Transport Services Flashcards Preview

Exchange 2016 MCSE 70-345 > Transport Services > Flashcards

Flashcards in Transport Services Deck (175)
Loading flashcards...
91

What is an Address Rewrite Entry?

A manually created rule that tells the Address Rewriting agents when and how to change e-mail addresses.

92

What is TLS?

Transport Layer Security

It is the successor to SSL. (Though, in casual terms, people often still refer to TLS as SSL.)

93

What is this?

STARTTLS

A command (verb) for the SMTP protocol to use TLS.

94

What are the three ways that Exchange can use TLS?

• Opportunistic

• Forced

• Mutual

95

How will Exchange function when it uses Opportunistic TLS?

• Accepts STARTTLS from other hosts.

• Sends STARTTLS to other hosts.

• Falls back to insecure if TLS isn't available.

• Works with untrusted certificates, such as self-signed certs.

• Provides Confidentiality for the e-mail in transit (if it's successful and doesn't fall back)

• Does NOT provide Authentication about the other host that Exchange is connecting to for sending or receiving that e-mail.

96

What configuration is required for Exchange to use Opportunistic TLS?

No configuration changes are required. It will do this by default.

97

How will Exchange function when it uses Forced TLS?

• Requires TLS for both inbound and outbound SMTP.

• Fails if TLS isn't available.

• Works with untrusted certificates, such as self-signed certs.

• Provides Confidentiality for the e-mail in transit.

• Does NOT provide Authentication about the other host that Exchange is connecting to for sending or receiving that e-mail.

98

What configuration is required for Exchange to use Forced TLS?

To require TLS, set the RequireTls attribute on send or receive connectors to $true.

99

How will Exchange function when it uses Mutual TLS?

• Requires TLS for both inbound and outbound SMTP.

• Fails if TLS isn't available.

• Fails if certificate can't be validated.

• Provides Confidentiality for the e-mail in transit

• DOES provide Authentication about the host Exchange is connecting to.

100

What is "Domain Secure"?

A term for when you have two Exchange Edge Transport servers in different organizations performing Mutual TLS.

When it occurs, Outlook displays a "Domain Secured" icon on messages.

Note, it is incredibly rare in the real world.

101

What is "Domain Security"?

Another term for "Domain Secure"

102

What does Domain Secure require?

• Edge Transport Servers on both ends of the connection

• Valid certificates on both servers, installed and enabled for SMTP

• There must not be any non-Exchange servers involved in the mail flow path (such as third-party spam filters).

• The domain to be secured must be specified in the "TLS Receive Domain Secure List" and/or the "TLS Send Domain Secure List"

• A "Parter" Send Connector and/or Receive Connector for the secured domain to use.

103

What is SPF?

Sender Policy Framework

• A DNS TXT record that receiving servers can look up to validate your sending server's IP address.

• Used to help prevent spoofing of your domain names by spammers.

• Not mandatory to implement, but recommended.

• SPF records are only a suggestion and the receiving server can ignore or override.

104

What does an SPF record consist of?

• The version of SPF (which also servers to indicate that this TXT record is an SPF record)

• One or more "Mechanisms"

• A Qualifier for each Mechanism

105

How is the version of an SPF record indicated?

In this format:

v=spf1

106

In an SPF record, what does this Mechanism mean?

all

• Matches any host

• Generally placed at the end of a record as a catch-all, to indicate what should be done for any hosts not defined in the SPF record.

107

In an SPF record, what does this Mechanism mean?

ip4:

• Matches a single IPv4 address or IPv4 network range

108

In an SPF record, what does this Mechanism mean?

ip6:

• Matches a single IPv6 address or IPv6 network range

109

In an SPF record, what does this Mechanism mean?

a

• Matches a host name or domain name

• So the receiving server will look up the A record of the domain in DNS, and if it resolves to the IP address that is making the inbound SMTP connection, then that's a match

110

In an SPF record, what does this Mechanism mean?

mx

• Matches against the MX records for the domain

• Useful to use if outbound mail for your organization is handled by the same server that MX records resolve to for inbound mail. A nice, simple way to construct your SPF record.

111

In an SPF record, what does this Mechanism mean?

ptr

• Uses reverse DNS to match the sending server's IP address to the host's name that it resolves to

• Not recommended because it causes a high load on DNS and can be quite slow.

112

In an SPF record, what does this Mechanism mean?

exists

• Simply checks if domain name that the e-mail is trying to send from actually exists

113

In an SPF record, what does this Mechanism mean?

include:

• Matches against the SPF record for another domain

• Usually used if outbound e-mail is routed through a cloud service, such as Exchange Online Protection.

• Basically saying: "as long as this other SPF record says it's ok, then it's ok by me."

114

In an SPF record, what does this Qualifier mean?

+

• Pass

• Meaning, e-mail from hosts indicated by the Mechanism should be accepted

• This is the default qualifier if none is provided.

115

In an SPF record, what does is mean if no Qualifier is specified on a Mechanism?

• It will use the default qualifier, which is + (Pass)

116

In an SPF record, what does this Qualifier mean?

-

• Fail

• Meaning, e-mail from hosts indicated by the Mechanism should be rejected

117

In an SPF record, what does this Qualifier mean?

~

• Soft Fail

• Meaning, e-mail from hosts indicated by the Mechanism can be accepted but treated as possible spam

118

In an SPF record, what does this Qualifier mean?

?

• Neutral

• Meaning, the receiving mail server is advised to do whatever it wants

119

What Anti-spam / Anti-Malware agents are installed by default on a Mailbox server?

Only the Malware agent.

120

What anti-spam agents can be installed on a Mailbox server?

In addition to the Malware agent that is available by default, installing the Anti-Spam agents will make the following available:

• Content Filter

• Sender ID

• Sender Filter

• Recipient Filter

• Protocol Analysis