Prev Question
Next Question

Your network contains an Active Directory domain named adatum.com. All domain controllers run Windows Server 2008 R2. The domain contains a file server
named Server6 that runs Windows Server 2012 R2. Server6 contains a folder named Folder1. Folder1 is shared as Share1.
The NTFS permissions on Folder1 are shown in the exhibit. (Click the Exhibit button.)

The domain contains two global groups named Group1 and Group2.
You need to ensure that only users who are members of both Group1 and Group2 are denied access to Folder1.
Which two actions should you perform? (Each correct answer presents part of the solution. (Choose two.)

A. Remove the Deny permission for Group1 from Folder1.

B. Deny Group2 permission to Folder1.

C. Install a domain controller that runs Windows Server 2012 R2.

D. Create a conditional expression.

E. Deny Group2 permission to Share1.

F. Deny Group1 permission to Share1.

Explanation:
* Conditional Expressions for Permission Entries Windows Server 2008 R2 and Windows 7enhanced Windows security descriptors by introducing a conditional
access permissionentry.
Windows Server 2012 R2 takes advantage of conditional access permission entries by inserting user claims, device claims, and resource properties, into
conditional expressions. Windows Server 2012 R2 security evaluates these expressions and allows ordenies access based on results of the evaluation. Securing
access to resources through claims is known as claims-based access control.
Claims-based access control works with traditional access control to provide an additional layer of authorization that is flexible to the varying needs of the enterprise
environment.
References:
http://social.technet.microsoft.com/wiki/contents/articles/14269.introducing-dynamicaccess-control-en-us.aspx

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *