Planning for Messaging Environment Maintenance

Posted on

These questions are based on 70-238 – Pro: Deploying Messaging Solutions With Microsoft Exchange Server 2007.

 

Objective: Planning for Messaging Environment Maintenance
Sub-Objective: Plan for patch and service pack implementation

 

Single Answer, Multiple Choice

 

You are a messaging professional for Verigon Corporation. The messaging system in your company is Exchange Server 2007. The Edge Transport server role (named Edge1) is deployed in the perimeter network. The Hub Transport server role (named Hub1), the Client Access server role (named Cas1) and the Mailbox server role (named Mb1) are all deployed in the internal network. Your organization also has a Windows Server Update Services (WSUS) 2.0 Service Pack 1 (SP1) server, named WSUS1. Click the Exhibit(s) button to view the network.

 

The Edge1 server is exposed to the Internet to relay messages within your organization to and from the Internet. The WSUS1 server is configured via a Group Policy object as the Windows Update server to provide up-to-date security patches and other approved critical updates for the client computers.

 

Your organization wants to stop the services not required by the Edge Transport server to protect this server from Internet attacks.

 

What should you do to accomplish the task?

 

 

  1. Migrate WSUS1 from WSUS 2.0 SP1 to WSUS 3.0.
  2. Run the Security Configuration Wizard (SCW) on the Edge Transport server.
  3. Run services.msc on the Edge Transport server.
  4. Run compmgmt.msc from the Services pane on the Edge Transport server.

 

Answer:
B. Run the Security Configuration Wizard (SCW) on the Edge Transport server.

 

Tutorial:
To protect the server from Internet attacks, you should run the Security Configuration Wizard (SCW) on the Edge Transport server to shut down services and block all unneeded ports. The Edge Transport server is installed in the perimeter network outside the Active Directory domain. This server is more vulnerable to Internet attacks and should be secured at multiple levels. Besides running the SCW on the Edge Transport server to shut down unnecessary ports and services, you should also ensure that the external firewall is configured to block all network traffic from reaching the Edge Transport server, with the exception of traffic routed through TCP port 25.

 

You should not migrate the WSUS1 server from WSUS 2.0 SP1 to WSUS 3.0 to shut down unnecessary services and block unneeded ports to protect the Edge Transport server from Internet attacks. Microsoft WSUS 3.0 enables you to deploy the latest Microsoft product updates to computers running Microsoft Windows Server 2003, Windows Server 2008, Windows Vista, Microsoft Windows XP with SP2 and Windows 2000 SP4. The WSUS allows you to manage and distribute updates that are released through Microsoft Update to computers in your organization running the specified operating systems. WSUS also keeps the Windows computers up to date with security patches and other critical updates. WSUS allows you to configure multiple WSUS servers if you have multiple locations. One central WSUS server can be used to connect to the Internet for downloading and approving updates, and WSUS servers in other locations can connect to the central WSUS server to download the approved updates. This method is useful if a single site has a faster connection to the Internet. In this scenario, you should run the SCW to shut down services and block all ports that are not required to protect the server from Internet attacks.

 

You should not run services.msc on the Edge Transport server to stop the unnecessary services. This would require you to manually select each service to be closed, which consumes more time and administrative effort than running SCW. Additionally, you will require the name of each of the specific services to be shut down. In this scenario, you should run the SCW to shut down services and block all ports that are not required to protect the server from Internet attacks.

 

You should not run compmgmt.msc from the Services pane on the Edge Transport server to stop the unnecessary services. This will require you to manually select each service to be closed, which will consume unneeded time and administrative effort. Additionally, you will require the name of each particular service to be shut down on the Exchange server. In this scenario, you should run the SCW to shut down services and block all ports that are not required to protect the server from Internet attacks.

 

Reference:
Microsoft TechNet > Using the Security Configuration Wizard to Secure Windows for Exchange Server Roles

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: