The list permission on an NTFS directory grants the user, which rights？（)

A. User2 needs write permission to the directory.

B. User2 needs both read and write permissions to the directory.

C. User2 needs both read and execute permissions to the directory.

D. User2 needs both write and execute permissions to the directory.

ssional.Sandra, the manager of the human resources department, asks you to create a shared folder named HRDrop.You create a HRDrop folder on a member server. You assign the Allow - Full Control share permission to the Everyone group.Now you need to configure the NTFS permissions on HRDrop to fulfil the following requirements:1. Sandra must be able to read, modify, change permissions on, and delete all files and subfolders in HRDrop.2. All other domain users must only be able to add new files to HRDrop.What should you do？（）

A. Assign the Allow - Modify permission to Sandra. Assign the Allow - Read permission to the Users group.

B. Assign the Allow - Full Control permission to Sandra. Assign the Allow - Write permission and the Deny - Read and Execute permission to the Users group.

C. Assign the Allow - Modify permission to Sandra. Assign the Allow - List Folder permission to the Users group.

D. Assign the Allow - Full Control permission to Sandra. Assign the Allow - Read permission to the Users group.

E. Assign the Allow - Full Control permission to Sandra. Assign the Allow - Write permission to the Users group and remove the Read and Execute permissions to the Users group.

system partition of the server is shared on the network as HR-Data. The owner of the HR-Data folder is Administrators.

The shared permissions and NTFS permissions are shown in the following table.

Share permissions:

Everyone: FULL Control

NTFS permissions

Domain Admins: Read

Katrin: Full Control

Katrin creates a file in the HR-Data folder. She sets the NTFS permissions for the file to list only herself on the access control list, with Full Control permission. Katrin then leaves on vacation and cannot be contacted.

Later, you discover that the file contains sensitive information and must be removed from the server as soon as possible. You want to delete the file without modifying any of the permissions for other files in the HR-Data folder. You want your actions to have least possible impact on users who may be using other files in the HR-Data folder. You want to use the minimum amount of authority necessary to delete the file.

What should you do？

A．Grant yourself Full Control permission for only the HR-data folder and not its subobjects. Delete the file. Then remove Full Control permission for HR-Data folder.

B．Take ownership of the HR-Data folder. When prompted, take ownership of the existing files. Grant yourself Full Control permission for the file. Delete the file.

C．Take ownership of the file. Grant yourself Modify permission for the file. Delete the file.

D．Grant yourself Modify permission for the HR-Data folder and its subobjects. Delete the file. Then remove Modify permission for the HR-Data folder.

at runs Windows Server 2003 Service Pack 2 (SP2).Your domain contains two groups named Sales and Marketing. Members of the Marketing group print very large documents.Members of the Sales group report that they are unable to print documents because the printer is in use.You need to ensure that members of the Sales group can interrupt the print jobs sent by members of the Marketing group. You must prevent the members of the Sales group from modifying the priority of the printer.What should you do？ （）

A. Assign the Manage Printers permission to the Sales group.

B. Assign the Manage Documents permission to the Sales group.

C. Deny the Take Ownership permission to the Marketing group.

D. Remove the Creator Owner group from the printer’s access control list

You configure a Group Policy Object for the Marketing organizational unit (OU) to prevent users from accessing My Network Places and from running System in Control Panel. You want the Managers domain local group to be able to access My Network Places, but you still want to prevent them from running System in Control Panel.

What should you do？

A．Add the managers group to the access control list of the GPO. Disable the permission of the managers group to read and apply the group policy.

B．Add the managers group to the access control list of the GPO. Deny the permission of the managers group to read and apply the group policy.

C．Create a second GPO in the OU. Add the managers group to the access control list. Allow the managers group to apply the group policy. Deny the authenticated users group permission to read and apply group policy. Configure the new GPO to deny the ability to run System in Control Panel. Give the original GPO a higher priority than the new GPO.

