PdfPrep.com

What should you recommend?

A company named Contoso, Ltd. has an Azure Active Directory (Azure AD) tenant that is integrated with Microsoft Office 365 and an Azure subscription.

Contoso has an on-premises identity infrastructure. The infrastructure includes servers that run Active Directory Domain Services (AD DS), Active Directory Federation Services (AD FS), Azure AD Connect, and Microsoft Identity Manager (MIM).

Contoso has a partnership with a company named Fabrikam, Inc. Fabrikam has an Active Directory forest and an Office 365 tenant. Fabrikam has the same on-premises identity infrastructure as Contoso.

A team of 10 developers from Fabrikam will work on an Azure solution that will be hosted in the Azure subscription of Contoso. The developers must be added to the Contributor role for a resource in the Contoso subscription.

You need to recommend a solution to ensure that Contoso can assign the role to the 10 Fabrikam developers. The solution must ensure that the Fabrikam developers use their existing credentials to access resources.

What should you recommend?
A . Configure an AD FS claims provider trust between the AD FS infrastructures of Fabrikam and Contoso.
B . In the Azure AD tenant of Contoso, enable Azure Active Directory Domain Services (Azure AD DS). Create a one-way forest trust that uses selective authentication between the Active Directory forests of Contoso and Fabrikam.
C . In the Azure AD tenant of Contoso, create guest accounts for the Fabrikam developers.
D . In the Azure AD tenant of Contoso, create cloud-only user accounts for the Fabrikam developers.

Answer: B

Explanation:

Trust configurations – Configure trust from managed forests(s) or domain(s) to the administrative forest

* A one-way trust is required from production environment to the admin forest.

* Selective authentication should be used to restrict accounts in the admin forest to only logging on to the appropriate production hosts.

Reference: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing­privileged-access-reference-material

Exit mobile version