ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security engineer must allow employees authenticated in the company's on-premises Active Directory (AD) forest to seamlessly sign in to Windows instances that are joined to an AWS Managed Microsoft AD directory. Management stipulates that only corporate identities should reach AWS resources and that no identities or services hosted in AWS may access on-premises network resources through the trust. Given these requirements, which trust configuration should the engineer implement between the two forests?
Establish a two-way, transitive forest trust between AWS Managed Microsoft AD and the on-premises AD forest.
Create a one-way, non-transitive outgoing forest trust from AWS Managed Microsoft AD to the on-premises AD forest.
Configure a one-way, non-transitive incoming forest trust on AWS Managed Microsoft AD so that the on-premises AD forest is the trusting domain.
Deploy a shortcut trust to enable direct Kerberos referrals between the two forests in both directions.
A one-way, non-transitive outgoing forest trust created from AWS Managed Microsoft AD to the on-premises AD forest meets the requirements. In AWS trust terminology, an "outgoing" trust means the AWS directory (the trusting domain) trusts the external on-premises forest (the trusted domain). As a result, user accounts from the on-premises forest can be authenticated to access resources in the AWS directory, while principals that reside in AWS cannot traverse the trust in the opposite direction to reach on-premises resources. A two-way or incoming trust would either allow bidirectional access or restrict access in the wrong direction, violating management's mandate. Shortcut trusts cannot be created between separate forests and would not satisfy the requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a forest trust in Active Directory?
Open an interactive chat with Bash
What does 'one-way, non-transitive outgoing forest trust' mean?
Open an interactive chat with Bash
Why are shortcut trusts not applicable between separate forests?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .