In adatum.com, you install and configure a server that has the AD FS...

Discussion in '70-414' started by Dms2701, Mar 20, 2016.

  1. Dm

    Dms2701 Member
    Member

    Joined:
    Feb 21, 2016
    Messages:
    14
    Likes Received:
    0
    In adatum.com, you install and configure a server that has the Active Directory Federation
    Services server role and all of the AD FS role services installed.
    You need to recommend which AD FS configurations must be performed m adatum.com to meet
    the security requirements.

    Which configurations should you recommend before creating a trust policy?

    A. Export the server authentication certificate and provide the certificate to Trey Research.
    Import the token-signing certificate from Trey Research.

    B. Export the server authentication certificate and provide the certificate to Trey Research.
    Import the server authentication certificate from Trey Research.

    C. Export the token-signing certificate and provide the certificate to Trey Research.
    Import the server authentication certificate from Trey Research.

    D. Export the token-signing certificate and provide the certificate to Trey Research.
    Import the token-signing certificate from Trey Research

    Does anyone have any references for this answer or explanations?
     
  2. Dm

    Dms2701 Member
    Member

    Joined:
    Feb 21, 2016
    Messages:
    14
    Likes Received:
    0

    Dear visitor, you need to Register or Login to view links on Certify Chat.

    In adatum.com, you install and configure a server that has the Active Directory Federation
    Services server role and all of the AD FS role services installed.
    You need to recommend which AD FS configurations must be performed m adatum.com to meet
    the security requirements.

    Which configurations should you recommend before creating a trust policy?

    A. Export the server authentication certificate and provide the certificate to Trey Research.
    Import the token-signing certificate from Trey Research.

    B. Export the server authentication certificate and provide the certificate to Trey Research.
    Import the server authentication certificate from Trey Research.

    C. Export the token-signing certificate and provide the certificate to Trey Research.
    Import the server authentication certificate from Trey Research.

    D. Export the token-signing certificate and provide the certificate to Trey Research.
    Import the token-signing certificate from Trey Research

    Does anyone have any references for this answer or explanations?
    Click to expand...
    Anyone with any knowledge on this?
     
  • gluemaker

    gluemaker Member
    Member

    Joined:
    Feb 4, 2016
    Messages:
    36
    Likes Received:
    2
    I'm going out on a limb here but I'll say D. This quote:

    "A token-signing certificate with the common name set to “TreyResearch - AD FS token signing certificate”; after installing this certificate, you must export it using the DER encoded binary X.509 format to a file named TreyResearch_ADFS_TS.cer."

    from here:
    https://technet.microsoft.com/en-us/library/ee256071(v=ws.10).aspx

    You might give that entire page a read and see what you think. Hope this helps!
     
  • mu

    mubarak Member
    Member

    Joined:
    Nov 12, 2015
    Messages:
    23
    Likes Received:
    0
    my option is B

    Reference : under the security requirement, users from trey research must be able to access App2 by using credentials from treyresearch.com
     
  • Er

    Ergis Member
    Member

    Joined:
    Dec 14, 2015
    Messages:
    31
    Likes Received:
    0
    So which is the right Answer?
     
  • BluAlien

    BluAlien Member
    Member

    Joined:
    Nov 5, 2015
    Messages:
    47
    Likes Received:
    4
    I Think it's
    A. Export the server authentication certificate and provide the certificate to Trey Research.
    Import the token-signing certificate from Trey Research.


    The entire procedure is explained in the two MS Article

    Dear visitor, you need to Register or Login to view links on Certify Chat.


    Dear visitor, you need to Register or Login to view links on Certify Chat.



    The recap of all the procedure is here (I did a substitution of original forest names, with the ones of the case):

    • Create a server authentication certificate for adf server web (Adatum FS Web)
    • Export the token-signing certificate from adfsaccount (ADFS Server for Forest Account - Trey Research) to a file
    • The adfsaccount (Trey Research) token-signing certificate will be imported to adfsresource (ADFS Server for Forest Resource - Adatum) later when the Account Partner Wizard prompts you for the Account Partner Verification Certificate. (See Step 4: Configuring the Federation Servers.) At that time, you access adfsresource (Adatum) over the network to obtain this file.
    • Export the adfsresource (Adatum) server authentication certificate to a file.
    • Because self-signed certificates are used in the scenario that is described in this guide, the server authentication certificate is the root. Therefore, you must establish this trust by exporting the resource federation server (adfsresource) (Adatum) authentication certificate to a file and then importing the file to the Web server (adfsweb) (Adatum Web Server).
    • This certificate must be imported to adfsweb in the next procedure. Therefore, make this file accessible over the network to adfsweb.
    • Import the server authentication certificate for adfsresource to adfsweb
    • On computer client (Forest Account - Trey Research) Import adfsweb, adfsaccount, and adfsresource certificates


    I appreciate any comment, I have my exam in 3 days and I would be more shure a bout this.
    Thanks in advance.
     
  • jerseyyo

    jerseyyo Member
    Member

    Joined:
    Dec 14, 2015
    Messages:
    8
    Likes Received:
    0
    I agree with you BluAlien, am taking mine in a couple weeks and based on those articles it is clear that TreyResearch is the account domain and Adatum is the resource domain.

    Token-signing certificates: "Each federation server uses a token-signing certificate to digitally sign all security tokens that it produces. Because each security token is digitally signed by the account partner, the resource partner can verify that the security token was in fact issued by the account partner and that it was not modified. "

    Dear visitor, you need to Register or Login to view links on Certify Chat.

     
  • Share This Page