Right or wrong in the online test exam 70-270?

DigglerDiggler Member Posts: 3 ■□□□□□□□□□
Hi Guys!

1:Could you please explain two things for me regarding the MS 70-270 exam questions. The first question is the one below: Why is the correct answer C: ? If the most restrictive applies how can the user have change permissions? Since he is a member of the Sales group with read NTFS permissions shouldn't the effective permission be read? Next question below.

You share a folder on your computer and you assigned the share permission Change to Everyone. John, a user from the Sales department, has been granted Full Control NTFS permission to the folder. John is also a member of the Sales group, which has been assigned Read NTFS permissions.
What are John's effective permissions when connecting to the shared folder?
a. Read
b. Read & Execute
c. Change
d. Full Control

Answer(s): c. Change

Your Answer(s): a. Read

The effective NTFS permissions are the sum of the permissions assigned to user and to groups the user belongs to. (except for explicit deny permissions which overrides any other conflicting permissions assigned.) When you combine NTFS and Share permissions the most restrictive applies

2: Question 23 in the same exam is confusing. The correct answer is a, b and e. I didn't choose the e option because the scenario is based on an activation of offline files and by default when activating offline files the e option is already selected. And if I know MS correct they could do this to you in the exam. What do you think about this one and how should you approach these questions on the real exam.

Looking forward to your opinion!

-- Diggler --


  • WebmasterWebmaster Admin Posts: 10,292 Admin
    What do you think about this one and how should you approach these questions on the real exam.
    You won't get these exact questions on the exam cause I wrote them originally. But these type of questions, MS style questions, you should approach by reading them very carefully (apart from knowing your stuff of course).

    1. The keyword in the explanation is 'effective'...

    23. I admit I made that one a bit too confusing, as although it needs to be enabled to get the desired results, it doesn't need to be 'selected' as I mentioned in answer e. I'll rewrite the entire question to make it less confusing but on the same topic. Although you are right MS can do that to you with some question, but overall they don't and with the sims it's not any issue.
  • DigglerDiggler Member Posts: 3 ■□□□□□□□□□
    OK thanks Johan!

    They are pretty tricky these NTFS and share permissions and you really need to think twice. Or more :)
    -- Diggler --
  • princess4peaceprincess4peace Member Posts: 286
    The question is just trickish as explain by the webmaster, however, i think you need to be careful when answering MS question, as the question in your post is trying to test your ability to diffrentiate btw share permission and NTFS permission. The answer is C which is the permission for the everyone on share permission.
    Knowledge is life
  • DigglerDiggler Member Posts: 3 ■□□□□□□□□□
    The thing is to calculate the NTFS permission first and then compare with the share permission. When you studying you are thinking, share permission=most restrictive and then you take the most restrictive NTFS permission against the most restrictive share permissions which is wrong. Life is a good lesson :)
    -- Diggler --
  • 12thlevelwarrior12thlevelwarrior Member Posts: 302
    yeah, it took me some time to get the concept, but i always think of share permissions as the first line of defense.

    If you set read on share it doesn't matter what ntfs gives the user they always get read.
    Every man dies, not every man really lives.
  • iankfiankf Member Posts: 49 ■■□□□□□□□□
    Could anyone explain this a bit more it seems a bit confusing and i wish to get this concept in the test
  • 12thlevelwarrior12thlevelwarrior Member Posts: 302
    Ok, here goes. My example is a Windows XP machine in a domain.

    You have a folder on the C drive called share1. The folder is not shared yet, but you do go into the ntfs permissions and give your buddy (userid) full control to the folder. At this point your buddy has full control of the folder, but it doesn't do him any good unless he can logon locally, or via remote desktop to your machine. As far as your PC is concerned that folder is not ready for the outside world and is not to be "shared" with anyone outside the machine, even though you have given your friend full access with the ntfs permissions. Now you decide to open that folder up to the network and share it. The permissions you can apply to the share are read, change, and full. Let's say you give everyone full control. This means that anyone on the domain can see that folder if they do a \\ from run to your machine name. They see the folder, but when the click on it only the users that have rights on the ntfs permissions will be allowed access. Now, if you applied the "read" permission to the share (not ntfs) it doesn't matter what permission people have with ntfs because the first line share permissions will only give them "read" permissions.

    At my work we always apply the "full" share permission to everyone, and just let the ntfs permissions do the work.

    Hope this helps.

    Just dork around with some shares on your home network and you'll get it.
    Every man dies, not every man really lives.
  • TrailerisfTrailerisf Member Posts: 455
    "You share a folder on your computer and you assigned the share permission Change to Everyone"

    Share permissions are always the ones you look at to be the most restictive when examining all of them
    On the road to Cisco. Will I hunt it, or will it hunt me?
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    iankf wrote:
    Could anyone explain this a bit more it seems a bit confusing and i wish to get this concept in the test
    Did you read the topics I linked to in my reply above?
  • iankfiankf Member Posts: 49 ■■□□□□□□□□
    Now I understand :) The least restrictive on NTFS and share permissions

    NTFS+share= most restrictive :D
Sign In or Register to comment.