Which two actions should you perform?

Your network contains an Active Directory domain named adatum.com. All domain controllers run
Windows Server 2008 R2. The domain contains a file server named Server6 that runs Windows
Server 2012 R2. Server6 contains a folder named Folder1. Folder1 is shared as Share1.
The NTFS permissions on Folder1 are shown in the exhibit. (Click the Exhibit button.)

The domain contains two global groups named Group1 and Group2.
You need to ensure that only users who are members of both Group1 and Group2 are denied
access to Folder1.

Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

Your network contains an Active Directory domain named adatum.com. All domain controllers run
Windows Server 2008 R2. The domain contains a file server named Server6 that runs Windows
Server 2012 R2. Server6 contains a folder named Folder1. Folder1 is shared as Share1.
The NTFS permissions on Folder1 are shown in the exhibit. (Click the Exhibit button.)

The domain contains two global groups named Group1 and Group2.
You need to ensure that only users who are members of both Group1 and Group2 are denied
access to Folder1.

Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.
Remove the Deny permission for Group1 from Folder1.

B.
Deny Group2 permission to Folder1.

C.
Install a domain controller that runs Windows Server 2012 R2.

D.
Create a conditional expression.

E.
Deny Group2 permission to Share1.

F.
Deny Group1 permission to Share1.

Explanation:
* Conditional Expressions for Permission Entries Windows Server 2008 R2 and Windows 7
enhanced Windows security descriptors by introducing a conditional access permission entry.
Windows Server 2012 R2 takes advantage of conditional access permission entries by inserting
user claims, device claims, and resource properties, into conditional expressions. Windows Server
2012 R2 security evaluates these expressions and allows or denies access based on results of the
evaluation. Securing access to resources through claims is known as claims-based access control.
Claims-based access control works with traditional access control to provide an additional layer of
authorization that is flexible to the varying needs of the enterprise environment.
http://social.technet.microsoft.com/wiki/contents/articles/14269.introducing-dynamicaccesscontrol-en-us.aspx



Leave a Reply 12

Your email address will not be published. Required fields are marked *


Jeremy

Jeremy

I believe the answer is A and D. the questions says they have to be a memeber of both Group 1 and 2 to be denied access. Do you need to remove the deny rule otherwise members of Group 1 will always be denied access.

You don’t need 2012 to use conditional Expression as per the example.

Jolie Blonde

Jolie Blonde

You are correct. You need to remove the deny permission for Group1

Strider

Strider

How can you see the correct screenshots for this question? They are totally out of order

miltux

miltux

I agree with Jeremy – The answer should be A and D

MountSwolemore

MountSwolemore

Just by process of elimination, you know it has to be A and D. Group1 has DENY set, so that has to be removed. Then, you know you have to have a conditional expression for denying members of both group1 and group2.

The conditional expression requires Server 2012 and a functional level of 2008 or higher. The server hosting the share running 2012 doesn’t have to be a DC.

Diego

Diego

C. Install a domain controller that runs Windows Server 2012 R2.
D. Create a conditional expression.

qwe

qwe

Why install a 2012 DC? Question is not asking for DAC management, it’s just conditional expression without claims.

Nobody

Nobody

I agree with Jeremy

TB

TB

First of all this screenshot is wrong-Share tab is missing so Folder1 isn’t shared at all.
And answer C MUST be wrong as you can’t use conditional expressions to deny access.
Cant really answer correctly with this exhibit.

mist74

mist74

In this case you have to PERMIT access to everyone and use expression to restrict it – NOT for member of each of the two groups.

ガス針表「夜光一流、耐震抜群、幸運で正確で、長持ちして丈夫”の品質の特徴になる原因スイスの有名な専門军表旧家。1892年にガス針表から製造専門軍用腕時計、军表製造史百年を超え

ガス針表「夜光一流、耐震抜群、幸運で正確で、長持ちして丈夫”の品質の特徴になる原因スイスの有名な専門军表旧家。1892年にガス針表から製造専門軍用腕時計、军表製造史百年を超え

[url=http://www.fujisanbrand.com/]ガス針表「夜光一流、耐震抜群、幸運で正確で、長持ちして丈夫”の品質の特徴になる原因スイスの有名な専門军表旧家。1892年にガス針表から製造専門軍用腕時計、军表製造史百年を超える。ドイツ、イギリス、インドなど多くの国の軍隊は大量に使用したガス針表。戦の間に、イギリスのラクダ特殊兵、イギリス空軍とインド軍は使い捨て[/url]

タグホイヤー 人気

タグホイヤー 人気

業界No.1のChrome Hearts クロムハーツ ブランドコピー レプリカ専門店
クロムハーツ(Chrome Hearts)
人気のクロムハーツのコピー商品通販!新作クロムハーツバッグ・財布などの商品や情報満載!人気、実力ともに日本N0_1の本格的なブランドシルバーアクセサリレプリカ専門店です。-純銀屋
当店ブラックシンフォニーでは、直接全米のクロムハーツより定期的にアイテムを取寄せて販売しております。
入荷の情報に関しましては、その都度当店の入荷ブログにて写真つきで更新しております。
ChromeHearts クロムハーツ ブランドコピー S級 レプリカ通販。
クロムハーツ財布
クロムハーツバッグ

クロムハーツサングラス
クロムハーツアクセサリー 等、