABC.com recently entered into partnership with Weyland Industries, who has their office located in
Toronto. Part of the network in the Toronto office is configured as an Active Directory site within
the ABC.com domain. A server named ABC-EX02 is configured to run Microsoft Exchange Server
2003 and located in the Toronto office. The two Exchange servers are configured in separate
routing groups connected via a routing group connector. The Toronto and Miami offices are
connected to each other via a leased line connection.
You receive instruction from ABC.com to configure an ISDN-dialup connection as a backup
connection in the event that the leased line connection becomes unavailable.
During the course of your maintenance you discover that the ISDN dial-up connection is not used
as a backup connection, but is used exclusively by the routing group connector.
ABC.com wants you to make sure that the leased line connection is used as the primary
connection, and that the ISDN connection is used only if the leased line connection fails.
Which of the following actions should you take?

A. You should configure ABC-EX01 and ABC-EX02 to be in the same Active Directory site.
B. You should configure ABC-EX01 and ABC-EX02 to be in the same routing group.
C. You should have a lower IP route cost assigned to the ISDN link and a higher link cost to the leased line link.
D. You should configure ABC-EX02 to use ABC-EX01 as a smart host.
E. You should have a lower IP route cost assigned to the leased line link and a higher link cost to the ISDN link.

Answer: E

Explanation: It is possible that the administrator reversed the values of the cost on the
connections because IP route costs are used to set the preference levels between two routes to
the same destination.


QUESTION 3
You work as the Exchange administrator at ABC.com. The ABC.com network has an Active
Directory domain named ABC.com. ABC.com employs Exchange Server 2003 as its messaging
system. All servers on the ABC.com network run Windows Sever 2003 and all Exchange servers
run Exchange Server 2003.
The Exchange organization contains an Exchange server named ABC-SR31, which is used to
pass SMTP e-mail messages between ABC.com and the Internet and also stores the mailboxes of
all ABC.com’s employees. The intranet is connected to the Internet via a firewall.
When several employees complain that they continuously receive numerous unwanted e-mail
messages, you investigate the issue and find that the unwanted e-mail messages received by
ABC.com’s employees are the same. You also notice that the messages are being sent to a
universal distribution group in the ABC.com domain.
You must configure the network so that distribution groups are prevented from sending e-mail
messages from the Internet to the ABC.com users. Your solution must enable the ABC.com users
to continue to send and receive legitimate e-mail messages.
Which of the following is the best solution?

A. You should consider having the universal distribution groups converted to Domain Local Distribution groups.
B. You should consider having the Exchange Attributes removed from the universal distribution groups.
C. You should consider having the distribution groups configured to only permit e-mail messages from authenticated users.
D. You should consider having the membership of the universal distribution groups hidden.

Answer: C

Explanation: Your best option in this scenario would be to select Option C. The universal group is
used for mail distribution in your organization. You can configure the distribution group to accept
mail from authenticate users only to stop receiving spam.
Incorrect answers
A: Converting the universal groups to domain local security groups on its own will not protect you
against unsolicited mail. The security groups will still receive email
B: Removing the Exchange Attributes will remove the email address which would prevent
ABC.com users from sending email to the groups.
D: Hiding the group membership will not protect you against unsolicited mail. The groups will still
receive email.
Reference:
MS white paper Exchange Server 2003 RPC over https: Deployment Scenarios
MS white paper Exchange Server 2003 Client Access Guide
MS white paper Exchange 2003 Front-End Back-End Topology
MS white paper Exchange Server 2003 Message Security Guide
MS white paper Microsoft Exchange Intelligent Message Filter Deployment Guide


QUESTION 4
You work as the network Exchange administrator at ABC.com. The ABC.com network has an
Active Directory domain named ABC.com. All servers on the ABC.com network have Windows
Server 2003 installed and all workstations have Windows XP Professional installed.
The ABC.com network contains an Exchange 2003 server named ABC-EX01, which hosts
thousands of mailboxes in a single storage group. ABC-EX01 is equipped with a single RAID-5
device, which is configured as a single logical drive. ABC-EX01 is additionally equipped with a
high-end CPU and has a 2GB of RAM.
During the course of the day the ABC.com network users with mailboxes hosted on ABC-EX01
complain that at times of peak usage their email-services become considerably slower and it takes
longer for messages to be sent and opened using Microsoft Outlook. You have recently received
instruction from the ABC.com network CIO to monitor the performance and you receive the values
shown in the following exhibit:

You are required to improve the performance of e-mail for the network Exchange users on ABCEX01.
What should you do?

A. You should consider having a full-text index created on the mailbox store
B. You should consider having a new volume created on the existing RAID-5 device and move the
Exchange transaction logs to the new volume
C. You should consider having a new RAID device added and the Exchange transaction logs
moved to the new device
D. You should consider installing additional RAM
E. You should consider installing an additional processor

Answer: C

Explanation: The performance results indicate that the hard disk usage is very high and the other
counter values are within acceptable limits. All changes to the Exchange databases are recorded
first in the transaction logs.


QUESTION 5
You work as the Exchange administrator at ABC.com. The ABC.com Exchange organization has
includes a solitary server named ABC-EX01 that has Exchange Server 2003 installed. All
ABC.com users make use of Microsoft Outlook to send and receive e-mail messages.
ABC-EX01 is equipped with dual CPUs and 2 GB Random Access Memory (RAM). ABC-EX01 is
configured to host a storage group that contains one mailbox store.
You receive reports that opening Outlook takes too long, and that every e-mail message being
sent or opened takes too long. You monitor the ABC-EX01 and find that the inadequate RAM
results in the primary bottleneck, which then results in sluggish performance. You, therefore,
increase ABC-EX01’s RAM to 4 GB RAM. However, the ABC.com users continue to report
sluggish Outlook performance.
Which of the following actions should you take to improve ABC-EX01’s performance?

A. You should increase the size of the virtual memory to 6GB.
B. You should place an additional switch that increases user mode memory usage to the Boot.ini
file in the mailbox servers.
C. You should increase the priority of the store.exe process in Task Manager.
D. You should set up an additional mailbox store on the server. Then divide the existing mailboxes
between the old and the new mailbox store.

Answer: B

Explanation: If you have more than 1 GB of physical memory installed on a server that is running
Exchange Server 2003, you must make sure that Exchange Server 2003 can make efficient use of that memory.
If you are running Exchange Server 2003 on a Windows Server 2003-based computer, and if the
/3GB switch is set, Microsoft recommends that you set the /USERVA=3030 parameter in the
Boot.ini file. This configuration option increases the virtual address space.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

70-270: Installing, Configuring, and Administering Microsoft Windows XP Professional

QUESTION 1
You work as an administrator at ABC.com. The corporate network consists of a single Active
Directory domain named ABC.com. All client computers on the corporate network are configured
to run Windows 2000 Professional.
You are preparing to uABCrade the client computers to Windows XP Professional with zero impact
on productivity. You use a server named ABC-SR01 that has a shared folder named Data to save
the Setup files required for the uABCrade. You need to determine the appropriate manner in which
to start the Setup.
What is the first step to make sure the Setup files are installed in an unattended process on the
client computers?

A. You should create a test environment and run an unattended installation of the Setup Files.
B. You should execute the Winnt32.exe command and follow up with the xcopy command onABCSR01.
C. You should execute the Winnt32.exe command with the /dushare:\\ABC-SR01\data parameters.
D. You should use an OEM installation package on the first client computer.

Answer: C

Explanation: Your best option in this scenario would be to use the dushare switch and indicate the updates folder.
Reference:
Rick Wallace, MCSE (Exam 70-270) Microsoft XP Professional Training Kit, Microsoft Press,
Redmond, 2002, Chapter 2, Lesson 3
Microsoft Knowledge Base Article – Q312110, How to Deploy the Windows XP Dynamic Update Package


QUESTION 2
You are the desktop administrator for ABC.com. The ABC.com network consists of a single Active
Directory domain named ABC.com. All client computers on the network are configured to run
Windows XP Professional.
The ABC.com users who are assigned laptop computers often work from home. These laptop
computers are set up specifically to make a connection to the network and the Internet without any
problems. After a few weeks several laptop users complained that they cannot access the shared
folders on the laptop computers even when working at the office.
You check and discover that these users have permission to access the shared folders. You thus
decide to make the necessary modifications in the local GPO on all laptop computers.
Which actions should you take to make sure of continued Internet protection and provide access
to the shared folders? (Choose Two.)

A. You should configure the Windows Firewall on the laptop computers.
B. You should assign all laptop computers to a global security group.
C. You should change the local GPO by deselecting the Prohibit the use of ICF on your DNS
domain network option.
D. You should enable TCP/IP filtering.
E. You should enable the Allow users to connect remotely to this computer option.

Answer: A,C

Explanation: To ensure that users can access shared folders on the portable computers during
the day and to ensure that the portable computers are protected when they are connected to the
Internet in the evening, you need to enable Windows Firewall and then enable the Prohibit the use
of ICF on your DNS domain network setting in the local GPO.
The ICF should not be used on VPN connections as it interferes with file sharing and print
services. ICF can cause undesirable issues if clients in a network enable ICF on their LAN
interfaces. Instead, large network should use better alternatives such as dedicated firewalls.
Reference: Sharing (ICS) and Internet Connection Firewall (ICF)
http://www.techexams.net/technotes/xp/ics_icf.shtml


QUESTION 3
You are employed as an administrator at ABC.com. The ABC.com network consists of a single
Active Directory domain named ABC.com. A server named ABC-SR27 is used as a file server that
hosts a shared folder. All network users store their files and documents on the shared folder.
The ABC.com Finance department makes use of a custom application and save their files to the
shared folder on ABC-SR27.
You received a complaint from the Finance Department members that some of the custom
application files have become unusable resulting in productivity decrease when they have to
restore the application using the backup. You then find that the other network users configured the
shared folder to be available offline and all indications are that this is the cause of the problem.
You must make sure that the custom application files will remain unavailable when the users are
not logged on.
How can you achieve this without impacting on user access to other files in the folder? (Choose
TWO. Each answer forms part of the solution.)

A. You should change the network policy.
B. You should assign the Allow – Write permission to all users.
C. You should configure “My Documents” to be available offline in Windows Explorer on every client computer.
D. You should include the custom application files in the Files not cached domain group policy.
E. You should select the Synchronize all offline files before logging off check box on the Offline Files tab.

