Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is
Windows Server 2003.
You have a domain outside the forest named adatum.com.
You need to configure an access solution to meet the following requirements:
Users in adatum.com must be able to access resources in contoso.com.
Users in adatum.com must be prevented from accessing resources in fabrikam.com.
Users in both contoso.com and fabrikam.com must be prevented from accessing resources in adatum.com.
What should you create?
A. a one-way realm trust from contoso.com to adatum.com
B. a one-way realm trust from adatum.com to contoso.com
C. a one-way external trust from contoso.com to adatum.com
D. a one-way external trust from adatum.com to contoso.com
The contoso domain must trust the adatum domain.
Note: In a One-way: incoming trust, users in your (trusted) domain can be authenticated in the other (trusting) domain. Users in the other domain cannot be
authenticated in your domain.
A, B: Use realm trusts to form a trust relationship between a non-Windows Kerberos realm and a Windows Server domain.
D: The resources that are to be shared are in the contoso domain.
References: Trust types