Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
34 Cards in this Set
- Front
- Back
|
First step in setting up TLS and Edge security
|
install edge transport srvr and ensure hub and edge can talk via DNS resolution
|
|
|
second step -
|
create edge subscription file
|
|
|
thrid step
|
move sub file to hub and import into hub transport server
|
|
|
ensure you have __ b/n hub and edge transport servers
|
FWDN
|
|
|
ports that need to be open
|
LDAP: 50389/TCP
Secure LDAP: 50636/TCP |
|
|
what ldap used for
|
bind AD LDS
|
|
|
what secure LDAP used for
|
directory sync
|
|
|
where is edge transport server deployed
|
perimeter network
|
|
|
how ensure that ET and HT can resolve DNS?
|
Use a DNS server that has manually configured A record for ET or HT server
|
|
|
aside from DNS, how else can you ensure resolution?
|
Create host record in HOST file
|
|
|
how to test for edge synchronization?
|
use cmdlet
test-edgesynchronization |
|
|
how often is config data synched?
|
1 hour
|
|
|
how often recip data syncd?
|
4 hours
|
|
|
how to force edgesync?
|
start-edgesynchronization
|
|
|
how change sync intervals?
|
set-edgesyncservice
|
|
|
what happens to manually added items, like send connectors when you establish an edge sync?
|
these are lost.
|
|
|
what does TLS use to secure comms
|
encryption
|
|
|
what is TLS used for
|
secure server to server comms (i.e., hub to hub transport)
|
|
|
where is does exc use TLS by default?
|
internal message transfers
|
|
|
what is opportunistic TLS?
|
used for external hosts by default. Exc attempts to connect via TLS then defaults to SMTP
|
|
|
What is MTLS
|
Mutual TLS. enforces TLS between external orgs
|
|
|
how is mutual tls diff from tls?
|
in tls, the receiving server is authd
in mTLS both are authd via certificate. |
|
|
what is best cert for MTLS?
|
thirdparty certs
|
|
|
first step MTLS config
|
obtain and install cert
|
|
|
secnd step mtls config
|
set-transportconfig to spec domain you want secure email to
|
|
|
3rd step mtls config
|
config ht default send connector
|
|
|
4th step MTLS
|
set-transportconfig to spec domain you want to receive email from
|
|
|
5th step MTLS config
|
configure the ET receive connector
|
|
|
what cmdlet will import certs
|
import-exchangecertificates
|
|
|
TLSSendDomainSecureList
|
domains you want to secure TLS to
|
|
|
limitations of tls
|
just protects information in motion
does not protect once in inbox only encrypts one hop |
|
|
what soln to protect data at rest
|
s/MIME
IRM |
|
|
what smIME
|
messages encrypted by users
|
|
|
what is IRM
|
allows add control using AD rights management i.e., prevent forwarding, etc.
|
