Questions and Answers

1.

The company you work for hires quite a few temporary workers, and those workers need access to workgroup computers to perform their jobs. These employees are added to the default Users group when they are hired. Because they are members of the Users group, they have Read And Execute, List Folder Contents, and Read permissions by default. However, these users also need to be able to write data to the folders to which they have access. What is the best way to make this change without giving the users too much access?

1. Add all new users to the Power Users group.

2. Stop assigning NTFS permissions, and assign the Read and Change share permissions.

3. For the Users group on each share, assign the NTFS permission Write.

4. For the Users group on each share, assign the NTFS permission Full Control.

2.

A user’s Windows 2000 Professional computer was recently upgraded to Windows XP Professional. A member of the Users group reports that he can no longer run the older applications necessary to perform his job. You have looked for a newer version of the application but cannot find one. The user is a Microsoft Certified Desktop Technician and a Microsoft Certified Professional and has been with the company for many years, so you feel he is competent and will pose no threat if given extra leniency. You need to allow this user to run his older application. What is the best course of action?

1. Move this end user from the Users group to the Power Users group.

2. Decrease the default security settings for all members of the Users group.

3. Purchase a new program that is Microsoft certified and train the users in the company to use it. Uninstall the older application.

4. Move this end user from the Users group to the Administrators group.

1.

C is the best answer. Adding the Write permission adds only that option for the user and no more. A and D would give more access than necessary, and B would reduce the security of the shares.

2.

A is correct. Members of the Power Users group can run older applications. Making this user a member of this group will likely pose no threat to the computer or the network. B would work but is not the best course of action because not all users need this capability. C is incorrect because it would require too much time and money, and it is unnecessary. D is incorrect because only a few employees should be given administrator status.

1.

A user named John is a member of several groups in a domain: the Research Group, the Marketing Group, and the Support Group. Each group he belongs to has access to a different set of folders and data. However, one folder named Help And Support is shared so that all users in the company can access it, although some users have more access than others. John’s group membership and the permissions assigned to the Help And Support folder for each group are listed here. What is John’s effective permission for the folder?

1. Read

2. Write

3. Modify

4. Full Control

1.

C is the correct answer. The cumulative share permissions are Full Control. The cumulative NTFS permissions are Modify. The more restrictive of those two is Modify. The other answers are incorrect for this reason.

1.

In the following table, match the policy on the left with the appropriate security setting folder on the right.

1.

The following answers are correct because they represent the only place the policies can be set for each item: 1-E. 2-F. 3-C. 4-A. 5-D. 6-B.

1.

A Windows XP Professional user reports that she is unable to access the Add/ Remove Programs icon in Control Panel. What is most likely the problem?

1. The Windows XP installation is corrupt.

2. A Group Policy setting is in place that prevents access.

3. The antivirus program is restricting access.

4. There are no programs to add or remove.

5. The user is not logged on as an administrator.

2.

Select all of the ways in which the Group Policy console can be accessed.

1. Type gpedit.msc at the Run line.

2. Open the Group Policy console from Administrative Tools.

3. Open Group Policy from Control Panel, using the Group Policy icon.

4. Open Group Policy by choosing Start, pointing to All Programs, pointing to Accessories, pointing to System Tools, and selecting Group Policy.

1.

B is correct. Group Policy can be set to disable access to specific Control Panel tools. A is not correct because a corrupt installation would cause various other problems; C is incorrect because antivirus programs do not generally restrict access to Control Panel; D is incorrect because there are always programs that can be added or removed; and E is not correct because you do not have to be an administrator to access Add/Remove Programs.

2.

A is correct. B and C are incorrect because Group Policy is not an option from Administrative Tools or from Control Panel. D is incorrect because Group Policy is not an option from System Tools.

1.

A small office user with three employees has just purchased a new computer running Windows XP and has set up a network using a four-port hub. She connected her three existing computers running Windows 98 and her new computer running Windows XP, and then she used the Network Setup Wizard on the computer running Windows XP to create the network. She reports that she made no other changes. After sharing a few folders, she reports that everyone on the network can view and make changes to her shared files. She wants the users on her network to be able to view the files only, not edit or change them. What should you tell the user to do? (Select all that apply.)

1. Disable Simple File Sharing.

2. Convert the file system of the computer running Windows XP to NTFS.

3. Clear the Allow Users To Change My Files check box on the Sharing tab of each shared folder.

4. Drag the shared folders to the Shared Documents folder.

5. Upgrade all of the computers to Windows XP.

1.

C is the only correct answer because by default, new networks created with the Network Setup Wizard use Simple File Sharing. Clearing this option from the shared folders will solve the problem. A is incorrect because although disabling Simple File Sharing would allow the user to configure other options, disabling it will not solve the problems at hand. B is incorrect because Simple File Sharing works with both FAT and NTFS. D is incorrect because this technique is used to share folders with other users of the same computer. E is incorrect because the computers do not need to be running Windows XP to participate in and follow the rules of a network.

1.

The company you work for has its users separated into four user groups: the Administrators group, the Power Users group, the Users group, and the Temporary Workers group. The company’s network is configured as a workgroup. The first three groups are built-in groups, and a network administrator created the last group. A user at your company who has previously been a member of the Administrators group has recently been demoted and placed in the Power Users group. He reports several problems:

• He cannot back up or restore files and folders on the network.

• He cannot manage auditing and security logs.

• He cannot take ownership of files and folders.

• He cannot force shutdown of a remote system.

What is the cause of this?

1. This is the expected behavior based on the user’s new group membership.

2. Local policies are preventing access.

3. Group Policy settings are preventing access.

4. Public key policies are preventing access.

1.

A is correct. By default, only members of the Administrators group can perform these tasks, and because he is no longer a member, he no longer has those privileges. B is incorrect, even though policies can be changed and set here. C is incorrect because Group Policy settings are used to customize and standardize other settings. D is incorrect because public key policies have to do with encryption, not rights and privileges.

1.

You are working as a DST. A small business owner calls and tells you that he has a small network on which he is the sole administrator. One of his employees recently requested that she be able to take ownership of files and other objects on a computer that she shares with other employees. The owner made the user a member of the Power Users group on the computer. However, the user still does not have the ability to take ownership of resources.

1. Using the Local Security Settings console, determine whether the Power Users group has the right to take ownership of files and other objects.

   The Power Users group is not assigned this right by default; only the Administrators group has this right. However, you can use the Local Security Settings console to assign the right to the Power Users group or to the individual user.

2. What would you suggest the owner do to give the user the necessary rights?

   The owner could add the user to the Administrators group, but this option would likely give more permissions to the user than the owner wants her to have. The owner could also give the Power Users group the right to take ownership of files and other objects. However, if there are other members of the Power Users group, they also would be given this right. The best course of action is to assign the right directly to the user.

3. Using the Local Security Settings console, list the user rights assigned by default to the Administrators group that are not assigned by default to the Power Users group.

1.

By default, the rights assigned to the Administrators group that are not assigned to the Power Users group include the following:

• Adjust memory quotas for a process.

• Allow logon through Terminal Services.

• Back up files and directories.

• Create a pagefile.

• Debug programs.

• Force shutdown from a remote system.

• Increase scheduling priority.

• Load and unload device drivers.

• Manage auditing and security logs.

• Modify firmware environment values.

• Perform volume maintenance tasks.

• Profile system performance.

• Restore files and directories.

• Take ownership of files or other objects.