What type of domain controller should be installed by Humongous Insurance in a less secure branch office?

A Read-Only Domain Controller (RODC) is the correct choice for installation in a less secure branch office primarily due to its design and functionality. RODCs are specifically configured to provide a level of security that is advantageous in environments where physical security cannot be guaranteed.

RODCs hold a read-only copy of the Active Directory database, which means they cannot make changes to directory information or authenticate users directly. This limitation helps to mitigate risks associated with physical attacks by preventing unauthorized changes to the directory data if the RODC were to be compromised. Additionally, because these controllers do not store sensitive credentials in writable form, they offer a safer alternative for environments with limited security measures.

Implementing an RODC also allows organizations to maintain the availability of directory services in branch offices, enabling local user authentication while still benefiting from centralized management from the main office. In less secure locations, this is particularly important because it can improve performance by reducing the need to contact a remote domain controller for authentication requests.

The other options present different functionalities and security considerations. Backup Domain Controllers and Active Directory Servers, for example, have different roles in the management of directory services, often implying higher levels of privileges and a full writable Active Directory copy, which could pose greater risks in