Explain the NTFS permissions model and the difference between DACL and SACL.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the TestOut Labs Test. Interactive quizzes and flashcards with insights and tips for a comprehensive review. Ace your exam!

Multiple Choice

Explain the NTFS permissions model and the difference between DACL and SACL.

Explanation:
NTFS permissions revolve around two control lists attached to every file or folder. The DACL, or Discretionary Access Control List, defines who is allowed or denied access and what they can do with the object. Each entry specifies a user or group and the rights granted or denied (such as read, write, modify, or full control). The system evaluates a user’s identity and group memberships against this list, applying deny entries first and then allow entries, with the owner or an administrator able to modify the DACL at will. That flexibility is why it’s called discretionary. The SACL, or System Access Control List, handles auditing. It lists which access attempts should be recorded in the security audit log and whether successes, failures, or both should be logged. Importantly, the SACL does not change whether access is granted or denied; it only determines what events are remembered for monitoring and forensic purposes. So the key difference is that the DACL controls access decisions—who can do what with the object—while the SACL controls auditing of those access attempts. The other statements mix up these roles or introduce unrelated concepts like encryption or static behavior, which do not describe what DACLs or SACLs do.

NTFS permissions revolve around two control lists attached to every file or folder. The DACL, or Discretionary Access Control List, defines who is allowed or denied access and what they can do with the object. Each entry specifies a user or group and the rights granted or denied (such as read, write, modify, or full control). The system evaluates a user’s identity and group memberships against this list, applying deny entries first and then allow entries, with the owner or an administrator able to modify the DACL at will. That flexibility is why it’s called discretionary.

The SACL, or System Access Control List, handles auditing. It lists which access attempts should be recorded in the security audit log and whether successes, failures, or both should be logged. Importantly, the SACL does not change whether access is granted or denied; it only determines what events are remembered for monitoring and forensic purposes.

So the key difference is that the DACL controls access decisions—who can do what with the object—while the SACL controls auditing of those access attempts. The other statements mix up these roles or introduce unrelated concepts like encryption or static behavior, which do not describe what DACLs or SACLs do.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy