Your network contains two Active Directory forests named contoso.com and adatum.com. Active  Directory Rights Management Services （AD RMS） is deployed in contoso.com. An AD RMS  trusted user domain （TUD） exists between contoso.com and adatum.com.     From the AD RMS logs， you discover that some clients that have IP addresses in the  adatum.com forest are authenticating as users from contoso.com.     You need to prevent users from impersonating contoso.com users.     What should you do（）

• A、Configure trusted e-mail domains.
• B、Enable lockbox exclusion in AD RMS.
• C、Create a forest trust between adatum.com and contoso.com.
• D、Add a certificate from a third-party trusted certification authority （CA）.