Zacker book, Chapter 4

On to chapter 4, did meet my established quota but ran into some thing unknown to me, I heard a robot once call it fatigued. Hopefully
that wont happen today but you never know. Maybe I can finish up the last two that I had planned to get out yesterday, today. Yeserday
possibly would have been better for me. Not sure why I feel that way.

Please read the header for this post
regarding the answer key situation for these chapters.

1. Which of the following is the best description of a security principle?

A. A person granting the permissions to network users.

B. The network resource receiving permissions.

C. A collection of individual special permissions.

D. An AD object that gets assigned permissions.

Answer: D, this one didnt have an answer and I thought the wording was poor but the general idea is the user thats being granted
the permissions per the book so I changed the wording of D around to better express this though. So not only does this book not have the answers
but im having to edit it too!!! OMG, what a turd haha

2. Which of the following statements about effective access is not true?

A. Inherited permissions take precedence over explicit permissions.

B. Deny permissions always override Allow permissions.

C. When a security principal receives Allow permissions from multiple groups the
permissions are combined to form the effective access permissions.

D. Effective access includes both permissions inherited from parents and permissions
derived from group membership.

Answer: A, To quote another source “When a
security principal receives permissions by inheriting them from a parent or from group
memberships, you can override those permissions by explicitly assigning contradicting
permissions to the security principal itself.”

3. Which of the following statements is not true in reference to resource ownership?

A. One of the purposes for file and folder ownership is to calculate disk quotas.

B. Every file and folder on an NTFS drive(r?) has an owner

C. It is possible for any user possessing the Take Ownership special permission to assume the ownership of a file
or folder.

D. It is possible to lock out a file or folder by assigning a combination of permissions that permits access to no one
at all, including the owner of the file or folder.

Answer: B, every folder does not have to be assigned an owner. This two has no answer but im like 80% sure this is what
the chapter is indicating. If its wrong please hit my inbox.

4. Which of the following statements about permissions is true?

A. ACLs (access control lists) are composed of ACEs (access control entries)

B. Basic permissions are composed of advanced permissions

C. All permissions are stored as part of the protected resource.

D. All of the above.

Answer: A & B are verifiably true and C is questionable & and hard to verify. The term “protected resource” is hard to
verify in this context.

5. What is the maximum number of shadow copies that a Windows Server 2012 system can maintain for each volume?

A. 8

B. 16

C. 64

D. 128

Answer: C for more information see the TechNet article on Shadow Copies

6. Which of the following terms describes the process of granting users access to file server shares by reading their permissions?

A. Authentication

B. Authorization

C. Enumeration

D. Assignment

Answer: D, not much to say with this one.

7. Which of the following are tasks that you can perform using the quotas in the FSRM but you cant perform with NTFS quotas?

A. Send an email notification to an administrator when users exceed their limits.

B. Specify different storage limits for each user.

C. Prevent users from consuming any storage space on a volume beyond their allowed limit.

D. Generate warnings to users when they approach their allotted storage limit.

Answer: A, NTFS quotas do not allow you to send an email for auditing.

8. In the NTFS permissions system, combinations of advanced permissions are also known as _________ permissions.

A. Special

B. Basic

C. Share

D. Standard

Answer: B, this is not cross-reference-able however it is in the text. I also found this website to be a helpful source of

3 thoughts on “Zacker book, Chapter 4

Add yours

  1. Number 1 is actually B. A security principal is a user, group or computer that is granted permissions.


  2. After initial excitement I kind of think the term “network resource” is confusing in that it doesn’t indicate that specific definition to me but maybe it should?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Website Powered by

Up ↑

%d bloggers like this: