Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The main office contains domain
controllers that run Windows Server 2012. The branch office contains a read-only domain controller
(RODC) that runs Windows Server 2012.
You need to recommend a solution to control which Active Directory attributes are replicated to the
RODC.
What should you include in the recommendation?
A.
The partial attribute set
B.
The filtered attribute set
C.
Application directory partitions
D.
Constrained delegation
Explanation:
RODC filtered attribute set
Some applications that use AD DS as a data store might have credential-like data (such as passwords,
credentials, or encryption keys) that you do not want to be stored on an RODC in case the RODC is
compromised.
For these types of applications, you can dynamically configure a set of attributes in the schema for
domain objects that will not replicate to an RODC. This set of attributes is called the RODC filtered
attribute set. Attributes that are defined in the RODC filtered attribute set are not allowed to replicate to
any RODCs in the forest.
AD DS: Read-Only Domain Controllers
https://technet.microsoft.com/en-us/library/cc732801(v=ws.10).aspx