DRAG DROP
Your network contains two Active Directory forests named contoso.com and adatum.com. All
domain controllers run Windows Server 2012 R2.
A federated trust exists between adatum.com and contoso.com. The trust provides adatum.com
users with access to contoso.com resources.
You need to configure Active Directory Federation Services (AD FS) claim rules for the federated
trust.
The solution must meet the following requirements:
In contoso.com, replace an incoming claim type named Group with an outgoing claim type named
Role.
In adatum.com, allow users to receive their tokens for the relying party by using their Active
Directory group membership as the claim type.
The AD FS claim rules must use predefined templates.
Which rule types should you configure on each side of the federated trust?
To answer, drag the appropriate rule types to the correct location or locations. Each rule type may
be used once, more than once, or not at all. You may need to drag the split bar between panes or
scroll to view content.
Answer: 
Explanation:
* Acceptance transform rule set
A set of claim rules that you use on a particular claims provider trust to specify the incoming claims
that will be accepted from the claims provider organization and the outgoing claims that will be sent
to the relying party trust.
Used on: Claims provider trusts
* Issuance Authorization Rule Set
A set of claim rules that you use on a relying party trust to specify the claims that will be issued to
the relying party.
Used on: Relying party trustsThe Role of Claim Rules
http://technet.microsoft.com/zh-cn/library/ee913586(v=WS.10).aspx
Pretty sure this is:
Claims Provider: Acceptance Transformation Rule
Relying Party: Issuance Transformation Rule
The definition in the answer is incorrect.
Check the link, read the chart at the bottom.
0
0
It seems that you are right.
0
0
Issuance Transform Rule Set
A set of claim rules that you use on a relying party trust to specify the claims that will be issued to the relying party.
The incoming claims that will be used to source this rule set, will initially be the claims that are output by the acceptance transform rules.
0
0
Wait No. Sorry, the answer provided look right.
The questions says “allow users to receive their tokens for the relying party”
In this case Authorization Rule is used for tokens:
Issuance Authorization Rule Set
A set of claim rules that you use on a relying party trust to specify the users that will be permitted to receive a token for the relying party.
These rules determine whether a user can receive claims for a relying party and, therefore, access to the relying party.
Unless you specify an issuance authorization rule, all users will be denied access by default.
0
0
Joe says:
July 20, 2015 at 4:40 pm
The 2 domains do not matter in this example, you just need to know that the claims provider trust is set on the relying party and the relying party trust is set on the claims provider.
The relying party ‘accepts’ connections from the claims provider. The only rule that the claims provider trusts can be given is the acceptance transform rule (this is the only one that can be configured for the claims provider trust)
The claims provider tells users that they are authorized to connect to the relying party, therefore the relying party trust uses the issuance authorization rule (it issues the authorization to the users)
0
0
Agreed
0
0