Answer: A,D

Explanation: The custom application files become corrupt due to the offline caching. In this
scenario we need to prevent this type of file being made available offline. We can do this by
configuring the ‘Files not cached’ setting in group policy.
Files not cached
Computer Configuration\Administrative Templates\Network\Offline Files
Reference:
Lisa Donald & James Chellis, MCSA/MCSE: Windows XP Professional Study Guide Second
Edition, Sybex Inc., Alameda, 2003, p. 344


QUESTION 4
You work as the network administrator at ABC.com. All client computers on the ABC.com network
are configured to run Windows XP Professional.
A ABC.com user named Kara Lang is assigned a laptop computer named ABC-WS15. She
complains that she gets random error messages regarding missing .dll files on ABC-WS15 when it
is not connected to the docking station.
After some troubleshooting you discover that the device driver uses the .dll file mentioned in the
error messages as an external storage device. The storage device is in turn linked to the docking
station of Kara Lang. There are no random error messages when she works in docked mode. To
ensure productivity you need to make sure that this incident does not recur.
How can this be accomplished? (Choose THREE. Each answer forms part of the solution.)

A. By disabling the support for the docking station in the BIOS.
B. By creating a new hardware profile named KingUndocked by copying the default hardware
profile of ABC-WS15.
C. By disabling the server service in the Services Options.
D. by disabling the storage device in the undocked hardware profile.
E. By informing the user too restart ABC-WS15 using the undocked hardware profile.
F. by disabling the devices used by the docked hardware profile.

Answer: B,D,E

Explanation: Hardware profiles are used to load different sets of device drivers according to
which profile is selected. In this scenario, we have a docking station with an external storage
device attached. Therefore, we want to load the driver for the external storage device when the
computer is docked, but not when the computer is undocked. To do this, we can create another
hardware profile to be used when the computer is undocked. We can configure the undocked
profile to not load the driver by disabling the external storage device in Device Manager.
Reference:
Rick Wallace, MCSE (Exam 70-270) Microsoft XP Professional Training Kit, Microsoft Press,
Redmond, 2002, Chapter 10, Lesson 3 & Chapter 15, Lesson 6


QUESTION 5
ABC.com has employed you as an administrator for their organization. All computers on the
network are configured to run Windows XP professional.
A ABC.com user named Rory Allen is assigned a computer named ABC-SR12. ABC-SR12 is
configured to host a custom application to create huge databases.
A vast amount of disk space is occupied when databases are created with this application. At
present the ABC-SR12 configuration is as in Exhibit:

You receive a complaint from Rory Allen regarding an error message when he attempts to run the
application to create a database.
Which actions should you take to create a mount point on the ABC-SR12 C-Drive to make sure
that the application allows the creation of database without any error message?

A. You should point the mount point on the C-Drive to the D-Drive root directory.
B. You should convert both Disk A and Disk B to dynamic volumes.
C. You should convert both Disk A and Disk B to basic volumes.
D. You should configure an alternative file distribution system.

Answer: A

Explanation: Your best option in this scenario would be to create mount points. Volume mount
points permits a volume to be mounted on an existing folder rather than at the root of a new drive
letter. You are able to create a volume mount point for an empty NTFS directory in order to permit
an administrator to create new volumes without needing extra drive letters.
We create a mount point on the volume that needs more space, C-Drive, and points it to the
volume which has the required free disk space.
Reference:
Rick Wallace, MCSE (Exam 70-270) Microsoft XP Professional Training Kit, Microsoft Press,
Redmond, 2002, Chapter 10, Lesson 3


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

70-236: Configuring Exchange Server 2007

QUESTION 1
You work as the Exchange Administrator at ABC.com. The ABC.com network has an Exchange
Server 2007 infrastructure.
The network contains a mailbox named TestResources. At present all users are able to diarize
appointments for TestResources. A new company policy states that only Kara Lang and Mia
Hamm are permitted to diarize appointments for TestResources.
What actions must you take to comply with the ABC.com policy?

A. You should run the following cmdlet:
Set- MailboxCalendarSettings – Identity”TestResources” – MonthCalendar calendar = new
MonthCalendar(); KaraLang , MiaHamm.
B. You should run the following cmdlet:
Set-MailboxCalendarSettings – Identity ” TestResources” – BookInPolicy KaraLang , MiaHamm –
AllBookInPolicy $false cmdlet.
C. You should run the following cmdlet:
Set – MonthCalendar calendar = new MonthCalendar(); “host.KaraLang , MiaHamm = calendar ”
this.Content = host;.
D. You should run the following cmdlet:
Set – MonthCalendar calendar = new MonthCalendar();
HwndSource source = HwndSource.FromHwnd(calendar.Handle);
this.Content = calendar;Delegates KaraLang , MiaHamm.

Answer: B

Explanation:


QUESTION 2
You work as the Exchange Administrator at ABC.com. The ABC.com network has an Exchange
Server 2007 environment. ABC.com has headquarters in London and branch offices in Paris and
Berlin. The marketing department is located at the Paris office. The personnel in Paris connect to
the network through the Internet and use Outlook Anywhere on their laptops. To ensure
productivity management wants you to make sure that the marketing personnel have access to the
companies’ mailboxes.
What actions must you take?

A. You should utilize the Test- MAPIConnectivity and the Test- WebServicesConnectivity cmdlet.
B. You should utilize Get- Recipient – Filter cmdlet.
C. You should utilize Show-MailboxStatistics cmdlet.
D. You should utilize List-Mailbox cmdlet.

Answer: A

Explanation:


QUESTION 3
You work as the Exchange administrator at ABC.com. The ABC.com network has an Exchange
Server 2007 environment. The ABC.com network has an Exchange Server 2007 environment.
The Edge Transport Server role is installed on a server named ABC-EX01. Due to this server
failure, you have decided to install a new Microsoft Windows Server 2003 server named ABCEX03
on the network with the reinstallation of the Edge Transport Server role. However, the
address rewrites that was functional on ABC-EX01 did not in operation on ABC-EX03. This
functionality is needed.
What actions must you take?

A. You should use the ImportEdgeConfig.ps1 on ABC-EX03.
B. You should use the iiscnfg/enable: application name check version.
C. You should use the Transaction Logs for sp_configure configuration.
D. You should use create a new Send connector on ABC-EX03.

Answer: A

Explanation:


QUESTION 4
You work as the Exchange administrator at ABC.com. ABC.com has headquarters in London and
a branch office in Paris. The Exchange Server 2007 server in the London office is named ABCEX07
and the Exchange Server 2003 server in the London office is named ABC-EX08. You need
to transfer the mailbox from ABC-EX07 to ABC-EX08.
What actions must you take?

A. You should include the IgnoreRuleLimitErrors parameter when using the Move-Mailbox cmdlet.
B. You should use the System configuration data collector.
C. You should create a mapping schema definition.
D. You should enable the Windows Remote Management (WinRM).

Answer: A

Explanation:


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

70-162: TS: Forefront Protection for Endpoints and Applications, Configuring

QUESTION 1
You work as a Security Administrator at ABC.com. The network consists of a single Active
Directory Domain Services (AD DS) domain with servers running Windows Server 2008 and client
computers running Windows 7 Professional.
A pool of Windows 2008 Servers hosts the Microsoft Exchange Server 2007 environment.
You have recently implemented Forefront Protection for Exchange Server (FPE) 2010 to improve
the security of the Microsoft Exchange Server 2007 environment.
You discover that some mailboxes have been infected by malware. However there are no
malware infection notifications in the Forefront Protection for Exchange Server Console.
You need to immediately check specific mailboxes to see if they are infected by the malware.
What should you do?

A. You should run a Forefront Client Security scan on the client computers.
B. You should use Forefront Protection for Exchange to perform a real-time scan of the mailboxes.
C. You should use Forefront Protection for Exchange to perform an on-demand scan of the
mailboxes.
D. You should install Microsoft Security Essentials on client computers.

Answer: C

Explanation:


QUESTION 2
You work as a Network Administrator at ABC.com. Your responsibilities include the security of the
computers in the network. The network consists of a single Active Directory Domain Services (AD
DS) domain with servers running Windows Server 2008 and client computers running Windows 7
Professional.
A pool of Windows 2008 Servers hosts the Microsoft Exchange Server 2007 environment.
You have recently implemented Forefront Protection for Exchange Server (FPE) 2010 to improve
the security of the Microsoft Exchange Server 2007 environment.
How would you configure FPE to enable spam filtering?

A. By using the Forefront Management Shell to run the Set-FSEScheduledScan cmdlet.
B. By using the Forefront Management Shell to run Set-FseSpamFiltering the cmdlet.
C. By using the Forefront Management Shell to run the Set-FseSpamContentCheck cmdlet.
D. By using the Forefront Management Shell to run the Set-FSERealtimeScan cmdlet.

Answer: B

Explanation:


QUESTION 3
You are responsible for the security of the ABC.com network. The network consists of a single
Active Directory Domain Services (AD DS) domain with servers running Windows Server 2008
and client computers running Windows 7 Professional.
The company uses Forefront Protection for Exchange Server (FPE) 2010 to protect the Microsoft
Exchange Server 2007 environment.
While monitoring the logs in the FPE console, you discover that users in the company have
received spam emails.
The subject line in each of the emails is: “Free access to our new online tournament!” You note
that the sender email address is spoofed to appear to be from a different domain for each email.
How can you block this spam attack in future?

A. You should configure an allowed sender custom filter in FPE.
B. You should configure a file filtering custom filter in FPE.
C. You should configure a keyword filtering custom filter in FPE.
D. You should configure a sender-domain custom filter in FPE.
E. You should configure a subject line filtering custom filter in FPE.

Answer: E

Explanation:


QUESTION 4
You work as a Network Administrator at ABC.com. Your responsibilities include the security of the
computers in the network. The network consists of a single Active Directory Domain Services (AD
DS) domain named ABC.com and includes servers running Windows Server 2008 and client
computers running Windows 7 Professional.
Four servers running Windows 2008 Server host the Microsoft Exchange Server 2007
environment.
Two servers named ABC-Edge1 and ABC-Edge2 are configured as Microsoft Exchange Edge
Transport servers.
Two servers named ABC-Mbox1 and ABC-Mbox2 are configured as Microsoft Exchange Mailbox
Servers and also run the Microsoft Exchange Hub Transport server roles.
You have recently implemented Forefront Protection for Exchange Server (FPE) 2010 to improve
the security of the Microsoft Exchange Server 2007 environment.
You need to configure email scanning in Forefront Protection for Exchange Server (FPE) 2010.
How should you configure FPE to scan all emails sent from within the ABC.com domain to email
recipients in the ABC.com domain?

A. You should configure FPE to perform Internal scanning on ABC-Mbox1 and ABC-Mbox2.
B. You should configure FPE to perform Internal scanning on ABC-Edge1 and ABC-Edge2.
C. You should configure FPE to perform Inbound scanning on ABC-Mbox1 and ABC-Mbox2.
D. You should configure FPE to perform Inbound scanning on ABC-Edge1 and ABC-Edge2.
E. You should configure FPE to perform Outbound scanning on ABC-Edge1 and ABC-Edge2.

Answer: A

Explanation:


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Microsoft’s BYOD game plan is surprisingly impartial

Behind every endpoint device is a connection to the network, and Microsoft appears to be working hard to improve that.

Microsoft has wrapped up its annual TechEd North America conference in New Orleans, which means those unfortunate enough to have gone should be finished wringing the sweat out of their clothes by now.

Among the many developments at the show was Microsoft’s clear support for the whole bring your own device (BYOD) trend. I’m actually surprised, because BYOD was born out of a rebellion against Microsoft products. Many of the people bringing their own laptops to work were bringing in Macs instead of Windows PCs, alongside their iPhones.

RELATED: Gauging Windows Phone’s chances against the iPhone

How will IT react to annual Server 2012 updates?

No matter, Microsoft is set to introduce a slew of client and server technologies to support BYOD, both Microsoft and non-Microsoft devices.

Starting with Windows 8.1, Ms. Smith has already noted multiple new features for BYOD, such as improved native fingerprint-based biometrics, touch and swipe to authenticate Windows sign-in, remote access, and the ability to lock down specific folders. You’ll also get remote wipe of business data and control over the layout of the Start menu.

A new release of the Windows Intune management platform and Server 2012 R2 will allow authenticated users to connect their devices to secure corporate resources. Intune was supposed to allow small businesses and organizations with branch offices an easy way to maintain their work computers with updates and bug fixes. Microsoft chose Intune because it figured companies will connect through the Internet and not private networks. So Intune won over VPNs.

Devices connected to the Workplace through Intune will require the user to explicitly agree to connect to a management server as an extra step, so management of devices is not automatic. That will come later this year. By the end of this year, organizations will be able to control the use of personal devices – including non-Windows mobile devices such as Apple’s iOS-based iPhone and iPads and Android devices – to access company data and applications.

Users will also be able to register their mobile devices with the workplace, which will provide them with the ability to download data and company apps written for their devices’ platforms. This will work on Windows 8.1, iOS and Android as well. When the employee leaves the company, all work-related assets are removed, but their personal apps and data remain untouched.

Much of these updates will come with future Microsoft products, like Windows 8.1 and Server 2012 R2.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Microsoft Office 365 lands in US iPhone App Store

Office Mobile is only available for iPhone, iPad users can use Office Web Apps for now, Microsoft said

Microsoft released a version of its office suite for iPhones in the U.S. that is only available for Office 365 subscribers.

Microsoft released the Microsoft Office Mobile suite for iPhones Friday. The software is compatible with iPhone 4, 4S and 5, and the iPod Touch (5th generation) and requires iOS 6.1 or later, according to the iTunes release notes.

Mobile Office allows users to access, view and edit Microsoft Word, Microsoft Excel and Microsoft PowerPoint documents, according to the release notes. Because charts, animations and SmartArt graphics and shapes are supported, documents look like their originals, Microsoft said, adding that formatting and content remain intact when edits are made.

iPhone users can access Office documents that are stored on SkyDrive, SkyDrive Pro and Sharepoint.

“Office Mobile is cloud-connected. The documents you’ve recently viewed on your computer are readily available on your phone in the recent documents panel,” Microsoft said. It is also possible to view and edit documents attached to email settings.

Documents can also be edited offline. Changes will be saved online when the device reconnects with the network, Microsoft said.

When opening a Word document from SkyDrive or SkyDrive Pro on an iPhone, “it automatically resumes at the place where you left off reading, even if you last viewed the document on your PC or tablet.”

While the app is free, an Office 365 subscription is required to use it, Microsoft said. The subscription version, called Office 365 Home Premium, costs US$99.99 per household annually. The app will also work with a 365 trial account, Microsoft said, adding that using the Office Mobile app for Windows Phone does not require a subscription.

The app is only available in the U.S. for now. “Office Mobile for iPhone will be available in 29 languages covering 135 markets.A The international rollout will occur over approximately 4-5 days,” Microsoft said in a blog post.

The app is not available in an optimized version for the iPad. “Like all iPhone apps, Office Mobile can work on iPad, either small or ‘2X’ scaled up, but you’ll have a more satisfying experience using Office Web Apps,” Microsoft said.

Office for iPad is reportedly scheduled for release in October 2014.

 


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

Microsoft patches critical IE vulnerabilities and actively exploited Office flaw

Microsoft patches critical IE vulnerabilities and actively exploited Office flaw
Patching the vulnerabilities in IE and Office should be a priority, security researchers said

A new batch of security updates released by Microsoft on Tuesday address a total of 23 vulnerabilities in Internet Explorer, Windows and Microsoft Office, including one that is actively exploited by attackers. The handling of digital certificates in Windows was also improved.

Only the security bulletin for Internet Explorer, identified as MS13-047, is rated critical. This bulletin addresses 19 privately reported vulnerabilities that affect all Internet Explorer versions, from IE 6 to 10, and could allow remote attackers to execute code on computers with the privileges of the active user.

In order to exploit one of these vulnerabilities attackers need to set up a maliciously crafted Web page and trick users into visiting it. However, on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, Internet Explorer runs in a restricted mode called Enhanced Security Configuration that mitigates the vulnerability.

These Internet Explorer vulnerabilities might be a target for attackers who could try to reverse engineer the patches and build reliable exploits, said Wolfgang Kandek, the chief technology officer at security vendor Qualys.

According to a risk assessment table for the vulnerabilities that was published Tuesday on the Microsoft Research and Defense blog, Microsoft believes that its likely to see reliable exploits for the Internet Explorer vulnerabilities developed within next 30 days.

One of the vulnerabilities that Kandek is most concerned about affects Microsoft Office 2003 and Microsoft Office for Mac 2011 — the most recent version of Office available for Mac OS X. This remote code execution flaw was addressed in the MS13-051 security bulletin, but is already being actively exploited in targeted attacks. Despite this, Microsoft only rated the security bulletin as important and not critical.

The vulnerability stems from an error in how Microsoft Office components process PNG files and can be exploited by tricking users to open specially crafted files or to preview specially crafted email messages with an affected version of Microsoft Office.

“The attacks we observed were extremely targeted in nature and were designed to avoid being investigated by security researchers,” said Neil Sikka, a security engineer with the Microsoft Security Response Center, in a blog post Tuesday. “The malicious samples observed are Office documents (Office 2003 binary format) which do not include the malicious PNG file embedded directly in the document. Rather, the documents reference a malicious PNG file loaded from Internet and hosted on a remote server.”

This vulnerability is a classic buffer overflow bug, said Andrew Storms, director of security operations at security vendor Tripwire, via email. “It’s unfortunate that even the most recent version of the Mac Office product still contains such a well understood vulnerability. This probably should have been caught during Microsoft’s development processes before release.”

“It’s disappointing to see that Mac users of Microsoft software get the short end of the stick when it comes to security,” said Tyler Reguly, technical manager of security research at Tripwire, via email. “You have to wonder how a vulnerability that only affects Office 2003 is also in Office for Mac 2011. As a Mac user, I find this advisory very disconcerting.”

Even though later versions of Office for the Windows platform are not affected by this vulnerability, Office 2003 is still used by a lot of people, which makes this a serious vulnerability, Kandek said.

Another security bulletin released Tuesday, MS13-049, addresses a denial-of-service vulnerability in the Windows TCP/IP driver that affects all versions of Windows except for Windows XP and Windows Server 2003. An attacker could exploit this vulnerability by sending specially crafted packets to a targeted system which could cause it to stop responding.

“Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter,” Microsoft said in the security bulletin.

“Network admins will want to carefully review and prioritize MS13-049, a network based denial of service bug,” Storms said. “Unfortunately, newer versions of Windows can be exploited by the bug via a remote attack surface — diminishing the long-standing thought that newer software is more secure.”

Another security bulletin, MS13-048, addresses a vulnerability in the Windows kernel that affects only 32-bit versions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows 8. In order to exploit this vulnerability an attacker would need to have access to the system in order to execute a specially crafted application or would need to trick a local user to execute it.

“This vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system,” Microsoft said in the security bulletin.

The last security bulletin, MS13-050, addresses a vulnerability in the Windows Print Spooler service that could allow an attacker authenticated as a local user to elevate his privilege when deleting a printer connection. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the system with system privileges, Microsoft said.

Microsoft also issued a separate update accompanied by a security advisory as part of its efforts to improve cryptography and digital certificate handling in Windows. This update improves the Certificate Trust List (CTL) functionality in Windows Vista, Windows Server 2008, Windows 7, Windows 8, Windows Server 2012 and Windows RT.

The update allows administrators to configure domain-joined computers to use auto update without having access to the Windows Update site, configure domain-joined computers to independently opt in to auto update for both trusted and disallowed CTLs, as well as examine the set of roots in Microsoft root programs and to choose a subset of them for distribution via Group Policy, Microsoft said.

Microsoft did not patch the zero-day vulnerability disclosed recently by Google security engineer Tavis Ormandy, Kandek said. That vulnerability is an elevation of privilege (EoP) one and cannot be used for remote code execution, but it could be used in a chained attack together with other vulnerabilities, so attackers might attempt to use it, he said.

Microsoft probably already has a patch for it, but it hasn’t been tested enough so it will release it next month, Kandek said. However, if the vulnerability starts to be widely exploited in the meantime, the company might release the patch sooner, he said.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

70-162 – TS: Forefront Protection for Endpoints and Applications, Configuring

QUESTION 1
You work as a Security Administrator at ABC.com. The network consists of a single Active
Directory Domain Services (AD DS) domain with servers running Windows Server 2008 and client
computers running Windows 7 Professional.
A pool of Windows 2008 Servers hosts the Microsoft Exchange Server 2007 environment.
You have recently implemented Forefront Protection for Exchange Server (FPE) 2010 to improve
the security of the Microsoft Exchange Server 2007 environment.
You discover that some mailboxes have been infected by malware. However there are no
malware infection notifications in the Forefront Protection for Exchange Server Console.
You need to immediately check specific mailboxes to see if they are infected by the malware.
What should you do?

A. You should run a Forefront Client Security scan on the client computers.
B. You should use Forefront Protection for Exchange to perform a real-time scan of the mailboxes.
C. You should use Forefront Protection for Exchange to perform an on-demand scan of the mailboxes.
D. You should install Microsoft Security Essentials on client computers.

Answer: C

Explanation:


QUESTION 2
You work as a Network Administrator at ABC.com. Your responsibilities include the security of the
computers in the network. The network consists of a single Active Directory Domain Services (AD
DS) domain with servers running Windows Server 2008 and client computers running Windows 7
Professional.
A pool of Windows 2008 Servers hosts the Microsoft Exchange Server 2007 environment.
You have recently implemented Forefront Protection for Exchange Server (FPE) 2010 to improve
the security of the Microsoft Exchange Server 2007 environment.
How would you configure FPE to enable spam filtering?

A. By using the Forefront Management Shell to run the Set-FSEScheduledScan cmdlet.
B. By using the Forefront Management Shell to run Set-FseSpamFiltering the cmdlet.
C. By using the Forefront Management Shell to run the Set-FseSpamContentCheck cmdlet.
D. By using the Forefront Management Shell to run the Set-FSERealtimeScan cmdlet.

Answer: B

Explanation:


QUESTION 3
You are responsible for the security of the ABC.com network. The network consists of a single
Active Directory Domain Services (AD DS) domain with servers running Windows Server 2008
and client computers running Windows 7 Professional.
The company uses Forefront Protection for Exchange Server (FPE) 2010 to protect the Microsoft
Exchange Server 2007 environment.
While monitoring the logs in the FPE console, you discover that users in the company have
received spam emails.
The subject line in each of the emails is: “Free access to our new online tournament!” You note
that the sender email address is spoofed to appear to be from a different domain for each email.
How can you block this spam attack in future?

A. You should configure an allowed sender custom filter in FPE.
B. You should configure a file filtering custom filter in FPE.
C. You should configure a keyword filtering custom filter in FPE.
D. You should configure a sender-domain custom filter in FPE.
E. You should configure a subject line filtering custom filter in FPE.

Answer: E

Explanation:


QUESTION 4
You work as a Network Administrator at ABC.com. Your responsibilities include the security of the
computers in the network. The network consists of a single Active Directory Domain Services (AD
DS) domain named ABC.com and includes servers running Windows Server 2008 and client
computers running Windows 7 Professional.
Four servers running Windows 2008 Server host the Microsoft Exchange Server 2007
environment.
Two servers named ABC-Edge1 and ABC-Edge2 are configured as Microsoft Exchange Edge
Transport servers.
Two servers named ABC-Mbox1 and ABC-Mbox2 are configured as Microsoft Exchange Mailbox
Servers and also run the Microsoft Exchange Hub Transport server roles.
You have recently implemented Forefront Protection for Exchange Server (FPE) 2010 to improve
the security of the Microsoft Exchange Server 2007 environment.
You need to configure email scanning in Forefront Protection for Exchange Server (FPE) 2010.
How should you configure FPE to scan all emails sent from within the ABC.com domain to email
recipients in the ABC.com domain?

A. You should configure FPE to perform Internal scanning on ABC-Mbox1 and ABC-Mbox2.
B. You should configure FPE to perform Internal scanning on ABC-Edge1 and ABC-Edge2.
C. You should configure FPE to perform Inbound scanning on ABC-Mbox1 and ABC-Mbox2.
D. You should configure FPE to perform Inbound scanning on ABC-Edge1 and ABC-Edge2.
E. You should configure FPE to perform Outbound scanning on ABC-Edge1 and ABC-Edge2.

Answer: A

Explanation:


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

70-630 – TS:Microsoft Office SharePoint Server 2007, Configuring

QUESTION 1
You work as a SharePoint Server administrator at ABC.com. You have just the completed the
insertion of new content in the root site. However, later that day the users complained that the new
content is not added in the search results when they run searches on the root site. You need to
make sure that the relevent content is included in query results.
What actions should you take to perform this task?

A. The best option is to set the Complete Through constraint.
B. The best option is to reset the crawled content and start a full crawl.
C. The best option is to set the Resource Center view.
D. The best option is to edit the CSS style sheet to include the new content.

Answer: B

Explanation:


QUESTION 2
You work as a SharePoint Server administrator at ABC.com. One of ABC.com branch offices
consists of a Windows Server 2003 Active Directory domain. You have received instructions from
the CIO to extend SharePoint user profiles to include the userID property from the users’ domain
accounts.
What actions should you take to perform this task?

A. The best option is to add a Microsoft Operations Manager (MOM) server.
B. The best option is to create a custom Microsoft Management Console that can access the
branch office.
C. The best option is to create a new user profile property that is configured with import mapping.
D. The best option is to run the SharePoint Products and Technologies Configuration.

Answer: C

Explanation:


QUESTION 3
You work as a SharePoint Server administrator at ABC.com. The ABC.com network contains a
SharePoint Portal Server 2003 server named ABC-SR44. ABC-SR44 hosts a SharePoint portal
that is accessed through a hyperlink on the users’ client computers. The hyperlink points to
http://www.ABC.com/ms/certifications.
You want to migrate ABC-SR44 to Microsoft Office SharePoint Server (MOSS) 2007. You need to
ensure that the SharePoint portal will be accessible after the migration.
What actions should you take to perform this task?

A. By running the stsadm command with the osearch operator.
B. By editing the hyperlink so it will point to the new URL of the migrated content.
C. By running the stsadm command with the enumsites operator.
D. By enabling the Shared Services Provider Synchronizing job.

Answer: B

Explanation:


QUESTION 4
You work as a SharePoint Server administrator at ABC.com. ABC.com contains a Microsoft
Content Management Server 2002 computer named ABC-SR11. You have received instructions
from the CIO to uABCrade ABC-SR11 to Microsoft Office SharePoint Server (MOSS) 2007.
What actions should you take to perform this task?

