Which statement is correct regarding administrator privileges?

A.
Any Administrator can change their privileges on an as-needed basis

B.
Administrator privileges can only be established and changed by the Root Administrator

C.
Administrator privileges can be established and changed by the Root and All-privilege Administrator

D.
Administrator privileges can only be established by the Root and can be changed by the Root and All-privilege Administrator

Explanation:

NetScreendevices support multiple administrative users. For any configuration changes made by an administrator, theNetScreendevice logs the following information:
The name of the administrator making the change
The IP address from which the change was made
The time of the change
There are several levels of administrative user. The availability of some of these levels depends on the model of
yourNetScreendevice. The followingsection listall the admin levels and the privileges for each level. These
privilegesare only accessible to an admin after he or she successfully logs in with a valid user name and password.
Root Administrator
The root administrator has complete administrative privileges. There is only one root administrator perNetScreendevice. The root administrator has the following privileges:
Manages the root system of the NetScreendevice
Adds, removes, and manages all other administrators
Establishes and manages virtual systems, and assigns physical or logical interfaces to them Creates, removes, and manages virtual routers (VRs)
Adds, removes and manages security zones
Assigns interfaces to security zones
Perform assest recovery
Sets the device to FIPS mode
Reset the device to its default settings
Updates the firmware
Loads configuration files
Clears all actives sessions of a specified admin or of all active admins Read/Write Administrator
The read/write administrator has the same privileges as the root administrator, but cannot create, modify, or remove other admin users. The read/write administrator has the following privileges:
Creates virtual systems and assigns a virtual system administrator for each one Monitors any virtual system
Tracks statistics (a privilegethat cannot be delegatedto a virtual system administrator ) Read-Only Administrator
The read-only administrator has only viewing privileges using theWebUI, and can only issue the get and ping CLI commands. The read-only administrator has the following privileges:
Read-only privileges in the root system, using the following four commansd: enter, exit, get and ping
Read-privileges in virtual systems
Virtual System Administrator
SomeNetScreendevices support virtual systems. Each virtual system (vsys) is a unique security domain, which can be managed by virtual system administrators with privileges that apply only to thatvsys. Virtual system
administratorsindependently manage virtual systems through the CLI orWebUI. On eachvsys, the virtual system administrator has the following privileges:
Creates and edits auth, IKE, L2TP, XAuth, and Manual Key users Creates and edits services
Creates and edits policies
Creates and edits addresses
Creates and edits VPNs
Modifies the virtual system administrator login password Creates and manages security zones
Adds and removes virtual system read-only administrators Virtual System Read-Only Administrator
A virtual system read-only administrator has the same set of privileges as a read-only administrator, but onlywithinaspecific virtual system. A virtual system read-only administrator has viewing privileges for his particularvsysthrough theWebUI, and can only issuethe enter, exit, get, and ping CLI commands within hisvsys.