Which statement is correct regarding administrator privileges?

A.
Any Administrator can change their privileges on an as-needed basis

B.
Administrator privileges can only be established and changed by the Root Administrator

C.
Administrator privileges can be established and changed by the Root and All-privilege Administrator

D.
Administrator privileges can only be established by the Root and can be changed by the Root and All-privilege Administrator

Explanation:
NetScreen devices support multiple administrative users. For any configuration changes made by an administrator, the NetScreen device logs the following information:
The name of the administrator making the change
The IP address from which the change was made
The time of the change
There are several levels of administrative user. The availability of some of these levels depends on the model of
your NetScreen device. The following section list all the admin levels and the privileges for each level. These
privileges are only accessible to an admin after he or she successfully logs in with a valid user name and password.
Root Administrator
The root administrator has complete administrative privileges. There is only one root administrator per NetScreen device. The root administrator has the following privileges:
Manages the root system of the NetScreen device
Adds, removes, and manages all other administrators Establishes and manages virtual system, and assigns physical or logical interfaces to them
Creates, removes, and manages virtual routers (VRs) Adds, removes, and manages security zones
Assigns interfaces to security zones
Performs asset recovery
Sets the device to its default settings
Update the firmware
Loads configuration files
Clears all active sessions of a specified admin or of all active admins Read/Write Administrator
The read/write administrator has the same privileges as the root administrator, but cannot create, modify, or remove other admin users. The read/write administrator has the following privileges:
Creates virtual systems and assigns a virtual system administrator for each one Monitors any virtual system
Tracks statistics (a privilege that cannot be delegated to a virtual system administrator) Read-Only Administrator
The read-only administrator has only viewing privileges using the WebUI, and can only issue the get and ping CLI commands. The read-only administrator has the following privileges:
Real-only privileges in the root system, using the following four commands: enter, exit, get, and ping
Read-only privileges in virtual systems
Virtual System Administrator
Some NetScreen devices support virtual systems. Each virtual system (vsys) is a unique security domain, which can be managed by virtual system administrators with privileges that apply only to that vsys. Virtual system
administrators independently manage virtual systems through the CLI or WebUI. On each vsys, the virtual system administrator has the following privileges:
Creates and edits auth, IKE, L2TP, XAuth, and Manual Key users Creates and edits services
Creates and edits policies
Creates and edits addresses
Creates and edits VPNs
Modifies the virtual system administrator login password Creates and manages security zones
Adds and removes virtual system read-only administrators Virtual System Read-Only Administrator
A virtual system read-only administrator has the same set of privileges as a read-only administrator, but only withina specific virtual system. A virtual system read-only administrator has viewing privileges for his particular vsys through the WebUI, and can only issue the enter, exit, get, and ping CLI commands within his vsys.