Analysis. Answer option E is correct.
David should follow the following sequence in the authorization section:
Deny access to User1 and User2.
Deny access to anonymous users.
Grant access to all other users.
The Web.config file includes settings specific to an application. The <deny>
directive is used to deny access to a resource. The users attribute of the <deny>
directive specifies the user names that are denied access to a resource. Setting
this attribute to "?" denies anonymous users access to the application.
The <allow> directive is used to allow access to a resource. The users
attribute of the <allow> directive specifies the user names that are allowed
access to a resource. Setting this attribute to "*" allows all users
to access the application.
Answer option C is incorrect. Only User1 and User2 will be denied access to
the application because the <allow users==''*''> element precedes the
<deny users=="?"> element.
Answer options D and B are incorrect. Everyone will be allowed access to the application because the <allow users=="*"> element precedes all other elements.
Answer option A is incorrect. User1, User2, and anonymous users should be denied access to the application.