Which three actions should you perform?

DRAG DROP
###BeginCaseStudy###
Case Study: 3
Contoso Ltd
Overview
General Overview
Contoso, Ltd., is an aerospace engineering company that manufactures jet engine parts for
various industries and government agencies. Contoso has an Exchange Server 2013
organization. A partner company named Tailspin Toys has an Exchange Server 2010
organization.
Physical Locations
Contoso has two offices. The offices are located in Montreal and Chicago.
Each office contains a data center:
• The Montreal and Chicago offices connect to each other by using a direct WAN link.
• All connections to the Internet are routed through the Montreal office.
• Most of Contoso’s employees work from the Montreal office.
Existing Environment
The network of Contoso is configured as shown in the exhibit. (Click the Exhibit button.)

The network of Contoso contains the following components:
• Client computers that run either Microsoft Outlook 2007 or Outlook 2010.
• Users who have a primary SMTP address that uses the contoso.com suffix.
• A retention policy that retains all email messages for 580 days and is associated to all users.
• Six servers that have Exchange Server installed. The servers are configured as shown in the following table.

• A data availability group (DAG) named DAG1 that contains all of the mailbox
servers. EX5 is configured as the witness server for DAG1. A file server in the Chicago
office is configured as an alternate witness server. DAG1 has Datacenter Activation
Coordination (DAC) mode enabled.
Requirements
Planned Changes
Contoso plans to implement the following changes:
• Implement an organization relationship between Contoso and Tailspin Toys.
• Move the mailboxes of all the members of the sales department to Office 365.
• Evaluate Unified Messaging (UM) by conducting a small pilot in the Montreal office.
Security Requirements
Contoso identifies the following security requirements:
• Ensure that the data in the Exchange Server databases cannot be read if a hard disk is
stolen.
• Prevent temporary employees from executing a Reply All or a Forward of any email
messages they receive.

• Prevent temporary contractors from changing the configurations of the user accounts
for the users in the research and development department.
• Ensure that all of the connections to Outlook Web App from the Internet use
Extensible Authentication Protocol (EAP) protocols and Transport Layer Security (TLS)
protocols.
• Secure all of the email messages from the users at Tailspin Toys to the Contoso users.
Ensure that all of the messages can be secured if the certificates at Tailspin Toys are issued
by a trusted third-party certification authority (CA).
Auditing Requirements
Contoso identifies the following requirements for auditing mailboxes:
• The manager of the legal department must receive a daily report by email that
contains a record of all the eDiscovery mailbox searches.
• Any access to a mailbox by a service account must be excluded from the daily report.
Compliance Requirements
All of the email messages in the Sent Items folder of each user in the marketing department
of Contoso must be deleted automatically after 365 days.
Office 365 Coexistence Requirements
Contoso identifies the following Office 365 coexistence requirements:
• Office 365 users must be able to access their mailbox by using their Active Directory
user account in Contoso.
• On-premises users must be able to share free/busy information and calendar
information with the Office 365 users.
###EndCaseStudy###

You need to create a federation trust for the planned organization relationship. Which three
actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area
and arrange them in the correct order.

DRAG DROP
###BeginCaseStudy###
Case Study: 3
Contoso Ltd
Overview
General Overview
Contoso, Ltd., is an aerospace engineering company that manufactures jet engine parts for
various industries and government agencies. Contoso has an Exchange Server 2013
organization. A partner company named Tailspin Toys has an Exchange Server 2010
organization.
Physical Locations
Contoso has two offices. The offices are located in Montreal and Chicago.
Each office contains a data center:
• The Montreal and Chicago offices connect to each other by using a direct WAN link.
• All connections to the Internet are routed through the Montreal office.
• Most of Contoso’s employees work from the Montreal office.
Existing Environment
The network of Contoso is configured as shown in the exhibit. (Click the Exhibit button.)

The network of Contoso contains the following components:
• Client computers that run either Microsoft Outlook 2007 or Outlook 2010.
• Users who have a primary SMTP address that uses the contoso.com suffix.
• A retention policy that retains all email messages for 580 days and is associated to all users.
• Six servers that have Exchange Server installed. The servers are configured as shown in the following table.

