DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a file
server named Server1. All servers run Windows Server 2012 R2.
All domain user accounts have the Division attribute automatically populated as part of the user
provisioning process. The Support for Dynamic Access Control and Kerberos armoring policy is
enabled for the domain.
You need to control access to the file shares on Server1 based on the values in the Division attribute
and the Division resource property.
Which three actions should you perform in sequence?
Explanation:
* First create a claim type for the property, then create a reference resource property that points
back to the claim. Finally set the classification value on the folder.
* Configure the components and policy
1. Create claim types
2. Create resource properties
Deploy the central access policy
3. Assign the CAP to the appropriate shared folders on the file server.Deploy a Central Access Policy (Demonstration Steps)
https://technet.microsoft.com/en-us/library/hh846167.aspx