What should you recommend?

Your company contains an internal network and a perimeter network. The internal network contains
an Active Directory forest. The company has a single domain. You plan to deploy 10 Edge Transport
servers on the perimeter network. You need to recommend a solution for the Edge Transport server
deployment. The solution must meet the following requirements:
• Allow administrators to apply a single security policy to all Edge Transport servers
• Reduce the Administrative overhead that is required to manage servers
• Minimize the attack surface of the internal network
What should you recommend?

Your company contains an internal network and a perimeter network. The internal network contains
an Active Directory forest. The company has a single domain. You plan to deploy 10 Edge Transport
servers on the perimeter network. You need to recommend a solution for the Edge Transport server
deployment. The solution must meet the following requirements:
• Allow administrators to apply a single security policy to all Edge Transport servers
• Reduce the Administrative overhead that is required to manage servers
• Minimize the attack surface of the internal network
What should you recommend?

A.
Implement Network Policy and Access Services (NPAS).

B.
Implement Active Directory Federation Services (AD FS).

C.
Create a new Active Directory domain in the internal forest and then join all Edge Transport
servers to the new domain.

D.
Create an Active Directory forest in the perimeter network and then join all Edge Transport
servers to the new domain.

Explanation:

Pass4sure had A as the correct answer however I believe the correct answer is D. The Edge Transport
Server role in Exchange Server 2007 is designed to be installed in your organization’s perimeter
network (aka DMZ or screened subnet). The Edge Transport Server is the only Exchange 2007 server
role that should not be part of your corporate Active Directory on your internal network; it should
instead be installed on a stand-alone server in a workgroup or as a domain member in an Active
Directory dedicated to servers located in the perimeter network as shown in Figure 1.

Although the Edge Transport Server role is isolated from Active Directory on the internal corporate
production network, it is still able to communicate with the Active Directory by making use of a
collection of processes known as EdgeSync that run on the Hub Transport Server and which, since it
is part of the Active Directory, have access to the necessary Active Directory data. The Edge
Transport server uses Active Directory Application Mode (ADAM) to store the required Active
Directory data, which is data such as Accepted Domains, Recipients, Safe Senders, Send Connectors
and a Hub Transport server list (used to generate dynamic connectors so that you do not need to
create them manually).
It is important to understand that the EdgeSync replication is encrypted by default, and that the
replication is a one-way process from Active Directory to Active Directory Application Mode (ADAM),
this means that no data is replicated from ADAM to AD.
The first time EdgeSync replication occurs, the ADAM store is populated, and after that data from
Active Directory is replicated at fixed intervals. You can specify the intervals or use the default
settings, which when speaking configuration data is every hour and every 4th hour for recipient
data.
http://www.msexchange.org/articles_tutorials/exchange-server-2007/planningarchitecture/uncoveringexchange-2007-edge-transport-server-part1.html



Leave a Reply 0

Your email address will not be published. Required fields are marked *