nerdexam
Exams70-339Questions#158
Microsoft

70-339 · Question #158

70-339 Question #158: Real Exam Question with Answer & Explanation

The correct answer is D: Add the designated divisional user account for each divisional site and grant each user the Design. To allow each division lead to manage only their own SharePoint site with minimal effort, grant Design permissions directly on their specific divisional site rather than using broad group membership.

Question

You are the SharePoint administrator for a company. You plan to deploy the SharePoint sites that will be accessible from the company portal. You create the following sites: A user named User1 will manage the sites. You must prevent all users except for User1 from creating sites and subsites. User1 must be able to delegate management of List permissions to other users. You designate a user in each division as a lead for that division's site. You need to allow the designated lead in a division to manage their division's site while minimizing administrative effort. What should you do?

Exhibit

70-339 question #158 exhibit

Options

  • AFor each site, addthe designated divisional user account to the Team Owners group for that
  • BAdd all divisional user accounts to the portal site's Team Owners group.
  • CCreate a new SharePoint group on the Portal site namedSP Division Managers. Grant theDesign
  • DAdd the designated divisional user account for each divisional site and grant each user the Design
  • EAdd all the designated divisional useraccount to the portal site and grant each user the Design

Explanation

To allow each division lead to manage only their own SharePoint site with minimal effort, grant Design permissions directly on their specific divisional site rather than using broad group membership.

Common mistakes.

  • A. Adding divisional users to a Team Owners group grants Full Control over that site, which exceeds the minimum permissions required and violates least-privilege principles.
  • B. Adding all divisional users to the portal site's Team Owners group grants Full Control over the entire portal, giving each lead access far beyond their own division's site.
  • C. Creating a new group at the portal site level and assigning Design permission there grants all divisional leads access across every site on the portal, not just their individual division's site.
  • E. Granting Design permissions at the portal site level to all designated users provides access to all sites rather than restricting each lead to only their own division's site.

Concept tested. SharePoint site-level Design permission delegation per site

Reference. https://learn.microsoft.com/en-us/sharepoint/understanding-permission-levels

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 70-339 Practice