What should you create?

Your network contains an Active Directory forest. The forest contains two domains named
contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003.
You have a domain outside the forest named adatum.com.
You need to configure an access solution to meet the following requirements:
* Users in adatum.com must be able to access resources in contoso.com.
* Users in adatum.com must be prevented from accessing resources in fabrikam.com.
* Users in both contoso.com and fabrikam.com must be prevented from accessing resources in
adatum.com.
What should you create?

Your network contains an Active Directory forest. The forest contains two domains named
contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003.
You have a domain outside the forest named adatum.com.
You need to configure an access solution to meet the following requirements:
* Users in adatum.com must be able to access resources in contoso.com.
* Users in adatum.com must be prevented from accessing resources in fabrikam.com.
* Users in both contoso.com and fabrikam.com must be prevented from accessing resources in
adatum.com.
What should you create?

A.
a one-way realm trust from contoso.com to adatum.com

B.
a one-way realm trust from adatum.com to contoso.com

C.
a one-way external trust from contoso.com to adatum.com

D.
a one-way external trust from adatum.com to contoso.com

Explanation:
The contoso domain must trust the adatum domain.
Note: In a One-way: incoming trust, users in your (trusted) domain can be authenticated in the other
(trusting) domain. Users in the other domain cannot be authenticated in your domain.
Incorrect:
Not A, not B. Use realm trusts to form a trust relationship between a non-Windows Kerberos realm
and a Windows Server domain.
Not D. The resources that are to be shared are in the contoso domain.

Trust types

Show Hint

Leave a Reply 10

Your email address will not be published. Required fields are marked *

4 × two =

kurt

kurt

simple. if u dont know this. dont do the exam.

Reply

Kobain

Kobain

Good job Kurt!

Try being more proactive and explain the answer rather than slinging open ended statements.

This is a test blog and not a “How the F*CK do I feel today” blog.

Reply

Ricky

Ricky

Triggered.

Reply

Ricky

Ricky

On a serious note, Kurt actually commented in a lot of questions with useful info. Kobain on the other hand…..

Reply

kurt

kurt

One way trusting domain -> trusted domain.

Reply

MegaTron

MegaTron

Answer is D

Contoso is site “A” and Adatum is site “B”.

You need to create a one-way external trust from site B to A. This will allow site B to access resources on site A. Site A will not be allowed to access site B resources until a two-way trust is created.

https://technet.microsoft.com/en-us/library/cc731404(v=ws.11).aspx
https://technet.microsoft.com/en-us/library/cc771568(v=ws.11).aspx

Reply

kyo

kyo

You actually need to create the external trust from the domain that’s providing the resource. In our case, adatum users need to access resources in contoso.

The given answer is correct.

Reply

Net-Ninja

Net-Ninja

This is one of those microsoft confusing terminologies!
To help me remember which direction access solution inclines I use:
“Trusting – Trusted” (my Access solution Formular! :))
Where:
Contoso domain(Trusting site) = Site with resources to be accessed and,
Adatum domain (Trusted site) = Site with security principles (e.g. users, computers and groups)

i.e. Contoso(Trusting)—->Adatum(Trusted)
So to create a one-way external trust from contoso I just use my default formula above.

That means if I create the one-way external trust from contoso to adatum, the sec-principles in Adatum will have access to resources in contoso.

Reply

hasan

hasan

Thanks Net-Ninja for easy explanation

Reply