What should you recommend?

Your network consists of one Active Directory forest named contoso.com. The functional level of the
contoso.com forest is Windows Server 2008. The network contains seven servers that run Internet
Information Services (IIS) 7.0 and host Web services. Remote users from a partner company access
the Web services through HTTPS. The partner company has a separate Active Directory forest named
fabrikam.com. The functional level of the fabrikam.com forest is Windows Server 2003. You need to
recommend an authentication solution for the fabrikam.com users. The solution must meet the
following requirements:
All communications between both forests must use only HTTPS.
Remote users must only authenticate once to access all Web services.
Users from fabrikam.com must access the Web services by using user accounts in the
fabrikam.com forest.
What should you recommend?

Your network consists of one Active Directory forest named contoso.com. The functional level of the
contoso.com forest is Windows Server 2008. The network contains seven servers that run Internet
Information Services (IIS) 7.0 and host Web services. Remote users from a partner company access
the Web services through HTTPS. The partner company has a separate Active Directory forest named
fabrikam.com. The functional level of the fabrikam.com forest is Windows Server 2003. You need to
recommend an authentication solution for the fabrikam.com users. The solution must meet the
following requirements:
All communications between both forests must use only HTTPS.
Remote users must only authenticate once to access all Web services.
Users from fabrikam.com must access the Web services by using user accounts in the
fabrikam.com forest.
What should you recommend?

A.
Implement Client Certificate Mapping Authentication on the IIS servers.

B.
Implement Microsoft Identity Lifecycle Manager (ILM) 2007 on the contoso.com forest.

C.
Implement a forest trust between the contoso.com and the fabrikam.com forests. Configure the
forest trust to use Selective Authentication.

D.
Implement Active Directory Federation Services (AD FS) in the contoso.com forest. Create a
federation trust between the contoso.com forest and the fabrikam.com forest.

Explanation:
You can use Active Directory Federation Services (ADFS) to enable efficient and secure online
transactions between Partner organizations that are joined by federation trust relationships. You can
establish federation trust relationships between two partner organizations when both of the
organizations deploy at least one ADFS federation server and they configure their Federation Service
settings appropriately. In this case, you need to configure Active Directory Federation Services (AD
FS) in the Contoso.com forest so that the users of TechMasters.com can access web services from
the network of Contoso.com. You can then configure a federation trust between the Contoso.com
and the Fabrikam.com forests so that the authentication can be performed by using user accounts in
the Fabrikam.com for the remote users of the company to access all Web services on Contoso.com.
Active Directory Federation Services Role

http://technet2.microsoft.com/windowsserver2008/en/library/f5e12c1f-a3fa-453d-98cebe29352afaca1033.mspx?mfr=true
Federation trusts
http://technet2.microsoft.com/windowsserver/en/library/b38aa1ad-f9a3-45b1-ba72-
a62f22ae748a1033.mspx?mfr=true



Leave a Reply 0

Your email address will not be published. Required fields are marked *