D．Create a second GPO in the OU. Add the managers group to the access control list. Allow the managers group to read and apply the group policy. Disable the permission of the authenticated user group to read and apply the group policy. Configure the new GPO to allow access to My Network Places. Give the new GPO a higher priority than the original GPO.

-compliant computers. All 65 computers are included on the current hardware compatibility list (HCL). You create a RIS image. You load the image on the RIS server. You then start the 65 computers.

You find that the 30 PXE-Compliant computers can connect to the RIS server.

However, the 35 non-PXE-compliant computers fail to connect to the RIS server. What should you do？

A．Run Rbfg.exe to create a Non-PXE-compliant startup disk.

B．Run Riprep.exe to create a Non-PXE complaint startup disk.

C．Grant the Everyone group NTFS Read permission for the RIS image.

D．Grant the Administrators group NTFS Read permission for the RIS image.

artment is a Windows 2000 Server computer named Ezonexam1. You have created a folder named Payments on the system partition of Ezonexam1. Payments is shared on the network as Payments with the default share permissions. The owner of the Payments folder is domain Admins. The NTFS permissions are shown in the following table.

NTFS Permissions

Domain Admins: Allow Read

Accounting: Allow Full Control

There is a file called review.doc in the Payment folder. The owner of review.doc is a user named Paul who is on a temporary leave of absence. The NTFS permissions for the file list only Paul on the access control list, with Full Control permission.

You want to remove Paul's access to review.doc and grant the Modify permission for a user named Lily Loo. You open the Security properties of review.doc and discover that you are unable to modify the permissions of the file.

You want to be able to remove Paul's access and grant Lily Loo the Modify permission on review.doc.

What should you do？

A．Take ownership of the file.

B．Take ownership of the Payments folder.

C．Grant Domain Admins Full control of the Payments shared folder.

D．Grant Domain Admins Change for the Payments shared folder.

Control permission for the OU. All computer objects in the Production OU are administered by another administrator named Tom.The Production OU contains the computer account for a Windows Server 2003 computer named Testking1. Tom submits a list of configuration settings that he wants to apply to Testking1 by means of a Group Policy object (GPO). A GPO that contains Tom‘s required settings is created in another OU by the domain administrator.You only want to allow Tom to link existing GPOs to the Production OU. He must not have any more rights than he needs to perform the required tasks.What should you do？（）

A. Add Tom‘s user account to the Group Policy Creator Owners group in the domain.

B. Run the Delegation of Control Wizard and assign Tom‘s user account the Allow - Manage group policy links permission for the Production OU.

C. Run the Delegation of Control wizard and assign Tom‘s user account the Allow - Change permission for the Production OU.

D. Run the Delegation of Control wizard and assign Tom‘s user account the Allow - Apply group policy permission for all GPOs that are linked to the Production OU.

A.Apply a string name to the applications by using the Strong Name tool (Sn.exe)

B.Use the security settings of internet explorer to add the shared folder to the list of trusted sites

C.Use the Code Access Security Policy tool (Caspol.exe) to add a new code group that has the full trust permission set. The new code group must also contain a URL membership condition that specifies the URL of the shared folder where your application reside

D.Grant the full trust permission set to the Trusted Zone code group by using the Code Access Security Policy Tool (Caspol.exe)

ndows 2000 Professional computer. Your company hires an intern named Richard. You create a subfolder named intern, which Richard needs to access. You want to allow Richard access to the intern subfolder only.

You create a user account named intern. You want to allow the intern user account the ability to update, create, and delete files within the intern folder. You need to prevent Richard from accessing any other files or folders within the AccSecured folder.

What should you do？ (Choose all that apply)

A．Map a network drive to the AccSecured\intern folder from Richard's computer.

B．Map a network drive to the AccSecured shared folder from Richard's computer.

C．Allow the intern user account modify permissions on the intern subfolder.

D．Allow the intern user account traverse folder/execute file permission on the AccSecured folder.

E．Allow the intern user account list folder content permission on the AccSecured folder. Remove read extended attributes and read permissions.