Official 2014 Latest Free Microsoft 70-341 Dump Download(31-40)!

QUESTION 31
You are implementing a solution to meet the security requirements for Outlook authentication. You purchase a new certificate that has a subject name of mail.proseware.com and SANs of autodiscover.proseware.com and oa.proseware.com. You create a host (A) record for oa.proseware.com in the public DNS zone. Remote users report that they fail to connect to their mailbox by using Outlook. You need to ensure that the remote users can connect to their mailbox from Outlook. The solution must meet the security requirements. Which two commands should you run? (Each correct answer presents part of the solution. Choose two.)
A.    Set-OutlookProvider EXPR -CertPrincipalName msstd:mail.proseware.com
B.    Set-OutlookAnywhere -ExternalHostName oa.proseware.com – ExternalClientAuthenticationMethod
Basic -ExternalClientsRequireSsI $true -InternalHostName mail.proseware.com – InternalClientAuthentication
Method NTLM -InternalClientsRequireSsI Strue
C.    Set-OutlookProvider EXPR -CertPrincipalName msstd:oa.proseware.com
D.    Set-OutlookAnywhere -ExternalHostName mail.proseware.com- ExternalClientAuthenticationMethod
Basic -ExternalClientsRequireSsI $true -InternalHostName oa.proseware.com -InternalClientAuthentication
Method NTLM -InternalClientsRequireSsI $true

Answer: AB
Explanation:
A
Subject name of the certificate is mail.proseware.com not oa.prosware.com
NOT C
Subject name of the certificate is mail.proseware.com not oa.prosware.com
B
ExternalHostName oa.proseware.com is correct as oa.proseware.com is a host (A) record in the public DNS zone.
NOT D
ExternalHostName mail.proseware.com is NOT correct as oa.proseware.com is a host (A) record in the public DNS zone.

QUESTION 32
You need to recommend which actions must be performed to meet the technical requirements for the new Contoso users. Which three actions should you recommend? (Each correct answer presents part of the solution. Choose three.)

A.    Configure UPN suffix routing.
B.    Configure Contoso to trust Proseware.
C.    Configure Proseware to trust Contoso.
D.    Run the New-Mailbox cmdlet and specify the -AccountDisabled parameter.
E.    Run the New-Mailbox cmdlet and specify the -LinkedMasterAccount parameter.
F.    Create a linked role group.

Answer: ACE
Explanation:
A
All new user accounts in contoso.com must have a user principal name (UPN) that ends with proseware.com
Configure UPN suffix routing
Name suffix routing is a mechanism that you can use to manage how authentication requests are routed across Active Directory forests that are joined by forest trusts.
NOT B
AS PER ABOVE DIAGRAM PROSEWARE NEEDS TO TRUST CONTOSO
C
AS PER ABOVE DIAGRAM PROSEWARE NEEDS TO TRUST CONTOSO
E
All new users hired at Contoso must have a user account in contoso.com and an Exchange Server mailbox in proseware.com
Use the New-Mailbox cmdlet to create a user in Active Directory and mailbox-enable this new user.
The LinkedMasterAccount parameter specifies the master account in the forest where the user account resides. The master account is the account to link the mailbox to.
The master account grants access to the mailbox. This parameter is required only if you’re creating a linked mailbox.
A linked mailbox is a mailbox that’s associated with an external account. The resource forest scenario is an example of a situation in which you would want to associate a mailbox with an external account. In a resource forest scenario, user objects in the Exchange forest have mailboxes, but the user objects are disabled for logon. You must associate these mailbox objects in the Exchange forest with enabled user objects in the external accounts forest.
NOT D
Need to use linked mailboxes.
Use the New-Mailbox cmdlet to create a user in Active Directory and mailbox-enable this new user.
The AccountDisabled parameter specifies whether to create the mailbox in a disabled state. You don’t have to specify a value with this parameter.
NOT F
Need to use linked mailboxes.
You can use a linked management role group to enable members of a universal security group (USG) in a foreign Active Directory forest to manage a Microsoft Exchange Server 2013 organization in a resource Active Directory forest.
By associating a USG in a foreign forest with a linked role group, the members of that USG are granted the permissions provided by the management roles assigned to the linked role group.
For more information about linked role groups, see Understanding Management Role Groups.

QUESTION 33
Hotspot Question
You need to recommend a solution to resolve the Autodiscover and the free/busy information issues. Which command should you include in the recommendation? (To answer, configure the appropriate options in the answer area.)

clip_image002

clip_image002[4]
Answer:

clip_image002[8]

QUESTION 34
You need to recommend a solution to resolve the issue of the human resources department manager. What should you include in the recommendation?

A.    Run Set-ADServerSettings -ConfigurationDomainController dcl.proseware.com on all of the Exchange
servers in the London site.
B.    Move the PDC emulator to the New York office.
C.    Modify the replication interval on the Active Directory site link.
D.    Schedule a task that runs the Update-AddressList command to run once per hour.

Answer: C
Explanation:
NOT A
Set-ADServerSettings
Use the Set-AdServerSettings cmdlet to manage the Active Directory Domain Services (AD DS) environment in the current Exchange Management Shell session.
The Set-AdServerSettings cmdlet replaces the AdminSessionADSettings session variable that was used in Microsoft Exchange Server 2007.
The ConfigurationDomainController parameter specifies the fully qualified domain name (FQDN) of the configuration domain controller to be used for reading Exchange configuration information in this session.
NOT B
Issue is related to AD Site replication
NOT D
Will not improve the site replication
You can use the Shell to update a global address list (GAL). A GAL is a directory that contains entries for every group, user, and contact within an organization’s implementation of Microsoft Exchange.
C
You must set the site link replication interval property to indicate how frequently you want replication to occur during the times when the schedule allows replication. For example, if the schedule allows replication between 02:00 hours and 04:00 hours, and the replication interval is set for 30 minutes, replication can occur up to four times during the scheduled time. The default replication interval is 180 minutes, or 3 hours.
Consider the following criteria to determine how often replication occurs within the schedule window:
A small interval decreases latency but increases the amount of WAN traffic.
To keep domain directory partitions up to date, low latency is preferred.

QUESTION 35
You need to recommend a solution to resolve the issue for the London office users. What should you do?

A.    Modify the properties of the OAB virtual directory.
B.    Create a new address book policy.
C.    Modify the properties of the default offline address book (OAB).
D.    Create a new arbitration mailbox.

Answer: D
Explanation:
NOT A
Will not resolve the issue
Need to create a new arbirtration mailbox
NOT B
Will not resolve the issue
Need to create a new arbirtration mailbox
NOT C
Will not resolve the issue
Need to create a new arbirtration mailbox
D
Exchange Server 2013 CAS role proxies the OAB download request to a “nearest” mailbox server hosting an active Organization Mailbox.
Both London and New York host a mailbox server and a client access server.
Therefore you need to create a new active Organization Mailbox
Administrators can create additional Organization Mailboxes for fault tolerance or for serving users in a geographically disbursed Exchange deployment.
The Organization Mailbox
The Organization Mailbox is a new type of arbitration mailbox introduced with Exchange 2013.
The arbitration mailbox with persisted capability OrganizationCapabilityOABGen is referred to as Organization Mailbox. It plays a crucial role in OAB generation, storage and distribution.
Each Exchange Server 2013 mailbox role hosting an Organization Mailbox will generate all Exchange 2013 OAB’s defined in the environment. The OAB is generated in the Organization Mailbox first and later copied to the disk.

QUESTION 36
Drag and Drop Question
You have an Exchange Server 2013 organization that contains several custom RBAC management roles.
You need to identify which RBAC scopes must be used to meet the following requirements:
– Manage only the mailboxes of the users in the sales department.
– Manage the properties of all the mailbox databases.
Which RBAC scopes should you identify? (To answer, drag the appropriate RBAC scopes to the correct requirements. Each RBAC scope may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)

clip_image002[10]
Answer:

