- 5 переглядів
Exam
Answer confirmed
Question
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the domain controllers shown in the following table.
You need to ensure that if an attacker compromises the computer account of RODC1, the attacker cannot view the Employee-Number AD DS attribute.
Which partition should you modify?
Proposed answer
- A. configuration
- B. global catalog
- C. domain
- D. schema
Suggested answer
- D. schema
Correct answer
The suggested answer is correct
D. schema
The RODC filtered attribute set is a dynamic set of attributes that is not replicated to any RODCs in the forest. You can configure the RODC filtered attribute set on a schema master
Ksk08
3 weeks, 2 days ago
Schema is correct
upvoted 1 times
Ni_yot
1 month ago
The employee number attribute is typically associated with the **User** objects in Active Directory. In the context of FSMO (Flexible Single Master Operation) roles, this attribute is not specifically tied to a single FSMO role. However, the **Schema Master** role is responsible for managing the schema of Active Directory, which includes the definition of attributes like employee number. So, if you're looking to modify or understand the employee number attribute, you would be interacting with the Schema Master role.
upvoted 1 times
Ksk08
1 month ago
Answer is C
upvoted 1 times
starseed
2 months ago
Answer is C. Domain because actual data is stored in domain partition not in schema. schema just defines the structure how the data is stored in Database
upvoted 3 times
boapaulo
11 months, 2 weeks ago
To ensure that if an attacker compromises RODC1's computer account, he cannot view the AD DS Employee-Number attribute, you must modify the partition in the "C.domain" partition. The domain split is where Active Directory domain-specific data is stored. By modifying the permissions in these sections, you can restrict access to certain attributes, such as Employee Number, to ensure data security. Therefore, the correct answer is "C. domain".
upvoted 4 times
bda92b3
10 months, 1 week ago
Correct
upvoted 1 times
Bolo92
11 months, 4 weeks ago
valid 27.11.23
upvoted 3 times
MR_Eliot
1 year, 2 months ago
Selected Answer: D
D is the answer.
upvoted 2 times
RickySmith
11 months ago
To mark an attribute confidential, you have to remove the Read permission for the attribute for the Authenticated Users group. Marking the attribute as confidential provides an additional safeguard against an RODC that is compromised by removing the permissions that are necessary to read the credential-like dat https://learn.microsoft.com/en-us/windows/win32/ad/rodc-and-active-directory-schema#marking-attributes-as-confidential
upvoted 3 times
c7d45f4
1 year, 2 months ago
Selected Answer: D
Acording to this link https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adls/0afba1a7-ff6b-4878-97d0-f099de319dfb the modifications needs to be done at schema partition. If you scroll up on the left navigation menu and click on 2 Attributes its tells The following sections specify the attributes in the Active Directory Lightweight Directory Services schema.
upvoted 3 times