Microsoft Exam Questions

Which two actions should you perform?

Your network contains an Active Directory domain named contoso.com.
The network contains a file server named Server1 that runs Windows Server 2012 R2.
You create a folder named Folder1.
You share Folder1 as Share1. The NTFS permissions on Folder1 are shown in the Folder1
exhibit. (Click the Exhibit button.)

The Everyone group has the Full control Share permission to Folder1.
You configure a central access policy as shown in the Central Access Policy exhibit. (Click the
Exhibit button.)

Members of the IT group report that they cannot modify the files in Folder1.
You need to ensure that the IT group members can modify the files in Folder1.
The solution must use central access policies to control the permissions.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.
On the Classification tab of Folder1, set the classification to Information Technology.

B.
On the Security tab of Folder1, add a conditional expression to the existing permission entry for
the IT group.

C.
On Share1, assign the Change Share permission to the IT group.

D.
On the Security tab of Folder1, remove the permission entry for the IT group.

E.
On the Security tab of Folder1, assign the Modify permission to the Authenticated Users group.

Explanation:
Central access policies for files enable organizations to centrally deploy and manage authorization
policies that include conditional expressions that use user groups, user claims, device claims, and
resource properties.
(Claims are assertions about the attributes of the object with which they are associated).
For example, to access high-business-impact (HBI) data, a user must be a full-time employee,
obtain access from a managed device, and log on with a smart card.
These policies are defined and hosted in Active Directory Domain Services (AD DS).
http://technet.microsoft.com/en-us/library/hh846167.aspx