X

AZ-800 / Q35 / T1

  • 11 views
Exam
Microsoft AZ-800
HOTSPOT
Answer confirmed
Exam Topics Questions
Question

Your network contains two Active Directory forests and a domain trust as shown in the following exhibit.

The domain trust has the following configurations:

  • Name: adatum.com
  • Type: External
  • Direction: One-way, outgoing
  • Outgoing trust authentication level: Domain-wide authentication

The forests contain the users shown in the following table.

The forests contain the network shares shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Proposed answer

Suggested answer

Correct answer

The suggested answer is correct

  • Y - User1.adatum.com from trusted domain accessing \\east.contoso.com\Share3 in trusting domain
  • N - User2.contoso.com is from untrusted domain accessing \\adatum.com\Share1 in untrusting domain
  • N - User3.east.contoso.com trusting domain accessing \\adatum.com\Share1 trusted domain (One way trust, Accessing share in wrong direction)

Reference

Comments
AlexKL

Highly Voted 1 year, 5 months ago 

I think the answer is correct. Since Share3 trusts User1, so User1 can assign permission for Share3. As per Microsoft: "A one-way trust is a unidirectional authentication path created between two domains (trust flows in one direction, and access flows in the other). This means that in a one-way trust between a trusted domain and a trusting domain, users or computers in the trusted domain can access resources in the trusting domain. However, users in the trusting domain cannot access resources in the trusted domain. Some one-way trusts can be either nontransitive or transitive, depending on the type of trust being created." 

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759554(v=ws.10)?redirectedfrom=MSDN

upvoted 14 times 

skycrap

1 year, 5 months ago 

Spot on. I agree.

upvoted 4 times 

skycrap

Highly Voted 1 year, 5 months ago 

I think that the answer should be: No - No - Yes. 

  • user1 --> Share3: No because it is an outgoing domain trust from east.contoso.com
  • user2 --> Share1: No, no trust relationship between adatum and contoso domains
  • User3 --> Share1: Yes because of the outgoing trust with Adatum domain

upvoted 10 times 

skycrap

1 year, 5 months ago 

Change: YES - NO - NO as AlexKL explained.

upvoted 8 times 

Shnash

1 year, 3 months ago 

Good Boy....

upvoted 4 times 

DanielRO

1 year, 3 months ago 

You are right. The picture is wrong. The connection is One-way, outgoing. Outgoing not Incoming.

upvoted 2 times 

Ksk08

Most Recent 3 weeks, 6 days ago 

Answer: No No YES

upvoted 1 times 

sardonique

4 months ago 

Direction of access is the opposite of direction of trust. so if east.contoso.com one way trusts Adatum.com, that means that adatum users can access east.contoso.com resources, however not the other way around since it is a 1 way trust. There is an implicit trust between all domains within the same forests, so east.contoso and contoso trust each other, thus giving users of both domains the techinical ability to access their respective resources.

upvoted 1 times 

zimek1908

4 months, 3 weeks ago 

description and picture doesnt match this is why people are arguing.

upvoted 1 times 

DE5

6 months ago 

To make this a little bit more clear. First the Alex hase absolutley right, the arror on the diagram is represent who trust who, not who connect to, show the east.contoso.com trust the adatum.com and that means the users from adatum.com can have access at resourses o the east.

upvoted 3 times 

MichalGr

7 months, 1 week ago 

Add on the exhibit u1/s1 @adatum.com - u2/s2 @contoso.com - u3/s3 @east.contoso.com and keep in mind that users in the trusted domain can access resources in the trusting domain, but not the other way around.

upvoted 1 times 

Bolo92

11 months, 3 weeks ago 

valid 27.11.23

upvoted 1 times 

MAKH83

12 months ago 

If we take this as a trust relation between 2 neighbours, then: An outgoing trust means that you give your key to your neighbor, so they can enter your home and use your resources. You are the trusting domain, and your neighbor is the trusted domain. You trust them to access your home, but you cannot access theirs. Taking this example, Adatum.com is the trusting domain and east.contoso.com is the trusted domain. As east.contoso.com is trusted, it can access resources in adatum.com but not the other way around.

upvoted 2 times 

MAKH83

12 months ago 

Had another look at this and actually i agree its No-No-Yes.

upvoted 1 times 

MAKH83

12 months ago 

So Answer should be No, No, Yes

upvoted 1 times 

MR_Eliot

1 year, 2 months ago 

Correct Answers: 

  • 1. [YES] -> There is an Outgoing trust, So we trust Adatum. Since this is forest trust, child domain, also can assign permissions to Adatum users.
  • 2. [NO] -> Type trust is outgoint to Adatum. Only Adatum users can sign-in to Contoso forest.
  • 3. [NO] -> Type trust is outgoint to Adatum. Only Adatum users can sign-in to Contoso forest.

upvoted 7 times 

MR_Eliot

1 year, 1 month ago 

  • SHARE3: EAST.CONTOSO -> USER1: Adatum domain (OUTGOING TRUST) => GRANTED so TRUE
  • SHARE1: ADATUM.com -> USER2: Contoso domain (NO TRUST) => ACCESS NOT GRANTED so FALSE
  • USER3: EAST.Contoso domain (OUTGOING TRUST) => NOT GRANDED so FALSE

upvoted 3 times 

Tiago_MP

1 year, 3 months ago 

Yes No No That is based on the description, not in the pic, see: https://www.tech-faq.com/understanding-trust-relationships.html

upvoted 2 times

 

Related exam questions

AZ-800 / Q35 / T1

Your network contains two Active Directory forests and a domain trust as shown in the following exhibit.

AZ-800 / Q8 / T5

Your network contains an Active Directory Domain Services (AD DS) domain named adatum.com. The domain contains a file server named Server1 and three users named User1, User2, and User3.

AZ-800 / Q10 / T5

Your network contains an Active Directory Domain Services (AD DS) domain named adatum.com. The domain contains a server named Server1 and the users shown in the following table.