ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security engineer is integrating an on-premises Active Directory forest (corp.example.com) with AWS Managed Microsoft AD (aws.example.com) to let workloads in either environment authenticate users and access file shares hosted in the other environment. The engineer must minimize administrative overhead and ensure that Kerberos tickets issued in one forest are accepted in the other without manual account duplication. Which trust configuration in Active Directory best meets these requirements?
Enable selective authentication on a one-way inbound trust from corp.example.com to aws.example.com.
Set up two separate one-way forest trusts, one in each direction between the forests.
Configure one outbound, transitive forest trust from aws.example.com to corp.example.com.
Create a single two-way, transitive forest trust between corp.example.com and aws.example.com.
A bidirectional (two-way) forest trust allows each forest to trust the Kerberos Key Distribution Center (KDC) of the other. Users whose accounts reside in one forest can therefore be authenticated for resources in the other forest, and vice versa, without creating duplicate accounts. A single one-way forest trust, whether inbound or outbound, permits access in only one direction and would prevent resources in the initiating forest from honoring tickets issued by the other forest. Establishing two separate one-way trusts achieves the same result as a single two-way trust but doubles administrative effort. A selective authentication trust limits which users can traverse the trust but still requires choosing one-way or two-way direction; it does not by itself satisfy the bidirectional access requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a two-way, transitive forest trust in Active Directory?
Open an interactive chat with Bash
How does Kerberos authentication work in a multi-forest trust?
Open an interactive chat with Bash
What makes selective authentication less effective for this use case?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .