You deploy a server that has Microsoft SharePoint Foundation 2010 installed. You create several
SharePoint site collections in the default Web application. You need to ensure that a user named
User1 can access all of the site collections in the Web application. What should you modify in the
properties of the default Web application?

A.
the General Settings

B.
the Permissions Policy

C.
the User Permissions

D.
the User Policy

Explanation:
Manage permission policies for a Web application
A Web application is composed of an Internet Information Services (IIS) Web site that acts as a
logical container for the site collections that you create. Before you can create a site collection, you
must first create a Web application. A Web application can contain as many as 500,000 site
collections. Managing permissions for so many site collections can be complicated and error-prone,
especially if some users or groups need permissions other than those that apply for the entire Web
application. Permission policies provide a centralized way to configure and manage a set of
permissions that applies to only a subset of users or groups in a Web application The differences
between specifying user permissions for a Web application and creating a permission policy for a
Web application are the users and to which the permissions apply and the scope at which the
permissions apply. There is also a difference in the permissions lists where individual permissions are
selected. Permissions for a Web application are comprehensive settings that apply to all users and
groups for all site collections within a Web application. The permissions list contains only one
column, and all permissions are enabled by default. You must disable specific permissions
individually A permission policy level for a Web application contains permissions that enable a
subset of users or groups to work with site collections in a specific way. For example, you might want
to create a permission policy level for users of a site collection who will be allowed to add, edit, or
delete items from a list, open a list, and view items, lists, and pages. However, you might want to
prevent the same users from creating or deleting lists, which would require the Manage Lists
permission.
The permissions list contains a Grant All column and a Deny All column. You can either grant or deny
all permissions as part of a permission policy level. You can also grant or deny individual permissions.
No permissions are enabled by default. If an individual permission is neither granted nor denied, it
can be set at the discretion of the site collection administrator or site administrator.
Manage user permission policy You can add users to a permission policy, edit the policy settings, and
delete users from a permission policy.
The following settings can be specified or changed:
Zone: If a Web application has multiple zones, you can specify the zone that you want the
permission policy to apply to. The default is all zones, which can be specified for Windows users
only.
Permissions: You can specify Full Control, Full Read, Deny Write, and Deny All permissions, or you
can specify a custom permission level.
System: This setting enables SharePoint to display SHAREPOINT\System for system- related activity
regardless of the Windows user accounts that have been configured for the hosting application pool
and the SharePoint farm service account. You may want to specify this setting to prevent
unnecessary information disclosure to end users and potential hackers who would be interested in
knowing more about how SharePoint is deployed in your enterprise.
Add users to a permission policy You may want to add users to a permission policy to ensure that all
users are accessing content with the same\ set of permissions.
To add users to a permission policy
1. Verify that you have the following administrative credentials: You must be a member of the Farm
Administrators group on the computer that is running the SharePoint Central Administration Web
site.

2. On the Central Administration Web site, in the Application Management section, click Manage
web applications.
3. Click to highlight the line for the Web application whose permission policy you want to manage.
4. In the Policy group of the ribbon, click User Policy.
5. In the Policy for Web Application dialog box, select the check box next to the user or group that
you want to manage, and then click Add Users.
6. In the Add Users dialog box, in the Zone list, click the zone to which you want the permissions
policy to apply.
7. In the Choose Users section, type the user names, group names, or email addresses that you want
to add to the permissions policy. You can also click the applicable icon to check a name or browse for
names.
8. In the Choose Permissions section, select the permissions that you want the users to have.
9. In the Choose System Settings section, check Account operates as System to specify whether a
user account should be displayed as SHAREPOINT\System instead of the actual accounts that
perform specific tasks within the SharePoint environment.
10. Click Finish.
Source: http://technet.microsoft.com/en-us/library/ff607712.aspx