Which two settings should you configure?

Your network contains an Active Directory domain named adatum.com. You need to audit changes to the files
in the SYSVOL shares on all of the domain controllers. The solution must minimize the amount of SYSVOL
replication traffic caused by the audit. Which two settings should you configure? (Each correct answerpresents
part of the solution. Choose two.)

Your network contains an Active Directory domain named adatum.com. You need to audit changes to the files
in the SYSVOL shares on all of the domain controllers. The solution must minimize the amount of SYSVOL
replication traffic caused by the audit. Which two settings should you configure? (Each correct answerpresents
part of the solution. Choose two.)

A.
Audit Policy\Audit system events

B.
Advanced Audit Policy Configuration\DS Access

C.
Advanced Audit Policy Configuration\Global ObjectAccess Auditing

D.
Audit Policy\Audit object access

E.
Audit Policy\Audit directory service access

F.
Advanced Audit Policy Configuration\Object Access



Leave a Reply to sysadmin Cancel reply8

Your email address will not be published. Required fields are marked *

fourteen + 6 =


examtaker

examtaker

is there anyone that has passed the exam already and have had this question with D&F or B%F?

Josef

Josef

Normally SysAdmin is right and when you check out the links you will see he is kinda right. 🙂

“Basic audit policy is !not compatible! with advanced audit policy settings that are applied by using Group Policy in Windows Server 2008 R2 and Windows 7.” – The answer D&F is not possible.

When you read the whole link you will see it should be Advanced Auditing 🙂

OSA

OSA

Answer B is not relevant, as question is not on AD object access.
The key point is “The solution must minimize the amount of SYSVOL
replication traffic caused by the audit”. Setting SACLs on Sysvol\Domain folder and subfolders and files is not an option, as it touches all files and folders and causes replication traffic. This makes answer C more relevant.

Answer is C,F.

https://social.technet.microsoft.com/Forums/exchange/en-US/6cfbd7c1-56ad-4fe8-9677-a25f2b74b13b/global-object-access-auditing-test-question?forum=winserver8gen

Paul

Paul

I tend to agree that the correct answers are C & F. To me the key to this question is:

“You need to audit changes to the files in the SYSVOL shares on all of the domain controllers.”

So they are asking specifically about the shares found in SYSVOL, which is something completely separate from DS information.

For file system auditing, I found this:

https://technet.microsoft.com/en-us/library/dd772726(v=ws.10).aspx

mslover

mslover

Correct, and there is a big clue in the question! Why would you need to select two auditing categories for a file audit?

The only reason can be to enable Global Object Access (to tag file SACLs in memory and avoid replication by modifying the file SACL on disk) AND Advanced Object Access for the file system audit.

JeanMalot

JeanMalot

I think we all agree that F will audit changes to SYSVOL shares, so F is one half of the answer. The other half should satisfy the other requirement: “minimize the amount of SYSVOL replication traffic caused by the audit.” None of the proposed answers seems to apply.