You are the database administrator of your company. You configure automatic auditing by using SQL Server Audit on a server that runs an instance of SQL Server 2008. You want to ensure that the failed login attempts to the instance are logged in the Windows Security event log.
What should you do to achieve this?
A.
Add the SQL Server Agent service account to the Generate security audits policy.
B.
Add the SQL Server Writer service to the Generate security audits policy.
C.
Add the SQL Server Integration service to the Generate security audits policy.
D.
Add the SQL Server service account to the Generate security audits policy.
Explanation:
You should add the SQL Server service account to the Generate security audits policy. Audit events can be stored in a file, in the Windows Application event log, or in the Windows Security event log. The Windows Application event log contains events logged by applications or programs running on the computer. Events that are logged to the Windows Application event log are determined by users who developed the application or program. The Windows Security event log records only security-related events. You require administrative privileges to be able to use and specify events that should be logged in the Windows Security event log. To ensure that failed login attempts are recorded in the Windows Security event log, the SQL Server service account must be added to the Generate security audits policy. Additionally, you must also configure the Audit object access security policy to audit successful login attempts, failed login attempts, or both successful and failed login attempts. You can configure these policies by using the secpol.msc tool. You should not add the SQL Server Agent service account, SQL Server Writer service, or the SQL Server Integration service to the Generate security audits policy. Adding these services to the Generate security audits policy will not enable the SQL server to write audit events to the Windows Security event log. To ensure that failed login attempts are recorded in the Windows Security log, the SQL Server service account must be added to the Generate security audits policy.Objective: Managing SQL Server Security Sub-Objective: Audit SQL Server instances.
References: MSDN > MSDN Library > Servers and Enterprise Development > SQL Server > SQL Server 2008 > Product Documentation > SQL Server 2008 Books Online > Database Engine > Security and Protection > Secure Operation > SQL Server Encryption > Auditing (Database Engine) > SQL Server Audit How-to Topics > How to: Write Server Audit Events to the Security Log MSDN > MSDN Library > Servers and Enterprise Development > SQL Server > SQL Server 2008 > Product Documentation > SQL Server 2008 Books Online > Database Engine > Security and Protection > Secure Operation > SQL Server Encryption > Auditing (Database Engine) > Understanding SQL Server Audit