Your network contains two forests named contoso.com and fabrikam.com.
The functional level of all the domains is Windows Server 2003.
The functional level of both forests is Windows 2000.
You need to create a trust between contoso.com and fabrikam.com.
The solution must ensure that users from contoso.com can only access the servers in fabrikam.com that have the Allowed to Authenticate permission set.
What should you do?
To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order.
Build List and Reorder:
Correct Answer:
Explanation/Reference:
Still not really sure whether an external trust or forest trust is needed here. Just left it as it is.
Reference:
http://technet.microsoft.com/en-us/library/cc787623.aspx
Selective authentication over an external trust restricts access to only those users in a trusted domain who have been explicitly given authentication permissions to computer objects (resource computers) that reside in the trusting domain. To explicitly give authentication permissions to computer objects in the trusting domain to certain users, administrators must grant those users the Allowed to Authenticate permission in Active Directory.