nerdexam
Exams220-1002Questions#671
CompTIA

220-1002 · Question #671

220-1002 Question #671: Real Exam Question with Answer & Explanation

The correct answer is A: Create a new local user for peer-to-peer share access.. Creating a dedicated local user account for file share access applies least privilege, isolating the share from the primary Microsoft account and giving administrators granular control.

Question

A user is attempting to create a fileshare on a 10 in a small peer-to-peer environment. The user is logged in with a Microsoft account. Which of the following would be the MOST secure way to allow other users to access the share?

Options

  • ACreate a new local user for peer-to-peer share access.
  • BProvide other users with the Microsoft account information.
  • CSet the share permissions to Everyone/Full Control.
  • DEnable the local guest account access.

Explanation

Creating a dedicated local user account for file share access applies least privilege, isolating the share from the primary Microsoft account and giving administrators granular control.

Common mistakes.

  • B. Sharing Microsoft account credentials gives other users full access to all Microsoft-linked services - including email, OneDrive, and purchases - creating an unacceptable security and privacy risk.
  • C. Setting share permissions to Everyone/Full Control grants unrestricted, unauthenticated access to all users on the network, directly violating the principle of least privilege.
  • D. Enabling the guest account allows network access with no password by default, providing no authentication control and creating an exploitable security gap.

Concept tested. Least privilege file sharing using dedicated local accounts

Reference. https://learn.microsoft.com/en-us/windows/security/identity-protection/access-control/local-accounts

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 220-1002 Practice