Your network contains an Active Directory domain named contoso.com. The domain
contains a file server named Server1 that runs Windows Server 2008 R2. Server1 has a file
share named Share1.
You plan to configure the audit policy settings of Server1 by using a Group Policy object
(GPO).
You need to ensure that entries are generated in the Event Log when the users in a group
named Group1 successfully access or fail to access the files in Share1. The event entries
must show the specific operation each user attempted. The solution must minimize the
number of audit entries in the Event Log.
Which Object Access audit policy should you configure?
A.
Audit File Share
B.Audit Detailed File Share
C.Audit File System
D.Audit Other Object Access Events
Answer C
Is B
Detailed File Share
This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share. Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access.
If you configure this policy setting, an audit event is generated when an attempt is made to access a file or folder on a share. The administrator can specify whether to audit only successes, only failures, or both successes and failures.
Note: There are no system access control lists (SACLs) for shared folders. If this policy setting is enabled, access to all shared files and folders on the system is audited.
Volume: High on a file server or domain controller because of SYSVOL network access required by Group Policy.