How should you configure the authentication?

###BeginCaseStudy###

Testlet 1
Topic 4, A.Datum
Background
General Background
You are a SharePoint administrator for A. Datum Corporation. A. Datum is a large legal firm with offices in Chicago, New York, and London. A. Datum is merging
with a smaller legal firm named Fabrikam, Inc.
Technical Background
A)
Datum has an Active Directory Domain Services (AD DS) domain named adatum.com. The domain contains an Active Directory Rights Management Services
(AD RMS) server.
The A. Datum SharePoint environment includes the sites described in the following table.

The A. Datum SharePoint environment contains two servers that run all SharePoint services. The servers run Windows Server 2012 and are members of the
domain. A third-party file-level antivirus application runs on all servers in the domain. The adatum.com farm uses Microsoft SQL Server 2012 for the SharePoint
databases.
A)
Datum is planning a three-tier SharePoint farm to replace the existing farm. A firewall will be placed between each tier. All servers must be virtualized unless
otherwise specified. The following servers are available for the new SharePoint environment:

All user accounts are stored in and maintained by using Active Directory. The My Site portal and document portal SharePoint sites receive user and group
membership information by using Active Directory synchronization. New users often have to wait more than 24 hours before they can view their user profile
information.
Fabrikam has an AD DS domain named fabrikam.com and a single-server SharePoint environment.

Web Applications
A new remote web application named App1 will be hosted in the adatum.com domain. App1 will require access to SharePoint resources in the fabrikam.com
domain. SharePoint administrators in the fabrikam.com domain must be able to administer App1 by using Windows PowerShell.
Technical Requirements
You must meet the following technical requirements:
Fabrikam users must be able to directly access internal SharePoint resources in the adatum.com domain.
A)
Datum users must not be able to access resources in the fabrikam.com domain.
All documents relating to the merger must contain a barcode, and must be protected from distribution.
Authenticated users must not be prompted for credentials when they access App1.
Users in the adatum.com domain must be able to access all SharePoint sites the same day they receive their Active Directory account credentials.
When a user account is deleted, the user’s personal site collection must automatically be removed within 12 hours.
The antivirus application must not scan SharePoint directories.
When migrating the SharePoint environment, you must meet the following requirements:
The application and database servers must not be accessible from the Internet.
The database servers must accept connections only from the SharePoint servers.
The database servers must be physical machines running Windows Server 2012 with direct access to storage.
The database servers must be configured for redundancy.
All database transaction logs must be sent off-site.
All SharePoint installation prerequisites must be installed offline.

###EndCaseStudy###

You need to configure cross-forest authentication.
How should you configure the authentication? (To answer, drag the appropriate trust element to the correct target in the answer area. Each trust element may be
used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Select and Place:

###BeginCaseStudy###

Testlet 1
Topic 4, A.Datum
Background
General Background
You are a SharePoint administrator for A. Datum Corporation. A. Datum is a large legal firm with offices in Chicago, New York, and London. A. Datum is merging
with a smaller legal firm named Fabrikam, Inc.
Technical Background
A)
Datum has an Active Directory Domain Services (AD DS) domain named adatum.com. The domain contains an Active Directory Rights Management Services
(AD RMS) server.
The A. Datum SharePoint environment includes the sites described in the following table.

The A. Datum SharePoint environment contains two servers that run all SharePoint services. The servers run Windows Server 2012 and are members of the
domain. A third-party file-level antivirus application runs on all servers in the domain. The adatum.com farm uses Microsoft SQL Server 2012 for the SharePoint
databases.
A)
Datum is planning a three-tier SharePoint farm to replace the existing farm. A firewall will be placed between each tier. All servers must be virtualized unless
otherwise specified. The following servers are available for the new SharePoint environment:

All user accounts are stored in and maintained by using Active Directory. The My Site portal and document portal SharePoint sites receive user and group
membership information by using Active Directory synchronization. New users often have to wait more than 24 hours before they can view their user profile
information.
Fabrikam has an AD DS domain named fabrikam.com and a single-server SharePoint environment.

Web Applications
A new remote web application named App1 will be hosted in the adatum.com domain. App1 will require access to SharePoint resources in the fabrikam.com
domain. SharePoint administrators in the fabrikam.com domain must be able to administer App1 by using Windows PowerShell.
Technical Requirements
You must meet the following technical requirements:
Fabrikam users must be able to directly access internal SharePoint resources in the adatum.com domain.
A)
Datum users must not be able to access resources in the fabrikam.com domain.
All documents relating to the merger must contain a barcode, and must be protected from distribution.
Authenticated users must not be prompted for credentials when they access App1.
Users in the adatum.com domain must be able to access all SharePoint sites the same day they receive their Active Directory account credentials.
When a user account is deleted, the user’s personal site collection must automatically be removed within 12 hours.
The antivirus application must not scan SharePoint directories.
When migrating the SharePoint environment, you must meet the following requirements:
The application and database servers must not be accessible from the Internet.
The database servers must accept connections only from the SharePoint servers.
The database servers must be physical machines running Windows Server 2012 with direct access to storage.
The database servers must be configured for redundancy.
All database transaction logs must be sent off-site.
All SharePoint installation prerequisites must be installed offline.

###EndCaseStudy###

You need to configure cross-forest authentication.
How should you configure the authentication? (To answer, drag the appropriate trust element to the correct target in the answer area. Each trust element may be
used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Select and Place:

Answer:

Explanation:
Scenario:
Fabrikam has an AD DS domain named fabrikam.com
Fabrikam users must be able to directly access internal SharePoint resources in the adatum.com domain.
Datum users must not be able to access resources in the fabrikam.com domain.
A)
Datum need to Trust Fabrikam (as Fabrikam need to access resources in A.Datum) so A.Datum is the source and Fabrikam the destination.
A one-way, outgoing, forest trust allows resources in your Windows Server 2008 forest or Windows Server 2003 forest (the forest that you are logged on to at the
time that you run the New Trust Wizard) to be accessed by users in another Windows Server 2008 forest or Windows Server 2003 forest. For example, if you are
the administrator of the wingtiptoys.com forest and resources in that forest need to be accessed by users in the tailspintoys.com forest, you can use this procedure
to establish one side of the relationship so that users in the tailspintoys.com forest can access resources in any of the domains that make up the wingtiptoys.com
forest.
https://technet.microsoft.com/en-us/library/cc794827(v=ws.10).aspx



Leave a Reply 0

Your email address will not be published. Required fields are marked *