You need to recommend a solution that meets the security req
uirements.
Which schema attribute properties should you recommend modifying?
A. isIndexed
B. searchFlags
C. isCriticalSystemObject
D. schemaFlagsEx
Explanation:
*Scenario: Confidential attributes must not be replicated to the Chicago
office.
* Applies To: Windows Server 2008, Windows Server 2012
This topic includes procedures for adding an attribute to the filtered attribute set (FAS) for a read-only domain controller (RODC) and marking the attribute as confidential data. You can perf
orm these procedures to exclude specific data from replicating to RODCs in the forest.
Because the data is not replicated to any RODCs, you can be assured that the data will not be revealed to an attacker who manages to successfully compromise an RODC. In
most cases, adding an attribute to the RODC FAS is completed by the developer of the application that added the attribute to the schema.
Determine and then modify the current search Flags value of an attribute
Verify that an attribute is added to the RODC
FAS
Determine and then modify the current search Flags value of an attribute
To add an attribute to an RODC FAS, you must first determine the current search Flags value of the attribute that you want to add, and then set the following values for search fla
gs:
To add the attribute to the RODC FAS, set the 10th bit to 0x200.
To mark the attribute as confidential, set the 7th bit to 0x080.
References:
http://technet.microsoft.com/en-us/library/cc754794(v=ws.10).aspx