What should you include in the recommendation?

Your network contains an Active Directory domain named contoso.com.
The corporate security policy states that when new user accounts, computer accounts, and contacts
are added to an organizational unit (OU) named Secure, the addition must be audited.
You need to recommend an auditing solution to meet the security policy.
What should you include in the recommendation? (Each answer presents part of the solution.
Choose all that apply.)

Your network contains an Active Directory domain named contoso.com.
The corporate security policy states that when new user accounts, computer accounts, and contacts
are added to an organizational unit (OU) named Secure, the addition must be audited.
You need to recommend an auditing solution to meet the security policy.
What should you include in the recommendation? (Each answer presents part of the solution.
Choose all that apply.)

A.
From the Default Domain Controllers Policy, enable the Audit directory services setting.

B.
Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the Audit
directory services setting.

C.
From the Secure OU, modify the Auditing settings.

D.
From the Default Domain Controllers Policy, enable the Audit object access setting.

E.
From the Secure OU, modify the Permissions settings.

F.
Create a new Group Policy object (GPO) that is linked to the Secure OU, and then modify the Audit
object access setting.

Show Hint

Leave a Reply 7

Your email address will not be published. Required fields are marked *

mark

mark

why not A&B, you can dictate the audit settings through GPMC and that would be preferred, to control the settings through Group Policy, right?

Reply

FSM

FSM

Clear explained in: https://technet.microsoft.com/en-us/library/cc731607%28v=ws.10%29

***Step 1: Enable audit policy.***
By using Group Policy Management, you can turn on the global audit policy, Audit directory service access, which enables all the subcategories for AD DS auditing. If you need to install Group Policy Management, click Add Features in Server Manager. Select Group Policy Management and then click Install.”

*** Step 2: Set up auditing in object SACLs by using Active Directory Users and Computers.***
– Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
– Right-click the organizational unit (OU) (or any object) for which you want to enable auditing, and then click Properties.
– Click the Security tab, click Advanced, and then click the Auditing tab.
– Click Add, and under Enter the object name to select, type Authenticated Users (or any other security principal), and then click OK.
– In Apply onto, click Descendant User objects (or any other objects).
– Under Access, select the Successful check box for Write all properties.
– Click OK until you exit the property sheet for the OU or other object.

Agree with A & C.
B is not an option, because you already enable the ‘Audit directory services setting’ in the ‘Default Domain Controllers Policy’, so you don’t need to create an extra new GPO again.

Reply

Roger

Roger

Enable and modify are diferent things mi men…in A you enable, in B you modify the audit setiings

Reply

Google

Google

Usually posts some pretty intriguing stuff like this. If youre new to this site.

Reply