ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-800 All Questions

View all questions & answers for the AZ-800 exam
Go to Exam

Exam AZ-800 topic 1 question 40 discussion

Actual exam question from Microsoft's AZ-800
Question #: 40
Topic #: 1
[All AZ-800 Questions]

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the domain controllers shown in the following table.



You need to ensure that if an attacker compromises the computer account of RODC1, the attacker cannot view the Employee-Number AD DS attribute.

Which partition should you modify?

  • A. configuration
  • B. global catalog
  • C. domain
  • D. schema
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by c7d45f4 at Sept. 11, 2023, 8:29 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Kiwi28
4 weeks ago
Selected Answer: C
The domain partition contains user accounts, groups, and their attributes, including Employee-Number. You would mark the Employee-Number attribute as part of the Filtered Attribute Set (FAS), which applies to the domain partition, so it will not be replicated to the RODC.
upvoted 2 times
...
miguelangel2801
7 months ago
Selected Answer: D
Answer is D The RODC filtered attribute set is a dynamic set of attributes that is not replicated to any RODCs in the forest. You can configure the RODC filtered attribute set on a schema master that runs Windows Server 2008. When the attributes are prevented from replicating to RODCs, that data cannot be exposed unnecessarily if an RODC is stolen or compromised. https://learn.microsoft.com/en-us/windows/win32/ad/rodc-and-active-directory-schema#marking-attributes-as-confidential
upvoted 1 times
...
Ksk08
9 months, 2 weeks ago
Schema is correct
upvoted 1 times
...
Ni_yot
9 months, 4 weeks ago
The employee number attribute is typically associated with the **User** objects in Active Directory. In the context of FSMO (Flexible Single Master Operation) roles, this attribute is not specifically tied to a single FSMO role. However, the **Schema Master** role is responsible for managing the schema of Active Directory, which includes the definition of attributes like employee number. So, if you're looking to modify or understand the employee number attribute, you would be interacting with the Schema Master role.
upvoted 1 times
...
Ksk08
10 months ago
Answer is C
upvoted 1 times
...
starseed
11 months ago
Answer is C. Domain because actual data is stored in domain partition not in schema. schema just defines the structure how the data is stored in Database
upvoted 3 times
...
boapaulo
1 year, 8 months ago
To ensure that if an attacker compromises RODC1's computer account, he cannot view the AD DS Employee-Number attribute, you must modify the partition in the "C.domain" partition. The domain split is where Active Directory domain-specific data is stored. By modifying the permissions in these sections, you can restrict access to certain attributes, such as Employee Number, to ensure data security. Therefore, the correct answer is "C. domain".
upvoted 4 times
bda92b3
1 year, 7 months ago
Correct
upvoted 1 times
...
...
Bolo92
1 year, 8 months ago
valid 27.11.23
upvoted 3 times
...
MR_Eliot
1 year, 10 months ago
Selected Answer: D
D is the answer.
upvoted 2 times
RickySmith
1 year, 7 months ago
To mark an attribute confidential, you have to remove the Read permission for the attribute for the Authenticated Users group. Marking the attribute as confidential provides an additional safeguard against an RODC that is compromised by removing the permissions that are necessary to read the credential-like dat https://learn.microsoft.com/en-us/windows/win32/ad/rodc-and-active-directory-schema#marking-attributes-as-confidential
upvoted 3 times
...
...
c7d45f4
1 year, 11 months ago
Selected Answer: D
Acording to this link https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adls/0afba1a7-ff6b-4878-97d0-f099de319dfb the modifications needs to be done at schema partition. If you scroll up on the left navigation menu and click on 2 Attributes its tells The following sections specify the attributes in the Active Directory Lightweight Directory Services schema.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel