Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as
shown in the following table.
The domain contains two global groups. The groups are configured as shown in the following table.
You need to ensure that the RODC is configured to meet the following requirements:
Cache passwords for all of the members of Branch1Users. Prevent the caching of passwords for the members of Helpdesk.
What should you do?
A.
Modify the password replication policy of RODC1.
B.
Modify the delegation settings of RODC1.
C.
Modify the membership of the Allowed RODC Password Replication group.
D.
Modify the membership of the Denied RODC Password Replication group.
E.
Modify the delegation settings of DC1 and DC2.
F.
Install the BranchCache feature on RODC1.
G.
Create a Password Settings object (PSO) for the Helpdesk group.
H.
Create a Password Settings object (PSO) for the Branch1Users group.
Explanation:
The Password Replication Policy acts as an access control list (ACL). It determines if an RODC should be permitted to cache a password. After the RODC receives
an authenticated user or computer logon request, it refers to the Password Replication Policy to determine if the password for the account should be cached.
Password Replication Policy
I think it should be D. Modify the membership of the Denied RODC Password Replication group.
By adding the helpdesk group to the Denied RODC Password Replication group we prevent helpdesk members from having their passwords stored on the RODC.
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc730883(v=ws.10)
This is kinda a funny one. Yes you would modify the denied RODC password replication group but these are under the password replication policy. I would assume the given answer is correct because of this but I am not positive.
Even in the link in [email protected]‘s comment it shows that you edit this under the password replication policy tab.