You work as the network administrator at Domain.com. The Domain.com network consists of a single Active Directory domain named Domain.com. All servers on the Domain.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista.
You are responsible for managing a server named CERTKILLER-SR01. CERTKILLER-SR01 contains a certificate service that is configured as a stand-alone Certification Authority (CA). A new Domain.com policy requires audit modifications has to be configured on the CA configuration setting as well as the CA security settings.
What should you do? (Choose all that apply.)
A.
You should consider opening the Certification services snap-in in order to configure auditing.
B.
You should consider having auditing configured to write in the %SYSTEM32%CertSrv directory.
C.
You should consider having the Audit object Access setting configured and enabled for CERTKILLER-SR01.
D.
You should consider configuring CERTKILLER-SR01 to log successful as well as failed attempts to permissions on files in %SYSTEM32%CertSrv directory.
I have the same idea. BC
Answer is A and C