|
|
| scottdg 2002-03-26, 11:46 am |
| I came across the following question on Exam Drill:
Gregory is member of the Administrators group. Some executives in his company feel that he may be reading or even altering confidential company documents. What can you do as the head of IT for the company to track which users are accessing sensitive files?
A. Enable auditing for success of object access in the Local Security Settings console.
B. Enable auditing for failure of object access in the Local Security Settings console.
C. Enable auditing for the folder that contains the confidential files. Audit activities such as successful List Contents/Read Data ans successful Create Files/Write Data.
D. Enable auditing for success and failure of process tracking in the Local Security Settings console.
I answered A, B, C to the question and was told it was incorrect and given the following answers and explanation:
Enable auditing for success of object access in the Local Security Settings console.
Enable auditing for the folder that contains the confidential files. Audit activities such as successful List Contents/Read Data and successful Create Files/Write Data.
And then the following explanation...
Enable auditing for success, failure, or both for object access from the Local Security Settings console. Then you can audit the success of object access events.
This explanation leads me to believe that I am correct and it should be A, B, & C since it says to enable for both success or failure. Either that or they are just looking for the minimum amount of work needed to audit.
If anyone has any ideas please let me know what you think. | |
| Pavlov 2002-03-26, 11:55 am |
| I am no where near ready to schedule this test, but let me take a stab at this...
I would agree with you. One of two possibilities - Exam Drill had a typo in the answers and D should read "Enable auditing for success and failure of object access in the Local Security Settings console." In which case the answer would be C & D.
Or... You're right and the engine just has the wrong answer programmed 
Anyone else?...... | |
| scottdg 2002-03-26, 12:14 pm |
| I didn't even consider that Pavlov, that is another possibility. The way I look at it now though if I came across that question on a test I would have to stick with my original answer | |
|
|
| scottdg 2002-03-26, 1:20 pm |
| That link says that you can choose successful , failed or both but is there anything in this question that would limit it to one or the other that I am missing? After reading that link I would think that it should be A, B, C. | |
| Slinky 2002-03-26, 1:42 pm |
| quote:
Originally posted by scottdg
That link says that you can choose successful , failed or both but is there anything in this question that would limit it to one or the other that I am missing? After reading that link I would think that it should be A, B, C.
You are not missing anything. The correct answers should be A, B, and C. | |
| claudio rivas 2002-03-26, 2:54 pm |
| A question...
Why B?
You don't need to audit failure access, only when you want to know who is TRYING (the user is not trying, he is ACCESSING) to access confidential files you need to track failure object access.
Maybe the question is not so well outlined.
And that is what is confusing me.
I'll apreciate your help.
Thanks Everybody. | |
| claudio rivas 2002-03-26, 2:57 pm |
| For me A & C, but i have a question...
Why B?
You don't need to audit failure access, only when you want to know who is TRYING (the user is not trying, he is ACCESSING) to access confidential files you need to track failure object access.
Maybe the question is not so well outlined.
And that is what is confusing me.
I'll apreciate your help.
Thanks Everybody. | |
| Teck Shark 2002-03-26, 3:08 pm |
| The correct answers are "A" & "C".
You do have the option to enable both success & failed object access in the Group Policy snap-in. But this question is saying that Gregory is reading or even altering confidential company documents.
So you would enable auditing for successful object access. And then configure auditing on the folder containing these company documents to audit activities such as successful List Contents/Read Data and successful Create Files/Write Data.
You don't need to enable auditing for failed object access in this scenario.
-Shark | |
| claudio rivas 2002-03-26, 3:17 pm |
| i agree with you Shark | |
| Slinky 2002-03-26, 7:01 pm |
| quote:
Originally posted by claudio rivas
i agree with you Shark
I see your point. The question in my opinion is subjective though. There are times where you would want to audit failed access attempts. This doesn't seem to be the case though. | |
| wingman2k22002 2002-03-26, 7:51 pm |
| I agree with shark if the question asked how can we track what Gregory is doing, but what the question asks, is if you are head of IT and want to track user, this includes Gregory and his Admin permissions, as well as all other users on the system.
If it were just Gregory that needed to be tracked I would say A & C, but since it asks how to track what all users are accessing it should be A, B & Call users is the key that I am looking at. | |
| calidog 2002-03-26, 8:29 pm |
| What can you do as the head of IT for the company to track which users are accessing sensitive files?
As somebody already said,
since it says that which users are ACCESSING sensitive files, you want to audit the successful accesses.
I would go for A and C, but
if it says that which users are TRYING to access sensitive files, then you would wanna know who failed it as well. | |
| wingman2k22002 2002-03-26, 10:53 pm |
| Funny on how you focus on certain words and miss the others...They are so tricky that way.
Since it was pointed out that we are looking for accesses for everyone (which apparently does not include failed attempts)I will say that the correct answer is A and C | |
| IT 1588 2002-03-26, 11:45 pm |
| A and C sound more reasonable for this question, especially you made incorrect choices judged by the test writer.
However, B is possible a correct answer because "be doing something" means "will do something" in grammer.The wording in the question "track which users ARE ACCESSING the files" means "track which users will access the files". Here WILL ACCESS includes TRY TO ACCESS.
Therefore, I think it is a pooly wording question if the test writer thinks B is wrong answer. | |
| wbafrank 2002-03-26, 11:57 pm |
| Gregory is member of the Administrators group. Some executives in his company feel that he may be reading or even altering confidential company documents. What can you do as the head of IT for the company to track which users are accessing sensitive files?
In this question you know that someone is accessing the files because this is what you have been told!!
First you now have to ask yourself "Who is actually getting into the document and what can I do to see who it is?"
Second question you have to answer is "Do I need to know all those people who have tried to access the documents but failed?"
As you only want to find out who physically can get into the documents would your second question need to be carried out? | |
| NetChild1985 2002-03-27, 12:23 am |
| A and C! | |
| scottdg 2002-03-27, 3:03 pm |
| Thanks everybody, Sometimes you just need other people to look at things a little differently. I think it was the Exam Drill explanation that confused things for me.
You are all right though, after reading it again I have to agreee A & C are the correct answers.
Thanks again. | |
| claudio rivas 2002-03-27, 4:00 pm |
| Don't worry, at any time anybody need some help and i think we all are here to help and be helped and help someone gives you many things.
Discuting this kind of things and confronting our thoughts (if this is the case) give us a lot of knowledge and give the others the same knowledge because here always there is a conclusion. There is no doubt, all the people in this forum are indeed gentleman.
I must say thanks everybody for be part of the best forum and help anybody without matter the problem.
| |
| anthonie 2002-03-27, 8:39 pm |
| Be aware... you will get questions like this in the actual exam! Now you see how good Exam Drill is in preparing you for the exam.
I'm sure it's very clear now that the answers are A & C. The concept here is do only what you need to do.
Good luck for the exam.  | |
| scottdg 2002-03-28, 8:55 am |
| That is why I keep coming back here. I find myself posting now a lot more than I used to. It is definately a great study aid.
Thanks to everyone. |
|
|
|