Which two options should you configure in the New Exchange ActiveSync Mailbox Policy wizard?

You administer a Windows Essential Business Server 2008 environment. Several users on the network use mobile devices to access the Messaging Server. You are creating an Exchange ActiveSync mailbox policy for mobile device users. You want to configure device password locking to require users to lock their devices by using a password.

Which two options should you configure in the New Exchange ActiveSync Mailbox Policy wizard? (Choose two. Each correct answer presents part of the solution.)

A.
Require password

B.
Require alphanumeric password

C.
Time without user input before password must be re-entered (in minutes)

D.
Require encryption on device

E.
Allow simple password

Explanation:
You should configure the Require password and Time without user input before password must be re-entered (in minutes) options. The Exchange ActiveSync mailbox policies are used to apply a common set of policies or security settings to a collection of users. By using Exchange ActiveSync mailbox policies, you can require a password for mobile devices, specify the minimum password length, and require a number or special character in the password. To create a new ActiveSync mailbox policy by using the New Exchange ActiveSync Mailbox Policy wizard, you should perform the following steps:

1. Open the Exchange Management Console.
2. In the console tree, expand the Organization Configuration node, and then click Client Access.
3. In the Action pane, click the New ActiveSync mailbox policy option.
4. On the New ActiveSync Mailbox Policy wizard page, enter a name in the Mailbox policy name field.
5. Select one or more of the optional check boxes as shown in the following image:

6. Click New to finish creating your mailbox policy.
7. Click Finish to close the New ActiveSync Mailbox Policy wizard

The Require password option enables the device’s password. The Time without user input before password must be re-entered (in minutes) option specifies the maximum length of time a device can go without user input before it locks. Specifying a period of inactivity before you must reenter a device password is referred to as device password locking. Configuring device password locking is useful in preventing data loss in the event the device is left unattended or if the device is lost.

You should not configure the Require alphanumeric password option because this option is not used for configuring device password locking. This option is used to require a strong alphanumeric password containing numeric and non-numeric characters.

You should not configure the Require encryption on device option because this option is not used for configuring device password locking. This option is used to enable encryption on the device.

You should not configure the Allow simple password option because this option is not used for configuring device password locking. This option is used to enable or disable the ability to use a simple password, such as a 4-digit PIN.