Comptia Security Plus Mock Test Q50

The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder?

A. Remove the staff group from the payroll folder
B. Implicit deny on the payroll folder for the staff group
C. Implicit deny on the payroll folder for the managers group
D. Remove inheritance from the payroll folder

Correct Answer: B
Section: Network Security

Explanation
Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default.

Incorrect Answers:

A: This will not work because the question states: “The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission.”

C: This will deny access for the managers group.

D: Removing inheritance from the payroll folder will also affect the manages group.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 26, 44