6.3.9 Practice Questions Read-Only Domain Controllers (RODCs)
Which of the following administrative models for a RODC provides the most security in small branch location?
No accounts cached model
Which of the following best describes an RODC?
A domain controller that hosts read-only partitions of Active Directory's database.
Which of the following will happen when a user attempts to log on if the WAN link to a writeable domain controller is not available and the password for a computer account is cached on an RODC?
Authentication will be granted only locally.
Which of the following cmdlets is used to display the members of the allowed list or the denied list of the RODC PRP ?
Get-ADDomainControllerPasswordReplicationPolicy
You are the network administrator for westsim.com. The network consists of a single Active Directory domain. All of the servers run Windows Server, and all of the clients run the Windows operating system. The company has a branch office in Atlanta that has a read-only domain controller (RODC) named ATLRODC1. Management has requested a list of the users who have been authenticated by ATLRODC1 in the past and whose user accounts are cached on the RODC. Which command should you use to retrieve this information?
Get-ADDomainControllerPasswordReplicationPolicyUsage
You are the network administrator for northsim.com, a company that specializes in extreme sports vacations. The company has one main office and 30 branch offices. All of the branch offices have 3 to 10 users on location, and all of them are located in remote areas of the country. Due to the need to be located near natural resources, many of the branch offices lack basic security, and almost all of them are connected to the main office via a very slow connection. Users at the branch offices complain that it takes a long time to log on to the domain. Management has authorized the purchase and deployment of one Windows Server for each branch office. You have been asked to develop a standard installation for the new servers being deployed. Your solution must meet the following requirements: Each branch office server should perform authentication for users located at that branch office. Each branch office server should be configured to minimize the amount of Active Directory information that will be compromised in the event that the server is stolen. Each branch office server should be configured to minimize the amount of user data that will be compromised in the event that the server is stolen. What should you do?
Install a read-only domain controller (RODC) in each branch office. Configure the hard drive to use BitLocker drive encryption.
You manage a network with a single Active Directory domain named eastsim.com. Your company has a single office in Dallas. You open a second office in San Antonio. The San Antonio location is connected to the Dallas location by a WAN link. All user and computer accounts in the branch office are members of the eastsim.com domain. You did not install a domain controller in the branch office. Recently, the WAN connection between Dallas and San Antonio went down. During the outage, several problems existed because of the lack of a domain controller in the San Antonio location. You want to eliminate these problems in the future. You want to ensure that user passwords are cached on a server in San Antonio and that directory service replication only happens from Dallas to San Antonio. Changes should not be made in San Antonio and replicated back to domain controllers in Dallas. What should you do?
Install a read-only domain controller (RODC) in the branch office.
You manage the network with a single Active Directory domain. You have installed a read-only domain controller in your branch office. As part of the configuration, you added the Sales Users group and the Sales Computers group as members of the Allowed RODC Password Replication Group group. You get a call from a user in the branch office saying that she can't log on. You verify that her user and computer accounts are members of the correct groups. You check and find that the WAN link to the branch office is down. You need to modify the configuration so that the user can log on even when the WAN link is down. What should you do?
Prepopulate passwords on the RODC.
Which of the following BEST describes the few accounts cached administrative model?
The administrative overhead of this model is greater because administrators must manually add users (or preferably groups) to the allowed list.
Which of the following functions is available when using an RODC?
Use the RODC to provide a secure mechanism for granting non-administrative users rights.