Difficulty: Easy
Correct Answer: Make Nate a member of the Security group
Explanation:
Introduction / Context:
Effective access in Windows/IIS depends on group memberships and the resulting NTFS/IIS permissions. Here, Full Control is granted to the Security group on the Sales virtual directory. Nate, an Intern, needs update rights. The cleanest approach is to adjust group membership so that Nate inherits the required permissions without broadening access for all interns or exposing content anonymously.
Given Data / Assumptions:
Concept / Approach:
Group-based authorization is preferred over per-user ACE sprawl. Adding Nate to the Security group grants him the same Full Control that Administration has, satisfying the update requirement. Enabling anonymous access would bypass authentication/authorization and is insecure. Removing Nate from Interns does not grant rights by itself. Adjusting only Nate’s membership avoids changing other Interns’ privileges.
Step-by-Step Solution:
Verification / Alternative check:
A targeted per-user ACE on Sales could work but contradicts least-administration principles. The group-membership approach scales better and maintains consistent permissions.
Why Other Options Are Wrong:
Anonymous access (site or directory): Grants access to everyone, not just Nate, and typically removes auditing of identities.
Remove Nate from Interns: Does not provide access unless he joins a group with rights.
None: A clear, minimal-change fix exists.
Common Pitfalls:
Granting NTFS write directly to the user rather than using groups; forgetting token refresh after membership changes.
Final Answer:
Make Nate a member of the Security group
Discussion & Comments