Your network contains an Active Directory forest. The forest contains two domains named
contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003.
You have a domain outside the forest named litwareinc.com.
You need to configure an access solution to meet the following requirements:
– Users in litwareinc.com must be able to access resources on a server
named Server1 in contoso.com.
– Users in the contoso.com forest must be prevented from accessing any
resources in litwareinc.com.
– Users in litwareinc.com must be prevented from accessing any other
resources in the contoso.com forest.
Which three actions should you perform? (Each correct answer presents part of the solution.
Choose three.)
A.
Configure SID filtering on the trust.
B.
Configure forest-wide authentication on the trust.
C.
Create a one-way forest trust.
D.
Create a one-way external trust
E.
Modify the permission on the Server1 object.
F.
Configure selective authentication on the trust.
Explanation:
D (not C): litwareinc.com is outside the forest so we need an external trust (not a forest trust).
E: Must grant the required permissions on Server1.
F(not B): For external trust we must either select Domain-Wide or Selective Authentication (forstwide authentication is not an option)
BCE
Note:
* You can create an external trust to form a one-way or two-way, nontransitive trust with domains
that are outside your forest. External trusts are sometimes necessary when users need access to
resources in a Windows NT 4.0 domain or in a domain that is located in a separate forest that is
not joined by a forest trust.
/ To select the scope of authentication for users that are authenticating through a forest trust, click
the forest trust that you want to administer, and then click Properties .
On the Authentication tab, click either Forest-wide authentication or Selective authentication .
/ To select the scope of authentication for users that are authenticating through an external trust,
click the external trust that you want to administer, and then click Properties .
On the Authentication tab, click either Domain-wide authentication or Selective authentication .
* The forest-wide authentication setting permits unrestricted access by any users in the trusted
forest to all available shared resources in any of the domains in the trusting forest.
* Forest-wide authentication is generally recommended for users within the same organization.Select the Scope of Authentication for Users
http://technet.microsoft.com/en-us/library/cc776245(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc755844(v=ws.10).aspx