ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-740 All Questions

View all questions & answers for the 70-740 exam
Go to Exam

Exam 70-740 topic 1 question 109 discussion

Actual exam question from Microsoft's 70-740
Question #: 109
Topic #: 1
[All 70-740 Questions]

HOTSPOT -
Your network contains an Active Directory domain named Adatum.com. The domain contains two servers named Server1 and Server2 that run Windows Server
2016. The domain contains three users named User1, User2, and User3.
Server1 has a share named Share1 that has the following configurations.

The share permissions for Share1 are configured as shown in the Share1 exhibit. (Click the Exhibit button.)

Share1 contains a file named File1.txt. The Advanced Security Settings for File1.txt are configured as shown in the File1.txt exhibit. (Click the Exhibit button.)

For each of the following statement, select Yes if the statement is true. Otherwise, select No.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
by hkshado at Oct. 7, 2019, 4:12 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
khalid86
Highly Voted 5 years, 2 months ago
Hi Guys, It is the most tricky question from Microsoft. Actually the problematic thing is "Disable inheritance" button. It shows that after modifying security permissions, they have enabled inheritance. In this situation, when you press OK, it will inherit all security permission from the parent folder. Default permission on every shared folder is Read & Execute for Users/Domain Users. So the User3 is inheriting Read & Execute permission from Share1 and Write permission from File1.txt. The result is that he can see and modify the file. Confirmed in the lab environment.
upvoted 19 times
LoneWarrior
5 years, 2 months ago
Thank you, Sir! Finally, an answer that makes sense!
upvoted 1 times
...
promaster
5 years, 1 month ago
Also whats interesting is even if inheritance was "disabled" it looks like user3 would still be able to read File1.txt because "write" permissions fundamentally imply read permissions, because in windows you can't write to a file that you can't read.
upvoted 3 times
...
waseemsmr
5 years, 1 month ago
Wrong. Inheritance is already disabled for all Entries (see None) for all on them.
upvoted 1 times
waseemsmr
5 years, 1 month ago
Tested it. Answer still No-Yes-Yes. Don't know exactly why.
upvoted 2 times
waseemsmr
5 years, 1 month ago
Because User3 can see but can't open the file
upvoted 1 times
...
...
...
...
MiMo
Highly Voted 5 years, 8 months ago
The provided answer is Correct, NO -- YES -- YES 1- No because User1 does not have full share permissions 2- YES because User2 has both share and File Read permissions 3- NO Becuase User3 has write permission only, When share and NTFS permissions are used simultaneously, the most restrictive permission always wins in this case NTFS I have tested it!
upvoted 6 times
...
Baldiico
Most Recent 4 years, 5 months ago
I hope the answer stated here is correct coz there seem to be no links to this question asked
upvoted 1 times
Baldiico
4 years, 5 months ago
From the domain user 3 has change read permission, from file1.txt, user 3 has write permission, obviously user 3 can see the file
upvoted 1 times
...
...
elopez2207
4 years, 6 months ago
THE RIGHT ANSWER IS NO-YES-NO. I agree with hkshado and coleman I tested This is my screenshot and video (the 3 cases with the beginning of implementation). The case 3 -> min 11:37 URL: https://drive.google.com/drive/folders/1dPJrSRrXdx4pa2jjuLk68a9ByyaEfbNK?usp=sharing
upvoted 3 times
Xander27
4 years, 5 months ago
This was amazing and very helpful! Thanks!
upvoted 2 times
...
...
northgaterebel
4 years, 8 months ago
I think the provided answer NO, YES, YES is correct. The file does not inherit permissions but the share directory's security descriptor appears to with OICI. Also it seems to grant Domain Users (G:DU) group the WD permission, which means Modify, which includes Read. https://docs.microsoft.com/en-us/archive/blogs/askds/the-security-descriptor-definition-language-of-love-part-2 https://anexinet.com/blog/an-sddl-primer/
upvoted 1 times
...
Milos99
4 years, 9 months ago
The comment section was very divided so l decided to test this out. Provided Question NO-YES-YES is correct. See screenshot, on the left is user3 (user2 on my dc) and on the left is shared folder permissions; https://prnt.sc/un7s87
upvoted 3 times
Sten111
4 years, 9 months ago
Do you have access based enumeration enabled? That would make it NO-YES-NO
upvoted 1 times
Milos99
4 years, 9 months ago
Dear Sten, My answer remains the same, l just made the same users with same permissions, and l can list the file with user3 (user2 on my screenshot).
upvoted 2 times
Sten111
4 years, 8 months ago
After some review I agree with you. Access Based Enumeration doesn't matter so much here as they are inheriting the Read permission from Share1. Thanks for helping change my mind on this.
upvoted 2 times
...
...
...
...
jam7272
4 years, 11 months ago
The answer to the 3rd question is NO. This is about 'Access Based Enumeration' (ABE). ABE requires ALL of the NTFS permissions... List Folder / Read Data Read Attributes Read Extended Attributes Read Permissions Being granted Write NTFS permissions does NOT give you any of those permissions. So therefore the file will NOT be seen by user3. https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/access-based-enumeration-abe-concepts-part-1-of-2/ba-p/400435
upvoted 1 times
...
Jake__
5 years, 2 months ago
Got this Q on exam
upvoted 3 times
...
Boontj3
5 years, 4 months ago
Had this q in exam
upvoted 1 times
...
Alli
5 years, 5 months ago
guys the challenge is about third one: and the answer is correct. since user3 uses UNC pad to view file1.txt from remote location, the only option that applies to folder is share permission and it's change permission.So user3 can see file1.txt
upvoted 4 times
Sparrow033
5 years, 5 months ago
Hello people! Two things: With the access based on enumeration, the user could not list the folder where the document is, but if he knows the path, he can access it. And second, the access based on enumeration does not work if the folder is accessed from another computer
upvoted 1 times
...
...
Izhar
5 years, 5 months ago
Got this question in exam
upvoted 3 times
...
MiMo
5 years, 8 months ago
The provided answer is not Correct, NO -- YES -- NO 1- No because User1 does not have full share permissions 2- YES because User2 has both share and File Read permissions 3- NO Becuase User3 has write permission only, When share and NTFS permissions are used simultaneously, the most restrictive permission always wins in this case NTFS I have tested it!
upvoted 6 times
lbs
5 years, 2 months ago
I agree. https://www.varonis.com/blog/ntfs-permissions-vs-share/
upvoted 2 times
lbs
5 years, 2 months ago
The question is very tricky. The answer is correct No-Yes-Yes. bcos NTFS permission for the folder Share1 would be Read&Execute eventhough File1.txt has only Write permission
upvoted 1 times
...
...
Baldiico
4 years, 5 months ago
Wait, you changed your answer again
upvoted 1 times
...
...
MentalG
5 years, 8 months ago
Any sources to this please?
upvoted 1 times
...
coleman
5 years, 8 months ago
i agree with hkshado , the answer is no yes no
upvoted 5 times
Dutch2005
5 years, 8 months ago
I agree as well -- No - yes - no
upvoted 2 times
...
[Removed]
4 years, 7 months ago
I agree as well -- No - yes - no
upvoted 1 times
...
...
hkshado
5 years, 8 months ago
I think User 3 cannot see the file as Folder Enumeration Mode is access based and he only got Read share permission but not Read NTFS permission (please note Read NTFS permission is not included in Write NTFS permission)
upvoted 4 times
Dutch2005
5 years, 8 months ago
Indeed, only "LIST" and "Read" makes you see the file(s)...
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel