What should you do?

– by 1

Your network contains an Active Directory forest named contoso.com.
A partner company has a forest named fabrikam.com. Each forest contains one domain.
You need to provide access for a group named Research in fabrikam.com to resources in contoso.com. The solution must use the principle of least privilege.
What should you do?
A. Create an external trust from fabrikam.com to contoso.com. Enable Active Directory split permissions in fabrikam.com.
B. Create an external trust from contoso.com to fabrikam.com. Enable Active Directory split permissions in contoso.com.
C. Create a one-way forest trust from contoso.com to fabrikam.com that uses selective authentication.
D. Create a one-way forest trust from fabrikam.com to contoso.com that uses selective authentication.

microsoft-exams

One thought on “What should you do?

  1. 120given answer C is correct.

    https://technet.microsoft.com/en-us/library/cc794713.apsx
    When you create a new trust in an existing forest in Active Directory Domain Services (AD DS), all communications over that trust are tightly secured.
    The default security configuration of Selective Authentication mode of a forest trust is to prevent all users of fabrikam.com to access any resources in contoso.com, this adheres the Principal of least privilege.
    I.T. administrators of contoso,com must later implement a few “allow” permissions for the Research group in the fabrikam.com forest to access part of the resources in contoso.com.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.