Which schema attribute properties should you recommend modifying?


You need to recommend a solution that meets the security requirements.
Security Requirements
A new branch office will open in Chicago. The new branch office will have a single read-only domain controller
(RODC). Confidential attributes must not be replicated to the Chicago office.
Which schema attribute properties should you recommend modifying?


You need to recommend a solution that meets the security requirements.
Security Requirements
A new branch office will open in Chicago. The new branch office will have a single read-only domain controller
(RODC). Confidential attributes must not be replicated to the Chicago office.
Which schema attribute properties should you recommend modifying?

A.
isCriticalSystemObject

B.
searchFlags

C.
schemaFlagsEx

D.
isIndexed

Explanation:
Applies To: Windows Server 2008, Windows Server 2012 This topic includes procedures for adding an attribute
to the filtered attribute set (FAS) for a readonly domain controller (RODC) and marking the attribute as
confidential data. You can perform these proceduresto exclude specific data from replicating to RODCsin the
forest. Because the data is not replicated to any RODCs, you can be assured that the data will not be revealed
to an attacker who manages to successfully compromise an RODC. In most cases, adding an attribute to the
RODC FAS is completed by the developer of the application that added the attribute to the schema.
· Determine and then modify the current searchFlagsvalue of an attribute · Verify that an attribute is added to
the RODC FAS
-Determine and then modify the current searchFlags value of an attribute To add an attribute to an RODC FAS,
you must first determine the current searchFlags value of the attribute that you want to add, and thenset the
following values for searchflags:
· To add the attribute to the RODC FAS, set the 10th bit to 0x200. · To mark the attribute as confidential, set
the 7th bit to 0x080.
http://technet.microsoft.com/en-us/library/cc754794(v=ws.10).aspx



Leave a Reply 0

Your email address will not be published. Required fields are marked *