Your network contains an Active Directory domain named contoso.com. The domain contains a domain-based Distributed File System (DFS) namespace named Namespace1 that has access-based enumeration enabled. Namespace1 has a folder named folder1. Folder1 has a target of \Server1Folder1.
The Permission for folder1 are configured as shown in the following table.
Access-based enumeration is disabled for the share of Folder1.
You need to ensure that both User1 and User2 can see Folder1 when they access \Contoso.comNameSpace1.
What should you do?
A. Enable access-based enumeration for Folder1.
B. Disable access-based enumeration for Namespace1.
C. Assign User1 the read NTFS permission to Folder1
D. Deny User1 the read DFS permission to Folder1.
C
the answer should be C. Assign User1 the read NTFS permission to Folder1
By default the DFS namespace system inherits permission from NTFS Permissions to determine if a user could see a published folder or not.
Coleman is right: https://docs.microsoft.com/en-us/windows-server/storage/dfs-namespaces/using-inherited-permissions-with-access-based-enumeration
answer is C
If you grant permission only to User1, and keep the namespace, with access-based enumeration enabled, User2 will not be able to view the file, because it does not have DFS permission.
I did the practical laboratory, and I came to this conclusion.
Access-based enumeration is disabled for the share of Folder1.