Topic 2, Leyburn Investments
Company Background
Leyburn Investments is a global financial services company. The company has 5,100 employees
based in offices in London and Madrid.
The London office is the corporate headquarters. The London office has 4000 employees and the
Madrid office has 1000 employees. 100 employees work in Roaming Sales roles and spend all
their time visiting customer sites.
You have been hired by the company to assist with the design and rollout of a Microsoft Exchange
2013 messaging infrastructure.
Existing Environment
Existing Active Directory Environment
The network consists of a single Active Directory domain named LeyburnInv.com.
Each office has domain controllers running Windows Server 2008 R2.
All domain controllers are configured as DNS Servers and Global Catalog servers. The forest level
FSMO roles are on a domain controller in the London office.
All client computers in both offices run either Windows 7 Professional or Windows 8 Pro.
The forest functional level of the LeyburnInv.com forest is Windows Server 2008.
Network Infrastructure
Each office has a high speed Internet connection and the two offices are connected by a
dedicated fast WAN link.
Both offices have a single internal LAN. The London office also has a perimeter network to host publicly accessible servers.
The company uses astandalone certification authority (CA) on a server in the London office.
Proposed Solution
The company has proposed an Exchange infrastructure that consists of the following:
Each office will initially have two Exchange 2013 servers. Both servers in each office will be
configured to run the Client Access Server and Mailbox Server roles.
Two database availability groups (DAGs) will be created to replicate mailbox databases between
the two offices. Each DAG will have one mailbox server from the London office and one mailbox
server from the Madrid office.
An Exchange 2010 server will be deployed into the perimeter network at the London office and
configured to run the Edge Transport Server role. All inbound and outbound email for both offices
will be routed through the Edge Transport server.
Business Requirements
The company has stated the following business requirements:
“We have a Development department in the London office. We need to isolate the users in the
Development department. We need to ensure that no users in any other department can view the
mailboxes of the Developers. We also want to ensure that the Developers can only view the
mailboxes of other Developers.”
The Developer mailboxes will be hosted on a mailbox server in the London office. This database
will not be replicated in a DAG.
Technical Requirements
The company has identified the following requirements:
Distribution groups will be created for each department. Users must be able to add and remove
their names from the distribution lists using the Exchange Control Panel.
The Exchange infrastructure must be as fault tolerant as possible. There should be no single
points of failure.
All inbound email must be SPAM filtered before it reaches the mailbox servers.
We will require Exchange Administrators to be able to produce HTML reports to display
information about database operations such as database mounts and failovers over a specified time period.
******************************************************************
You are evaluating the proposed Exchange infrastructure design. You need to decide whether to
configure an additional Edge Transport server or to recommend replacing the Edge Transport
server with Exchange 2013 servers running the Client Access role with the anti-spam agents
installed.
Which anti-spam feature would not be available if you replaced the Edge Transport server with
Exchange 2013 servers running the Client Access role with the anti-spam agents installed?
A.
Content Filtering
B.
Recipient Filtering
C.
Sender Filtering
D.
Connection Filtering
Explanation:
The correct answer is “D”
As Exchange 2013 does not provide, at this stage, an Edge server, many organization already using Exchange 2013 choose to use an Exchange 2010 Edge Transport server. One reason for this is that, besides having installed and enabled by default all of the anti-spam agents described above, an Edge server provides two more agents not available on a Mailbox server:
Connection Filtering agent: inspects the IP address of the remote server that is trying to send messages to determine what action, if any, to take on an inbound message. Connection filtering uses a variety of IP Block/Allow lists as well as IP Block/Allow List provider services to determine whether the connection from the specific IP should be blocked or allowed in the organization;
http://www.msexchange.org/articles-tutorials/exchange-server-2013/security-message-hygiene/anti-spam-and-anti-malware-protection-exchange-2013-part1.html
Agree that the Connection Filtering is the appropriate answer, D.