Which two auditing policies should you configure?

HOTSPOT
Your network contains 25 Web servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:
Generate an event each time a new process is created.
Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure?
To answer, select the appropriate two auditing policies in the answer area.
Hot Area:

HOTSPOT
Your network contains 25 Web servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:
Generate an event each time a new process is created.
Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure?
To answer, select the appropriate two auditing policies in the answer area.
Hot Area:

Answer:

Explanation:
* Audit object access
Determines whether to audit the event of a user accessing an object (for example, file, folder, registry key,
printer, and so forth) which has its own system access control list (SACL) specified.
* Audit process tracking
This security setting determines whether to audit detailed tracking information for events such as program
activation, process exit, handle duplication, and indirect object access.
https://technet.microsoft.com/en-us/library/cc976403.aspx
https://technet.microsoft.com/sv-se/library/Cc775520(v=WS.10).aspx

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *