What should you recommend for each certificate?

HOTSPOT
You deploy an Exchange Server 2016 organization. The organization contains two servers. The servers are
configured as shown in the following table.

The default self-signed certificates are installed on both servers.
All of the users in the organization work from home and from customer locations.
You purchase a Layer 7 hardware-based load balancer. You configure SSL bridging without session affinity for
Outlook on the web connections. The load balancer has an internal fully qualified domain name (FQDN) of
lb1.contoso.local.
DNS servers are configured to resolve mail.contoso.com names to the external IP address of the load
balancer.
You need to recommend which names must be included in the certificates installed on the load balancers and
the Exchange servers.
What should you recommend for each certificate? To answer, select the appropriate options in the answer
area.
Hot Area:

HOTSPOT
You deploy an Exchange Server 2016 organization. The organization contains two servers. The servers are
configured as shown in the following table.

The default self-signed certificates are installed on both servers.
All of the users in the organization work from home and from customer locations.
You purchase a Layer 7 hardware-based load balancer. You configure SSL bridging without session affinity for
Outlook on the web connections. The load balancer has an internal fully qualified domain name (FQDN) of
lb1.contoso.local.
DNS servers are configured to resolve mail.contoso.com names to the external IP address of the load
balancer.
You need to recommend which names must be included in the certificates installed on the load balancers and
the Exchange servers.
What should you recommend for each certificate? To answer, select the appropriate options in the answer
area.
Hot Area:

Answer:

Show Hint

Leave a Reply 8

Your email address will not be published. Required fields are marked *

stillme

stillme

change of heart.

mail.contoso.com
ex01.contoso.com
ex02.contoso.com

.local will cause issues with attempting to get a cert from a global provider. It does not mention that we have a CA organization, which you could in fact create a cert for a .local host

Reply

Mat

Mat

I’ll go for:
mail.contoso.com
ex01.contoso.local
ex02.contoso.local

Reply

tmkreddy55

tmkreddy55

Its confusing.. 🙁

We can’t assume ex01/ex02.contoso.com so the options are ruled out so as LB1.contoso.com

I’ll also go for:
mail.contoso.com
ex01.contoso.local
ex02.contoso.local

Reply

notme

notme

I want to go for that answer to, it just goes completely again MS best practices… :/ Thanks for your help on the forum

Reply

NoBox

NoBox

mail.contoso.com
ex01.contoso.local
ex02.contoso.local

Stated in the technet article: SSL should terminate at the load balancer as this offers a centralized place to correct SSL attacks. So a certificate is not needed from a global provider for the Exchange servers.

First answer is mail.contoso.com

The question states The default self-signed certificates are installed on both servers.
So not needing SSL on the servers because the Layer 7 load balancer handles all SSL request and the servers have the default self-signed certificates.

ex01.contoso.local
ex02.contoso.local

https://technet.microsoft.com/en-us/library/jj898588(v=exchg.160)

Reply