Answer Explanations

Answers B and D are correct. If the DNS server used to resolve external hostnames has failed, the Remote Queue Length rises because outgoing mail cannot be processed. Similarly, the failure of a smart host also means that outgoing mail cannot be processed. Answer A is incorrect. If the server's NIC had failed, the Local Queue Length would not fluctuate. Answer C is incorrect. A failure of the GC would lead to a rise in the Local Queue Length. For more information, see Chapter 10, "Managing and Monitoring Technologies That Support Exchange Server 2003."

Answers B and C are correct. When Audit Object Access is enabled for a mailbox, entries are written to the security log on the server on which the mailbox resides. As mailboxes are also objects in Active Directory, auditing directory service access writes events to the log on the domain controller when a mailbox is accessed. Answer A is incorrect. Audit Account Logon Events notes when a user logs on to the domain, not when a mailbox is accessed. Answer D is incorrect. Privilege use relates to use of rights. Accessing a mailbox does not count as such an action. Answer E is incorrect. Process tracking is used to monitor applications, not mailbox access. For more information, see Chapter 9, "Managing Security in the Exchange Environment."

Answer C is correct. Paging File\ % Usage is the ratio of the amount of paging file being used to the total size of the paging file. A high number is desired because it indicates that the paging file is sized correctly for the system. If this number is low, either the paging file has been set too large (and is, therefore, consuming more disk space than is necessary) or the paging file has been recently resized. Answer A is incorrect; Paging File\ Pages/Sec is not a real counter. Answer B is incorrect; Memory\ Pages/Sec measures the number of page faults (accesses to the paging file) per second. Answer D is incorrect; Memory\ % Paging File is not a real counter. For more information, see Chapter 8, "Managing, Monitoring, and Troubleshooting Exchange Server Performance."

Answer C is correct. The phrase "five nines" refers to server (or service/application) availability and means that the server must be available for client requests at least 99.999% of the time this equates to only 5.25 minutes of downtime per year. Answers A, B, and D are obviously incorrect because they don't represent the standard of 5.25 minutes of downtime per year. For more information, see Chapter 7, "Managing, Monitoring, and Troubleshooting Exchange Server Computers."

Answers A and E are correct. The Windows Server 2003 IPSec implementation uses DES and 3DES for data encryption. Answers B and C are incorrect; the Windows Server 2003 IPSec implementation uses SHA1 and MD5 for data hashing. Answer D is incorrect; Advanced Encryption Standard (AES) is not used in IPSec. For more information, see Chapter 6, "Managing, Monitoring, and Troubleshooting the Exchange Organization."

Answer D is correct. The default address lists are automatically created when Exchange is installed and require no additional administrative action. Exchange provides five default address lists: All Contacts, All Groups, All Users, Public Folders, and the Default Global Address List (GAL). There is no All Mailboxes address list, thus answer D is not one of the default address lists. Answers A, B, C, and E are incorrect; all of these options are default address lists that are created when Exchange is installed. For more information, see Chapter 5, "Managing Address Lists and Exchange Policies."

Answer D is correct. You need to create mail-enabled contact objects to represent these external suppliers with which your users need to communicate. These contact objects will appear in your address lists, but have no Exchange mailbox or Windows network permissions assigned to them. Answers A and B are incorrect; creating a user account for a nonnetwork user is not required, nor is it recommended. Answer C is incorrect; a mail-enabled distribution group will not help your users to communicate with the suppliers, but should be used within your organization to distribute mail to large numbers of related users, such as those within a department. For more information, see Chapter 4, "Managing Exchange Recipient Objects."

Answer D is correct. ForestPrep must be run in the domain in the forest that hosts the Schema Master. Generally, the Schema Master is located in the forest root domain, but you are able to move the Schema Master to another domain. Answers A, B, C, and E are incorrect. These domains do not host the Schema Master, which must be updated by the ForestPrep utility. For more information, see Chapter 3, "Upgrading, Integrating, and Troubleshooting Exchange Server 2003 in Mixed Environments."

Answers B, C, D, and E are correct. ForestPrep only needs to be run once, in the root domain of the forest. DomainPrep also needs to be run in each domain that hosts users with Exchange mailboxes. Answer A is incorrect. ForestPrep does not need to be run in the root domain of a new tree, only in the root domain of the forest. Answer F is incorrect. ForestPrep does not need to be run in child domains. The only case in which this does not apply is if the Schema Master has been moved to a domain other than the root domain. For more information, see Chapter 2, "Installing, Configuring, and Troubleshooting Exchange Server 2003 in a New Exchange Environment."

Answers A and C are correct. For external mail to be able to reach your internal organization, an MX and an A record must be configured. An A record is a normal host record. An MX record tells remote SMTP servers where to deliver mail to a particular domain. The A record matches up the SMTP server to an IP address. Answer B is incorrect; generally, internal DNS servers are unable to resolve queries for hosts on the Internet. In this case, the internal DNS server hosts a secondary zone that cannot process updates. Answer D is incorrect; internal DNS servers are unable to resolve queries for hosts on the Internet. In this case, the internal DNS server hosts a secondary zone that cannot process updates. For more information, see Chapter 10, "Managing and Monitoring Technologies That Support Exchange Server 2003."

Answers A and C are correct. Users located in Internet cafés do not have access to their digital certificate. This means that they are unable to sign messages or read encrypted messages sent to them. Answer B is incorrect. Because OWA accesses AD to locate the public key to encrypt a message to another user in the organization, the user in the Internet café can send encrypted communication. Answer D is incorrect. Internet café users can always send unsigned messages via OWA. For more information, see Chapter 9, "Managing Security in the Exchange Environment."

Answer B is correct. Rich Experience OWA is available to users using Internet Explorer 5 or higher and provides expanded features, such as secure messaging, rules creation and usage, spell checking, and reminders; thus, answers A, C, and D are incorrect. Basic OWA is available to users using any Web browser and provides basic access to OWA, allowing for the viewing and creation of email messages. For more information, see Chapter 8, "Managing, Monitoring, and Troubleshooting Exchange Server Performance."

Answer C is correct. When you use a full backup with differential backup strategy, you require only the last full backup tape and the last differential backup tape to perform the restoration; thus, answers A, B, and D are incorrect. For more information, see Chapter 7, "Managing, Monitoring, and Troubleshooting Exchange Server Computers."

Answers B and C are correct. The Windows Server 2003 IPSec implementation uses SHA1 and MD5 for data hashing. Answers A and E are incorrect; the Windows Server 2003 IPSec implementation uses DES and 3DES for data encryption. Answer D is incorrect; Advanced Encryption Standard (AES) is not used in IPSec. For more information, see Chapter 6, "Managing, Monitoring, and Troubleshooting the Exchange Organization."

Answer A is correct. The default offline address list is an address list that is available to Exchange users when they are working offline with an Offline Folder, an .OST file. By default, the default GAL is used to create the default offline address list; however, additional offline address lists can be created and associated with specific mailbox stores. Answers B, C, and D are incorrect; the default offline address list is not created from the All Contacts, All Users, or All Public Folders default address lists. For more information, see Chapter 5, "Managing Address Lists and Exchange Policies."

Answer A is correct. Of the available choices, you should create a mailbox-enabled user account with this email address assigned and then grant the HR manager permissions to access the mailbox. Answers B, C, and D are incorrect; mail-enabled objects do not have an Exchange mailbox and, thus, cannot store any inbound messages. For more information, see Chapter 4, "Managing Exchange Recipient Objects."

Answers A, B, and C are correct. The computers hosting Exchange 2000 Server need to be running Windows 2000 Server SP3 to host Exchange Server 2003. Similarly, Windows 2000 Server SP3 is required for global catalog servers and domain controllers in Windows 2000 domains that will host users who will access Exchange Server 2003. Answers D, E, and F are incorrect because they all involve upgrading to Windows Server 2003, which would require significantly more effort than applying the service pack and would, in the case of answer F, stop Exchange 2000 Server from functioning. For more information, see Chapter 3, "Upgrading, Integrating, and Troubleshooting Exchange Server 2003 in Mixed Environments."

Answer D is correct. ForestPrep must be run in the domain that hosts the Schema Master. In the exhibit, the Schema Master is shown as being in the west.examcram2.com domain. There can only be one Schema Master in the forest. Answers A, B, and C are incorrect because they have ForestPrep being run in domains that do not host the Schema Master. For more information, see Chapter 2, "Installing, Configuring, and Troubleshooting Exchange Server 2003 in a New Exchange Environment."

Answers B and D are correct. Hosts that are assigned incorrect subnet masks can sometimes ping other hosts on the same LAN. It is possible, however, that the subnet mask might interfere with traffic being directed to the default gateway. If an incorrect default gateway had been assigned, host Alpha would be unable to communicate with hosts on remote networks. Answer A is incorrect. If host Alpha had been assigned an incorrect IP address, it would be unable to ping other hosts. Answer C is incorrect; because hosts are being pinged via their IP address, the DNS server address is irrelevant. For more information, see Chapter 10, "Managing and Monitoring Technologies That Support Exchange Server 2003."

Answer C is correct. Secure POP3 uses port 995. Answer A is incorrect; port 25 is used for sending email via SMTP. Answer B is incorrect; port 993 is used for secure IMAP. Answer D is incorrect; port 143 is used for insecure IMAP. Answer E is incorrect; port 110 is used for insecure POP3. For more information, see Chapter 9, "Managing Security in the Exchange Environment."

Answers B, E, and F are correct. When using Cache mode in Outlook 2003, the three available modes of operation are Download Headers and then Full Items, Download Full Items, and Download Headers. Answers A, C, and D are incorrect; there is no Download Headers and Attachments, Download Headers Only, or Download Headers and Message Bodies modes of operation. For more information, see Chapter 8, "Managing, Monitoring, and Troubleshooting Exchange Server Performance."

Answer A is correct. When using the active/active mode, you can deploy Exchange in a cluster with only two nodes which is the maximum supported, thus answers B, C, and D are incorrect. Each node in that cluster can run two instances of the Exchange virtual server (recall the definition of the cluster virtual server) for a total of four instances of the EVS. Should one of the nodes fail, the single remaining node will be loaded with all resources from both servers, possibly even resulting in an overloaded condition and causing it to fail as well. In addition, to ensure that reliable failover occurs, each node in the active/active cluster can host a maximum of only 1,900 active mailboxes much less than an Exchange server might normally hold. Active/passive clustering on Windows 2000 Advanced Server can support a maximum of two nodes. Active/passive clustering on Windows 2000 Datacenter Server can support a maximum of four nodes. Active/passive clustering on Windows Server 2003, Enterprise Edition or Datacenter Server Edition can support up to eight nodes. For more information, see Chapter 7, "Managing, Monitoring, and Troubleshooting Exchange Server Computers."

Answers A, E, and I are correct. The three preconfigured IPSec policies in Windows Server 2003 are Client (Respond Only), Server (Request Security), and Secure Server (Require Security); thus, answers B, C, D, F, G, and H are incorrect. For more information, see Chapter 6, "Managing, Monitoring, and Troubleshooting the Exchange Organization."

Answer B is correct. Only one GAL will appear in a user's Outlook address book this becomes important when multiple GALs are in existence. The following list explains the order in which a GAL appears in Outlook: The GAL to which the user has access, the GAL of which the user is a member, and the GAL that is the largest. In this instance, because a regular user does not have access to change the GAL, he only sees the GAL for the specific organization of which he was originally part. Answer A is incorrect; if the user was a member of the Sam's Snake GAL, he would see this GAL listed. Answers C and D are incorrect; only one GAL will ever be listed in Outlook. For more information, see Chapter 5, "Managing Address Lists and Exchange Policies."

Answer C is correct. The most likely reason why none of your network users received your test message is that the group does not contain any members. An NDR would only be generated if the message could not be sent to the email address for which it was destined. Answers A and B are incorrect; both security and distribution groups can have an email address and, thus, become mail-enabled. Answer D is incorrect; although configuring an expansion server might help increase the performance of your Exchange organization, it is not required to send messages to a group. For more information, see Chapter 4, "Managing Exchange Recipient Objects."

Answers A, B, and C are correct. Exchange Server 2003 requires that the instant messaging service, Chat service, conferencing server, and mobile information server be removed from Exchange 2000 Server before upgrade can occur. Answer D is incorrect; IMAP4 is supported by Exchange Server 2003. Answer E is incorrect; OWA is supported by Exchange Server 2003. For more information, see Chapter 3, "Upgrading, Integrating, and Troubleshooting Exchange Server 2003 in Mixed Environments."

Answers B and D are correct. The account used to run ForestPrep must be a member of the Enterprise Administrator and Schema Administrators group. Answers A and C are incorrect. Although the account used to run ForestPrep might be a member of the Power Users and Domain Administrators groups, this is not required for running the ForestPrep utility. For more information, see Chapter 2, "Installing, Configuring, and Troubleshooting Exchange Server 2003 in a New Exchange Environment."

Answer B is correct. The Exchange Administrator account has the rights to add, delete, and rename Exchange Server 2003 objects. Answer A is incorrect. Although the Exchange Full Administrator account can add, delete, and rename objects, so can the Exchange Administrator account. The Exchange Administrator account has less rights than the Exchange Full Administrator account and, hence, is more appropriate for your junior administrator. Answer C is incorrect. The Exchange View Only Administrator cannot add, delete, or rename objects. Answer D is incorrect. Domain Administrators is a Windows Server 2003 group and has no inherent rights to administer Exchange Server 2003. For more information, see Chapter 9, "Managing Security in the Exchange Environment."

Answers C and D are correct. Only your boss and the key recovery agent for the CA that issued your boss's private key can decrypt the message. The key recovery agent would do this by recovering your boss's private key. Answer A is incorrect; Oksana cannot decrypt the message. Answer B is incorrect; people who hold the Exchange Full Administrator role cannot decrypt the message. For more information, see Chapter 9, "Managing Security in the Exchange Environment."

Answer B is correct. RPC over HTTP uses IIS Basic authentication, thus the requirement for SSL to secure the connection. Answer A is incorrect; no VPN is required when using RPC over HTTP. Answer C is incorrect; MPPE encryption is not used for SSL over HTTP. Answer D is incorrect; RPC over HTTP uses Basic authentication, not Windows Integrated authentication. For more information, see Chapter 8, "Managing, Monitoring, and Troubleshooting Exchange Server Performance."

Answer C is correct. Active/passive clustering on Windows Server 2003, Enterprise Edition or Datacenter Server Edition can support up to eight nodes; thus, answers B and D are incorrect. Answer A is incorrect; an active/passive cluster must contain at least one active node and at least one passive node. For more information, see Chapter 7, "Managing, Monitoring, and Troubleshooting Exchange Server Computers."

Answers A, B, and C are correct. Clients can access the default public folder tree using MAPI, HTTP, or NNTP. General-purpose public folder trees can be accessed using HTTP or NNTP only. Answers D and F are incorrect; SMTP and IMAP4 are mail protocols. Answer E is incorrect; SNMP is a network management protocol. For more information, see Chapter 6, "Managing, Monitoring, and Troubleshooting the Exchange Organization."

Answer B is correct. If you need to create additional address lists, but not prevent users from seeing the default GAL, you need to create additional custom address lists. Answer A is incorrect; creating new GALs prevents users from viewing the default GAL in most cases unless they have administrative access or are members of multiple GALs. Answer C is incorrect; the creation of offline address lists is not required because no users work offline. Answer D is incorrect; the creation of a query-based distribution group does not achieve the desired result of having an address list for each of the organizations that has been recently acquired. For more information, see Chapter 5, "Managing Address Lists and Exchange Policies."

Answer D is correct. Membership of Global groups is not published to global catalog servers. Because of this fact, Exchange users cannot determine group membership of mail-enabled Global groups for domains other than the one in which their own user account is located within the Active Directory forest. Answer A is incorrect; membership of Universal groups is published to global catalog servers unlike Domain Local groups and Global groups. This allows Exchange users in any domain in the Active Directory forest to determine group membership of mail-enabled Universal groups. Answers B and C