What should you do?

You work as an enterprise administrator at Domain.com. The Domain.com network consists of a single Active Directory domain named Domain.com. All servers on the Domain.com network
run Windows Server 2008.
Domain.com has its headquarters in Miami and quite a few branch offices in the region. The branch offices at Domain.com each contain a RODC. Due to lack of man power in one of the branch offices, you have relocated a few users to that branch office. The users need to logon in to the branch office and need to authenticate over the WAN link to the information center.
What should you do? (Choose all that apply)

A.
The best option is to add the users to the Log On Locally security policy of the Default Domain Controllers Policy GPO.

B.
The best option is to add the users to the Allowed RODC Password Replication Group.

C.
The best option is to use the Prepopulate Passwords.

D.
The best option is to add the users to the Password Replication Policy tab of the branch office RODC.

Explanation:
You should use the Password Replication Policy tab. This will identify the credentials that can be cached by RODC. Prepopulating the credentials will ensure that the RODC is able to authenticate the users. Doing this will result in the fact that the users wont need to forward the authentication to the data center on the WAN link.
Incorrect Answers:
A: The users do not need the permission to log on locally to the branch office domain controller.