Which two auditing policies should you configure?

HOTSPOT
Your network contains 25 Web servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:
Generate an event each time a new process is created.
Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure?
To answer, select the appropriate two auditing policies in the answer area.

HOTSPOT
Your network contains 25 Web servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:
Generate an event each time a new process is created.
Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure?
To answer, select the appropriate two auditing policies in the answer area.

Answer:

Explanation:

Show Hint

Leave a Reply 6

Your email address will not be published. Required fields are marked *

Pirulo

Pirulo

Detailed Trackingmonitor the activities of individual applications, to understand how a computer is being used, and the activities of users on that computer. This category includes the following subcategories:
Audit DPAPI Activity

Audit Process Creation

Audit Process Termination

Audit RPC Events

Object Accessa user accessing an object–for example, a file, folder, registry key, printer, and so forth–that has its own system access control list (SACL) specified.

Meaning that afterwards, you will have to configure the SACL of the file.

Reply

Massimo

Massimo

“Generate an event each time a user attempts to access a file share.”

Wouldn’t Logon/Logoff – Audit Logon be best suited for the task? Quoting from the explanation in the gpedit snapin;

“For a network logon, such as accessing a shared folder on the network, the [logon] security audit event is generated on the computer hosting the resource.”

Reply