Which server-level audit action group should you use?

You administer a Microsoft SQL Server 2012 database.
You provide temporary securityadmin access to User1to the database server.
You need to know if User1 adds logins to securityadmin. Which server-level audit action group should you use?

You administer a Microsoft SQL Server 2012 database.
You provide temporary securityadmin access to User1to the database server.
You need to know if User1 adds logins to securityadmin. Which server-level audit action group should you use?

A.
SERVER_STATE_CHANGE_GROUP

B.
SERVER_PRINCIPAL_IMPERSONATION_GROUP

C.
SUCCESSFUL_LOGIN_GROUP

D.
SERVER_ROLE_MEMBER_CHANGE_GROUP

Explanation:
Verified answer as correct.
Reference: http://technet.microsoft.com/en-us/library/cc280663.aspx
SERVER_STATE_CHANGE_GROUP
This event is raised when the SQL Server service state is modified. Equivalent to the Audit Server Starts and
Stops Event Class.
SERVER_PRINCIPAL_IMPERSONATION_GROUP
This event is raised when there is an impersonationwithin server scope, such as EXECUTE AS <login>.
Equivalent to the Audit Server Principal Impersonation Event Class.
SUCCESSFUL_LOGIN_GROUP
Indicates that a principal has successfully logged in to SQL Server. Events in this class are raised by new
connections or by connections that are reused from a connection pool. Equivalent to the Audit Login Event
Class.
SERVER_ROLE_MEMBER_CHANGE_GROUP
This event is raised whenever a login is added or removed from a fixed server role. This event is raised for the
sp_addsrvrolemember and sp_dropsrvrolemember storedprocedures. Equivalent to the Audit Add Login to
Server Role Event Class.



Leave a Reply 1

Your email address will not be published. Required fields are marked *