HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
The domain contains the users shown in the following table.
Group1 is a member of the Backup Operators group.
RODC1 has a Password Replication Policy configured as shown in the exhibit. (Click the Exhibit button.)
Exhibit:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
NO
YES
NO
NO
YES
NO
Wouldn’t it be:
1, No
2. Yes
3. No
Group 1 is part of the backup operators group – This has been denied. User 1 and User 3 are part of group 1, so are also part of backup operators. Wouldn’t the DENY permission take precedence?
No, user specific entry has precedence over group
That’s incorrect. Deny takes precedence over Allow. User1 is in the Backup Operators group which is set to Deny. User1 will not have its credentials cached despite having explicit Allow and being in Group 1 which is allowed.
https://forsenergy.com/en-us/ad_ds/html/e6e3cd78-023f-4377-952e-9cda33be0420.htm