Troubleshooting Microsoft Exchange Online v1.0 (MS-220)

Page:    1 / 6   
Total 85 questions

DRAG DROP -
A company uses a Microsoft Exchange Server 2019 hybrid environment.
You observe that emails sent from the on-premises users are being journaled. However, the emails from users in Exchange Online are not being journaled.
You need to resolve the issue. You open the Classic Exchange admin center.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.



Answer :

Step 1: Navigate to Compliance Management
Use the classic EAC to create a journal rule
In the EAC, go to Compliance management > Journal rules, and then click Add Add Icon..
In Journal rule, provide a name for the journal rule and then compete the following fields.
Etc.
Step 2: Navigate to Journal Rules.
Step 3: Create journal rules.
Reference: https://docs.microsoft.com/en-us/exchange/security-and-compliance/journaling/manage-journaling

HOTSPOT -
A company uses a Microsoft Exchange Server 2019 hybrid environment. The company is migrating mailboxes to Exchange Online in batches.
You observe that a migration batch did not complete.
You need to identify the mailboxes that were not migrated to Exchange Online.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.



Answer :

Box 1: Get-MigrationUser -
This cmdlet is available in on-premises Exchange and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other.
Use the Get-MigrationUser cmdlet to view information about move and migration users.

Syntax: Get-MigrationUser -
[-BatchId <MigrationBatchIdParameter>]
[-Status <MigrationUserStatus>]
[-StatusSummary <MigrationUserStatusSummary>]
[-DomainController <Fqdn>]
[-ResultSize <Unlimited>]
[-Partition <MailboxIdParameter>]
[<CommonParameters>]
Incorrect:
* Get-MailboxStatistics has no parameter batchID

Box 2: -Status -
The Status parameter returns information about migration users that have the specified status state. Use one of the following values:

Completed -

CompletedWithWarnings -

Completing -

CompletionFailed -

CompletionSynced -

Corrupted -

Failed -

IncrementalFailed -

IncrementalStopped -

IncrementalSynced -

IncrementalSyncing -

Provisioning -

ProvisionUpdating -

Queued -

Removing -

Starting -

Stopped -

Stopping -

Synced -

Syncing -

Validating -

Box 3: Failed -
Incorrect:
* -BatchId
The BatchId parameter specifies the name of the migration batch for which you want to return users.
Reference:
https://docs.microsoft.com/en-us/exchange/mailbox-migration/manage-migration-batches

HOTSPOT -
A company uses a Microsoft Exchange Server 2019 hybrid environment.
A user reports receiving the following error message:
System.Web.Services.Protocols.SoapHeaderException: An error occurred when verifying security for the message
You need to troubleshoot the issue.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.



Answer :

Box 1: Get-FederationTrust -

Cause -
This issue occurs if the certificate, and other metadata information, in the Microsoft Federation Gateway (or in the on-premises environment) becomes outdated or invalid.

Resolution -
To resolve this issue, refresh the metadata by running the Get-FederationTrust | Set-FederationTrust -RefreshMetadata command.

Box 2: Set-FederationTrust -

Box 3: -RefreshMetadata -
Reference: https://docs.microsoft.com/en-us/exchange/troubleshoot/calendars/freebusy-lookups-stop-working

A company uses a Microsoft Exchange Server 2016 hybrid environment. Conference room mailboxes exist in Exchange Server, and user mailboxes exist in Exchange Online.
Users in Exchange Online report that they can only view available times when scheduling meetings with conference room mailboxes in Exchange Server. Users in Exchange Online require the ability to view the subject and location when scheduling meetings with the conference room mailboxes.
You need to troubleshoot the issue for users in Exchange Online.
Which cmdlet should you use?

  • A. Get-IntraOragnizationConfiguration
  • B. Get-AvailabilityAddressSpace
  • C. Get-OrganizationRelationship
  • D. Get-IntraOrganizationConnector


Answer : A

The Get-IntraOrganizationConfiguration mdlet is available in on-premises Exchange and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other.
Use the Get-IntraOrganizationConfiguration cmdlet to view the component settings of a hybrid Exchange deployment.
Note: A hybrid Exchange deployment results in one logical organization made up of a number of physical Exchange instances. Hybrid Exchange environments contain more than one Exchange instance and support topologies like two on-premises Microsoft Exchange forests in an organization, an Exchange on-premises organization and an Exchange Online organization or two Exchange Online organizations.
Incorrect:
* Get-IntraOrganizationConnector
Intra-Organizational connectors enable features and services between divisions in your Exchange organization. It allows for the expansion of organizational boundaries for features and services across different hosts and network boundaries, such as between Active Directory forests, between on-premises and cloud-based organizations, or between tenants hosted in the same or different datacenters.
* Use the Get-OrganizationRelationship cmdlet to retrieve settings for an organization relationship that has been created for federated sharing with other federated Exchange organizations or for hybrid deployments with Exchange Online.
* Use the Get-AvailabilityAddressSpace cmdlet to view existing availability address space objects that are used to share free/busy data across Exchange organizations.
Reference: https://docs.microsoft.com/en-us/powershell/module/exchange/get-intraorganizationconfiguration

HOTSPOT -
A company named Contoso, Ltd. uses a Microsoft Exchange Server 2019 hybrid environment. User mailboxes exist in Exchange Server and in Exchange Online.
Users in Exchange Online report they are unable to view free/busy information for users in Exchange Server. You suspect that the problem is caused by Autodiscover DNS queries. You plan to bypass the Autodiscover process to exclude this as a potential cause.
You need to configure Exchange Online for the on-premises endpoint.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.



Answer :

Box 1: Set-OrganizationRelationShip
Use the Set-OrganizationRelationship cmdlet to modify existing organization relationships. Organization relationships define the settings that are used with external Exchange organizations to access calendar free/busy information or to move mailboxes between on-premises Exchange servers and Exchange Online as part of hybrid deployments.

Box 2: -TargetAutodiscoverEpr -
-TargetAutodiscoverEpr
The TargetAutodiscoverEpr parameter specifies the Autodiscover URL of Exchange Web Services for the external organization, for example, https://contoso.com/autodiscover/autodiscover.svc/wssecurity. Exchange uses Autodiscover to automatically detect the correct Exchange server endpoint to use for external requests.
Incorrect:
* Set-HybridConfiguration
Use the Set-HybridConfiguration cmdlet to modify the hybrid deployment between your on-premises Exchange organization and Exchange Online in a Microsoft 365 for enterprises organization.
Syntax:

Set-HybridConfiguration -
[-ClientAccessServers <MultiValuedProperty>]
[-Confirm]
[-DomainController <Fqdn>]
[-Domains <MultiValuedProperty>]
[-EdgeTransportServers <MultiValuedProperty>]
[-ExternalIPAddresses <MultiValuedProperty>]
[-Features <MultiValuedProperty>]
[-Name <String>]
[-OnPremisesSmartHost <SmtpDomain>]
[-ReceivingTransportServers <MultiValuedProperty>]
[-SecureMailCertificateThumbprint <String>]
[-SendingTransportServers <MultiValuedProperty>]
[-ServiceInstance <Int32>]
[-TlsCertificateName <SmtpX509Identifier>]
[-TransportServers <MultiValuedProperty>]
[-WhatIf]
[<CommonParameters>]
* Set-OnPremisesOrganization
Use the Set-OnPremisesOrganization cmdlet to modify the parameters of the OnPremisesOrganization object on the Microsoft 365 tenant.
Syntax:

Set-OnPremisesOrganization -
[-Identity] <OnPremisesOrganizationIdParameter>
[-Comment <String>]
[-Confirm]
[-HybridDomains <MultiValuedProperty>]
[-InboundConnector <InboundConnectorIdParameter>]
[-OrganizationName <String>]
[-OrganizationRelationship <OrganizationRelationshipIdParameter>]
[-OutboundConnector <OutboundConnectorIdParameter>]
[-WhatIf]
[<CommonParameters>]
Reference: https://docs.microsoft.com/en-us/powershell/module/exchange/set-organizationrelationship

HOTSPOT -
A company is migrating from Microsoft Exchange Server 2019 to Exchange Online.
You need to pause the migration.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.



Answer :

Box 1: Get-MoveRequest -

Example -
Get-MoveRequest -MoveStatus InProgress | Suspend-MoveRequest
This example suspends all move requests that are in progress by using the Get-MoveRequest cmdlet to retrieve all move requests with a MoveStatus value of InProgress and then pipelining the output to the Suspend-MoveRequest cmdlet.

Box 2: InProgress -

Box 3: Suspend-MoveRequest -
Reference: https://docs.microsoft.com/en-us/powershell/module/exchange/suspend-moverequest

A company is migrating to Exchange Online.
You receive the following error message when migrating a public folder batch:
Error (A subscription wasn’t found for this user)
You need to ensure that the migration batch completes.
Which two cmdlets should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Stop-MigrationBatch
  • B. Remove-MigrationBatch
  • C. Complete-MigrationBatch
  • D. Start-MigrationBatch
  • E. Remove-MoveRequest


Answer : A

Use the Stop-MigrationBatch cmdlet to stop the processing of a migration batch that's in progress.
Use the Start-MigrationBatch cmdlet to start a move request or migration batch that was created with the New-MigrationBatch cmdlet.

Note: Cause -
The issue can occur if the public folder mailbox migration request that is associated with the migration user is missing or corrupted.

Resolution -
Stop the migration batch.Note: Terminating the migration batch may take some time to finish.
Make sure that the migration batch has reached the "Stopped" state.
Restart the migration batch. This will re-create the missing public folder migration request.
Reference: https://docs.microsoft.com/en-us/powershell/module/exchange/stop-migrationbatch https://docs.microsoft.com/en-us/powershell/module/exchange/start-migrationbatch https://docs.microsoft.com/en-us/exchange/troubleshoot/migration/subscription-wasnt-found-for-user-error

A company uses Exchange Online.
A user receives a non-delivery report when sending emails to external recipients. You perform a message trace and discover that emails are not being sent from the Exchange environment.
You need to identify the component that is causing the issue.
Which component is causing the issue?

  • A. Anti-spoofing protection
  • B. Connection filter policies
  • C. Anti-phishing protection
  • D. Mail flow rules


Answer : D

In Exchange Online organizations or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, you can use mail flow rules (also known as transport rules) to identify and take action on messages that flow through your organization.
Mail flow rules are similar to the Inbox rules that are available in Outlook and Outlook on the web (formerly known as Outlook Web App). The main difference is mail flow rules take action on messages while they're in transit, not after the message is delivered to the mailbox. Mail flow rules contain a richer set of conditions, exceptions, and actions, which provides you with the flexibility to implement many types of messaging policies.
Reference: https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules

DRAG DROP -
A company has a Microsoft Exchange Server 2019 hybrid environment. The administrator renews the SMTP certificate on the Exchange Server after the certificate expires.
On-premises users report they are unable to receive emails from Exchange Online users.
You need to resolve the issue.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.



Answer :

Get the certificate, and then set both connectors (Send and Receive)
Incorrect:
No need to use wizards.
Reference: https://practical365.com/configuring-the-tls-certificate-name-for-exchange-server-receive-connectors/

HOTSPOT -
You are evaluating the following SPF DMARC values:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.



Answer :

Box 1: No -
p=none - Policy is set to none
sp=reject
Note: The 'p=none' part of the record above specifies the requested policy that mail receivers should apply. A policy of 'none' means this DMARC record won't affect the delivery of your email, but it will provide you with reports on where your outbound email appears to be coming from.
Start with a simple monitoring-mode record for a sub-domain or domain that requests that DMARC receivers send you statistics about messages that they see using that domain. A monitoring-mode record is a DMARC TXT record that has its policy set to none (p=none). Many companies publish a DMARC TXT record with p=none because they're unsure about how much email they may lose by publishing a more restrictive DMARC policy.

Box 2: No -
p=quarantine
sp=reject
How to handle subdomains?
It's important to note that you need to create a separate record for each subdomain as subdomains don't inherit the SPF record of their top-level domain.
A wildcard SPF record (*.) is required for every domain and subdomain to prevent attackers from sending email claiming to be from non-existent subdomains. For example:
*.subdomain.contoso.com. IN TXT "v=spf1 -all"

Box 3: Yes -
p=recect
sp=reject
pct=50
pct=50 indicates that this rule should be used for 50% of email.
Note: How Microsoft 365 handles inbound email that fails DMARC
If the DMARC policy of the sending server is p=reject, Exchange Online Protection (EOP) marks the message as spoof instead of rejecting it. In other words, for inbound email, Microsoft 365 treats p=reject and p=quarantine the same way. Admins can define the action to take on messages classified as spoof within the anti-phishing policy.
Reference: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email

DRAG DROP -
A company uses Exchange Online.
A user reports that an email from a specific sender is quarantined.
You need to review the quarantine details.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.



Answer :

Step 1: Open the Microsoft 365 Defender portal (1 below)
Step 2: Select Email & collaboration (1 below)
Step 3: Select Review (1 below)
Step 4: Select Quarantine.. (1-3 below)
Use the Microsoft 365 Defender portal to manage quarantined email messages

View quarantined email -
In the Microsoft 365 Defender portal at https://security.microsoft.com, go to Email & collaboration > Review > Quarantine. To go directly to the Quarantine page, use https://security.microsoft.com/quarantine.
On the Quarantine page, verify that the Email tab is selected.
You can sort the results by clicking on an available column header. Click Customize columns to change the columns that are shown. The default values are marked with an asterisk (*):
Time received*
Subject*
Etc.
4. To filter the results, click Filter. Etc.
Reference: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files?view=o365-worldwide

A company uses Exchange Online. The company creates a transport rule to append a disclaimer to incoming emails from external senders.
Users report that emails from external senders do not include the disclaimer.
You need to troubleshoot the issue.
What should you do?