A. The best option is to run the stsadm command with the addwppack operator.
B. The best option is to run the stsadm command with the installfeature operator.
C. The best option is to run the CMS Assessment utility on ABC-SR11.
D. The best option is to run the Optimize HTML command in SharePoint Designer.

Answer: C

Explanation:


QUESTION 5
You work as a SharePoint Server administrator at ABC.com. ABC.com has a Development
department with a database server named ABC-DB02. ABC-DB02 hosts a database named
CkdProducts. ABC.com has implemented a Web application in the SharePoint site that must
access data in CkdProducts.
What actions should you take?

A. The best option is to obtain and install an application definition file from the Development
department.
B. The best option is to enable the Save for Sharing option, then save CkdProducts in the
Development department.
C. The best option is to save CkdProducts as a Microsoft Excel 2007 worksheet.
D. The best option is to create a custom group in the Site Settings page to the trusted file locations
list.

Answer: A

Explanation:


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Microsoft : Hybrid cloud is good for IT, end users and corporate bottom line

At TechEd Brad Anderson, Microsoft vice president of Windows Server and System Center details hybrid cloud vision

Microsoft’s vision of corporations using hybrid cloud has benefits for IT departments and end users as well as cost savings, says Brad Anderson, Microsoft vice president of Windows Server and System Center.

IT departments can look forward to replicate data-center virtual machines to a cloud service provider where they can provide fault tolerance and high availability and be ready for recovery in case of a disaster, Anderson said during an interview at TechEd North America 2013. [Click here for a full transcript of the interview.]

BACKGROUND: Targeting cloud, Microsoft set to revamp major enterprise software platforms

RELATED: New services bolster Microsoft Azure as key enterprise cloud management system

With the service, IT will also have the capability to manage any mobile device – Windows, Android, iOS – from the cloud-based InTune mobile-device management service within Microsoft Azure. The advantage is that for businesses using System Center Configuration Manager, the interface is the same, so there is no learning curve, but management can be extended to BYOD devices.

“You could just use the tools that you’re using right now and now enable your users across their PCs, their Windows devices, their Apple devices and their Android devices,” he says.

This yields benefits for end users as well. “I can bring up a company portal, authenticate with my Active Directory ID and the combination of Active Directory and System Center will automatically bring for me a personalized experience on any kind of device enabling me to provision the applications and get access to the data I need to be productive,” he says.

New tools in Microsoft Office applications enable on-the-fly parsing and graphically representing data, as exemplified by new capabilities in Excel called GeoTracker and PowerPivotl, Anderson says. Users themselves can blend database information with data drawn from Web sources such as Twitter and Bing to create graphic depictions of the aggregate data.

A demonstration at the conference keynote showed attendees of TechEd distributed across a map of the world with bars on each location showing how many people came from each city relative to others that used the TechEd database plus Bing. Clicking on a city allowed drilling down to search the attendees from that city by job title.

Then using data from Twitter, a heat map of the world showed the increase of Tweets about TechEd from around the globe as the date of the conference neared.

The ability to take unlimited amounts of data, diverse sets of data, bring that all together and then bring this rich visualization on it that allows me to wallow in it,” Anderson says. “I can experiment, I can ask questions and I can literally sit there in a very visual experience, experiment and form hypotheses and theories and learn about what is happening in my infrastructure if I’m IT or if I’m operating a business what’s happening in that business and how I can differentiate and improve.”

Saving money is another key part of hybrid cloud, Anderson says, and many of the cost savings businesses can take advantage of in their private corporate networks are offshoots from what Microsoft has learned building Azure.

“We literally operate over hundreds of thousands of servers [in Azure] and we deploy hundreds of thousands of servers every year,” he says. “So for us just a relentless focus on decreasing complexity and decreasing costs by taking advantage of just industry-standard hardware is a lot of innovation that we’re doing in the public cloud and then bringing on premises.”

In particular, Azure has taught Microsoft to build storage networks on commodity hardware that is less expensive than traditional SAN gear, and that is now available to corporate customers in their private networks.

The ability to use corporate infrastructure management and device management tools across the cloud can also reduce expense.

“Everything from software defined networking, the innovations in storage where I get all of the benefits that traditionally have only come from a SAN but doing it on industry standard cost-effective hardware, the ability to unify my environment from a user enablement and endpoint protection to where I can manage my PCs, all my users’ devices as well as my anti-malware on one common infrastructure – all these things drive savings,” Anderson says.

Since many of these new capabilities are part of standard platforms such as Microsoft SQL Server, Windows Server and InTune, there is no extra cost to current customers. “It’s just Excel, it’s just SQL, it’s not additional licenses, it’s not additional hardware, you don’t have to rewrite your application” he says.

Anderson repeatedly uses the phrase “cloud-first engineering” to describe the principle behind moving features of Azure into the major Microsoft server platforms. He says that can protect business customers from scaling problems as well as giving it a thorough vetting before selling it as on-site products. “Develop the software, try it out, prove it out, battle-harden it in the cloud, then bring it on premises,” he says.

This is made real with Azure Pack, new features that overlays the Azure Web portal to the Windows Server and System Center on-premises products. It can be used with System Center, for example, to enable end users in a department to create new virtual machines within cloud infrastructure based on policies set up by IT. “It’s self-service, exactly as if you were to go to Azure,” Anderson says.

Azure Pack is the renamed package Microsoft introduced last year under the name Windows Azure Services for Windows Server. “So this is the evolution of that with a name that’s easier to remember and easier to say,” he says.

 


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com