You have a computer that runs Windows 8.
The computer has a shared folder named C:\Marketing. The shared folder is on an NTFS volume.
The current NTFS and share permissions are configured as follows:
UserA is a member of both the Everyone group and the Marketing group. UserA must
access C:\Marketing from across the network.
You need to identify the effective permissions of UserA to the C:\Marketing folder.
What permission should you identify?
A.
Read
B.
Full Control
C.
Modify
D.
Read and Execute
The answer here is A. Read.
UserA’s effective permissions:
NTFS – Modify (NTFS is cumulative, meaning the least restrictive, modify, will apply.)
Share – Read (Share assumes the most restrictive, so read will take priority over full control)
When accessing a shared folder over the network, Windows will determine user access by selecting the most restrictive EFFECTIVE permission between NTFS and Share for a user. In this case, UserA’s effective permissions for the folder are NTFS/Modify and Share/Read, so the most restrictive, Read, will be applied.
Wrong Answer Sean.
When a user is a member of 2 groups, the effective permissions are combined. So in this case. The Everyone group gives the user “Read + Execute” and the Marketing group gives him “Modify”. Unless their is an explicit DENY which takes precendence, the user gets the better of the 2 permissions… which is Modify.
Answer is C: Modify
https://msdn.microsoft.com/en-us/ff486958.aspx
Wrong Answer Sean.
When a user is a member of 2 groups, the effective permissions are combined. So in this case. The Everyone group gives the user “Read + Execute” and the Marketing group gives him “Modify”. Unless their is an explicit DENY which takes precedence, the user gets the better of the 2 permissions… which is Modify.
Answer is C: Modify
https://msdn.microsoft.com/en-us/ff486958.aspx
You are only partially correct, Jim.
The user’s 2 security groups are combined only in the case of NTFS permissions – modify.
Share permissions choose the most restrictive permission set from the 2 groups – read.
When accessing a shared folder over the network, the most restrictive of the users effective NTFS and Share permissions are chosen. In this case the share permissions are more restrictive and the user is given Read access.
If the user were accessing the folder locally then only the NTFS permissions would be taken into account, which are combined as you stated to give the user Modify access.
Answer is correct http://www.techexams.net/forums/windows-xp-professional/36935-effective-permissions.html
effective permission is based on the most restrictive of shared permission…in this case read – Answer A is correct.
Share permissions are the permissions you set for folders…not to user or group
Share permission set to Folder is Full and NTFS set cumulative better …Modify.
… So which one is it? I mean, which one *REALLY* is it now?
based on experience in the field, answer is c, full control share, and modify ntfs, then most restrictive applies, result = modify
Correct Answer: C
Explanation:
Reference:
http://www.serverwatch.com/tutorials/article.php/2107311/Getting-Results-Part-2-Determining-Effective-NTFS-Permissions-in-Windows-Server-2003.htm
http://technet.microsoft.com/en-us/library/cc754178.aspx
For example, a user named Dan is directly granted the Allow Read and Execute permission for a folder called Marketing. However, the Dan user account is a member of the group Marketing Users, which is granted the Allow Full Control permission, and the group Everyone, which granted the Allow Read permission.
Based on the cumulative nature of NTFS permissions, the user Dan would be granted the effective permission Allow Full Control. This example is fairly basic, and production environments typically involve a much greater number of groups, with both allowed and denied permissions. In these cases, the Effective Permissions tab can greatly ease the burden of attempting to determine which permissions will or will not apply for a particular user.
Correct Answer: C
I treat it like the worse of a best situation –
most control for NTFS is Modify
most control for Sharing is Full control
least control out of the two groups Modify which was my answer to this but this is just the logic I use for permissions
1) Multiple permissions applied at the same level are cumulative.
2) LEAST restrictive cumulative SHARE permission + LEAST restrictive cumulative NTFS permission = MOST restrictive combined permission (via NETWORK ACCESS).
In this example, User A is a member of both the Marketing group and the Everyone group and is accessing the data via the network. When you combine the permissions and use the rules of precedence, you end up with the answer …
SHARE PERMISSIONS – Marketing (Full Control) + Everyone (Read) = Full Control
NTFS PERMISSIONS – Everyone (Read & Execute) + Marketing (Modify) = Modify
MOST RESTRICTIVE PERMISSION – Share/Full Control vs. NTFS/Modify = Modify
… C. Modify is the correct answer.
To answer questions like these, you have to know three things:
1) How restrictive each permission is. E.g. Read is the most restrictive and Full Control is the least restrictive.
2) Know that between NTFS and share permissions, the most restrictive permission is granted.
3) Know that is a user is part of two groups, the most permissive permission wins.
So here:
1) Everyone – Read permission applies because it is more restrictive than Read and Execute.
Marketing – Modify permission applies because it is more restrictive than Full Control
2) Between the remaining “Read” and “Modify” permissions, Modify applies because the user is part of both groups.
Finally passed my 70-688 exam for the second try! The Microsoft exam, especially the 70-688 exam, was more harder than Cisco exam I have taken, also much more difficult than the 70-687, but luckily passed for the second attempt. God Bless!
Here are some useful study materials that I learned: (if you are struggling the 70-688, you can have a try)
1. Windows 8.1 Supporting Book (Microsoft Press)
2. Measure-up 70-688 practice tests
3. PassLeader 70-688 brain dump (its vce dumps really helpful, same as the real exam, recommend here: http://bit.ly/1BsZOxh)
Also, my experience in Windows Defender, Office 365, Intune……helped a lot for passing exam. Good Luck!
C: