Microsoft Exam 70-413 Topic 3 Question 4 Discussion

As users in the Montreal office is in a separate site, and they need access to only to some of the resources, the File01 file server in New York and the File02 file server in Chicago, we should use a one-way forest trust with selective authentication.

* When you enable the selective authentication feature of a forest trust relationship, users accessing cross-forest resources from one forest cannot authenticate to a domain controller or resource server (e.g., file server, print server) in the other forest unless they are explicitly allowed to do so. Selective authentication lessens the attack surface by restricting the quantity of authentication requests that can pass through an interforest trust.

* From case study:

/ The Montreal site will have its own forest named montreal.proseware.com.

/ Users in the Montreal office must only be allowed to access shares that are located on File01 and File02. The Montreal users must be prevented from accessing any other servers in the proseware.com forest regardless of the permissions on the resources.