You are employed as the enterprise administrator at Domain.com. The company runs Windows Server 2008 on all the servers on the network.
The CertKiller domain contains 8 file servers that have computer accounts in the KingServers OU. There is a GPO named CKserverConfig is linked to KingServers. Four of the servers contain a folder named KingData1. Due to company growth CertKiller hired part time users to assist with the workload. You need to ensure that the users are unable to access KingData1.
You thus configure the permissions on KingData1 to prohibit the users from accessing it. You want to audit any attempts by the users to open or manipulate the folder. What should you do?
A.
Add the audit entries to KingData1 to a failed Full Control access.
B.
Add the audit entries to KingData1 in order to audit successful Full Control access.
C.
Evaluate the entries in the Security logs on the domain controllers.
D.
Define the Audit Object Access policy in CKserverConfig.
E.
Define the Audit Object Access policy in the Default Domain Controllers GPO.
F.
Evaluate the entries in the Security logs on every file server.
G.
Define the Audit Directory Service Access policy in CKserverConfig.
Explanation:
You need to configure the auditing entries on the Confidential Data folder. When you audit failures to Full Control access it will create audit events for any failed type of access. Object Access auditing should be enabled on file servers. The Server Configuration GPO will then be scoped in order to apply to all file servers. In the security logs of every file server the file system access events will appear.
The scenario states that permissions were configured to not allow users access. There will thus be no successful attempts to audit.
File system access events will be logged on the file servers and not the domain controllers.
You have to apply the audit policy setting to the file servers and not the domain controllers.
The Directory Service Access audit policy relates to modifications to objects in AD not a folder on a disk subsystem.Reference : Syngress – The Real MCTS-MCITP 70-649 Prep Kit – Independent and Complete Self-Paced Solutions
I agree with the answer.