Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is
Windows Server 2003.
You have a domain outside the forest named litwareinc.com.
You need to configure an access solution to meet the following requirements:
– Users in litwareinc.com must be able to access resources on a server named Server1 in contoso.com.
– Users in the contoso.com forest must be prevented from accessing any resources in litwareinc.com.
– Users in litwareinc.com must be prevented from accessing any other resources in the contoso.com forest.
Which three actions should you perform? (Each correct answer presents part of the solution.
A. Configure SID filtering on the trust.
B. Configure forest-wide authentication on the trust.
C. Create a one-way forest trust.
D. Create a one-way external trust
E. Modify the permission on the Server1 object.
F. Configure selective authentication on the trust.
D (not C): litwareinc.com is outside the forest so we need an external trust (not a forest trust).
E: Must grant the required permissions on Server1.
F (not B): Forexternal trust we must either select Domain-Wide or Selective Authentication (forst-wide authentication is not an option)
* You can create an external trust to form a one-way or two-way, nontransitive trust with domains that are outside your forest. External trusts are sometimes
necessary when users need access to resources in a Windows NT 4.0 domain or in a domain that is located in a separate forest that is not joined by a forest trust.
/ To select the scope of authentication for users that areauthenticating through a forest trust, click the forest trust that you want toadminister, and then click
On the Authentication tab, click either Forest-wide authentication or Selective authentication.
/ To select the scope of authentication forusers that are authenticating through an external trust,
click the external trust that you want to administer, and then click Properties .
On the Authentication tab, click either Domain-wide authentication or Selective authentication.
* The forest-wide authentication setting permits unrestricted access by any users in the trusted forest to all available shared resources in any of the domains in the
* Forest-wide authentication is generally recommended for users within the same organization.