You are The Exchange administrator for your company. The Exchange organization contains two Exchange Server 2003 computers named Exch1 and Exch2. Both servers are located on the company’s intranet- A Microsoft Internet Security and Acceleration (ISA) Server computer named ISA1 connects the intranet to the Internet.
Exch1 is not accessible from the Internet. Exch2 sends and receives all Internet e-mail for all users. Exch2 is accessible from the Internet only by using SMTP. Exch2 is the target of a series of Internet-based denial of service (DoS) attacks. Each attack makes Exch2 unavailable to internal users for a long time.
You need to reduce the impact of future DoS attacks on the Exchange servers. Your solution must not affect the ability of users to access, send, and receive e-mail.
What should you do?

A.
Configure ISA1 to distribute incoming SMTP packets evenly between Exch1 and Exch2.

B.
Configure ISA1 to pass all inbound SMTP traffic through the ISA SMTP filter.

C.
Configure ISA1 to drop all incoming SMTP packets.

D.
Configure Exch2 to perform reverse DNS lookups on all incoming SMTP connections.

E.
Modify your public DNS zone so that both Exchange servers have mail exchanger (MX) resource records with a priority of 10.

Explanation:

ISA Server intercepts all SMTP traffic that arrives on port25 of the ISA Server computer. The SMTP filter on the ISA Server computer accepts the traffic, inspects it, and passes it on, only if the rules allow it.
The SMTP filter examines SMTP commands sent by Internet SMTP servers and clients.
This application layer filter can intercept SMTP commands and check whether they are larger than they should be.
SMTP commands that are larger than the limits you configure in the SMTP filter are assumed to be attacks against the SMTP server and can be stopped by the SMTP filter.
Each SMTP command has a maximum length associated with it.
This length represents the number of bytes allowed for each command.
If an attacker sends a command that exceeds the number of bytes allowed for the command, ISA Server drops the connection and prevents the attacker from communicating with the corporate mail server.
Incorrect Answers:
A: Distributing packets between the servers will not prevent the DDoS attacks from occurring. In fact, the next DDoS attack would be worse, as both servers would then be affected.
The DDoS packets would be spread across both servers instead of just one.
Therefore, this can’t be the correct answer.
C: Dropping all incoming SMTP packets would indeed stop the DDoS attacks. Unfortunately, all incoming mail would also be stopped.
This is a violation of the last requirement of the question, so this can’t be a correct answer.
D: Reverse DNS lookups will not prevent the attack. It can be used to show where the DDoS attacks are originating.
The reverse lookup function will only attach the originating address to the email message. It in-and-of itself will not stop any form of attack.
Therefore, this can’t be the correct answer.
E: Setting the MX records to have the same value will distribute incoming internet traffic to both servers.
This will result in the same problem as "A". The next DDoS attack would be worse since the attack is spread across two systems.
Using ISA Server 2000 with Exchange Server 2003
Using the ISA Server 2004 SMTP Filter and Message Screener