Which of the following reasons justifies why you should audit failed events?
A.
To log resource access for reporting and billing
B.
To monitor for malicious attempts to access a resource which has been denied
C.
None of these
D.
To monitor access that would suggest users are performing actions greater than you had planned
Explanation:
initial question: Which of the following reasons justifies why youshould audit failed events? => failed events?
what the hell is that?
anyway i found this (i really think the question iscorrupted but maybe i’m wrong? anyway this question is part of
removed questions…)
most important is to learn something and here’s what i found :
http://technet.microsoft.com/en-us/library/cc778162%28v=ws.10%29.aspx
Auditing Security Events Best practices
If you decide to audit failure events in the policychange event category, you can see if unauthorizedusers or
attackers are trying to change policy settings, including security policy settings. Although this can be helpful for
intrusion detection, the increase in resources thatis required and the possibility of a denial-of-service attack
usually outweigh the benefits.