###BeginCaseStudy###
Case Study: 3
Contoso Ltd
Overview
General Overview
Contoso, Ltd., is an aerospace engineering company that manufactures jet engine
parts for various industries and government agencies. Contoso has an Exchange
Server 2013 organization.
A partner company named Tailspin Toys has an Exchange Server 2010
organization.
Physical Locations
Contoso has two offices. The offices are located in Montreal and Chicago.
Each office contains a data center:
The Montreal and Chicago offices connect to each other by using a direct WAN link.
All connections to the Internet are routed through the Montreal office.
Most of Contoso’s employees work from the Montreal office.
Existing Environment
The network of Contoso is configured as shown in the exhibit. (Click the Exhibit
button.)
The network of Contoso contains the following components:
Client computers that run either Microsoft Outlook 2007 or Outlook 2010.
Users who have a primary SMTP address that uses the contoso.com suffix.
A retention policy that retains all email messages for 580 days and is associated to
all users.
Six servers that have Exchange Server installed. The servers are configured as
shown in the following table.
A data availability group (DAG) named DAG1 that contains all of the mailbox
servers. EX5 is configured as the witness server for DAG1. A file server in the
Chicago office is configured as an alternate witness server. DAG1 has Datacenter
Activation Coordination (DAC) mode enabled.
Requirements
Planned Changes
Contoso plans to implement the following changes:
Implement an organization relationship between Contoso and Tailspin Toys.
Move the mailboxes of all the members of the sales department to Office 365.
Evaluate Unified Messaging (UM) by conducting a small pilot in the Montreal office.
Security Requirements
Contoso identifies the following security requirements:
Ensure that the data in the Exchange Server databases cannot be read if a hard disk
is stolen.
Prevent temporary employees from executing a Reply All or a Forward of any email
messages they receive.
Prevent temporary contractors from changing the configurations of the user accounts
for the users in the research and development department.
Ensure that all of the connections to Outlook Web App from the Internet use
Extensible Authentication Protocol (EAP) protocols and Transport Layer Security
(TLS) protocols.
Secure all of the email messages from the users at Tailspin Toys to the Contoso
users. Ensure that all of the messages can be secured if the certificates at Tailspin
Toys are issued by a trusted third-party certification authority (CA).
Auditing Requirements
Contoso identifies the following requirements for auditing mailboxes:
The manager of the legal department must receive a daily report by email that
contains a record of all the eDiscovery mailbox searches.
Any access to a mailbox by a service account must be excluded from the daily
report.
Compliance Requirements
All of the email messages in the Sent Items folder of each user in the marketing
department of Contoso must be deleted automatically after 365 days.
Office 365 Coexistence Requirements
Contoso identifies the following Office 365 coexistence requirements:
Office 365 users must be able to access their mailbox by using their Active Directory
user account in Contoso.
On-premises users must be able to share free/busy information and calendar
information with the Office 365 users.
###EndCaseStudy###
You need to recommend which tasks must be performed to meet the security requirements for
Tailspin Toys.
Which two tasks should you recommend? (Each correct answer presents part of the solution.
Choose two.)
A.
Run the set-transportserver –transportsyncenabled $true command.
B.
Run the set-transportconfig –tlsreceivedomainsecurelist tailspintoys.com command.
C.
Run the set-transportservice –transportsyncenabled $true command.
D.
Create a new Receive connector.
E.
Create a new Send connector.
Explanation:
* Scenario: Secure all of the email messages from the users at Tailspin Toys to the Contoso users.
Ensure that all of the messages can be secured if the certificates at Tailspin Toys are issued by a
trusted third-party certification authority (CA).
* Configuring Domain Security on Exchange Server 2013
Establish certificate trust between organizations
Configure Domain Security TLSReceiveDomainSecureList – specifies the domains from which you
want to receive domain secured email by using mutual Transport Layer Security (TLS) authentication
Configure connectors
Reference: Configuring Domain Security on Exchange Server 2013
You are working for Contoso, so you are on the receiving side.
You need to enable TLS on the receive connector that links with tailspin and then add them to the tls receive list