What should you include in your design?

Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.

Your company and an external partner plan to collaborate on a project. The external partner has an Active Directory domain that contains Windows Server 2008 R2 domain controllers.

You need to design a collaboration solution that meets the following requirements:

– Allows users to prevent sensitive documents from being forwarded to untrusted recipients or from being printed.
– Allows users in the external partner organization to access the protected content to which they have been granted rights.
– Sends all interorganizational traffic over port 443.
– Minimizes the administrative effort required to manage the external users.

What should you include in your design?

Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.

Your company and an external partner plan to collaborate on a project. The external partner has an Active Directory domain that contains Windows Server 2008 R2 domain controllers.

You need to design a collaboration solution that meets the following requirements:

– Allows users to prevent sensitive documents from being forwarded to untrusted recipients or from being printed.
– Allows users in the external partner organization to access the protected content to which they have been granted rights.
– Sends all interorganizational traffic over port 443.
– Minimizes the administrative effort required to manage the external users.

What should you include in your design?

A.
Establish a federated trust between your company and the external partner. Deploy a Windows Server 2008 R2 server that has Microsoft SharePoint Foundation 2010 installed.

B.
Establish a federated trust between your company and the external partner. Deploy a Windows Server 2008 R2 server that runs Microsoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD RMS) role installed.

C.
Establish an external forest trust between your company and the external partner. Deploy a Windows Server 2008 R2 server that has the Active Directory Certificate Services server role installed. Implement Encrypting File System (EFS).

D.
Establish an external forest trust between your company and the external partner. Deploy a Windows Server 2008 R2 server that has the Active Directory Rights Management Service (AD RMS) role installed and Microsoft SharePoint Foundation 2010 installed.

Explanation:
MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration:

Active Directory Federation Services

You can create forest trusts between two or more Windows Server 2008 forests (or Windows Server 2008 and Windows Server 2003 forests). This provides cross-forest access to resources that are located in disparate business units or organizations. However, forest trusts are sometimes not the best option, such as when access across organizations needs to be limited to a small subset of individuals. Active Directory Federation Services (AD FS) enables organizations to allow limited access to their infrastructure to trusted partners. AD FS acts like a cross-forest trust that operates over the Internet and extends the trust relationship to Web applications (a federated trust). It provides Web single-sign-on (SSO) technologies that can authenticate a user over the life of a single online session. AD FS securely shares digital identity and entitlement rights (known asclaims) across security and enterprise boundaries.

Windows Server 2003 R2 introduced AD FS and Windows Server 2008 expands it. New AD FS features introduced in Windows Server 2008 include the following:
Improved application supportWindows Server 2008 integrates AD FS with Microsoft Office SharePoint Server 2007 and Active Directory Rights Management Services (AD RMS).
Improved installationAD FS is implemented in Windows Server 2008 as a server role. The installation wizard includes new server validation checks.
Improved trust policyImprovements to the trust policy import and export functionality help to minimize configuration issues that are commonly associated with establishing federated trusts.

AD FS extends SSO functionality to Internet-facing applications. Partners experience the same streamlined SSO user experience when they access the organizations Web-based applications as they would when accessing resources through a forest trust. Federation servers can be deployed to facilitate businessto-business (B2B) federated transactions.

AD FS provides a federated identity management solution that interoperates with other security products by conforming to the Web Services Federation(WS-Federation) specification. This specification makes it possible for environments that do not use Windows to federate with Windows environments. It also provides an extensible architecture that supports the Security Assertion Markup Language (SAML) 1.1 token type and Kerberos authentication. AD FS can perform claim mappingfor example, modifying claims using business logic variables in an access request. Organizations can modify AD FS to coexist with their current security infrastructure and business policies.

Finally, AD FS supports distributed authentication and authorization over the Internet. You can integrate it into an organizations existing access management solution to translate the claims that are used in the organization into claims that are agreed on as part of a federation. AD FS can create, secure, and verify claims that move between organizations. It can also audit and monitor the communication activity between organizations and departments to help ensure secure transactions.



Leave a Reply 0

Your email address will not be published. Required fields are marked *