ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-100 All Questions

View all questions & answers for the MD-100 exam
Go to Exam

Exam MD-100 topic 3 question 94 discussion

Actual exam question from Microsoft's MD-100
Question #: 94
Topic #: 3
[All MD-100 Questions]

HOTSPOT -
Your network contains an Active Directory forest. The forest contains a root domain named contoso.com and a child domain named corp.contoso.com.
You have a computer named Computer1 that runs Windows 10. Computer1 is joined to the corp.contoso.com domain.
Computer1 contains a folder named Folder1. In the Security settings of Folder1, Everyone is assigned the Full control permission.
On Computer1, you share Folder1 as Share1 and assign the Read permissions for Share1 to the local Users group.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://www.techrepublic.com/article/learn-the-basic-differences-between-share-and-ntfs-permissions/
by jsblah at Oct. 6, 2020, 11:39 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AnoniMouse
Highly Voted 4 years ago
I was about to say YES YES YES but I tested this in my environment and the correct answer is YES, YES, NO The key hint here is that the folder was shared on this computer with USERS (not Domain Users). USERS is a local group on every Windows machine, and if the computer is a domain joined, the it will contain the [corp.consoto\Domain Users] inside the local USERS group. So domain users from CORP will have read access to that folder, but domain users from CONSOTO (the parent domain) will not.
upvoted 35 times
...
Rstilekar
Highly Voted 4 years, 4 months ago
@Mr01z0, the 2nd ariticle you shared also states the line - " Each domain has its own set of security policies that do not cross from one domain to another. " So looks like security NTFS permissions for fileshares do not flow across domains. So i would stick to given answer that seems correct even for 3rd option.
upvoted 13 times
...
flabezerra
Most Recent 2 years, 8 months ago
Based on these best practices (see below), you will be able to use the Domain Local Group to assign permissions (Local Users group). 1 - Organize domain users based on administrative needs, such as their locations or departments, and then create a global group, and add the appropriate user accounts as members. 2 - Create a domain local group, and add all global groups FROM THE OTHER DOMAINS that need the same access to a resource in your domain. 3 - Assign the required permissions on the shared resource to the domain local group. So the answer should be YES for third statement.
upvoted 1 times
flabezerra
2 years, 8 months ago
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc787646(v=ws.10)#best-practices-for-controlling-access-to-shared-resources-across-domains
upvoted 1 times
...
...
luisfernandezfrias
3 years, 4 months ago
Is it? YES, YES, No finally
upvoted 1 times
...
CARIOCA
4 years ago
Essa questão ficou muito dividida no gabarito, afinal qual seria a resposta e qual a justificativa? Após um debate de 10 comentários, o gabarito é o mesmo ou não?
upvoted 1 times
KeepYourPantsOff
3 years, 3 months ago
POR QUE LOS DOS SIENTOOOOO JAJAJAJA
upvoted 1 times
...
...
b3arb0yb1m
4 years, 2 months ago
After giving this some though, my answer will be Yes - No - No. It says the Users group and for some reason, I doubt they really mean the domain users. Therefore, it will only speak to local users and therefore neither domain user outside of the local users will have access.
upvoted 8 times
zedology
3 years, 9 months ago
I viewed my groups and "domain\Users" is added in my "Users" group. My answer is Y, Y, N
upvoted 7 times
...
Hisandy
4 years, 1 month ago
My answer is Y,N,N too
upvoted 6 times
lairyy
4 years, 1 month ago
I agree with this
upvoted 5 times
...
...
...
Cisco
4 years, 2 months ago
Are they saying if those users have read only access or can read? The local users have full control so can certainly read but they dont have read only permission.
upvoted 2 times
YoMomma97
2 years, 11 months ago
But NOBODY has write access through the UNC share.
upvoted 1 times
...
...
Mr01z0
4 years, 4 months ago
This should be Yes, yes and yes. The URL in the answer provides no insight into cross domain authentication. According to this information a 2 way trust is automatically created between root and child domains suggesting that accounts of any domain in the tree should be able to successfully authenticate against the share: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc775736(v=ws.10)#default-trusts This article clarifies the steps that are taken in the authentication process: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc787646(v=ws.10)
upvoted 7 times
bertik
4 years, 1 month ago
Correct answer is Y,Y,N. On every domain computer group "Users" has member "Domain Users". You cannot use this group for cross-domain authorization.
upvoted 5 times
...
...
tumwvknt
4 years, 8 months ago
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc772808(v=ws.10)?redirectedfrom=MSDN
upvoted 1 times
...
jsblah
4 years, 8 months ago
I appreciate seeing the answers, but the article cited is positively ancient. I wonder if 100 years from now people will be citing articles from today...
upvoted 7 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel