CompTIA
SY0-301 · Question #203
SY0-301 Question #203: Real Exam Question with Answer & Explanation
The correct answer is D: Group based privileges. Group-based privileges allow administrators to assign permissions to a department group once, and all members inherit those restrictions automatically.
Question
A system administrator needs to ensure that certain departments have more restrictive controls to their shared folders than other departments. Which of the following security controls would be implemented to restrict those departments?
Options
- AUser assigned privileges
- BPassword disablement
- CMultiple account creation
- DGroup based privileges
Explanation
Group-based privileges allow administrators to assign permissions to a department group once, and all members inherit those restrictions automatically.
Common mistakes.
- A. User-assigned privileges require configuring each individual account separately, which is not scalable and does not efficiently enforce department-wide restrictions.
- B. Password disablement locks accounts and removes access entirely rather than restricting folder permissions to specific departments.
- C. Creating multiple accounts does not address access control restrictions and introduces identity management complexity.
Concept tested. Group-based access control for department folder permissions
Reference. https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups
Community Discussion
No community discussion yet for this question.