You need to store secured files for Ezonexam's accounting and legal departments on a Windows 2000 Professional computer. You create two shared folders named Accounting and Legal with the default NTFS and share permissions. You also create two groups named Accounting and Legal and add the appropriate user accounts into the appropriate groups.
To meet the security requirements for the shared folders the following criteria must be met:
1. Users in both departments must be able to update their own files from the network.
2. Users in the accounting department must be able to view the legal department's documents from the network.
3. Users in the legal department must be prevented from being able to view the accounting department's documents from the network.
You want to ensure that all security requirements are met using the least amount of administrative effort.
What should you do?
A.Allow the Accounting groupReadpermission on the Accounting share and the Legal shared folder. Allow the Legal groupReadpermissions on the Legal shared folder.
B.Allow the Accounting groupFull Controlpermissions on the Accounting shared folder and the Legal shared folder. Allow the Legal groupFull Controlpermission on the Legal shared folder.
C.Deny the Everyone groupFull Controlpermissions on the Accounting shared folder.
D.Deny the Legal groupFull Controlpermission on the Accounting shared folder.
参考答案
正确答案:D
解析:Explanation: The shared folder permissions apply only when the folder is accessed over the network. By default, the Everyone group is assigned Full Control for all new shared folders. The default shared folder permission is Full Control, and it is assigned to the Everyone group when you share the folder.
Full Control permission gives the selected user or group full control over the file or folder. With Full Control permission, a user can do anything to an object-list the contents of a folder, read and open files, create new files, delete files and subfolders, change permissions on files and subfolders, and take ownership of files, for instance. Note that selecting the Full Control check box on the Security tab also selects all permissions. Read permission allows the selected user or group to list the contents of a folder, view file attributes, read permissions, and synchronize files. This is the most basic permission. Thus by denying the Legal group Full Control permission on the Accounting folder, you will be complying with the security requirements with the least amount of administrative control.