ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-100 All Questions

View all questions & answers for the MD-100 exam
Go to Exam

Exam MD-100 topic 3 question 9 discussion

Actual exam question from Microsoft's MD-100
Question #: 9
Topic #: 3
[All MD-100 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A user named User1 has a computer named Computer1 that runs Windows 10. Computer1 is joined to an Azure Active Directory (Azure AD) tenant named contoso.com. User1 joins Computer1 to contoso.com by using [email protected].
Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1. Share1 has the permission shown in the following table.

A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected].
User2 attempts to access Share1 and receives the following error message: `The username or password is incorrect.`
You need to ensure that User2 can connect to Share1.
Solution: In Azure AD, you create a group named Group1 that contains User1 and User2. You grant Group1 Modify access to Folder1.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Anthony_2770 at Oct. 19, 2020, 10:54 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Anthony_2770
Highly Voted 4 years, 6 months ago
You need both security permissions (NTFS permissions) AND share permissions to view the contents of a shared folder. Change access is not a NTFS Permission. IT is a share permission. When the AZ AD syncs back to on premises AD the change access will not be implemented. Q21 identifies the solution by implementing the modify access which is a NTFS permission. Hence the answer is Yes
upvoted 20 times
abs89
4 years ago
Anthony, i always appreciate your analysis on the questions here, and you are 9/10 times right. But let's stand still for a moment for this question: there is nothing stated in the question about any on-premise AD, therefore you have to assume that this environment is simulated in an Azure (only) AD. In that case, assigning modify permissions for Folder1 to Group1, makes that the NTFS part is in place now to access Share1. Agree?
upvoted 1 times
jcgm1990
2 years, 10 months ago
The answer is clearly no..
upvoted 1 times
...
...
jcgm1990
2 years, 10 months ago
This answer couldn't be more incorrect, please stop spreading misinformation, correct answer is B
upvoted 2 times
...
Duyons
4 years, 4 months ago
Just to amend your brilliant explanation. Azure AD synchronization has its limitation and it's one-way, from AD to Azure AD/Office365. There are only few attributes that can be written back, and that's mostly for Hybrid configurations, and passwords if you have the corresponding feature (and licenses) enabled. There is no built-in functionality that syncs users or permisions from Azure AD to on-premises AD.
upvoted 9 times
mikl
3 years, 5 months ago
Yes or no?
upvoted 2 times
Vileita
3 years, 5 months ago
No. You can not edit share permissions through Azure AD.
upvoted 3 times
mikl
3 years, 4 months ago
Thank you. :)
upvoted 2 times
...
...
...
...
neillg
3 years, 11 months ago
I really don't see where you guys are getting these ideas about AAD Connect - there's nothing in this question to indicate a hybrid environment. I think this answer is No, I cannot see how you can add an Azure AD group to folder permissions - you can add a user, but am I wrong that you can't add a group?
upvoted 6 times
...
Load full discussion...
...
eufdf12342
Highly Voted 4 years, 2 months ago
The answer is no! You can´t add a group from azure AD on a joined machine, there´s no way to search on the directory like in an on-premise cenario
upvoted 10 times
Solaris2002
4 years ago
This question confuses me how is Computer2 communicating with Azure AD? It is only joined to the on-prem AD and there is nothing indicating this environment is synced to Azure AD
upvoted 1 times
...
...
Eagrob_11
Most Recent 3 months, 1 week ago
Selected Answer: B
No, this solution does not meet the goal. The error message "The username or password is incorrect" indicates an authentication issue rather than a permissions issue. Creating a group and assigning permissions will not resolve the authentication problem. To ensure that User2 can connect to Share1, you should verify the following: Correct Credentials: Ensure that User2 is using the correct username and password to access Share1. Network Connectivity: Confirm that Computer2 can reach Computer1 over the network. Azure AD Join Status: Verify that both computers are properly joined to the Azure AD tenant and that User2's account is correctly synchronized.
