How does unidirectional replication enhance security for branch offices?

Unidirectional replication is a replication method in which changes made on a read-only domain controller (RODC) are not propagated back to writable domain controllers (DCs). This significantly enhances security for branch offices because it mitigates the risk of malicious or accidental changes being spread throughout the network.

For example, if an attacker gains access to a read-only domain controller in a branch office, they would be unable to make changes that could affect the entire domain since the RODC only serves to provide information and authenticate users without the ability to modify the directory data. This one-way flow of data ensures that any unwanted changes made at the branch office do not have the potential to compromise the main database or other domain controllers, thus protecting the integrity of the overall system.

In contrast, the other options do not directly address the security enhancement aspect of unidirectional replication. Full replication to all DCs integrates more data across the network without the safeguards of RODC capabilities. Enhancing password security pertains to how credentials are managed and does not specifically relate to the propagation of changes. Integration with firewalls is a separate layer of security that, while important, does not directly derive from the nature of replication itself.