You are employed as a network administrator at ABC.com. ABC.com has two Active Directory
forests, named uk.ABC.com and us.ABC.com. All servers on the ABC.com network have Windows
Server 2012 installed.
A one-way forest trust has been configured from the us.ABC.com and the uk.ABC.com forests. A
server, named ABC-SR13, in the us.ABC.com forest hosts a shared folder. This shared folder
needs to be accessed by a user, named Mia Hamm.
You have confirmed that the Read permission has been granted to the Authenticated Users group.
You now need to make sure that Mia Hamm has access to the shared folder.
Which of the following actions should you take?
A.
You should consider altering the permissions for ABC-SR’s computer object in Active Directory.
B.
You should consider granting Mia Hamm’s user account the necessary permissions.
C.
You should consider altering the permissions for ABC-SR’s user object in Active Directory.
D.
You should consider adding Mia Hamm’s user account to the Globl Administrators group.
Explanation:
70-412 There is no mention of selective authentication being set here but based on this link the answer would appear correct
https://technet.microsoft.com/en-us/library/cc816733(v=ws.10).aspx
Why not B? There’s no mention in regards to which domain Mia belongs. Why assume she belongs to uk.abc.com?
If she belongs to us.abc.com then she only needs to be assigned the correct permissions
If she belongs to uk.abc.com then she needs the “allowed to authenticate” role on SR13.
Please correct me if I’m wrong.
Actually, coming back to this because I just realized the last part of the question states “You have confirmed that the Read permission has been granted to the Authenticated Users group. You now need to make sure that Mia Hamm has access to the shared folder”
Based on that, if Mia was part of the us.abc.com she should’ve been already able to access the shared folder as all authenticated users have read access, so I guess the correct answer is that she should be given the allowed to authenticate role on SR13
Correction: allowed to authenticate permission*