Information Technology Reference
In-Depth Information
Objective summary
Implement advanced audit policies in Group Policy to enable fine-grained control of
auditing.
Use the Force Audit Policy Subcategory Settings (Windows Vista Or Later) To Override
Audit Policy Category Settings policy to enforce advanced audit policies.
For even more specific auditing of file system and registry events, use expression-
based audit policies based on DAC Global Object Access Auditing.
Use GPOs to audit removable device access or attempts. You can audit the success or
failure (or both) of attempts to use removable devices.
Enabling Failure auditing of removable devices also requires enabling the Audit Handle
Manipulation For Failure Events policy.
Objective review
You monitor changes to distribution groups and you don't want to get events from
other account management events because it would tend to hide the specific events
you're looking for in the high noise levels. What policy do you need to set and what
setting should it have?
A. Set the Computer Configuration\Policies\Security Settings\Local Policies\Audit
Policy\Audit Account Management policy to Enabled, Audit Success.
B. Set the Computer Configuration\Policies\Security Settings\Local Policies\Audit
Policy\Audit Account Management policy to Enabled, Audit Failure.
C. Set the Computer Configuration\Policies\Security Settings\Advanced Audit Policy
Configuration\Audit Policies\Account Management\Audit Distribution Group
Management policy to Enabled, Audit Success.
D. Computer Configuration\Policies\Security Settings\Local Policies\Audit Policy\
Audit Account Management policy to Enabled, Audit Failure.
1.
2. What Group Policy setting do you need to enable in order to enable auditing of logoff
events?
A. Computer Configuration\Policies\Windows Settings\Security Settings\Advanced
Audit Policies\Audit Logoff
B. Computer Configuration\Policies\Windows Settings\Security Settings\Local
Policies\Audit Logon Events
C. User Configuration\Policies\Windows Settings\Security Settings\Advanced Audit
Policies\Audit Logon
D. User Configuration\Policies\Windows Settings\Security Settings\\Local Policies\
Audit Logoff Events
 
 
Previous Page
Next Page
Administering Windows Server 2012 R2
Search WWH ::




Custom Search
Home