ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company operates an on-premises Active Directory forest named contoso.com and has just acquired a subsidiary running its own forest, fabrikam.com. To reduce administrative overhead, the directory services team creates a two-way transitive forest trust between the two forest root domains. Which outcome should they expect from this design choice?
Passwords will traverse the link in clear text, making IPsec tunnels mandatory whenever a transitive trust is in place.
Only the two forest root domains trust each other; administrators must still configure individual one-way trusts for every child domain.
Authentication between the forests will require separate user credentials because transitive trusts do not support Kerberos ticketing across realms.
Users in any child domain of either forest can be authenticated for resources in the other forest without defining extra domain-level trusts.
A transitive trust automatically extends the trust path through all domains that descend from each trusted root. When the administrators configure a two-way transitive forest trust between contoso.com and fabrikam.com, any child domain in either forest inherits the trust. As a result, authentication requests can traverse the trust path so users in any child domain of one forest can be validated by a domain controller in the other forest without creating additional, explicit trusts.
By contrast, limiting trust to root domains (the incorrect option) would describe a non-transitive trust. Kerberos authentication is fully supported across transitive trusts, so separate credentials are unnecessary, and passwords are never sent in clear text; standard Kerberos encryption remains in effect. Mandatory IPsec tunnels are not required solely because of the trust type, though they might be used for other security reasons.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a two-way transitive forest trust in Active Directory?
Open an interactive chat with Bash
How does Kerberos function in a transitive trust setup?
Open an interactive chat with Bash
What is the difference between transitive and non-transitive trusts?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .