|
Home > Archive > 70-210 > June 2002 > Mon W2K Professional Question of the Day
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Mon W2K Professional Question of the Day
|
|
| wbafrank 2002-06-24, 6:49 am |
|  And today's poser is ....
Q5. Recently someone in your company deleted several confidential files. You've been tasked with tracking system activity and identifying the person who performs such an action should this ever happen again. You have several Windows 2000 Professional machines on which members of the Executives group store their confidential data. You want to track both successful and unsuccessful attempts by anybody to read, delete and write to certain files and folders. However, you do not want to do any additional auditing that might slow system performance. You perform the following actions on the Windows 2000 Professional machines:
1. In the local group policy object, you enable auditing of object access when successful and unsuccessful.
2. In the local group policy object, you enable auditing of process tracking when unsuccessful.
3. In Windows Explorer, you select to track successful and unsuccessful reads and writes by members of the Everyone group for the confidential files.
4. In Windows Explorer, you select to track successful and unsuccessful deletes by members of the Executives group for the confidential files.
Which of the following objectives have you achieved? Choose all that apply.
A. All successful and unsuccessful attempts to write to the confidential files will be tracked.
B. All successful and unsuccessful attempts to delete the confidential files will be tracked.
C. All successful and unsuccessful attempts to read the confidential files will be tracked.
D. Auditing has been kept to a minimum to improve system performance.
Good Luck .... see you tomorrow for the answer!! | |
| denis_baribeau 2002-06-24, 7:24 am |
| Going for ( A B C )
Flunk Friday's one could be on a roll here.
Ps Answered has if face in front of test.
These question of the day and the one in my mail sure show all the weak spots. | |
| Pavlov 2002-06-24, 10:50 am |
| I'm gonna go with A & C for this one.
He's only tracking successful and unsuccessful deletes by the Exec group - so he wouldn't see if someone else (outside of the Exec group) deleted stuff, only if they read and write, so I don't think B is correct. | |
|
| Attempt to delete won't be seen.
A and C for me ?
 | |
| AngryMan 2002-06-24, 6:10 pm |
| A,B,C
is my newbie guess
I think an attempt to delete the files will be seen. | |
| NetChild1985 2002-06-24, 11:49 pm |
| I'm going with "A" and "C"!
...and maybe "B"! | |
| chunder 2002-06-24, 11:59 pm |
| A, C & D
A) all successful and unsuccessful attemps to write these files (objects) will be logged because we have turned on auditing for this event for the Everyone group.
C) all successful and unsuccessful attempts to read these files (objects) will be logged because we have turned on auditing for this event for the Everyone group.
D) we have kept auditing to a minimum to improve performance because we are auditing a specific set of folders rather than the entire file system.
NOT B) we have marked to audit deletes of these objects only by the Executives group so not ALL attempts will be logged/audited. | |
| wbafrank 2002-06-25, 10:24 am |
| quote:
Originally posted by wbafrank
And today's poser is ....
Q4. Recently someone in your company deleted several confidential files. You've been tasked with tracking system activity and identifying the person who performs such an action should this ever happen again. You have several Windows 2000 Professional machines on which members of the Executives group store their confidential data. You want to track both successful and unsuccessful attempts by anybody to read, delete and write to certain files and folders. However, you do not want to do any additional auditing that might slow system performance. You perform the following actions on the Windows 2000 Professional machines:
1. In the local group policy object, you enable auditing of object access when successful and unsuccessful.
2. In the local group policy object, you enable auditing of process tracking when unsuccessful.
3. In Windows Explorer, you select to track successful and unsuccessful reads and writes by members of the Everyone group for the confidential files.
4. In Windows Explorer, you select to track successful and unsuccessful deletes by members of the Executives group for the confidential files.
Which of the following objectives have you achieved? Choose all that apply.
A. All successful and unsuccessful attempts to write to the confidential files will be tracked.
B. All successful and unsuccessful attempts to delete the confidential files will be tracked.
C. All successful and unsuccessful attempts to read the confidential files will be tracked.
D. Auditing has been kept to a minimum to improve system performance.
And the answer is ....
Correct Answer: A and C
To set up auditing of files and folders, perform the following steps:
1. Click Start, click Run, type mmc, and then click OK.
2. On the Console menu, click Add/Remove Snap-in, and then click Add.
3. Under Snap-in, click Group Policy, and then click Add.
4. In Select Group Policy Object, click Local Computer, click Finish, click Close, and then click OK.
5. In Local Computer Policy, click Audit Policy.
6. In the details pane, right-click Audit Object Access, and then click Security.
7. In Local Security Policy Setting, click the options you want, and then click OK.
To specify files and folders to audit, perform the following actions:
1. In Windows Explorer, right-click the file or folder you want to audit, and then click Properties.
2. On the Security tab, click Advanced.
3. On the Auditing tab, click Add.
4. In the Select User, Computer, or Group dialog box, click the name of the user or group whose actions you want to audit, and then click OK.
5. In the Auditing Entry dialog box, in Access, click Successful, Failed, or both for the actions you want to be audited, and then click OK.
In the above question, attempts to delete the files by anyone other than a member of the Executives group would not be tracked so Answer C is incorrect. Also, process tracking is very resource-intensive and should only be used for troubleshooting purposes. As it will likely slow system performance, Answer D is also incorrect. | |
| Pavlov 2002-06-25, 10:50 am |
| Woo hoo! I think I might be getting there. | |
|
|
|
|
|