  • A. Perform pipeline tracing.
  • B. Review the audit logs.
  • C. Review the message tracking logs.
  • D. Perform a message trace.


Answer : D

Message trace in the modern Exchange admin center (modern EAC) follows email messages as they travel through your Exchange Online organization. You can determine if a message was received, rejected, deferred, or delivered by the service. It also shows what actions were taken on the message before it reached its final status.
Message trace in the modern EAC improves upon the original message trace that was available in the classic Exchange admin center (classic EAC). You can use the information from message trace to efficiently answer user questions about what happened to messages, troubleshoot mail flow issues, and validate policy changes.
Incorrect:
Not C: This applies only to Exchange Server.
The message tracking log is a detailed record of all activity as mail flows through the transport pipeline on Mailbox servers and Edge Transport servers. You can use message tracking for message forensics, mail flow analysis, reporting, and troubleshooting.
Reference: https://docs.microsoft.com/en-us/exchange/monitoring/trace-an-email-message/message-trace-modern-eac https://docs.microsoft.com/en-us/exchange/mail-flow/transport-logs/message-tracking

You review the following data from an extended message trace for an email:

You need to determine the action performed on the email.
Which action was performed when the email was received?

  • A. The email was marked as spam and delivered to the recipient’s Junk Email folder.
  • B. The email was released from the quarantine and was sent to the intended recipients.
  • C. The email skipped spam filtering and was delivered because the sender was in the Allowed Senders list.
  • D. The email skipped spam filtering and was delivered because the source IP address was in the IP Allow list.


Answer : C

IPV=CAL- The message skipped spam filtering because the source IP address was in the IP Allow List.
Note: SFV=SPM indicates that the message is filtered for spam.
SRV=BULK - The message was identified as bulk email by spam filtering and the bulk complaint level (BCL) threshold.
Reference: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-headers

DRAG DROP -
A company uses Exchange Online.
A user opens an email that has an attached zip file.
You need to prevent all zip file attachments from being delivered.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.



Answer :

Step 1: Launch the Exchange admin center.
Step 2: Navigate to Mail flow and create a new rule.
Step 3: Select apply this rule if drop down list and select File extension includes these words.
Step 4: Enter .zip as the file extension to block and select block the message action.
How to reduce malware threats through file attachment blocking in Exchange Online Protection
To create a rule to block attachments that contain executable content in Exchange Online Protection, follow these steps:
Sign in to the Exchange admin center.
Select mail flow, select rules, select New ( ), and then select Create a new rule.
In the Name box, specify a name for the rule, and then select More options.
Under Apply this rule if, point to Any attachment, and then select has executable content near the bottom of the page.
Under Do the following, point to Block the message, and then select the action that you want.
Select save.
Reference: https://docs.microsoft.com/en-us/exchange/troubleshoot/antispam-and-protection/how-to-reduce-malware-threats-via-file-attachment-blocking

DRAG DROP -
A company has a Microsoft Exchange Server 2019 hybrid environment. The Exchange server is configured to use TLS encryption for SMTP.
The TLS encryption certificate expires.
You need to install a new certificate for SMTP on the server.
Which three cmdlets should you use? To answer, move the cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.



Answer :

Step 1: New-ExchangeCertificate -
New-ExchangeCertificate with the GenerateRequest switch.
Create an Exchange Server certificate request for a certification authority.
* You can create new self-signed certificates and configure the certificates for Exchange services in one step.

Or -
* The procedures are the same for an internal CA (for example, Active Directory Certificate Services) or a commercial CA.
Step 2: Import-ExchangeCertificate
Import-ExchangeCertificate - After you receive the certificate file or files from the CA, you install them on the Exchange server.
Complete a pending Exchange Server certificate request
Step 3: Enable-ExchangeCertificate
Assign certificates to Exchange Server services.
Use the Exchange Management Shell to assign a certificate to Exchange services
To assign a certificate to Exchange services, use the following syntax:
Enable-ExchangeCertificate -Thumbprint <Thumbprint> -Services <Service1>,<Service2>... [-Server <ServerIdentity>]
This example assigns the certificate that has the thumbprint value 434AC224C8459924B26521298CE8834C514856AB to the POP, IMAP, IIS, and SMTP services.
Enable-ExchangeCertificate -Thumbprint 434AC224C8459924B26521298CE8834C514856AB -Services POP,IMAP,IIS,SMT
Reference: https://docs.microsoft.com/en-us/exchange/architecture/client-access/certificate-procedures https://docs.microsoft.com/en-us/exchange/architecture/client-access/assign-certificates-to-services

Page:    1 / 6   
Total 85 questions