• A data availability group (DAG) named DAG1 that contains all of the mailbox
servers. EX5 is configured as the witness server for DAG1. A file server in the Chicago
office is configured as an alternate witness server. DAG1 has Datacenter Activation
Coordination (DAC) mode enabled.
Requirements
Planned Changes
Contoso plans to implement the following changes:
• Implement an organization relationship between Contoso and Tailspin Toys.
• Move the mailboxes of all the members of the sales department to Office 365.
• Evaluate Unified Messaging (UM) by conducting a small pilot in the Montreal office.
Security Requirements
Contoso identifies the following security requirements:
• Ensure that the data in the Exchange Server databases cannot be read if a hard disk is
stolen.
• Prevent temporary employees from executing a Reply All or a Forward of any email
messages they receive.

• Prevent temporary contractors from changing the configurations of the user accounts
for the users in the research and development department.
• Ensure that all of the connections to Outlook Web App from the Internet use
Extensible Authentication Protocol (EAP) protocols and Transport Layer Security (TLS)
protocols.
• Secure all of the email messages from the users at Tailspin Toys to the Contoso users.
Ensure that all of the messages can be secured if the certificates at Tailspin Toys are issued
by a trusted third-party certification authority (CA).
Auditing Requirements
Contoso identifies the following requirements for auditing mailboxes:
• The manager of the legal department must receive a daily report by email that
contains a record of all the eDiscovery mailbox searches.
• Any access to a mailbox by a service account must be excluded from the daily report.
Compliance Requirements
All of the email messages in the Sent Items folder of each user in the marketing department
of Contoso must be deleted automatically after 365 days.
Office 365 Coexistence Requirements
Contoso identifies the following Office 365 coexistence requirements:
• Office 365 users must be able to access their mailbox by using their Active Directory
user account in Contoso.
• On-premises users must be able to share free/busy information and calendar
information with the Office 365 users.
###EndCaseStudy###

You need to create a federation trust for the planned organization relationship. Which three
actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area
and arrange them in the correct order.

Answer:

Explanation:

Box 1: Run the New-FederationTrust cmdlet.
Box 2: Run the Get-ExchangeCertificate cmdlet.
Box 3: Run the New-SharingPolicy cmdlet.
Note:
* this example retrieves the self-signed certificate and creates the federation trust “Microsoft
Federation Gateway”. This automatically deploys the self-signed certificate to the Exchange
servers in your organization.
Get-ExchangeCertificate | ?{$_.friendlyname -eq “Exchange Federated Sharing”} | NewFederationTrust -Name “Microsoft Federation Gateway”
* Configure Federated Sharing
Step 1: Create and configure a federation trust
Use the New-FederationTrust cmdlet to set up a federation trust between your Exchange
organization and the Microsoft Federation Gateway.
Step 2: Create an organization relationship
Step 3: Create a sharing policy
This example creates the sharing policy Contoso for the external federated domain
contoso.com. This policy allows users in the contoso.com domain to see your user’s detailed
calendar availability (free/busy) information and contacts. By default, this policy is enabled.
New-SharingPolicy -Name “Contoso” -Domains contoso.com:
CalendarSharingFreeBusyDetail, ContactsSharing
Step 4: Configure an Autodiscover public DNS record
You need to add an alias canonical name (CNAME) resource record to your public-facing
DNS. The new CNAME record should point to an Internet-facing Exchange 2013 Client
Access server that’s running the Autodiscover service.
Reference: Exchange 2013, Configure Federated Sharing



Leave a Reply to Ty Cancel reply5

Your email address will not be published. Required fields are marked *

twenty − sixteen =


Ty

Ty

Get-ExchangeCertificate
New-FederationTrust
New-SharingPolicy

Ty

Ty

It would seem that the steps that COULD be necessary for the sole act of creating a federation trust are:

Get-ExchangeCertificate
New-FederationTrust
Get-FederatedDomainProof
Create txt record in DNS

At this point, I’m struggling to see how you could leave out any of these steps.

kuifje

kuifje

#TY: Get-ExchangeCertificate is only neccessarry if you have a self signed certificate.