Compliance, Archiving, eDiscovery, Auditing Flashcards Preview

Exchange 2016 MCSE 70-345 > Compliance, Archiving, eDiscovery, Auditing > Flashcards

Flashcards in Compliance, Archiving, eDiscovery, Auditing Deck (81)
Loading flashcards...

How do you deploy Message Classification definitions to Outlook clients?

• Export them to an XML file using the Microsoft-provided script:


• Distribute the XML file (probably through Group Policy)

• Configure the path to the file in the Registry.


What is Journaling?

Makes a copy of sent or received emails to another mailbox or external address.

You can have an internal journaling mailbox, or use an external, third-party journaling service.


What is a Journal Report?

• Journaled messages are stored in a special message format, known as a journal report.

• It contains metadata about the message, and a copy of the original message is attached to it.


What types of journaling are there?

• Standard Journaling

• Premium Journaling


What is Standard Journaling?

• Set at the mailbox database level

• All messages sent or received by mailboxes hosted on that database will be journaled


What is Premium Journaling?

• A Compliance Management feature.

• A premium feature that requires an Enterprise CAL.

• Configured as a series of rules, similar to Transport rules

• Can specify or target what types of messages/recipients/etc. will be journaled


Mario is a member of the Distribution Group named "Sales."

Luigi is NOT a member of that group.

A Journaling rule is in place that journals all messages "If the message is sent to or received from a specific user or group," with the group "Sales" selected.

Mario sends an e-mail addressed to Luigi.

Luigi sends an e-mail addressed to Mario.

Of these two messages, which will be caught by this Journaling rule?

• Both.

• Journaling rules that target groups will capture all messages involving members of that group, even if the group address is not used. It doesn't need to be the group itself that is receiving the message.


If two employess are communicating via a mailbox they both have access to, by writing draft emails and never sending them, how could those messages be caught for review by an admin?

Litigation hold would catch them.

(Journaling would not.)


What happens if a journal mailbox becomes unavailable?

• If no Alternate Journal Mailbox has been configured, Journal reports will start to queue on servers.

• If an Alternate journal mailbox has been configured:

– journal reports will be sent to it instead.

– But if the Alternate journal mailbox is also unavailable, journal reports will NOT be queued, they will be lost.


What is Exchange Auditing?

• A Compliance Management feature.

• Provides capabilities to track what mailbox users and admins are doing in the Exchange organization.


What types of Auditing are there?

• Mailbox Audit Logging

• Administrator Audit Logging


What is Mailbox Audit Logging?

• A type of Exchange Auditing.

• Logs actions taken by mailbox owners and delegates on the contents of mailboxes.

• Disabled by default.


What is Administrator Audit Logging?

• A type of Exchange Auditing.

• Tracks changes made by Administrators while they are managing the Exchange environment.

• Tracks Exchange management tool usage, such as eDiscovery, Compliance Searches, etc.

• Enabled by default, at a level of: None.


What are Admin Audit Log Levels?

Set the amount of info that is logged.

There are two levels:

• None

• Verbose

• (Note: "None" is not the same as disabling Admin Audit Logging)


Admin Audit Logging is set to: None

When a command is run, what is logged?

• The Cmdlet that was run

• The Parameters used

• Who ran the command

• What object was modified

• Note: Only cmdlets that make changes are logged (not cmdlets that only retrieve info)


Where are Admin Audit Logs stored, and how long are they retained?

• Retained 90 days, by default.

• Stored in one of the Arbitration Mailboxes, which are system mailboxes.


When a command is run, what is logged when Admin Audit Logging is set to: Verbose

• All info that "None" would also have logged, plus:

• The Old Values, before the command was run

• The New Values, after the command was run


What will Mailbox Audit Logging record by default?

• It is disabled by default, so it will record nothing.

• When enabled, the default actions it will record are:

– AuditOwner: nothing.

– AuditDelegate: Update, SoftDelete, HardDelete, SendAs, Create

– AuditAdmins: Same as delegates, and also:
Move, MoveToDeletedItems, FolderBind, SendOnBehalf


How long will Mailbox Audit logs be retained?

Controlled by the Audit Log Age Limit, which is set on a per-mailbox basis.

It is set to 90 days by default.


What is an Audit Bypass?

A setting that will allow actions taken by a specified account to not be record by Audit Log settings.

Useful if a service account is in place that would generate a lot of unwanted logs.


What are the steps required to create a DLP rule using Document Fingerprinting, based on a form template?

1) Import the document into a variable.

2) Create a new Document Fingerprint, using the variable from 1), and store it as a new variable.

3) Create a new data classification rule using the New-DataClassification command, using the variable from 2).

4) You will now see the new Data Classification Rule when building the transport rule for your DLP policy.