Exam AZ-800 All QuestionsBrowse all questions from this exam
Go to Exam
Question 35

HOTSPOT

-

Your network contains two Active Directory forests and a domain trust as shown in the following exhibit.

The domain trust has the following configurations:

• Name: adatum.com

• Type: External

• Direction: One-way, outgoing

• Outgoing trust authentication level: Domain-wide authentication

The forests contain the users shown in the following table.

The forests contain the network shares shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
AlexKL

I think the answer is correct. Since Share3 trusts User1, so User1 can assign permission for Share3. As per Microsoft: "A one-way trust is a unidirectional authentication path created between two domains (trust flows in one direction, and access flows in the other). This means that in a one-way trust between a trusted domain and a trusting domain, users or computers in the trusted domain can access resources in the trusting domain. However, users in the trusting domain cannot access resources in the trusted domain. Some one-way trusts can be either nontransitive or transitive, depending on the type of trust being created." https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759554(v=ws.10)?redirectedfrom=MSDN

skycrap

Spot on. I agree.

skycrap

I think that the answer should be: No - No - Yes. user1 --> Share3: No because it is an outgoing domain trust from east.contoso.com user2 --> Share1: No, no trust relationship between adatum and contoso domains User3  Share1: Yes because of the outgoing trust with Adatum domain

skycrap

Change: YES - NO - NO as AlexKL explained.

Shnash

Good Boy....

DanielRO

You are right. The picture is wrong. The connection is One-way, outgoing. Outgoing not Incoming.

MR_Eliot

Correct Answers: 1. [YES] -> There is an Outgoing trust, So we trust Adatum. Since this is forest trust, child domain, also can assign permissions to Adatum users. 2. [NO] -> Type trust is outgoint to Adatum. Only Adatum users can sign-in to Contoso forest. 3. [NO] -> Type trust is outgoint to Adatum. Only Adatum users can sign-in to Contoso forest.

MR_Eliot

SHARE3: EAST.CONTOSO -> USER1: Adatum domain (OUTGOING TRUST) => GRANTED so TRUE SHARE1: ADATUM.com -> USER2: Contoso domain (NO TRUST) => ACCESS NOT GRANTED so FALSE -> USER3: EAST.Contoso domain (OUTGOING TRUST) => NOT GRANDED so FALSE

DE5

To make this a little bit more clear. First the Alex hase absolutley right, the arror on the diagram is represent who trust who, not who connect to, show the east.contoso.com trust the adatum.com and that means the users from adatum.com can have access at resourses o the east.

MAKH83

If we take this as a trust relation between 2 neighbours, then: An outgoing trust means that you give your key to your neighbor, so they can enter your home and use your resources. You are the trusting domain, and your neighbor is the trusted domain. You trust them to access your home, but you cannot access theirs. Taking this example, Adatum.com is the trusting domain and east.contoso.com is the trusted domain. As east.contoso.com is trusted, it can access resources in adatum.com but not the other way around.

MAKH83

So Answer should be No, No, Yes

MAKH83

Had another look at this and actually i agree its No-No-Yes.

Tiago_MP

Yes No No That is based on the description, not in the pic, see: https://www.tech-faq.com/understanding-trust-relationships.html

sardonique

Direction of access is the opposite of direction of trust. so if east.contoso.com one way trusts Adatum.com, that means that adatum users can access east.contoso.com resources, however not the other way around since it is a 1 way trust. There is an implicit trust between all domains within the same forests, so east.contoso and contoso trust each other, thus giving users of both domains the techinical ability to access their respective resources.

zimek1908

description and picture doesnt match this is why people are arguing.

MichalGr

Add on the exhibit u1/s1 @adatum.com - u2/s2 @contoso.com - u3/s3 @east.contoso.com and keep in mind that users in the trusted domain can access resources in the trusting domain, but not the other way around.

Bolo92

valid 27.11.23