What should you recommend?

Posted by: Pdfprep Category: AZ-301 Tags: , ,

A company named Contoso, Ltd. has an Azure Active Directory (Azure AD) tenant that is integrated with Microsoft Office 365 and an Azure subscription.

Contoso has an on-premises identity infrastructure. The infrastructure includes servers that run Active Directory Domain Services (AD DS), Active Directory Federation Services (AD FS), Azure AD Connect, and Microsoft Identity Manager (MIM).

Contoso has a partnership with a company named Fabrikam, Inc. Fabrikam has an Active Directory forest and an Office 365 tenant. Fabrikam has the same on-premises identity infrastructure as Contoso.

A team of 10 developers from Fabrikam will work on an Azure solution that will be hosted in the Azure subscription of Contoso. The developers must be added to the Contributor role for a resource group in the Contoso subscription.

You need to recommend a solution to ensure that Contoso can assign the role to the 10 Fabrikam developers. The solution must ensure that the Fabrikam developers use their existing credentials to access resources.

What should you recommend?
A . Configure an AD FS relying party trust between the Fabrikam and Contoso AD FS infrastructures.
B . Configure an organization relationship between the Office 365 tenants of Fabrikam and Contoso.
C . In the Azure AD tenant of Contoso, create guest accounts for the Fabrikam developers.
D . Configure a forest trust between the on-premises Active Directory forests of Contoso and Fabrikam.

Answer: D

Explanation:

Trust configurations – Configure trust from managed forests(s) or domain(s) to the administrative forest

– A one-way trust is required from production environment to the admin forest.

– Selective authentication should be used to restrict accounts in the admin forest to only logging on to the appropriate production hosts.

References:

https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged­access-reference-material

Leave a Reply

Your email address will not be published.