Which approach should you recommend?

You are designing a Web application for a SharePoint 2010 system. You need to plan an authorization system
that meets the following requirements:
It must enforce uniform security throughout all site collections at the Web application or zone level.
.It must use Windows authentication.
.It must assign a role incorporating a collection of rights to individual SharePoint 2010 users or domain groups.
.It must specify the rights for a user or group in the Web application based on an Active Directory (AD) user or
group account.
.The rights should not be shared across other Web applications.
You need to design a plan that provides specific control of SharePoint object access and meets all requirements.
Which approach should you recommend?

A.
Create custom SharePoint roles and assign AD users and groups to the roles.

B.
Create a security policy in the web.config file for the Web application.
Add AD users and groups to the policy.

C.
Create a forms-based authentication and set the Zone to Extranet for the Web application.
Specify a custom role provider that maps to a custom Microsoft SQL Server database for users and groups.

D.
Create a custom authentication provider based on Kerberos for the Web application.
Specify roles for the users and groups in a Lightweight Directory Access Protocol (LDAP) directory.