nerdexam
ExamsCAS-002Questions#343
CompTIA

CAS-002 · Question #343

CAS-002 Question #343: Real Exam Question with Answer & Explanation

The correct answer is D: They should use the username format: [email protected], together with a. When two AD forests share a trust relationship, users authenticate to cross-domain resources using the UPN format ([email protected]) so the authentication layer can route the request to the correct domain.

Question

Two separate companies are in the process of integrating their authentication infrastructure into a unified single sign-on system. Currently, both companies use an AD backend and two factor authentication using TOTP. The system administrators have configured a trust relationship between the authentication backend to ensure proper process flow. How should the employees request access to shared resources before the authentication integration is complete?

Options

  • AThey should logon to the system using the username concatenated with the 6-digit code
  • BThey should logon to the system using the newly assigned global username:
  • CThey should use the username format: LAN\first.lastname together with their original
  • DThey should use the username format: [email protected], together with a

Explanation

When two AD forests share a trust relationship, users authenticate to cross-domain resources using the UPN format ([email protected]) so the authentication layer can route the request to the correct domain.

Common mistakes.

  • A. Concatenating the username with the 6-digit TOTP code in a single field is not a recognized authentication format and would break both the directory lookup and the TOTP validation flow.
  • B. Newly assigned global usernames are not yet available because the SSO integration is still in progress and unified accounts have not been provisioned.
  • C. The legacy NETBIOS format DOMAIN\username does not traverse inter-organizational AD trust boundaries as reliably as UPN and is not suited for cross-forest authentication scenarios.

Concept tested. Active Directory cross-domain authentication using UPN format

Reference. https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-user-principal-names

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice