Your network contains an Active Directory domain named contoso.com.
The domain contains a file server named SERVER1.
All servers run Windows Server 2012.
All domain user accounts have the Division attribute automatically populated as part of the user provisioning
process.
The Support for Dynamic Access Control and Kerberosarmoring policy is enabled for the domain.
You need to control access to the file shares on SERVER1 based on the values in the Division attributeand the
Division resource property.
Which three actions should you perform in sequence?To answer, move the three appropriate actions fromthe
list of actions to the answer area and arrange themin the correct order.
Answer:
Explanation:
First create a claim type for the property, then create a reference resource property that points backto the
claim. Finally set the classification value on the folder.
You should put attention to the details: the 2nd sequence should be ‘From ADAC, create a resource property list’. On daily tasks, the real step is ‘From ADAC conf. res. properties and res. properties list’.
Pointing you to a ‘reference resource property’ is wrong. Open your eyes.
70-412 As a reference resource policy uses an existing claim type for its suggested values and the question states that you must use the division attribute and the division resource property the proposed answer is correct
The division attribute is a user source attribute and is therefore configured in Claim Types first which is then referenced quickly in Resource Properties by selecting New>Reference Resource Property
I think the proposed answer is wrong. First you need to create a “claim type”, the attribute ‘devision’ is already populated. Next you need to create a “resource property” and finally it needs to get applied to the shared Folder. Don’t Forget to run “Update-FSRMClassificationpropertyDefinition”, on the file Server…
I agree with bob
proposed should be right…bob, arik there is no division created in resource property list
Don’t focus on details too much. Microsoft often wants to hear the most possible (or “meta”) solution, which must not be perfectly filled with details and may lack any steps to complete the entire task.
Given the available choices, neither delegation settings nor creating a resource property list does make any sense (remember the exam tip from Exam Ref Book of 70-417, page 293: “Beware of incorrect answer choices that suggest you need to create a resource property
list when you configure file classification. You don’t need to create a resource property list. You just need to add the resource properties to a list (usually the built-in Global Resource Property List).” )
So you have to create a claim type first, then you create a reference resource property and finally set the classification value on the shared folder.
Tested in lab.
> create a claim type named using the division attribute
> use update-fsrmclassificationpropertydefinition on my file server to see if the division classification appears on the classifcation tab – it doesn’t.
> check the resource properties tab, the division property has not been automatically populated
> therefore, we need to create a reference resource property linking to division
> run update-fsrmclassificationpropertydefinition on the file server once more
> go to the classification tab on my share
> voilla, division now appears on the classification tab
I’m now sure that the provided answer is correct. The key here, is the “division” claim. If it were department, or confidentially, then yes – no need to create a reference as those are already populated by default, but division is not, as I stated above.