AZ-800 Exam - Question 35

Question

HOTSPOT-Your network contains two Active Directory forests and a domain trust as shown in the following exhibit. The domain trust has the following configurations:•	Name: adatum. com•	Type: External•	Direction: One-way, outgoing•	Outgoing trust authentication level: Domain-wide authenticationThe forests contain the users shown in the following table. The forests contain the network shares shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Examice · Accepted Answer

.

AlexKL · Answer

I think the answer is correct. Since Share3 trusts User1, so User1 can assign permission for Share3. As per Microsoft: "A one-way trust is a unidirectional authentication path created between two domains (trust flows in one direction, and access flows in the other). This means that in a one-way trust between a trusted domain and a trusting domain, users or computers in the trusted domain can access resources in the trusting domain. However, users in the trusting domain cannot access resources in the trusted domain. Some one-way trusts can be either nontransitive or transitive, depending on the type of trust being created."
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759554(v=ws.10)?redirectedfrom=MSDN

skycrap · Answer

I think that the answer should be: No - No - Yes.
user1 --> Share3: No because it is an outgoing domain trust from east.contoso.com
user2 --> Share1: No, no trust relationship between adatum and contoso domains
User3  Share1: Yes because of the outgoing trust with Adatum domain

MR_Eliot · Answer

Correct Answers:
1. [YES]
-> There is an Outgoing trust, So we trust Adatum. Since this is forest trust, child domain, also can assign permissions to Adatum users.

2. [NO]
-> Type trust is outgoint to Adatum. Only Adatum users can sign-in to Contoso forest.

3. [NO]
-> Type trust is outgoint to Adatum. Only Adatum users can sign-in to Contoso forest.

Tiago_MP · Answer

Yes
No
No

That is based on the description, not in the pic, see:
https://www.tech-faq.com/understanding-trust-relationships.html

MAKH83 · Answer

If we take this as a trust relation between 2 neighbours, then:
An outgoing trust means that you give your key to your neighbor, so they can enter your home and use your resources. You are the trusting domain, and your neighbor is the trusted domain. You trust them to access your home, but you cannot access theirs. Taking this example, Adatum.com is the trusting domain and east.contoso.com is the trusted domain. As east.contoso.com is trusted, it can access resources in adatum.com but not the other way around.

DE5 · Answer

To make this a little bit more clear. First the Alex hase absolutley right, the arror on the diagram is represent who trust who, not who connect to, show  the east.contoso.com trust the adatum.com and that means the users from adatum.com can have access at resourses  o the east.

Bolo92 · Answer

valid 27.11.23

MichalGr · Answer

Add on the exhibit u1/s1 @adatum.com - u2/s2 @contoso.com - u3/s3 @east.contoso.com and keep in mind that users in the trusted domain can access resources in the trusting domain, but not the other way around.

zimek1908 · Answer

description and picture doesnt match this is why people are arguing.

sardonique · Answer

Direction of access is the opposite of direction of trust. so if east.contoso.com one way trusts Adatum.com, that means that adatum users can access east.contoso.com resources, however not the other way around since it is a 1 way trust. There is an implicit trust between all domains within the same forests, so east.contoso and contoso trust each other, thus giving users of both domains the techinical ability to access their respective resources.

AZ-800 Exam - Question 35

Discussion