Identity with Windows Server 2016 — Question 38

Your network contains an Active Directory forest named contoso.com.
A partner company has a forest named fabrikam.com. Each forest contains one domain.
You need to provide access for a group named Research in fabrikam.com to resources in contoso.com. The solution must use the principle of least privilege.
What should you do?

Answer options

• A. Create an external trust from fabrikam.com to contoso.com. Enable Active Directory split permissions in fabrikam.com.
• B. Create an external trust from contoso.com to fabrikam.com. Enable Active Directory split permissions in contoso.com.
• C. Create a one-way forest trust from contoso.com to fabrikam.com that uses selective authentication.
• D. Create a one-way forest trust from fabrikam.com to contoso.com that uses selective authentication.

Correct answer: C

Explanation

The correct answer is C because creating a one-way forest trust from contoso.com to fabrikam.com with selective authentication allows only the Research group to access specific resources, maintaining the principle of least privilege. Options A and B do not establish the trust in the correct direction and do not utilize selective authentication effectively. Option D creates the trust in the opposite direction, which does not meet the requirements of providing access from fabrikam.com to contoso.com.