One of the remote branch officesis running a Windows Server 2008 read only domain controller (RODC).
For security reasons you don’t want some critical credentials like (passwords, encryption keys) to be
stored on RODC.
What should you do so that these credentials are not replicated to any RODC’s in the forest?
(Select 2)
A.
Configure RODC filtered attribute set on the server
B.
Configure RODC filtered set on the server that holds Schema Operations Master role.
C.
Delegate local administrative permissions for an RODC to any domain user without granting that user any
user rights for the domain
D.
Configure forest functional level server for Windows server 2008 to configure filtered attribute set.
E.
None of the above
Explanation:
Reference:
http://technet.microsoft.com/en-us/library/cc753223.aspx
Adding attributes to the RODC filtered attribute set
The RODC filtered attribute set is a dynamic set ofattributes that is not replicated to any RODCs in the
forest. You can configure the RODC filtered attribute seton a schema masterthat runs Windows Server
2008. When the attributes are prevented from replicating to RODCs, that data cannot be exposed
unnecessarily if an RODC is stolen or compromised.
A malicious user who compromises an RODC can attempt to configure it in such a way that it tries to replicate
attributes that are defined in the RODC filtered attribute set. If the RODC tries to replicate those attributes from
a domain controller that is running Windows Server 2008, the replication request is denied. However, if the
RODC tries to replicate those attributes from a domain controller that is running Windows Server 2003,the
replication request could succeed.
Therefore, as a security precaution, ensure that forest functional level is Windows Server 2008if you plan to
configure the RODC filtered attribute set. When theforest functional level is Windows Server 2008, anRODC
that is compromised cannot be exploited in this manner because domain controllers that are running Windows
Server 2003 are not allowed in the forest.