CompTIA Security+ (SY0-401) — Question 26

The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder?

Answer options

• A. Remove the staff group from the payroll folder
• B. Implicit deny on the payroll folder for the staff group
• C. Implicit deny on the payroll folder for the managers group
• D. Remove inheritance from the payroll folder

Correct answer: B

Explanation

The correct answer is B, as applying an implicit deny specifically prevents the staff group from accessing the payroll folder without altering permissions for other folders. Option A would require additional steps and does not guarantee the staff group won't have access if permissions are inherited later. Option C incorrectly targets the managers group, which should retain access, and option D would complicate permission management unnecessarily.