clip_image002[12]
Explanation:
http://technet.microsoft.com/en-us/library/dd335146(v=exchg.150).aspx
Management role scopes enable you to define the specific scope of impact or influence of a management role when a management role assignment is created. When you apply a scope, the role assignee assigned to the role can only modify the objects contained within that scope.
A role assignee can be a management role group, management role, management role assignment policy, user, or universal security group (USG)
Every management role, whether it’s a built-in role or a custom role, has management scopes.
Management scopes can be either of the following:
Regular
A regular scope isn’t exclusive. It determines where, in Active Directory, objects can be viewed or modified by users assigned the management role. In general, a management role indicates what you can create or modify, and a management role scope indicates where you can create or modify. Regular scopes can be either implicit or explicit scopes, both of which are discussed later in this topic.
Exclusive
An exclusive scope behaves almost the same as a regular scope. The key difference is that it enables you to deny users access to objects contained within the exclusive scope if those users aren’t assigned a role associated with the exclusive scope. All exclusive scopes are explicit scopes, which are discussed later in this topic.
Scopes can be inherited from the management role, specified as a predefined relative scope on a management role assignment, or created using custom filters and added to a management role assignment.
Scopes inherited from management roles are called implicit scopes while predefined and custom scopes are called explicit scopes.
Implicit scopes are the default scopes that apply to a management role type. Because implicit scopes are associated with a management role type, all of the parent and child management roles with the same role type also have the same implicit scopes.
Implicit scopes apply to both built-in management roles and also to custom management roles.
Implicit scopes defined on management roles
Implicit scopes Description
Organization If Organization is present in the role’s recipient write scope, the role can create or modify recipient objects across the Exchange organization.
If Organization is present in the role’s recipient read scope, roles can view any recipient object across the Exchange organization.
This scope is used only with recipient read and write scopes. MyGAL If MyGAL is present in the role’s recipient write scope, the role can view the properties of any recipient within the current user’s global address list (GAL). If MyGAL is present in the role’s recipient read scope, the role can view the properties of any recipient within the current GAL.
This scope is used only with recipient read scopes.
Self If Self is present in the role’s recipient write scope, the role can modify only the properties of the current user’s mailbox.
If Self is present in the role’s recipient read scope, the role can view only the properties of the current user’s mailbox.
This scope is used only with recipient read and write scopes. MyDistributionGroups If MyDistributionGroups is present in the role’s recipient write scope, the role can create or modify distribution list objects owned by the current user. If MyDistributionGroups is present in the role’s recipient read scope, the role can view distribution list objects owned by the current user.
This scope is used only with recipient read and write scopes. OrganizationConfig If OrganizationConfig is present in the role’s configuration write scope, the role can create or modify any server or database configuration object across the Exchange organization. If OrganizationConfig is present in the role’s configuration read scope, the role can view any server or database configuration object across the Exchange organization. This scope is used only with configuration read and write scopes. None If None is in a scope, that scope isn’t available to the role. For example, a role that has None in the recipient write scope can’t modify recipient objects in the Exchange organization. Explicit scopes are scopes that you set yourself to control which objects a management role can modify. Although implicit scopes are defined on a management role, explicit scopes are defined on a management role assignment.
This enables the implicit scopes to be applied consistently across all management roles unless you choose to use an overriding explicit scope. For more information about management role assignments, see Understanding Management Role Assignments. Explicit scopes override the implicit write and configuration scopes of a management role. They don’t override the implicit read scope of a management role. The implicit read scope continues to define what objects the management role can read.
Explicit scopes are useful when the implicit write scope of a management role doesn’t meet the needs of your business. You can add an explicit scope to include nearly anything you want as long as the new scope doesn’t exceed the bounds of the implicit read scope. The cmdlets that are part of a management role must be able to read information about the objects or containers that contain objects for the cmdlets to create or modify objects. For example, if the implicit read scope on a management role is set to Self, you can’t add an explicit write scope of Organization because the explicit write scope exceeds the bounds of the implicit read scope.
The OrganizationConfig implicit scope
If OrganizationConfig is present in the role’s configuration write scope, the role can create or modify any server or database configuration object across the Exchange organization. If OrganizationConfig is present in the role’s configuration read scope, the role can view any server or database configuration object across the Exchange organization. CAN MANAGE THE PROPERTIES OF ALL OF THE MAILBOX DATABASES. The Self Implicit Scope If Self is present in the role’s recipient write scope, the role can modify only the properties of the current user’s mailbox.
If Self is present in the role’s recipient read scope, the role can view only the properties of the current user’s mailbox.
CANNOT BE SELF AS IT PERTAINS TO ONLY THE PARTICULAR USER’S MAILBOX The Organization relative scope
If Organization is present in the role’s recipient write scope, the role can create or modify recipient objects across the Exchange organization.
If Organization is present in the role’s recipient read scope, roles can view any recipient object across the Exchange organization.
This scope is used only with recipient read and write scopes.
NOT MEANT FOR MANAGING MAILBOX DATABASES
A recipient is any mail-enabled object in the Active Directory directory service to which Exchange can deliver or route messages.
In Microsoft Exchange recipients are comprised of mailbox users, mail-enabled users, mail contacts, distribution groups, security groups, dynamic distribution groups, and mail-enabled public folders.
The Recipient filter explicit scope
Recipient filter scopes use filters to target specific recipients based on recipient type or other recipient properties such as department, manager, location, and more.
CAN TARGET THE USERS IN THE SALES DEPARTMENT

QUESTION 37
Drag and Drop Question
You have an Exchange Server 2007 organization. You are migrating the organization to Exchange Server 2013. The migration will last eight weeks. All servers are in a site named Site1. The servers in the organization are configured as shown in the following table. Users who have mailboxes on all of the servers will access Outlook Anywhere by using the mail.adatum.com name. You need to recommend which servers must be associated to the autodiscover.adatum.com and mail.adatum.com names. Which servers should you identify for each name? (To answer, drag the appropriate servers to the correct names. Each server may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)

clip_image001
Answer:

clip_image001[4]
Explanation:
INCOMPLETE INFORMATION
MAKES IT TOO DIFFICULT TO EVEN GUESS HOW TO ARRIVE AT THE CORRECT ANSWER MAY DEPEND ON THE TYPE OF SERVER (MAILBOX OR CLIENT ACCESS SERVER THAT IS IN USE OR THE VERSION OF OUTLOOK BEING USED
TO DETERMINE IF AUTODISCOVER CAN BE UTILISED ON THAT PARTICULAR SERVER. WHEN CAN YOU USE AUTODISCOVER WHEN CAN YOU NOT USE AUTODISCOVER Autodiscover
Exchange Autodiscover is a service which is run on Exchange Client Access Servers. It is one of the new features it included in exchange 2007+ The Autodiscover service makes it easier to configure Outlook 2007 ,Outlook 2010 + and some mobile phones.
Autodiscover Service cannot be used with earlier versions of Outlook, including Outlook 2003. In earlier versions of Microsoft Exchange (Exchange 2003 SP2 or earlier) and Outlook (Outlook 2003 or earlier), you had to configure all user profiles manually to access Exchange. The Autodiscover service uses a user’s e-mail address and password to automatically configure a user’s profile. Using the e-mail address, the Autodiscover service provides the following information to the client:
The user’s display name.
Separate connection settings for internal and external connectivity.
The location of the user’s Mailbox server.
The URLs for various Outlook features that manage functionality such as OOF, free/busy information, Unified Messaging, and the offline address book.
Outlook Anywhere server settings.
Additionally, a new Active Directory object named the service connection point (SCP) is created on the server where you install the Client Access server role. And Autodiscover information is stored in it.
Exchange 2013 requires its Outlook clients support auto-discovery of the server; this is in part to help streamline cloud deployments of Exchange. Clients also have to support “Outlook Anywhere” access–remote procedure calls via HTTP–to connect to Exchange 2013 instead of using TCP-based RPCs as in older versions of Exchange.
What actually happens after you have entered your details is that the client looks for autodiscover.yourdomain.com and attempts to retrieve the rest of the server configuration details from there.

QUESTION 38
You have an Exchange Server 2013 organization that contains two Client Access servers named SERVER1 and SERVER2 and two Mailbox servers named SERVER3 and SERVER4. You have a firewall that controls all of the traffic between the internal network and the Internet. SERVER3 and SERVER4 are prevented from communicating with Internet hosts. SERVER1 and SERVER3 are in a site named Main. SERVER2 and SERVER4 are in a site named Main_2. All outbound email is sent through SERVER1. Main fails. You discover that email messages for the Internet are queued on SERVER4. You create a new send connector in Main_2. You discover that all of the outbound email is queued on SERVER4 and is not delivered to the Internet. You verify that the client computers on the network can receive email messages from the Internet successfully. You need to ensure that the email messages are delivered successfully to the Internet. Which cmdlet should you run?

A.    Set-SendConnector
B.    Set-TransportService
C.    Set-ExchangeServer
D.    Set-ADSite

Answer: A
Explanation:
Mailbox Server
In an Exchange Server 2013 organization the Mailbox server role is responsible for sending outbound email via a Send Connector.

clip_image001[6]
When this option is enabled outbound email that is being sent via a Send Connector does not go directly out from the Mailbox server, and instead is proxied through a Client Access server in the site. There is nothing complicated going on here, the Client Access server simply acts as a proxy for the connection so that the receiving host out on the internet sees the connection as coming from the Client Access server name and IP address rather than the Mailbox server. IN THIS QUESTION THE CLIENT ACCESS SERVER (SERVER1) IS ACTING AS A PROXY SERVER FOR THE MAILBOX SERVERS.
NEED TO CHANGE THE SEND CONNECTOR SETTINGS IN ORDER FOR MAIL TO FLOW OUT FROM SERVER4 TO THE INTERNET.
Correct Answer A
Set-SendConnector
Use the Set-SendConnector cmdlet to modify a Send connector.
EXAMPLE 1
This example makes the following configuration changes to the Send connector named
Contoso.com Send
Connector:
Sets the maximum message size limit to 10 MB.
Changes the connection inactivity time-out to 15 minutes. Set-SendConnector “Contoso.com Send Connector” -MaxMessageSize 10MB – ConnectionInactivityTimeOut
00:15:00
Send Connector
In Microsoft Exchange Server 2013, a Send connector controls the flow of outbound messages to the receiving server.
They are configured on Mailbox servers running the Transport service. Most commonly, you configure a Send connector to send outbound email messages to a smart host or directly to their recipient, using DNS.
Exchange 2013 Mailbox servers running the Transport service require Send connectors to deliver messages to the next hop on the way to their destination. Send connectors that are created on Mailbox servers are stored in Active Directory and are available to all Mailbox servers running the Transport service in the organization.

clip_image001[8]

clip_image002[14]

clip_image001[10]

NOT B
Set-transportservice
Use the Set-TransportService cmdlet to set the transport configuration options for the Transport service on Mailbox servers or for Edge Transport servers. This example sets the
TransientFailureRetryCount parameter to 3 and sets the TransientFailureRetryInterval parameter to 30 seconds for the Transport service on a Mailbox server named Mailbox01.
Set-TransportService Mailbox01 -TransientFailureRetryCount 3 -TransientFailureRetryInterval
00:00:30
NOT C
Will not resolve the issue
Set-ExchangeServer
Use the Set-ExchangeServer cmdlet to set Exchange attributes in Active Directory for a specified server.
For information about the parameter sets in the Syntax section below, see Syntax.
EXAMPLE 1
This example disables error reporting on the specified server. Set-ExchangeServer -Identity TestServer.Contoso.com -ErrorReportingEnabled: $false NOT D
Will not resolve the issue
Set-ADSite
Use the Set-AdSite cmdlet to configure the Exchange settings of Active Directory sites.
EXAMPLE 1
This example configures the Active Directory site named Default-First-Site-Name as a hub site. Set-AdSite Default-First-Site-Name -HubSiteEnabled $true

QUESTION 39
You have an Exchange Server 2013 organization named adatum.com. The organization contains five Mailbox servers and two Client Access servers. You need to ensure that an administrator named user1 receives a daily email message that contains a log of all the Exchange Server administrative actions. Which cmdlet should you use in a scheduled task?

A.    Search-AdminAuditLog
B.    Set-Mailbox
C.    New-AdminAuditLogSearch
D.    Set-ExchangeServer
E.    Set-AdminAuditLogConfig

Answer: C
Explanation:
NOT A
Use Search-AdminAuditLog for searching through the audit logs.
Search-AdminAuditLog
Use the Search-AdminAuditLog cmdlet to search the contents of the administrator audit log. For information about the parameter sets in the Syntax section below, see Syntax.
EXAMPLE 1
This example finds all the administrator audit log entries that contain either the New-RoleGroup or the New-ManagementRoleAssignment cmdlet.
Search-AdminAuditLog -Cmdlets New-RoleGroup, New-ManagementRoleAssignment NOT B
Set-Mailbox
Use the Set-Mailbox cmdlet to modify the settings of an existing mailbox. You can use this cmdlet for one mailbox at a time.
To perform bulk management, you can pipeline the output of various Get- cmdlets (for example, the Get-Mailbox or Get-User cmdlets) and configure several mailboxes in a single-line command. You can also use the Set-Mailbox cmdlet in scripts.
For information about the parameter sets in the Syntax section below, see Syntax.
EXAMPLE 1
This example delivers John Woods’s email messages to John’s mailbox and also forwards them to Manuel Oliveira’s ([email protected]) mailbox.
Set-Mailbox -Identity John -DeliverToMailboxAndForward $true -ForwardingSMTPAddress [email protected]
NOT D
Set-ExchangeServer
Use the Set-ExchangeServer cmdlet to set Exchange attributes in Active Directory for a specified server.
For information about the parameter sets in the Syntax section below, see Syntax.
EXAMPLE 1
This example disables error reporting on the specified server. Set-ExchangeServer -Identity TestServer.Contoso.com -ErrorReportingEnabled: $false NOT E
NOT Set-AdminAuditLogConfig
Use the Set-AdminAuditLogConfig cmdlet to configure the administrator audit logging configuration settings.
EXAMPLE 1
This example enables administrator audit logging for every cmdlet and every parameter in the organization, with the exception of Get cmdlets.
Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogCmdlets * – AdminAuditLogParameters *
C
New-AdminAuditLogSearch
Use the New-AdminAuditLogSearch cmdlet to search the contents of the administrator audit log and send the results to one or more mailboxes that you specify. For information about the parameter sets in the Syntax section below, see Syntax.
EXAMPLE 1
This example finds all the administrator audit log entries that match the following criteria and sends the results to the [email protected] and [email protected] SMTP addresses:
Cmdlets Set-Mailbox Parameters UseDatabaseQuotaDefaults, ProhibitSendReceiveQuota, ProhibitSendQuota StartDate 01/24/2012 EndDate 02/12/2012 New-AdminAuditLogSearch -Name “Mailbox Quota Change Audit” -Cmdlets Set-Mailbox -Parameters UseDatabaseQuotaDefaults, ProhibitSendReceiveQuota, ProhibitSendQuota -StartDate 01/24/2012 – EndDate
02/12/2012 -StatusMailRecipients [email protected], [email protected]

QUESTION 40
You have an Exchange Server 2013 organization. You plan to deploy Exchange ActiveSync for mobile devices. Each mobile device will be authenticated by using certificates issued by an internal certification authority (CA). You need to configure the organization to authenticate the mobile devices by using the certificates. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    From Internet Information Services (IIS) Manager on each Client Access server, configure the
Microsoft-Server-ActiveSync virtual directory to require client certificates.
B.    From Exchange Admin Center, configure the Microsoft-Server-ActiveSync virtual directory to require
client certificates.
C.    From Internet Information Services (IIS) Manager on each Client Access server, enable Active Directory
Client Certificate Authentication.
D.    From Internet Information Services (IIS) Manager on each Mailbox server, enable Active Directory Client
Certificate Authentication.

Answer: BC
Explanation:
NOT A
Enable Active Directory Client Certificate Authentication within IIS but configure the Microsoft- Server-ActiveSync virtual directory to require client certificates is performed in Exchange Admin Center
NOT D
IIS is configured on the Client Access Server not the Mailbox Server B
After you’ve installed the Exchange 2013 Client Access server, there are a variety of configuration tasks that you can perform.
Although the Client Access server in Exchange 2013 doesn’t handle processing for the client protocols, several settings need to be applied to the Client Access server, including virtual directory settings and certificate settings.
http://technet.microsoft.com/en-us/library/gg247612(v=exchg.150).aspx Exchange Server 2013 automatically configures multiple Internet Information Services (IIS) virtual directories during installation.
This topic contains information about the default IIS authentication settings and default Secure Sockets Layer (SSL) settings for the Client Access and Mailbox servers. The following table lists the default settings on a stand-alone Exchange 2013 Client Access server. Default Client Access server IIS authentication and SSL settings Virtual directory Authentication method SSL settings
Management method
Microsoft-Server-ActiveSync Basic authentication SSL required Requires 128-bit encryption EAC or Shell

clip_image001[12]

clip_image002[16]

C
Configure certificate-based authentication for Exchange ActiveSync
http://blogs.technet.com/b/exchange/archive/2012/11/28/configure-certificate-based- authentication-forexchange-
activesync.aspx
Client Access Server Configuration
To configure the Client Access server to enforce certificate based authentication :
1. Verify if Certificate Mapping Authentication is installed on the server. Right click on Computer in the start menu and choose Manage.
Expand Roles and click on Web Server (IIS)
Scroll down to the Role Services section. Under the Security section you should see Client Certificate Mapping
Authentication installed.

clip_image002[18]

clip_image001[14]

If you don’t see Client Certificate Mapping Authentication installed, click add Role Services > (scroll) Security and select Client Certificate Mapping Authentication and then click Install.
Reboot your server.

clip_image002[20]

If you want to pass the Microsoft 70-341 Exam sucessfully, recommend to read latest Microsoft 70-341 Dump full version.