You work as the senior network administrator at certifyme.com. The certifyme.com
network consists of a single Active Directory domain named certifyme.com. All
servers on the certifyme.com network run Windows Server 2003 and all client
computers run Windows XP Professional.
You have noticed that some unauthorized changes have been made to the registry of
several computers. You suspect that one of your junior network administrators is
changing the registry. You decide to:
1. Enable auditing to log all changes being made to the registry.
2. All attempts made to change the registry keys to be logged.
3. No other type of event to be included in your auditing effort.
4. Use Event Viewer to view all logged event entries.
You open the domain audit security policy and navigate to the audit policy settings
under the Security Settings node. You then enable the Audit object access audit
policy setting for failed events. 350-001 When viewing the logged events, you discover though
that there are no events logged for any successful changes made to the Registry. You
want all events to be logged, and not only failed attempts to change the Registry.
Leading the way in IT testing and certification tools, www.certifyme.com
- 28 -
How should you configure the audit policy settings of the domain audit security
policy?
A. Configure the Audit privilege use audit policy setting so that successful and failed
events are logged.
B. Configure the Audit directory service access audit policy setting so that successful and
failed events are logged.
C. Configure the Audit Policy change audit policy setting so that successful and failed
events are logged.
D. Configure the Audit object access audit policy setting so that successful and failed
events are logged
Answer: D 640-802
Explanation: While you have enabled the correct audit policy setting in the Security
Settings node, you have specified that only failed attempts to change the Registry be
logged. You SHOULD configure the Audit object access setting if you want to track
and log when a user accesses operating system components such as files, folders or
registry keys. Because you need both successful and failed events logged, you should
reconfigure the Audit object access audit policy setting so that both successful and
failed events are logged.
Incorrect Answers:
A: You would configure the Audit privilege use audit policy setting to log when a user
affects a user right.
B: The Audit directory service access policy audit policy setting logs events that
pertain to when users access Active Directory objects which have system access control
lists (SACLs). The Registry is not an Active Directory object. You should regard it as
being computer specific. VCP-310
C: The Audit Policy change audit policy setting is used to log changes that are made to
the security configuration settings of the computer.
Reference:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment