Exam 70-742 topic 1 question 80 discussion

We have resources in contoso.com and a group in fabrikam.com. The domain/forest that holds the resources needs to trust the domain that holds the users/groups. The TRUSTING forest creates the trust towards the TRUSTED forest. So in this case, contoso needs to trust fabrikam. We create a trust from contoso to fabrikam, stating that specific users (selective authentication) in fabrikam are trusted to resources in contoso. You then use ACL’s in contoso to determine which resources those are.

More like an english test...

we need to trust them to access resources in our domain. C

Contoso has to TRUST Fabrikam. Trust is outgoing... 'we trust them'

Resource holding domain/forest = Trusting Users/Group holding domain/forest = Trusted Since the solution must use the principle of least privilege We only need to create a one way trust from Trusting(contoso.com) to Trusted(fabrikam.com).

Answer is: C. Create a one-way forest trust from contoso.com to fabrikam.com that uses selective authentication.

the answer is correct https://technet.microsoft.com/en-us/library/cc794713.apsx When you create a new trust in an existing forest in Active Directory Domain Services (AD DS), all communications over that trust are tightly secured. The default security configuration of Selective Authentication mode of a forest trust is to prevent all users of fabrikam.com to access any resources in contoso.com, this adheres the Principal of least privilege. I.T. administrators of contoso,com must later implement a few "allow" permissions for the Research group in the fabrikam.com forest to access part of the resources in contoso.com.

For more detail, to create this trust relationship the settings are needed in both the trust domain and the trusted domin. In the trust domin "One-way:outgoing" should be set and int the trusted domin "One-way:incoming" should be set.