I am currently preparing this exam and getting very frustated with the errors on the pratice exam I have. Here is a typical one.
You are the network administrator for Certkiller. The company consists of two subsidiaries named Contoso, Ltd, and City Power & Light. The network contains two Active Directory forests named contoso.com and cpand1.com. The functional level of each forest is Windows Server 2003. A two-way forest trust relationship exists between the forests. You need to achieve the following goals: • Users in the contoso.com forest must be able to access all resources in the cpand1.com forest. • Users in the cpand1.com forest must be able to access only resources on a server named HRApps.contoso.com. You need to configure the forest trust relationship and the resources on HRApps.contoso.com to achieve the goals. Which three actions should you take? (Each correct answer presents part of the solution. Choose three)
A. On a domain controller in the contoso.com forest, configure the properties of the incoming forest trust relationship to use selective authentication.
B. On a domain controller in the contoso.com forest, configure the properties of the incoming forest trust relationship to use forest-wide authentication.
C. On a domain controller in the cpand1.com forest, configure the properties of the incoming forest trust relationship to use selective authentication.
D. On a domain controller in the cpand1.com forest, configure the properties of the incoming forest trust relationship to use forest-wide authentication.
E. Modify the discretionary access control list (DACLs) on HRApps.contoso.com to allow access to the Other Organization security group.
F. Modify the discretionary access control lists (DACLs) on HRApps.contoso.com to deny access to This Organization security group.
The correct answer in several sources are A, D, E. My choice is B, C, E.
Here is why: Trust direction is Resource trust Account (Resource-->Account). Trust properies under Incoming trusts is domains where account resides. Question is: Users in the contoso.com forest must be able to access all resources in the cpand1.com forest. Trust is cpand1.com trust Contoso.com. So you'd need to setup the incoming trust on Contoso.com which is B. And for Users in the cpand1.com forest must be able to access only resources on a server named HRApps.contoso.com., you'd need to setup incoming trust on cpand1.com to allow access of selective resouces on contoso.com.
Maybe I studied too much lately and lost my clear mind. Can someone please share your thoughts? very much appricated.
You are the network administrator for Certkiller. The company consists of two subsidiaries named Contoso, Ltd, and City Power & Light. The network contains two Active Directory forests named contoso.com and cpand1.com. The functional level of each forest is Windows Server 2003. A two-way forest trust relationship exists between the forests. You need to achieve the following goals: • Users in the contoso.com forest must be able to access all resources in the cpand1.com forest. • Users in the cpand1.com forest must be able to access only resources on a server named HRApps.contoso.com. You need to configure the forest trust relationship and the resources on HRApps.contoso.com to achieve the goals. Which three actions should you take? (Each correct answer presents part of the solution. Choose three)
A. On a domain controller in the contoso.com forest, configure the properties of the incoming forest trust relationship to use selective authentication.
B. On a domain controller in the contoso.com forest, configure the properties of the incoming forest trust relationship to use forest-wide authentication.
C. On a domain controller in the cpand1.com forest, configure the properties of the incoming forest trust relationship to use selective authentication.
D. On a domain controller in the cpand1.com forest, configure the properties of the incoming forest trust relationship to use forest-wide authentication.
E. Modify the discretionary access control list (DACLs) on HRApps.contoso.com to allow access to the Other Organization security group.
F. Modify the discretionary access control lists (DACLs) on HRApps.contoso.com to deny access to This Organization security group.
The correct answer in several sources are A, D, E. My choice is B, C, E.
Here is why: Trust direction is Resource trust Account (Resource-->Account). Trust properies under Incoming trusts is domains where account resides. Question is: Users in the contoso.com forest must be able to access all resources in the cpand1.com forest. Trust is cpand1.com trust Contoso.com. So you'd need to setup the incoming trust on Contoso.com which is B. And for Users in the cpand1.com forest must be able to access only resources on a server named HRApps.contoso.com., you'd need to setup incoming trust on cpand1.com to allow access of selective resouces on contoso.com.
Maybe I studied too much lately and lost my clear mind. Can someone please share your thoughts? very much appricated.