###BeginCaseStudy###
Testlet 1
Overview
General Overview
A)
Datum Corporation is a pet supply company that has stores across North America.
A)
Datum has an Exchange Server 2007 organization. A. Datum plans to migrate to Exchange Server 2013.
Physical Locations
A)
Datum has five locations. The locations are configured as shown in the following table.
Existing Environment
Network Infrastructure
All of the locations connect to the each other by using a WAN link. The New York, Toronto, and Chicago
locations connect directly to the Internet.
All client computers run Windows 7 and Office 2010. All servers run Windows Server 2008.
Active Directory Environment
The network contains an Active Directory domain named adatum.local. Adatum.local is the corporate domain
based in the United States. The network contains a domain named Canada.adatum.local. Canada.adatum.local
is the domain for the stores in Canada.
Each location is configured as an Active Directory site.
The forest functional level is Windows Server 2008.
The main office and both of the distribution centers each has two domain controllers for their respective
domain. All of the other locations have one domain controller for their respective domain. All of the domain
controllers are global catalog servers.
Exchange Infrastructure
The main office and the distribution centers each have three servers that have Exchange Server 2007 installed.
The servers have the following configurations:
Two of the servers have cluster continuous replication (CCR) deployed
One of the servers has the Client Access server role and the Hub Transport server role installed
Each store contains a server that has Exchange Server 2007 installed. Each server has mailboxes for active
users and mailboxes for inactive users. Each server has approximately 50 mailboxes.
Remote users access Outlook Web Access by using a namespace of mail.adatum.com, which resolves to the
Client Access server in the New York office.
Requirements
Planned Changes
The company plans to implement the following changes:
Migrate all of the mailboxes in the main office and the distribution centers to Exchange Server 2013.
Integrate a new telephone system to the Exchange Server 2013 organization.
Deploy a standalone certification authority (CA) that will be used to issue all of the certificates for themessaging
infrastructure.
Technical Requirements
The company identifies the following technical requirements:
Hardware costs must be minimized whenever possible.
The impact on end users if a site fails must be minimized.
Voice mail traffic between the telephone system and the Exchange Server environment must be encrypted.
Each user must be able to access the internal resources and their mailbox by using a single user account.
Compliance Requirements
After a security review, the company identifies the following compliance requirements for the new Exchange
Server environment:
All administrative changes made to the mailboxes must be tracked.
The legal department must be able to search for messages in all of the mailboxes.
Users must be prevented from sending email during an upcoming statutory holiday.
All store managers must be prevented from permanently deleting email messages from their Inbox.
All email messages must be archived for a minimum of five years to meet regulatory requirements.
Management occasionally sends the staff internal memos that contain confidential information, such as
sales figures. The memos must be protected so that unauthorized users cannot read the memos and
internal users cannot forward the memos to external recipients.
The users in the research department must be able to send email to anyone in the organization, but only the
members of a group named Execs must be able to send email to the research users. All other users must
be notified that email sent to the research users will remain undelivered.
###EndCaseStudy###
You need to recommend a solution for the voice mail traffic. The solution must meet the technical
requirements.
Which two configurations should you include in the recommendation? (Each correct answer presents part of the
solution. Choose two.)
A.
A dial plan.
B.
A server certificate
C.
A transport rule
D.
A data loss prevention (DLP) policy
E.
A call answering rule
Explanation:
* Scenario: Voice mail traffic between the telephone system and the Exchange Server environment must be
encrypted.
A: Use the EAC to configure Protected Voice Mail from authenticated callers
1. In the EAC, navigate to Unified Messaging > UM dial plans. In the list view, select the UM dial plan you
want to modify, and then click Edit.
2. On the UM Dial Plan page, under UM Mailbox Policies, select the UM mailbox policy you want to manage,
and then click Edit.
3. On the UM Mailbox Policy page > Protected voice mail, under Protect voice message from
authenticated callers, select one of the following options:
None. Use this setting when you don’t want protection applied to any voice messages sent to UM-enabled
users.
Private. Use this setting when you want Unified Messaging to apply protection only to voice messages that
have been marked as private by the caller.
All. Use this setting when you want Unified Messaging to apply protection to all voice messages, including
those not marked as private.
4. Click Save.
B:
* In on-premises and hybrid deployments, you can configure a Client Access and Mailbox server to use mutual
Transport Layer Security (mutual TLS) to encrypt the SIP and RTP traffic sent and received from other devices
and servers. When you configure the dial plan to use SIP secured mode, only the SIP signaling traffic will be
encrypted, and the RTP media channels will still use TCP, which isn’t encrypted. However, when you configure
the dial plan to use Secured mode, both the SIP signaling traffic and the RTP media channels are encrypted.
An encrypted signaling media channel that uses Secure Realtime Transport Protocol (SRTP) also uses mutual
TLS to encrypt the VoIP data.
* When you’re deploying Transport Layer Security (TLS) with UM, the certificates that are used on the Client
Access server and the Mailbox server both must contain the local computer’s fully qualified domain name
(FQDN) in the certificate’s Subject Name. To work around this issue, use a public certificate and import the
certificate on all Client Access and Mailbox servers, any VoIP gateways, IP PBXs, and all the Lync servers.