upvoted 1 times
...
Larry23
2 years, 2 months ago
Selected Answer: A
This seems more like an Azure question to me. But I think answer A is correct based on the article posted below. Using RBAC you can control NTFS permissions on a file. In my opinion this seems a little advanced for this exam, but it does appear to be doable. Also just an observation, usually the series of questions do have a correct answer from my experience. I rarely see them all be no. https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-configure-permissions
upvoted 1 times
...
flabezerra
2 years, 7 months ago
Selected Answer: A
YES “You grant Group1 Modify access to Folder1” claim is an abstract claim that grants NTFS access to Group1 (created within Azure AD). The question is right because it explains that there is NTFS permission (Modify) granted to the group. Note the difference carefully: *You grant Group1 Change access to Share1 - Grants Change via Share to Group1. *You grant Group1 Modify access to Share1 - Grants Modify via NTFS for Group1.
upvoted 1 times
flabezerra
2 years, 7 months ago
This question must be related to the subject Azure File Share and it is implicit.
upvoted 1 times
...
...
Barrybobslee
2 years, 8 months ago
Selected Answer: B
Answer is NO, AzureAD groups cannot be added to a local system as NTFS permissions.
upvoted 1 times
...
Yosukie
2 years, 9 months ago
User1,2 are joined to domain and they are in Group 1 which have Modify(NTFS) access to the folder1(share1). Seems YES is the anser. Azure AD sync direction (on-prem <> cloud) doesn't matter, does it?
upvoted 1 times
...
Kock
2 years, 9 months ago
If that one's right, that must be right, too. Therefore, allergen B is correct. Solution: In Azure AD, you create a group called Group1 that contains User1 and User2. You grant Group1 Change access to Share1.
upvoted 1 times
...
jcgm1990
2 years, 10 months ago
Selected Answer: B
Correct answer is B
upvoted 1 times
...
jcgm1990
2 years, 10 months ago
Selected Answer: B
Can moderators please amend this? answer is clearly B
upvoted 1 times
...
Whatsamattr81
2 years, 10 months ago
Selected Answer: B
Clearly NO.
upvoted 1 times
...
Tommo
3 years, 1 month ago
Selected Answer: B
B is correct here.
upvoted 1 times
...
Gresch123123
3 years, 2 months ago
Selected Answer: B
Voting No; You need to ensure that User2 can connect to Share1. Solution: In Azure AD, you create a group named Group1 that contains User1 and User2. You grant Group1 Modify access to Folder1 It didn't say we gave Group 1 access to the share, we have only granted modify for that group to folder 1 itself NTFS.... so how would they be able to access the share?
upvoted 1 times
Gresch123123
3 years, 2 months ago
Looking too much into this, forgot about the "everyone\full control" on the share ... not certain a or b still :(
upvoted 1 times
...
...
williamzwwu
3 years, 2 months ago
Selected Answer: B
Refer to below link, we are not able to grant NTFS permission for Azure AD(not the hybrid environment). https://docs.microsoft.com/en-us/answers/questions/43147/using-azure-ad-account-to-give-ntfs-level-permissi.html
upvoted 1 times
...
RodrigoT
3 years, 2 months ago
Oh c'mon! This is the SAME question #7 from the previous page where the answer were NO, because "Azure AD cannot be used to control Share permissions on on-premisses computer folders". The only diference was the type of permission from "change" to "Modify".
upvoted 1 times
RodrigoT
3 years, 2 months ago
Reading the 2 questions with more attention I found the difference: In the question 7 from the previous page it says: "You grant Group1 Change access to Share1" and Azure cannot do that. But in this question it says: "You grant Group1 Modify access to Folder1". Meaning you locally change the permissions. Then the answer is YES. My bad, sorry guys.
upvoted 2 times
Henry78
2 years, 8 months ago
When you go to the security tab (ntfs) of folder1 and try to edit and add Group1 (azureAD group) it won't show up !
upvoted 1 times
...
...
...
Goofer
3 years, 6 months ago
Acces to On-premises (AD) resources is only working when Windows Hello for Business is implemented with Key Trust Method: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust Default you cannot access on-premises resources with an Azure-AD account.
upvoted 1 times
...
CARIOCA
3 years, 7 months ago
Is the final answer correct or is it No?
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago