Securing Windows Server 2016 — Question 51
Your network contains an Active Directory forest named contoso.com. You deploy another Active Directory forest named admin.contoso.com.
You create a trust relationship between the two forests. The trust relationship has the following configurations:
✑ SID history is disabled
✑ SID filtering is disabled
You need to implement Privileged Access Management (PAM) and to specify admin.contoso.com as an administrative forest. What should you do?
Answer options
- A. Run netdom.exe and specify the /quarantine switch.
- B. Enable SID filtering on the trust.
- C. Run netdom.exe and specify the /transitive switch.
- D. Enable SID history on the trust.
Correct answer: C
Explanation
The correct response is to run netdom.exe with the /transitive switch, as this will enable the transitive trust necessary for PAM. The other options are incorrect because enabling SID filtering would restrict access, running netdom with /quarantine is not relevant to establishing PAM, and enabling SID history is not required in this scenario.