|
Home > Archive > 70-216 > March 2002 > Fri 70-216 Question of the Day
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Fri 70-216 Question of the Day
|
|
| wbafrank 2002-03-08, 8:35 am |
|  And today's poser is ....
Q42. You are the administrator of a Windows 2000 domain, which contains a Windows 2000 Server computer acting as your file server. On the file server is a shared folder named 2001Pay.
All employees in the Payroll department are members of the PAY local group on your file server. Each member of the PAY group writes, edits, and deletes files from the 2001Pay share and is responsible for encrypting the files using EFS before writing to the 2001Pay share.
Alison, the Payroll supervisor, notifies you that an unauthorised user has edited a file in the 2001Pay share. You investigate the problem and find that the file accessed was a decrypted plain text file. In addition, the only permissions to the 2001Pay share are Everyone Full Control.
Alison wants all files saved in the 2001Pay folder to be encrypted. Alison has also requested that users in the PAY group have full access to the 2001Pay folder, that members of the ADM group be able to edit the files in the 2001Pay folder, and that members of the ACCT group be able to read the files in the 2001Pay folder.
What should you do?
A. Add the PAY group with Full Control permission to the 2001Pay share.
Deny Everyone the Full Control permission to the 2001Pay share.
Add the ADM group with the Change permission to the 2001Pay share.
Add the ACCT group with the Read permission to the 2001Pay share.
B. Add the PAY group with Full Control permission to the 2001Pay share.
Add the ADM group with Change permission to the 2001Pay share.
Add the ACCT group with Read permission to the 2001Pay share.
In the Advanced Attributes of the Payroll share's properties page, specify "Encrypt contents to secure data".
C. Remove the Everyone Full Control permission to the 2001Pay share.
In the Advanced Attributes of the Payroll share's properties page, specify "Encrypt contents to secure data".
D. Add the PAY group with Full Control permission to the 2001Pay share.
Deny Everyone the Full Control permission to the 2001Pay share.
Add the ADM group with Change permission to the 2001Pay share.
Add the ACCT group with Read permission to the 2001Pay share.
In the Advanced Attributes of the Payroll share's properties page, specify "Encrypt contents to secure data".
E. Add the PAY group with Full Control permission to the 2001Pay share.
Remove the Everyone Full Control permission to the 2001Pay share.
Add the ADM group with the Change permission to the 2001Pay share.
Add the ACCT group with the Read permission to the 2001Pay share.
In the Advanced Attributes of the Payroll share's properties page, specify "Encrypt contents to secure data".
Good Luck .... see you tomorrow for the answer!! | |
| Zaraspook 2002-03-08, 10:16 am |
| How about E?  | |
| KScheler 2002-03-08, 3:59 pm |
| The answer would be E.
Answers A,B,& C say to Deny the Everyone group. All users are members of the Everyone group so if you deny the Everyone group, you will deny ALL user access. | |
| mrfixit 2002-03-08, 10:06 pm |
| I'll go with E also. | |
| unreal 2002-03-09, 4:26 am |
| My pick:
B. Add the PAY group with Full Control permission to the 2001Pay share.
Add the ADM group with Change permission to the 2001Pay share.
Add the ACCT group with Read permission to the 2001Pay share.
In the Advanced Attributes of the Payroll share's properties page, specify "Encrypt contents to secure data". | |
| lamngocliem 2002-03-09, 5:49 am |
| My answer is E. | |
| wbafrank 2002-03-09, 10:13 am |
| quote:
Originally posted by wbafrank
And today's poser is ....
Q42. You are the administrator of a Windows 2000 domain, which contains a Windows 2000 Server computer acting as your file server. On the file server is a shared folder named 2001Pay.
All employees in the Payroll department are members of the PAY local group on your file server. Each member of the PAY group writes, edits, and deletes files from the 2001Pay share and is responsible for encrypting the files using EFS before writing to the 2001Pay share.
Alison, the Payroll supervisor, notifies you that an unauthorised user has edited a file in the 2001Pay share. You investigate the problem and find that the file accessed was a decrypted plain text file. In addition, the only permissions to the 2001Pay share are Everyone Full Control.
Alison wants all files saved in the 2001Pay folder to be encrypted. Alison has also requested that users in the PAY group have full access to the 2001Pay folder, that members of the ADM group be able to edit the files in the 2001Pay folder, and that members of the ACCT group be able to read the files in the 2001Pay folder.
What should you do?
A. Add the PAY group with Full Control permission to the 2001Pay share.
Deny Everyone the Full Control permission to the 2001Pay share.
Add the ADM group with the Change permission to the 2001Pay share.
Add the ACCT group with the Read permission to the 2001Pay share.
B. Add the PAY group with Full Control permission to the 2001Pay share.
Add the ADM group with Change permission to the 2001Pay share.
Add the ACCT group with Read permission to the 2001Pay share.
In the Advanced Attributes of the Payroll share's properties page, specify "Encrypt contents to secure data".
C. Remove the Everyone Full Control permission to the 2001Pay share.
In the Advanced Attributes of the Payroll share's properties page, specify "Encrypt contents to secure data".
D. Add the PAY group with Full Control permission to the 2001Pay share.
Deny Everyone the Full Control permission to the 2001Pay share.
Add the ADM group with Change permission to the 2001Pay share.
Add the ACCT group with Read permission to the 2001Pay share.
In the Advanced Attributes of the Payroll share's properties page, specify "Encrypt contents to secure data".
E. Add the PAY group with Full Control permission to the 2001Pay share.
Remove the Everyone Full Control permission to the 2001Pay share.
Add the ADM group with the Change permission to the 2001Pay share.
Add the ACCT group with the Read permission to the 2001Pay share.
In the Advanced Attributes of the Payroll share's properties page, specify "Encrypt contents to secure data".
Good Luck .... see you tomorrow for the answer!!
And the answer is ....
Correct Answers: E
In this scenario there are two problems posed. The first issue is the permissions for the 2001Pay share. The 2001Pay share has the default share permissions, Everyone Full Control.
Since Alison has requested that only the PAY group have full access, two steps must be taken. The PAY group must be given the Full Control permission. The the Everyone Full Control permission must be removed.
Since she wants the ADM group to be able to edit the files, you must give them the Change permission to the share. Since she wants the ACCT group to be able to read the files, you must give them the Read permission to the share.
You should not explicity Deny Everyone permission to access the share. Doing so would result in no one, including the PAY group, being able to access the share.
It has also been requested that all files in the 2001Pay share be encrypted. The only way to ensure this happens is to encrypt the folder itself. Any files copied into the folder are then encrypted automatically. | |
| datrupope 2002-03-11, 4:18 pm |
| Good question, but shouldn't it be in the 215 thread? By the time you play with 216, permissions should be second nature. |
|
|
|
|