You deploy a server that has Microsoft SharePoint Foundation 2010 installed.
You create several SharePoint site collections in the default Web application.
You need to ensure that a user named User1 can access all of the site collections in the Web application.
What should you modify in the properties of the default Web application?

A.
the General Settings

B.
the Permissions Policy

C.
the User Permissions

D.
the User Policy

Explanation:
Manage permission policies for a Web application
A Web application is composed of an Internet Information Services (IIS) Web site that acts as a logical container for the site collections that you create. Before you can create a site collection, you must first create a Web application.
A Web application can contain as many as 500,000 site collections. Managing permissions for so many site collections can be complicated and error-prone, especially if some users or groups need permissions other than those that apply for the entire Web application.
Permission policies provide a centralized way to configure and manage a set of permissions that applies to only a subset of users or groups in a Web application
The differences between specifying user permissions for a Web application and creating a permission policy for a Web application are the users and to which the permissions apply and the scope at which the permissions apply. There is also a difference in the permissions lists where individual permissions are selected.
* Permissions for a Web application are comprehensive settings that apply to all users and groups for all site collections within a Web application. The permissions list contains only one column, and all permissions are enabled by default. You must disable specific permissions individually
* A permission policy level for a Web application contains permissions that enable a subset of users or groups to work with site collections in a specific way. For example, you might want to create a permission policy level for users of a site collection who will be allowed to add, edit, or delete items from a list, open a list, and view items, lists, and pages. However, you might want to prevent the same users from creating or deleting lists, which would require the Manage Lists permission.
The permissions list contains a Grant All column and a Deny All column. You can either grant or deny all permissions as part of a permission policy level. You can also grant or deny individual permissions. No permissions are enabled by default. If an individual permission is neither granted nor denied, it can be set at the discretion of the site collection administrator or site administrator.
Manage user permission policy
You can add users to a permission policy, edit the policy settings, and delete users from a permission policy. The following settings can be specified or changed:
* Zone: If a Web application has multiple zones, you can specify the zone that you want the permission policy to apply to. The default is all zones, which can be specified for Windows users only.
* Permissions: You can specify Full Control, Full Read, Deny Write, and Deny All permissions, or you can specify a custom permission level.
* System: This setting enables SharePoint to display SHAREPOINTSystem for system-related activity regardless of the Windows user accounts that have been configured for the hosting application pool and the SharePoint farm service account. You may want to specify this setting to prevent unnecessary information disclosure to end users and potential hackers who would be interested in knowing more about how SharePoint is deployed in your enterprise.
Add users to a permission policy
You may want to add users to a permission policy to ensure that all users are accessing content with the same set of permissions.
To add users to a permission policy
1. Verify that you have the following administrative credentials: You must be a member of the Farm Administrators group on the computer that is running the SharePoint Central Administration Web site.
2. On the Central Administration Web site, in the Application Management section, click Manage web applications.
3. Click to highlight the line for the Web application whose permission policy you want to manage.
4. In the Policy group of the ribbon, click User Policy.
5. In the Policy for Web Application dialog box, select the check box next to the user or group that you want to manage, and then click Add Users.
6. In the Add Users dialog box, in the Zone list, click the zone to which you want the permissions policy to apply.
7. In the Choose Users section, type the user names, group names, or e-mail addresses that you want to add to the permissions policy. You can also click the applicable icon to check a name or browse for names.
8. In the Choose Permissions section, select the permissions that you want the users to have.
9. In the Choose System Settings section, check Account operates as System to specify whether a user account should be displayed as SHAREPOINTSystem instead of the actual accounts that perform specific tasks within the SharePoint environment.
10. Click Finish.
Source: http://technet.microsoft.com/en-us/library/ff607712.aspx