Exam 70-417 topic 1 question 609 discussion

Actual exam question from Microsoft's 70-417

Question #: 609
Topic #: 1

Your network contains one Active Directory domain named contoso.com.
The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs
Windows Server 2012 R2.
You need to identify which security principals are authorized to have their password cached on RODC1.
Which cmdlet should you use?

A. Get-ADGroupMember
B. Get-ADDomainControllerPasswordReplicationPolicy
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Get-ADDomain
E. Get-ADOptionalFeature
F. Get-ADAccountAuthorizationGroup
G. Get-ADAuthenticationPolicySlio
H. Get-ADAuthenticationPolicy

Show Suggested Answer

Suggested Answer: B 🗳️
The Get-ADDomainControllerPasswordReplicationPolicyUsage gets the user or computer accounts that are authenticated by a read-only domain controller
(RODC) or that have passwords that are stored on that RODC. The list of accounts that are stored on a RODC is known as the revealed list.
References: https://technet.microsoft.com/en-us/library/ee617194.aspx

by ms70743 at Aug. 21, 2020, 2:12 a.m.

Comments

Submit Cancel

ms70743

4 years, 9 months ago

Answer is B. Get-ADDomainControllerPasswordReplicationPolicy “Gets the members of the allowed list or denied list of a read-only domain controller’s password replication policy.” Aka it tells you which accounts are able to or not able to use the policy.

upvoted 1 times

...