Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate
Services (AD CS) is configured as a standalone Certification Authority (CA) on the server.
You need to audit changes to the CA configuration settings and the CA security settings.
Which two tasks should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
Configure auditing in the Certification Authority snap-in.
B.
Enable auditing of successful and failed attempts to change permissions on files in the
%SYSTEM32%
\CertSrv directory.
C.
Enable auditing of successful and failed attempts to write to files in the
%SYSTEM32%\CertLog directory.
D.
Enable the Audit object access setting in the Local Security Policy for the Active Directory
Certificate Services (AD CS) server.
Explanation:
http://technet.microsoft.com/en-us/library/cc772451.aspx
Configure CA Event Auditing
You can audit a variety of events relating to the management and activities of a certification
authority (CA):Back up and restore the CA database.
Change the CA configuration.
Change CA security settings.
Issue and manage certificate requests.
Revoke certificates and publish certificate revocation lists (CRLs).
Store and retrieve archived keys.
Start and stop Active Directory Certificate Services (AD CS).
To configure CA event auditing
1. Open the Certification Authority snap-in.
2. In the console tree, click the name of the CA.
3. On the Action menu, click Properties.
4. On the Auditing tab, click the events that you want to audit, and then click OK.
5. On the Action menu, point to All Tasks, and then click Stop Service.
6. On the Action menu, point to All Tasks, and then click Start Service.
Additional considerations
To audit events, the computer must also be configured for auditing of object access. Audit
policy options can be viewed and managed in local or domain Group Policy under Computer
Configuration\Windows Settings\Security Settings\Local Policies.