Your network consists of one Active Directory domain. All domain controllers run either Windows Server 2008 R2 or Windows Server 2003 SP2. A custom application stores passwords in Active Directory. You plan to deploy read-only domain controllers (RODCs) on the network.
You need to prevent custom application passwords from being replicated to the ROOCs.
What should you do?
A.
Upgrade the schema master to Windows Server 2008 R2. Configure a fine-gained password policy.
B.
Upgrade the infrastructure master to Windows Server 2008 R2. Mark the custom application password attribute as confidential.
C.
Upgrade all domain controllers to Windows Server 2008 R2. Add the custom application password attribute to the RODC filtered attribute set and mark the attribute as confidential.
D.
Upgrade all domain controllers to Windows Server 2008 R2. Set the functional level of the forest and the domain to Windows Server 2008 R2. Configure a fine-grained password policy