ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-800 All Questions

View all questions & answers for the AZ-800 exam
Go to Exam

Exam AZ-800 topic 1 question 22 discussion

Actual exam question from Microsoft's AZ-800
Question #: 22
Topic #: 1
[All AZ-800 Questions]

Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The forest root domain contains a server named server1.contoso.com.
A two-way forest trust exists between the contoso.com forest and an AD DS forest named fabrikam.com. The fabrikam.com forest contains 10 child domains.
You need to ensure that only the members of a group named fabrikam\Group1 can authenticate to server1.contoso.com.
What should you do first?

  • A. Add fabrikam\Group1 to the local Users group on server1.contoso.com.
  • B. Enable SID filtering for the trust.
  • C. Enable Selective authentication for the trust.
  • D. Change the trust to a one-way external trust.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by RungBaaz at Sept. 15, 2022, 11:49 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
empee1977
Highly Voted 2 years, 4 months ago
Selected Answer: C
Selective authentication is a feature that allows administrators to control which users from a trusted domain can access resources in a trusting domain. To meet your requirement of allowing only members of fabrikam\Group1 to authenticate to server1.contoso.com, you would need to enable selective authentication for the trust between contoso.com and fabrikam.com and then configure it to allow authentication for only members of fabrikam\Group1. This way, only members of fabrikam\Group1 would be able to access server1.contoso.com, while other users from the fabrikam.com forest would be denied access.
upvoted 8 times
...
monisshk
Most Recent 10 months, 2 weeks ago
Selected Answer: C
This question is valid Exam date - 27-07-2024
upvoted 2 times
...
MR_Eliot
1 year, 8 months ago
Selected Answer: C
C for sure. no explanation needed.
upvoted 3 times
...
Returnerwesley
1 year, 12 months ago
the answer should be A cause we only need to give Group1 the permission
upvoted 2 times
JoeBob8912
9 months, 1 week ago
With a 2 way forest trust, all users in any of the domains and child domains of each forest can already authenticate with each other by default. So, we don't need to give anyone any more permissions, we just need to strip away permission from anyone that is not Group 1. To do that we have to enable selective authentication.
upvoted 1 times
...
...
leegend
2 years ago
Got this question 28-5-23
upvoted 1 times
...
syu31svc
2 years, 2 months ago
Selected Answer: C
https://itconnect.uw.edu/tools-services-support/it-systems-infrastructure/msinf/authn/trusts/netid-trust-implications/#:~:text=About%20Selective%20Authentication&text=Administrators%20must%20explicitly%20grant%20the,those%20users%20to%20login%20to. By choosing ‘selective authentication’, users from the trusted domain are not members of the dynamic ‘Authenticated Users’ group. Administrators must explicitly grant the ‘allowed to authenticate’ permission on the AD computer object to the users/groups in the trusted domain for each computer object (in the trusting domain) you want to allow those users to login to. Answer is C
upvoted 4 times
...
raulgar
2 years, 4 months ago
I think answer A is more accurrate
upvoted 3 times
...
Jawad1462
2 years, 7 months ago
Selected Answer: C
Is the correct answer
upvoted 4 times
...
vaaws
2 years, 8 months ago
C Selective authentication restricts access over an external or forest trust to only those users in a trusted domain or forest who have been explicitly given authentication permissions to computer objects (resource computers) residing in the trusting domain or forest. This authentication setting must be manually enabled. Note: When a two way Forest Trust is created between Forest A and Forest B, all domains in Forest A will trust all domains in Forest B and vice versa.
upvoted 4 times
...
ScarfaceRecords
2 years, 8 months ago
the answer should be A
upvoted 4 times
...
edykss
2 years, 8 months ago
Why A? C - Selective authentication in a forest trust enables you to limit which users and groups from the trusted domain are able to authenticate.
upvoted 3 times
SFM1993
2 years, 2 months ago
I'd say A by the fact that we're only told that group1 needs to be able to authenticate to server1, but not told that all other authentications from the trusted forest should be disallowed
upvoted 4 times
...
...
RungBaaz
2 years, 8 months ago
Should Be A.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel