Chapter 5 Review MCSA Guide to Installing and Configuring Microsoft Windows Server 2012/R2

18. A folder can be shared only with a single name and single set of share permissions. True or False?

18. False

Volume Shadow Copy Service (VSS)

A Windows service that enables shadow copies and allows copying files that are open, essentially taking a snapshot of the data, which allows making backups of files and applications without taking them offline. See also shadow copies.

system access control list (SACL)

A file system component that defines the settings for auditing access to an object.

security descriptor

A file system object's security settings, composed of the DACL, owner, and SACL. See also discretionary access control list (DACL) and system access control list (SACL).

explicit permission

A permission assigned by adding a user's account to an object's DACL.

access control entry (ACE)

An entry in a discretionary access control list (DACL); includes a security principal object and the object's assigned permissions. See also discretionary access control list (DACL).

13. You're the administrator of a file server. Tom, who is on vacation, had created a file that Mary needs access to, but neither her account nor the Administrator account has permission to access the file. What is the best way to allow Mary to access the file?

As Administrator, take ownership of the file, grant Mary the permission she needs, and then give ownership back to Tom.

administrative shares

Hidden shares created by Windows that are available only to members of the Administrators group; they include the root of each volume, the \Windows folder, and IPC$. Hidden shares' names end with a dollar sign.

share permissions

Permissions applied to shared folders that protect files accessed across the network; the only method for protecting files on FAT volumes.

NTFS permissions

Permissions set on folders or files on an NTFS-formatted volume; they protect both network and interactive/local file access.

effective access

The access a security principal has to a file system object when taking sharing permissions, NTFS permissions, and group memberships into account. See also security principal.

Network File System (NFS)

The native file-sharing protocol in UNIX and Linux OSs; also supported by Windows Server 2012.

object owner

Usually the user account that created the object or a group or user who has been assigned ownership of the object. An object owner has special authority over that object.

14. Which of the following can be used to create shares? (Choose all that apply.) a. Advanced sharing b. Disk Management c. Simple file sharing d. File and Storage Services

a. Advanced sharing c. Simple file sharing d. File and Storage Services

7. An expensive color laserjet printer is shared by a group of managers and some other employees. The managers complain that they often have to wait for their print jobs until other employees' large jobs have finished. Usually, the managers' print jobs are small and needed immediately, but other employees rarely need their print jobs in a hurry. What can you do to help solve this problem without buying additional equipment? a. Create two printers and assign them different priorities and permissions. b. Create another printer and configure a printer pool. c. Buy another printer and configure permissions so that only managers can access it. d. Make the printer available only during the hours managers are working.

a. Create two printers and assign them different priorities and permissions.

15. You need to prevent members of a group from accessing a subfolder of a folder the group does have access to. What's the best way to do this? (Choose two answers. Each correct answer represents part of the solution.) a. Disable permission inheritance on the subfolder, and convert existing permissions. b. Add each member of the group to the subfolder's DACL, and assign a Deny permission to each member. c. Create a new group, and add members of the existing group to this new group. Add the new group to the subfolder's DACL with a Deny permission. d. Remove the group from the subfolder's DACL.

a. Disable permission inheritance on the subfolder, and convert existing permissions. d. Remove the group from the subfolder's DACL.

4. Which SMB share option should you enable if you don't want users to see files they don't have at least Read permission to? a. Offline files b. Hidden shares c. Branch Cache d. Access-based enumeration

d. Access-based enumeration

10. Which of the following is true about share and NTFS permissions? a. NTFS permissions are applied only to local file access. b. Share permissions take precedence over NTFS permissions. c. Share permissions are applied to network and local file access. d. NTFS permissions are applied to network access.

d. NTFS permissions are applied to network access.

6. Which feature of Windows file sharing should you configure if you want users to be able to access their files securely from mobile devices without having to set up a VPN or configure the firewall? a. Client-side caching b. Offline files c. Access-based enumeration d. Work Folders

d. Work Folders

Server Message Block (SMB)

A client/server Applicationlayer protocol that provides network file sharing, network printing, and authentication.

