You need to prevent similar messages from being delivered

You have an Exchange Server 2016 organization. The organization contains an Edge Transport server.
Users report that a message with the following anti-spam headers is delivered to their Inbox folder in Microsoft
Outlook.
X-MS-Exchange-Organization-PCL:7
X-MS-Exchange-Organization-SCL:6
X-MS-Exchange-Organization–Antispam-Report: DV: 3.1.3924.1409; SID:
SenderIDStatus Fail; PCL: PhishingLevel SUSPICIOUS; CW: CustomList; PP:
Presolved; TIME: TimeBasedFeatures
You need to prevent similar messages from being delivered. The solution must generate a non-delivery report
(NDR) when the messages are prevented from being delivered to all user mailboxes.
What should you do?

You have an Exchange Server 2016 organization. The organization contains an Edge Transport server.
Users report that a message with the following anti-spam headers is delivered to their Inbox folder in Microsoft
Outlook.
X-MS-Exchange-Organization-PCL:7
X-MS-Exchange-Organization-SCL:6
X-MS-Exchange-Organization–Antispam-Report: DV: 3.1.3924.1409; SID:
SenderIDStatus Fail; PCL: PhishingLevel SUSPICIOUS; CW: CustomList; PP:
Presolved; TIME: TimeBasedFeatures
You need to prevent similar messages from being delivered. The solution must generate a non-delivery report
(NDR) when the messages are prevented from being delivered to all user mailboxes.
What should you do?

A.
Set the SCL reject threshold to 7.

B.
Run the Set-SenderIdConfig cmdlet.

C.
Set the SCL delete threshold to 7.

D.
Run the Set-TransportConfig cmdlet.

E.
Run the Set-RecipientFilterConfig cmdlet.

F.
Set the SCL delete threshold to 5.

Explanation:
When the message’s SCL value is greater than or equal to the SCL reject threshold, but less than the SCL
delete threshold, the Content Filter agent rejects the message and sends a rejection response to the sending
system. You can customize the rejection response. In some cases, a non-delivery report (also known as an
NDR, delivery status notification, DSN, or bounce message) is sent to the original sender of the message.
https://technet.microsoft.com/en-us/library/aa995744(v=exchg.160).aspx

Show Hint

Leave a Reply 13

Your email address will not be published. Required fields are marked *

stillme

stillme

A
(Delete means it will be received, then deleted. Rejected is best course of action) NDR’s are set with reject threshold.

SCL value is lower than the default of 7 (set at 6)
https://technet.microsoft.com/en-us/library/aa995744(v=exchg.160).aspx

Reply

Mat

Mat

I agree with Stillme, regarding answer on V3 Question 61.

Reply

Ck

Ck

A is correct. Read the technet from stillme and decide for yourself. Answer is pretty clear..

Reply

nobody

nobody

A is not correct. If you look closely, you can see the following in the NDR: SenderIDStatus Fail. Although the message was confirmed to be spoofed, it was allowed to pass through. This is because the -SpoofedDomainAction of SenderIdConfig is set to StampStatus

With Set-SenderIdConfig we can set -SpoofedDomainAction to Reject. This also generates the required NDR.

Reply

tmkreddy55

tmkreddy55

I go with Option C:

As per the scenario,

The message is have a SCL of 6. So, if the -SCLRejectThreshold is set to 7, The message do not qualify for Rejection, since SCL value is less than 7 in this case.

So, I feel the -SCLDeleteThreshold to be set to 7. If set, it looks for the -SCLReject threshold (less than 7 — could be 6 but is not part of the choices), to qualify for the message being rejected.

Even as per the article— SCL reject threshold : When the message’s SCL value is greater than or equal to the SCL reject threshold, but less than the SCL delete threshold, the Content Filter agent rejects the message and sends a rejection response to the sending system… Which is what being asked in question.

Reply

notme

notme

I appreciate your positive dialogue, although -SCLDeleteThreshold cannot provide a non-delivery report…Only SCL reject can 🙂

Reply

Mat

Mat

Just Pass the exam, This question was in…But zero answer with SLCDelete or Reject at 7 …So just know how it works…

Reply

r00t7

r00t7

I think it’s A. read link from stillme post.

Reply

Tubbysnowman

Tubbysnowman

(A) cannot be right as the SCL reject threshold is being set higher than the SCL on the email.

Therefore is cannot reject the emails in the future.

I’m leaning towards B as the correct answer, as the message has “SenderIDStatus Fail; PCL: PhishingLevel SUSPICIOUS”

As the SenderIDStatus has failed, you can use Set-SenderIdConfig to reject the message.

Reply

singhish

singhish

A is Correct.

SCL threshold Actions

SCL delete threshold When the message’s SCL value is greater than or equal to the SCL delete threshold, the Content Filter agent silently deletes the message. There’s no protocol-level communication that tells the source messaging server or sender that the message was deleted. If the message’s SCL value is lower than the SCL delete threshold, the Content Filter agent compares the SCL value to the SCL reject threshold.

SCL reject threshold When the message’s SCL value is greater than or equal to the SCL reject threshold, but less than the SCL delete threshold, the Content Filter agent rejects the message and sends a rejection response to the sending system. You can customize the rejection response. In some cases, a non-delivery report (also known as an NDR, delivery status notification, DSN, or bounce message) is sent to the original sender of the message. If the message’s SCL value is lower than the SCL reject threshold, the Content Filter agent compares the SCL value to the SCL quarantine threshold.

Spam confidence levels –
https://technet.microsoft.com/en-us/library/jj200686(v=exchg.150).aspx

Reply

pinpong

pinpong

Correct answer is B

The SenderIDStatus is Fail. The Set-SenderIdConfig cmdlet with “-SpoofedDomainAction Reject” will do the job.

Reply