You have an Exchange Server 2016 organization. The organization contains an Edge Transport server.
Users report that a message with the following anti-spam headers is delivered to their Inbox folder in Microsoft
Outlook.
X-MS-Exchange-Organization-PCL:7
X-MS-Exchange-Organization-SCL:6
X-MS-Exchange-Organization–Antispam-Report: DV: 3.1.3924.1409; SID:
SenderIDStatus Fail; PCL: PhishingLevel SUSPICIOUS; CW: CustomList; PP:
Presolved; TIME: TimeBasedFeatures
You need to prevent similar messages from being delivered. The solution must generate a non-delivery report
(NDR) when the messages are prevented from being delivered to all user mailboxes.
What should you do?
A.
Set the SCL reject threshold to 7.
B.
Run the Set-SenderIdConfig cmdlet.
C.
Set the SCL delete threshold to 7.
D.
Run the Set-TransportConfig cmdlet.
E.
Run the Set-RecipientFilterConfig cmdlet.
F.
Set the SCL delete threshold to 5.
Explanation:
When the message’s SCL value is greater than or equal to the SCL reject threshold, but less than the SCL
delete threshold, the Content Filter agent rejects the message and sends a rejection response to the sending
system. You can customize the rejection response. In some cases, a non-delivery report (also known as an
NDR, delivery status notification, DSN, or bounce message) is sent to the original sender of the message.
https://technet.microsoft.com/en-us/library/aa995744(v=exchg.160).aspx
A
(Delete means it will be received, then deleted. Rejected is best course of action) NDR’s are set with reject threshold.
SCL value is lower than the default of 7 (set at 6)
https://technet.microsoft.com/en-us/library/aa995744(v=exchg.160).aspx
I agree with Stillme, regarding answer on V3 Question 61.
A is correct. Read the technet from stillme and decide for yourself. Answer is pretty clear..
A is not correct. If you look closely, you can see the following in the NDR: SenderIDStatus Fail. Although the message was confirmed to be spoofed, it was allowed to pass through. This is because the -SpoofedDomainAction of SenderIdConfig is set to StampStatus
With Set-SenderIdConfig we can set -SpoofedDomainAction to Reject. This also generates the required NDR.
Ok, I agree it could be B, but I could not find a technet showing what exactly “reject” does…
https://technet.microsoft.com/en-us/library/aa998859(v=exchg.160).aspx
I go with Option C:
As per the scenario,
The message is have a SCL of 6. So, if the -SCLRejectThreshold is set to 7, The message do not qualify for Rejection, since SCL value is less than 7 in this case.
So, I feel the -SCLDeleteThreshold to be set to 7. If set, it looks for the -SCLReject threshold (less than 7 — could be 6 but is not part of the choices), to qualify for the message being rejected.
Even as per the article— SCL reject threshold : When the message’s SCL value is greater than or equal to the SCL reject threshold, but less than the SCL delete threshold, the Content Filter agent rejects the message and sends a rejection response to the sending system… Which is what being asked in question.
I appreciate your positive dialogue, although -SCLDeleteThreshold cannot provide a non-delivery report…Only SCL reject can 🙂
Just Pass the exam, This question was in…But zero answer with SLCDelete or Reject at 7 …So just know how it works…
Dears,
I Think the answer is E as the following link:
https://kb.spamexperts.com/29942-incoming-filtering/227906-how-to-enable-recipient-verification-in-exchange-and-office-365
Look at the Paragraph ” Exchange 2013″
I think it’s A. read link from stillme post.
(A) cannot be right as the SCL reject threshold is being set higher than the SCL on the email.
Therefore is cannot reject the emails in the future.
I’m leaning towards B as the correct answer, as the message has “SenderIDStatus Fail; PCL: PhishingLevel SUSPICIOUS”
As the SenderIDStatus has failed, you can use Set-SenderIdConfig to reject the message.
A is Correct.
SCL threshold Actions
SCL delete threshold When the message’s SCL value is greater than or equal to the SCL delete threshold, the Content Filter agent silently deletes the message. There’s no protocol-level communication that tells the source messaging server or sender that the message was deleted. If the message’s SCL value is lower than the SCL delete threshold, the Content Filter agent compares the SCL value to the SCL reject threshold.
SCL reject threshold When the message’s SCL value is greater than or equal to the SCL reject threshold, but less than the SCL delete threshold, the Content Filter agent rejects the message and sends a rejection response to the sending system. You can customize the rejection response. In some cases, a non-delivery report (also known as an NDR, delivery status notification, DSN, or bounce message) is sent to the original sender of the message. If the message’s SCL value is lower than the SCL reject threshold, the Content Filter agent compares the SCL value to the SCL quarantine threshold.
Spam confidence levels –
https://technet.microsoft.com/en-us/library/jj200686(v=exchg.150).aspx
Correct answer is B
The SenderIDStatus is Fail. The Set-SenderIdConfig cmdlet with “-SpoofedDomainAction Reject” will do the job.