Branch Office Direct Printing

A feature available with the Print and Document Services role that allows clients to print directly to a network-attached printer without the job having to go through the print server.

access-based enumeration (ABE)

A feature of a file share that shows only file and folders to which a user has at least Read permission.

offline files

A feature of shared folders that allows users to access the contents of shared folders when not connected to the network; also called "client-side caching."

shadow copies

A feature of the Windows file system that allows users to access previous versions of files in shared folders and restore files that have been deleted or corrupted.

discretionary access control list (DACL)

A list of security principals; each has permissions that define access to an object. See also security principal.

permission inheritance

A method for defining how permissions are transmitted from a parent object to a child object.

inherited permission

A permission that comes from an object's parent instead of being assigned explicitly. See also explicit permission.

printer pooling

A printer configuration in which a single printer represents two or more print devices. Users can print to a single printer, and the print server sends the job to the print device that's least busy.

printer priority

A printer configuration in which two or more printers can represent a single print device. Printers can be assigned different priorities so that jobs sent to the higher priority printer are sent to the print device first.

permissions

A property of the file system that specifies which users can access a file system object (a file or folder) and what users can do with the object if they're granted access.

Work Folders

A role service that's a component of the File and Storage Services role; allows users to synchronize documents between company file servers and mobile devices.

security principal

An object that can be assigned permission to access the file system; includes user, group, and computer accounts.

disk quotas

An option on NTFS volumes that enables administrators to limit how much disk space a user can occupy with his or her files.

effective permissions

The combination of permissions assigned to an account from explicit and inherited permissions; determines an account's effective access to an object. See also effective access.

12. The Tsmith user account has been granted the Read share permission. Tsmith is a member of the Sales group, which has been granted the Change share permission. In the shared folder's Security tab, Sales has been granted Full control, and the Users group has been granted Read permission. Which of the following can Tsmith do in the share when accessing it from the network? (Choose all that apply.) a. Change permissions on all files. b. Delete all files. c. Take ownership of all files. d. Create files.

a. Change permissions on all files. b. Delete all files. d. Create files.

20. You have installed a shared printer with the default permissions and want users to be able to manage their own documents in the print queue. What do you need to do? a. Do nothing. b. Assign the Everyone special identity the Manage documents permission. c. Assign the Everyone special identity the Manage printers permission. d. Add Domain Users to the Printer Operators group.

a. Do nothing.

1. Which of the following is a file-sharing protocol supported by Windows Server 2012/R2 File and Storage Services role? (Choose all that apply.) a. SMB b. FTP c. TFTP d. NFS

a. SMB d. NFS

3. In which of the following ways can a user become a file's owner? (Choose all that apply.) a. Take ownership of the file. b. Create the file. c. Belong to the File Owner special identity. d. Be assigned as the owner by an administrator.

a. Take ownership of the file. b. Create the file. c. Belong to the File Owner special identity.

11. A user needs to create files and make changes to file contents. Aside from the Read permission, what other permission should the user be granted without allowing more access than is necessary? a. Write b. Full control c. Modify d. Create

a. Write

2. Which of the following is not a standard NTFS permission? a. Read & execute b. Change c. Write d. List folder contents

b. Change

5. Which administrative share does Active Directory use for replication? a. NETLOGON b. SYSVOL c. Admin$ d. IPC$

b. SYSVOL

17. What command can you put in a batch file to allow users to access the Public share on the ServPub1 server, using the drive letter P? a. net share P: \\ServPub1\Public b. net use P: \\ServPub1\Public c. share \\ServPub1\Public P: d. share P: \\ServPub1\Public

b. net use P: \\ServPub1\Public

9. You have been getting quite a few calls with requests to restore files from a backup because the file was accidentally deleted from a share or because the user needed a previous version of a file that was overwritten. Restoring the files has become a burden, and sometimes you need to repeat the process several times until you find the version the user needs. What can you do to give users a way to access the files they need and reduce your administrative burden? a. Adjust permissions on the shares so that users can't delete files except their own. Tell users to back up their own files to local backup media. b. Enable shadow copies for each share. c. Enable shadow copies on the volumes where the shares are hosted. d. Give each user a backup program and an external hard drive.

c. Enable shadow copies on the volumes where the shares are hosted.

16. You need to create a share containing confidential information that only a select group of people should know about. You don't want this share to appear in users' network browse lists. What can you do that involves the least administrative effort and disruption? a. Disable network discovery on all computers. b. Disable network discovery on the computers of users who you don't want to see the share. c. Put a $ character at the end of the share name. d. Put a @ character at the beginning of the share name.

c. Put a $ character at the end of the share name.

8. Which of the following is not true about disk quotas? a. Users can be prevented from saving files on a volume. b. An event can be generated when a user exceeds the quota limit. c. Quotas can be overridden for groups. d. Quotas can be set without denying disk space to users.

c. Quotas can be overridden for groups.

19. You're seeing heavy use on one of your shared printers, and users often have to wait in line to get their print jobs. What printing feature can you use to best alleviate the problem? a. Printer prioritization b. Change availability hours c. Change spooling options d. Printer pooling

d. Printer pooling