Home » Microsoft » 70-342 » Which two actions should you perform?
You have a server named Server1 that has Exchange Server 2013 installed.
Users access their mailbox by using Microsoft Outlook 2010 and Outlook Web App.
You need to identify when a mailbox is accessed by someone other than the owner of the mailbox.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Review the security event log.
B. Enable audit logging for all mailboxes.
C. Export the administrator audit log.
D. Run an administrator role group report.
E. Run a non-owner mailbox access report.
Correct Answer: BE
Explanation/Reference:
Explanation:
You have to enable mailbox audit logging for each mailbox that you want to run a non-owner mailbox access report.
The Non-Owner Mailbox Access Report in the Exchange Administration Center (EAC) lists the mailboxes that have been accessed by someone other than the person who owns the mailbox. When a mailbox is accessed by a non-owner, Microsoft Exchange logs information about this action in a mailbox audit log that’s stored as an email message in a hidden folder in the mailbox being audited. Entries from this log are displayed as search results and include a list of mailboxes accessed by a non-owner, who accessed the mailbox and when, the actions performed by the non-owner, and whether the action was successful.
Reference: Run a non-owner mailbox access report
https://technet.microsoft.com/en-us/library/jj150575(v=exchg.150).aspx
