Your company named Contoso, Ltd. and another company named Fabrikam, Inc. establish a
partnership. The Contoso network consists of one Active Directory forest named contoso.com. The
Fabrikam network consists of one Active Directory forest named fabrikam.com. Users from
contoso.com plan to share files with users from fabrikam.com. You need to prepare the
environment so that users from contoso.com can protect confidential files from being copied or
forwarded to unauthorized users. What should you do?
A.
Create a one-way forest trust from Contoso. Set the NTFS permissions to read-only for all
confidential files.
B.
Create a one-way forest trust from Fabrikam. Set the NTFS permissions to read-only for all
confidential files.
C.
Deploy Active Directory Federation Services (AD FS). Deploy Active Directory Rights Management
Services (AD RMS).
D.
Deploy Active Directory Federation Services (AD FS). Publish the files by using Microsoft Windows
SharePoint Services (WSS).
Explanation:
To prepare an environment for the users of contoso.com so that the users from Contoso.com can
protect their confidential files from being accessed by unauthorized users while they share their
files, you need to deploy Active Directory Federation Services (AD FS) and Active Directory Rights
Management Services (AD RMS) on the Contoso.com network You can use Active Directory
Federation Services (ADFS) to enable efficient and secure online transactions between Partner
organizations that are joined by federation trust relationships. AD RMS helps you to prevent
sensitive information—such as financial reports, product specifications, customer data, and
confidential e-mail messages—from intentionally or accidentally getting into the wrong hands. You
can use AD RMS on applications running on Windows or other operating systems to help safeguard
sensitive information. Rights-protected documents of any kind can be set up for time-restricted
access—and after that author-defined period of time has elapsed, the files can no longer be opened
as the “use license” will have expired.The identity federation support role service is an optional role service in AD RMS that allows
federated identities to consume rights-protected content by using Active Directory Federation
Services
Active Directory Federation Services Role
http://technet2.microsoft.com/windowsserver2008/en/library/f5e12c1f-a3fa-453d-98cebe29352afaca1033.mspx?mfr=true
Active Directory Rights Management Services Overview
http://technet2.microsoft.com/windowsserver2008/en/library/74272acc-0f2d-4dc2-876f-
15b156a0b4e01033.mspx?mfr=true