Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains
contain three domain controllers.
The domain controllers are configured as shown in the following table.
You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in the child1.contoso.com domain.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Upgrade DC1 to Windows Server 2012 R2.
B. Upgrade DC11 to Windows Server 2012 R2.
C. Raise the domain functional level of childl.contoso.com.
D. Raise the domain functional level of contoso.com.
E. Raise the forest functional level of contoso.com.
The root domain in the forest must be at Windows Server 2012level. First upgrade DC1 to this level (A), then raise the contoso.com domain functional level to
Windows Server 2012 (D).
(A) To support resources that use claims-based access control, the principal’s domains will need to be running one of the following:
All Windows Server 2012 domain controllers
Sufficient Windows Server 2012domain controllers to handle all the Windows 8 device authentication requests
Sufficient Windows Server 2012 domain controllers to handle all the Windows Server 2012 resource protocol transition requests to support non-Windows 8
References: What’s New in Kerberos Authentication