You need to recommend a solution that meets the security requirements.
Which schema attribute properties should you recommend modifying?
A . isIndexed
B . searchFlags
C . isCriticalSystemObject
D . schemaFlagsEx
Answer: B
Explanation:
* Scenario: Confidential attributes must not be replicated to the Chicago office.
* Applies To: Windows Server 2008, Windows Server 2012
This topic includes procedures for adding an attribute to the filtered attribute set (FAS) for a readonly domain controller (RODC) and marking the attribute as confidential data. You can perform these procedures to exclude specific data from replicating to RODCs in the forest.
Because the data is not replicated to any RODCs, you can be assured that the data will not be revealed to an attacker who manages to successfully compromise an RODC. In most cases, adding an attribute to the RODC FAS is completed by the developer of the application that added the attribute to the schema.
• Determine and then modify the current searchFlags value of an attribute
• Verify that an attribute is added to the RODC FAS
– Determine and then modify the current searchFlags value of an attribute
To add an attribute to an RODC FAS, you must first determine the current searchFlags value of the attribute that you want to add, and then set the following values for searchflags:
• To add the attribute to the RODC FAS, set the 10th bit to 0x200.
• To mark the attribute as confidential, set the 7th bit to 0x080.
Reference: Adding Attributes to the RODC Filtered Attribute Set
http://technet.microsoft.com/en-us/library/cc754794(v=ws.10).aspx
Leave a Reply