Administering Windows Server Hybrid Core Infrastructure (AZ-800) Practice

How should a trust between an ESAE forest and a production forest be configured?

• A. One-way with forest-wide authentication
• B. One-way with selective authentication
• C. Two-way with full authentication
• D. One-way with no authentication

The correct answer is: One-way with selective authentication

Configuring a trust between an ESAE (Enhanced Security Administrative Environment) forest and a production forest requires a selective authentication setup. This approach is crucial because it allows for more controlled access, ensuring that only specific resources or users from the production forest can authenticate to the ESAE forest. Selective authentication enhances security by preventing unauthorized access to sensitive resources in the ESAE forest, which is primarily focused on administrative tasks and requires higher security. With selective authentication, the ESAE forest can limit which accounts from the production forest can access resources in the ESAE environment. In contrast, a trust with forest-wide authentication would grant all users from the production forest access to the ESAE forest, which could pose significant security risks. It is also important to note that a one-way trust means that only one direction is permitted for authentication; the ESAE forest trusts the production forest, but not vice versa. This setup further enhances security by ensuring that control is maintained over who can access administrative features within the ESAE forest. As a best practice, utilizing selective authentication in a one-way trust facilitates a balance between accessibility and security, making it the preferred configuration for such scenarios.