Server I Ch 5

Volume Shadow Copy Servce (VSS)

A Windows service that enables shadow copies and allows copying files that are open, essentially taking a snapshot of the data, which allows making bckups of files and applcications witout taking them offline.

Server Message Block (SMB)

A client/server Application layer based protocol that provides network file sharing, network printing and authentication

Branch Office Direct Printing

A feature available with the Print and Document Services role that allows clients to print directly o a network printer without the job having to go theourh the print server

shadow copies

A feature of Windows file system that allows users to access previous versions of files in a share folders and restore files that have been deleted or corrupted.

access-based enumeration (ABE)

A feature of file share that shows only file and folders to which user has at least Read Permission

offline files

A feature of shared forders that allows users to access the contents of shared filders wen not connected to the network and is also calles "client0shide chashing"

system access control list (SACL)

A file system component that defines the settings for auditing access to an object

secutriy descriptor

A file system object's security settings, composed of the DACL,

False

A folder can be shared only with a single name and single set of share permissions. True or False?

discretionary access control list (DACL)

A list of security principals; each has permissions that define access to an object.

explicit permission

A permission assigned by adding a users account to an object's DACL

inherited permisson

A permissions that comes from an object's parent instead of being assigned explicitly

printer pooling

A printer configuration in which a single printer represents two or more print devices. Users can print to a single printer and the print server sends the job to the print device which is least busy.

printer priority

A printer configuration in which two or more printers can represent a single print device. Printers can be assigned different priorites so that jobs sent to the higher priority periner are sent to the print device first.

permissions

A property of the file system that specifies which users can access a file suystsem object (a file or folder) and what users cha ffo with the object if theyre granted access.

Work Folders

A role service thats a component of File and Storage services role and allows uses to synchronize documents between company file servers and mobile devices.

a. Write

A user needs to create files and make changes to file contents. Aside from the Read permission, what other permission should the user be granted without allowing more access than is necessary? a. Write b. Full control c. Modify d. Create

access control entry (ACE)

An entry in a discressionaty access control list (DACL); includes a security principle object and that object's assigned permissions.

a. Create two printers and assign them different priorities and permissions.

An expensive color laserjet printer is shared by a group of managers and some other employees. The managers complain that they often have to wait for their print jobs until other employees' large jobs have finished. Usually, the managers' print jobs are small and needed immediately, but other employees rarely need their print jobs in a hurry. What can you do to help solve this problem without buying additional equipment? a. Create two printers and assign them different priorities and permissions. b. Create another printer and configure a printer pool. c. Buy another printer and configure permissions so that only managers can access it. d. Make the printer available only during the hours managers are working. a. Create two printers and assign them different priorities and permissions.

security principal

An object that can be assigned permission to access the file system.

Disk quotas

An option in NTFS volumes that enables admins to limit how muc hdisk space a user can occupy with his or her files.

By sharing a folder

How can the File Server role service be auto-intallsed?

14 for folders 13 for files?

How many special permissions are their for NTFS folders? How many for files?

Five for files Six for folders

How many standard permissions are their for NTFS files? How many for folders?

a. Take ownership of the file. b. Create the file. d. Be assigned as the owner by an administrator.

In which of the following ways can a user become a file's owner? (Choose all that apply.) a. Take ownership of the file. b. Create the file. c. Belong to the File Owner special identity. d. Be assigned as the owner by an administrator.

share permissions

Permissions applied to shared folders that protect files accessed across the network; the only method for protecting files on FAT volumes.

NTFS Permissions

Permissions set on folders or files on an NTFS-formatted volume; they protect both network and intercative/local file access.

b. Delete all files. d. Create files.

The T. Smith user account has been granted the Read share permission. T. Smith is a member of the Sales group, which has been granted the Change share permission. In the shared folder's Security tab, Sales has been granted Full control, and the Users group has been granted Read permission. Which of the following can T. Smith do in the share when accessing it from the network? (Choose all that apply.) a. Change permissions on all files. b. Delete all files. c. Take ownership of all files. d. Create files.

effective access

The access a security prinipal has to a file sysytem object when taking sharing permissions, NTFS permissions and group memberships into account.

effective permissions

The combonation of permissions assigned to an account from explicit and inherited permissions; determines an account's effectve access to an object.

Network File Sysyem (NFS)

The native file-sharing protocol for UNIX/Linux OSes that is also supported by server 2012

User, group and comupter accounts

The three types of security principals which can be assigned permissions in an NTFS volume.

Read Permissions

This special permission includes full control, modify, read and execute, list folder contents, read and write. It allows users to read NTFS permissions on a file or folder.

Take ownership

This special permission includes the full control standard permission and lets users take ownership of a file or folder and gives them implicit permission to change permissions on that file or folder?

False

True or False: It is considered a best practice to give users the most permissions possible for them to complete their jobs.

False

True or False: On a network share, NTFS permissions are checked before share permissions.

True

True or False: Share permissions cannot be configured on files.

Creating or "owning" the object Having their user account added to the DACL Having a group in which they are a member added to the DACL Inheritance from a parent object in which they or their group is listed in the DACL

What are the four ways in which users can receive permissions?

Read Change Full Control

What are the three levels of share permissions?

b. net use P: \\ServPub1\Public

What command can you put in a batch file to allow users to access the Public share on the ServPub1 server, using the drive letter P? a. net share P: \\ServPub1\Public b. net use P: \\ServPub1\Public c. share \\ServPub1\Public P: d. share P: \\ServPub1\Public

Keeps the inherited permissions checked for the entries in the DACL but makes them explicit rather than inherited.

What does the "Convert existing inherited permissions to explicit" option do when disabling inheritance?

Forces a child object to inherit permissions from its partent and enables inheritance on the child object if it were disabled previously.

What does the "Replace all child object permission entries with inheritance permission entries from this object" option do?

Common Internet File System (CIFS)

What is another version or "dialect" of SMB?

Applies option set to "This folder, sub folders and files"

What is the default setting for standard permissions in regards to inheritance?

Read for Everyone identity

What is the most common, Windows assigned, default permissions for shared folders?

When the deny permission is inherited and the allow permission is added explicitly.

What is the one circumstance in which deny does NOT override the allow permission?

File and Storage Services in Server Manager

What is the preferred method for sharing files in Windows Server 2012/R2?

Disable inheritance

What must be done first in order to remove inherited permissions from a file?

LPR/LPD IPP

What other printer protocols are supported by Windows?

Read and Execute

What permission includes all of the read permissions plus: Run applications and scripts

SMB

What protocol does Windows use for network printer services?

File Server role service

What role service is required in order to share folders?

Read

What standard permissions allows: Viewing file contents, copying files, opening folders and subfolders and viewing file attributes and permissions?

Administrators Server Operators

What two groups are the only groups allowed to share folders in Windows Server 2012/R2?

Network AKA Remote Local AKA Interactive

What two modes are used for accessing files?

Standard - List folder contents Special - Delete subfolders and files

What two permissions, (one special and one standard, are for folders only?

List folder contents Read

When Read and Execute permission is granted to a DACL entry, which other two permissions are automatically checked as a result?

It inherits permissions from its new parent folder or parent volume.

When copying a file withing the same or into another NTFS volume, which permissions effect the file?

It inherits permissions from its destination folder or volume

When moving a file to a different NTFS volume, how are the permissions effected on the file?

It retains its original permissions

When moving a file within the same NTFS volume, how are permissions effected on the file?

Permissions are inherited from destiantion folder or volume

When moving files from FAT or FAT32 to NTFS, what permissions are assigned to the file?

It loses them. FAT does not support NTFS permissions.

When moving or copying from NTFS to FAT, what happens to its permissions?

Full control

When using Simple file sharing as the method to share files, what is the share permissions that are automaticly set to the Administrator and Everyone groups?

Tells if an NTFS or share permission limits access

When viewing the effective permissions tab for a security principal, what does the "Access limited by" colonm display?

d. Access-based enumeration

Which SMB share option should you enable if you don't want users to see files they don't have at least Read permission to? a. Offline files b. Hidden shares c. Branch Cache d. Access-based enumeration

b. SYSVOL

Which administrative share does Active Directory use for replication? a. NETLOGON b. SYSVOL c. Admin$ d. IPC$

Share permissions and NTFS permissions

Which are the two sets of permissions that secure access to files over the network?

d. Work Folders

Which feature of Windows file sharing should you configure if you want users to be able to access their files securely from mobile devices without having to set up a VPN or configure the firewall? a. Client-side caching b. Offline files c. Access-based enumeration d. Work Folders

ReFS

Which file system works the same way as NTFS concerning permissions?

a. SMB (Server Message Block) b. FTP (File Transfer Protocol) d. NFS (Network File System)

Which is a dile sharing protocol supported by Windows Server 2012/R2 File and Storage Services Role? (Choose all that apply) a: SMB b: FTP c: TFTP d: NFS

Shared Folders (The snapin is named the same)

Which method of sharing uses the MMC/Snap-ins to monitor, change and create shares on local and remote computers?

a. Advanced sharing c. Simple file sharing d. File and Storage Services

Which of the following can be used to create shares? (Choose all that apply.) a. Advanced sharing b. Disk Management c. Simple file sharing d. File and Storage Services

c. Write

Which of the following is not a standard NTFS permission? a. Read & execute b. Change c. Write d. List folder contents

b. An event can be generated when a user exceeds the quota limit.

Which of the following is not true about disk quotas? a. Users can be prevented from saving files on a volume. b. An event can be generated when a user exceeds the quota limit. c. Quotas can be overridden for groups. d. Quotas can be set without denying disk space to users.

b. Share permissions take precedence over NTFS permissions.

Which of the following is true about share and NTFS permissions? a. NTFS permissions are applied only to local file access. b. Share permissions take precedence over NTFS permissions. c. Share permissions are applied to network and local file access. d. NTFS permissions are applied to network access.

Modify

Which permission allows users to read, modify, delete and create files but NOT take ownership or change permissions?

List folder contents

Which permission is the same as read and execute, does not apply to files and must be set on a folder in order to allow users to open files in that folder?

Write

Which permissions allows users to create and modify files, read file attributes and permissions but does NOT allow reading or deletion of files?

Full control

Which permissions includes all of the modify permission but allows users to take ownership and change permissions?

SMB Share - Applications

Which share profile creates a share that is suitable for Hyper-V, databases and other applications?

SMB Share- Quick

Which share profile would you select if you wanted to make a standard Windows share with default settings and permissions (which can be changed later in the wizard or in the share's settings)?

SMB Share- Advanced

Which share profile would you select to create a share that has advanced options for setting things such as the folder owner, data clasification and quotas?

Simple file sharing

Which sharing method simplifies the sharing process by using easy to understand terms in a simple interface?

Delete

Which special permission includes full control and modify and allows users to delete folders and files?

Write attributes (There is a "write extended attributes" special permission as well which combines the same standard permissions and allows users to chage extended attributes in the same way)

Which special permission includes full control, modify and write and allows users to change file and folder attributes?

Create files / write data

Which special permission includes full control, modify and write? This permission allows users to create new files and modify the contents of existing ones.

Create folders/append data

Which special permission includes full control, modify and write? This permission allows users to create new folders and add data to the ends of an existing file.

Traverse folder/execute file

Which special permission includes full control, modify, read and execute and list folder contents? This permission allows a user to access files in a folder even if they wouldn't normally have access and also allows them to run program files?

Read attributes (There is a "Read extended attributes" special permission as well but I have left it out of this quizlet as the combo standard permissions are the same. Just add in the word extended and so on)

Which special permission includes full control, modify, read and execute, list folder contents and read? This permission allows users to read the attributes of a file or folder.

Delete subfolders and files

Which special permission includes the full control standard permission and lets users delete subfolders and files in a folder?

Because those permissions are inherited

Why would check marks be grayed out for permissions in the securty tab of a file or folder?

c. Enable shadow copies on the volumes where the shares are hosted.

You have been getting quite a few calls with requests to restore files from a backup because the file was accidentally deleted from a share or because the user needed a previous version of a file that was overwritten. Restoring the files has become a burden, and sometimes you need to repeat the process several times until you find the version the user needs. What can you do to give users a way to access the files they need and reduce your administrative burden? a. Adjust permissions on the shares so that users can't delete files except their own. Tell users to back up their own files to local backup media. b. Enable shadow copies for each share. c. Enable shadow copies on the volumes where the shares are hosted. d. Give each user a backup program and an external hard drive.

a. Do nothing.

You have installed a shared printer with the default permissions and want users to be able to manage their own documents in the print queue. What do you need to do? a. Do nothing. b. Assign the Everyone special identity the Manage documents permission. c. Assign the Everyone special identity the Manage printers permission. d. Add Domain Users to the Printer Operators group.

c. Put a $ character at the end of the share name.

You need to create a share containing confidential information that only a select group of people should know about. You don't want this share to appear in users' network browse lists. What can you do that involves the least administrative effort and disruption? a. Disable network discovery on all computers. b. Disable network discovery on the computers of users who you don't want to see the share. c. Put a $ character at the end of the share name. d. Put a @ character at the beginning of the share name

a. Disable permission inheritance on the subfolder, and convert existing permissions. d. Remove the group from the subfolder's DACL.

You need to prevent members of a group from accessing a subfolder of a folder the group does have access to. What's the best way to do this? (Choose two answers. Each correct answer represents part of the solution.) a. Disable permission inheritance on the subfolder, and convert existing permissions. b. Add each member of the group to the subfolder's DACL, and assign a Deny permission to each member. c. Create a new group, and add members of the existing group to this new group. Add the new group to the subfolder's DACL with a Deny permission. d. Remove the group from the subfolder's DACL.

d. Printer pooling

You're seeing heavy use on one of your shared printers, and users often have to wait in line to get their print jobs. What printing feature can you use to best alleviate the problem? a. Printer prioritization b. Change availability hours c. Change spooling options d. Printer pooling

The administrator account can take ownership of the file, grant Mary the permissions she needs in order to access the file and then give ownership back to Tom.

You're the administrator of a file server. Tom, who is on vacation, had created a file that Mary needs access to, but neither her account nor the Administrator account has permission to access the file. What is the best way to allow Mary to access the file?

permission inheritance

a method for defining how permissions are transmitted from a parent object to a child object.

object owner

usually the user account that created the obhect or a grou or user whoi has been assigned ownership of the object and who has specual authority over that object.