Which of the following actions should you consider?

You work as a network administrator at AIOTestking.com. AIOTestking.com has an Active Directory
Domain Services (AD DS) domain name AIOTestking.com. All servers in the AIOTestking.com domain
have Microsoft Windows Server 2012 R2 installed.
The computer accounts for all file servers are located in an organizational unit (OU) named
DataOU.
You are required to track user access to shared folders on the file servers.
Which of the following actions should you consider?

You work as a network administrator at AIOTestking.com. AIOTestking.com has an Active Directory
Domain Services (AD DS) domain name AIOTestking.com. All servers in the AIOTestking.com domain
have Microsoft Windows Server 2012 R2 installed.
The computer accounts for all file servers are located in an organizational unit (OU) named
DataOU.
You are required to track user access to shared folders on the file servers.
Which of the following actions should you consider?

A.
You should configure auditing of Account Logon events for the DataOU.

B.
You should configure auditing of Object Access events for the DataOU.

C.
You should configure auditing of Global Object Access Auditing events for the DataOU.

D.
You should configure auditing of Directory Service Access events for the DataOU.

E.
You should configure auditing of Privilege Use events for the DataOU.



Leave a Reply 3

Your email address will not be published. Required fields are marked *


Gareth Robson

Gareth Robson

Although you can use Object Access Events, the only topic covered by this exam relating to this is ADVANCED auditing policies. This would refer to Global Object Access Auditing.

Can anybody think of a reason it would not be Global Object Access Auditing?

Pirulo

Pirulo

@Gareth Robson:
As you say, it should be Global Object Access Auditing, as per the following link, that explains a case similar to the one proposed in the question.

Link: http://www.petri.com/configure-global-object-access-auditing-windows-server.htm

If anybody disagrees, please state it.

Dave

Dave

Answer B is correct but you have to read the question carefully to understand why.

We are trying to audit access to shares not access to files within the shares. Therefore would be enabling…
Object Access > Audit (Detailed) File Share.

IF we wanted to audit individual file access within those shares then would be enable “Audit File System”. In this case Global Object Access Auditing would target every file to be audited on those file servers.