The Human Resources department has a parent shared folder setup on the server. There are two groups
that have access, one called managers and one called staff. There are many sub folders under the parent
shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all
subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff
group from gaining access to the payroll folder?
A.
Remove the staff group from the payroll folder
B.
Implicit deny on the payroll folder for the staff group
C.
Implicit deny on the payroll folder for the managers group
D.
Remove inheritance from the payroll folder
Explanation:
Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges
for a resource, you’re denied access by default.
Incorrect Answers:
A: This will not work because the question states: “The parent folder access control list propagates all
subfolders and all subfolders inherit the parent permission.”C: This will deny access for the managers group.
D: Removing inheritance from the payroll folder will also affect the manages group.Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 26, 44
If both groups have access to the parent folder, then as the payroll subfolder inherits permissions from the parent folder, the only way to remove staff access to the payroll folder is to uncheck the ‘inherit permissions from parent’ check box. Then the staff group can be removed from the payroll security permissions.
0
0
OK…lets see how it goes
• The HR department has a share folder
• The HR Shared folder is accessed by two separate groups:
— Managers
— Staff
• Inside the HR Folder, there is a subfolder called “Payroll”
• I want to permit access to the “managers” group to “Payroll”, and at the same time block access to the “Staff” Group
As for the wrong answers:
“A. Remove the staff group from the payroll folder”. This will work but then the “staff” group will not be able to access any information on the HR shared folder. It is therefore an overkill.
“C. Implicit deny on the payroll folder for the managers group”
This will deny access for the managers group which is the opposite of what we are trying to achieve
“D. Remove inheritance from the payroll folder”
Removing inheritance from the payroll folder will also affect the managers group.
So the correct answer is:
“B. Implicit deny on the payroll folder for the staff group” –
Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default.
0
0