HOTSPOT
Your network contains an Active Directory domain named contoso.com. The relevant servers in the
domain are configured as shown in the following table.
You plan to create a shared folder on Server1 named Share1. Share1 must only be accessed by users
who are using computers that are joined to the domain.
You need to identify which servers must be upgraded to support the requirements of Share1.
In the table below, identify which computers require an upgrade and which computers do not
require an upgrade. Make only one selection in each row. Each correct selection is worth one point.
Answer: 
This is a tricky question and is about Dynamic Access Control. DAC is only supported on Windows 2012 (or above) and Windows 8 (or above). Since you are creating the share on Server1, and you only want it accessed by people who’s PC’s are domain joined – you have to create a conditional access.
Without conditional access, people would be able to use non-domain joined computers, but still use their user accounts to authenticate.
More info on DAC here: https://technet.microsoft.com/en-us/library/dn408191.aspx
So yes….answer is correct.
Ok but why don’t upgrade also DC3 that is 2008 version of windows server? The forest level is improbably leveled to windows server 2012 at least…
On my 70-417 exam book is mentioned that is required “a file sever running at least windows sever 2012 and on domain controller running equivalent OS (or above).
Here my doubts: is it necessary to have the domain\forest functional level raised at least to win 2012 to use DAC?
Thanks to anybody for answering to my question!
Maybe I’ve clarified my doubt:
“For domains that support user claims, every domain controller running the supported versions of Windows server must be configured with the appropriate setting to support claims and compound authentication, and to provide Kerberos armoring. Configure settings in the KDC Administrative Template policy as follows:
Always provide claims Use this setting if all domain controllers are running the supported versions of Windows Server. In addition, set the domain functional level to Windows Server 2012 or higher.
Supported When you use this setting, monitor domain controllers to ensure that the number of domain controllers running the supported versions of Windows Server is sufficient for the number of client computers that need to access resources protected by Dynamic Access Control.
If the user domain and file server domain are in different forests, all domain controllers in the file server’s forest root must be set at the Windows Server 2012 or higher functional level.
If clients do not recognize Dynamic Access Control, there must be a two-way trust relationship between the two forests.
If claims are transformed when they leave a forest, all domain controllers in the user’s forest root must be set at the Windows Server 2012 or higher functional level. “
I think the schema must update to windows server 2012 level and as there is at least one DC has 2012 OS so schema update Automatically but we need to upgrade the FS so i think the answer is correct