You need to implement a security solution for the branch offices to meet the following requirements:

Your company has one main office and eight branch offices. Each branch office has one server and
20 client computers. The network consists of one Active Directory domain. All main office domain
controllers run Windows Server 2008. All branch office servers are configured as domain controllers
and run Windows Server 2003 Service Pack 1 (SP1). You need to implement a security solution for
the branch offices to meet the following requirements:
The number of user passwords stored on branch office domain controllers must be minimized.
All files stored on the branch office domain controller must be protected in the event of an offline
attack. What should you do?

Your company has one main office and eight branch offices. Each branch office has one server and
20 client computers. The network consists of one Active Directory domain. All main office domain
controllers run Windows Server 2008. All branch office servers are configured as domain controllers
and run Windows Server 2003 Service Pack 1 (SP1). You need to implement a security solution for
the branch offices to meet the following requirements:
The number of user passwords stored on branch office domain controllers must be minimized.
All files stored on the branch office domain controller must be protected in the event of an offline
attack. What should you do?

A.
Upgrade branch office domain controllers to Windows Server 2008. Enable Windows BitLocker
Drive Encryption (BitLocker).

B.
Replace branch office domain controllers with Windows Server 2008 read-only domain controllers
(RODCs).Enable Windows BitLocker Drive Encryption (BitLocker).

C.
Replace branch office domain controllers with Windows Server 2008 read-only domain controllers
(RODCs).Enable Encrypting File System (EFS) for all server drives.

D.
Add the branch office domain controller computer accounts to the read-only domain controllers
(RODCs) group. Enable Encrypting File System (EFS) for all server drives.

Explanation:
To ensure that only minimum numbers of user passwords are stored on the branch office domain
controllers, you need to replace branch office domain controllers with Windows Server 2008 readonly domain controllers (RODCs) because an RODC can be configured to store only the passwords of
specified users and computers. This limitation reduces the risks in case an RODC is compromised. To
ensure that all files stored on the domain controller must be protected from any kind of an offline
attack, you need to use Windows BitLocker Drive Encryption. BitLocker allows you to encrypt all data
stored on the Windows operating system volume and use the security of using a Trusted Platform
Module (TPM) that helps protect user data and to ensure that a computer running Windows Server
Vista or Server 2008 have not been tampered with while the system was offline.
Active Directory Enhancements in Windows Server 2008
http://windowsitpro.com/articles/print.cfm?articleid=98061
BitLocker Drive Encryption Technical Overview
http://technet2.microsoft.com/windowsserver2008/en/library/a2ba17e6-153b-4269-bc46-
6866df4b253c1033.mspx?mfr=true



Leave a Reply 0

Your email address will not be published. Required fields are marked *