| Author |
Deja's Tue 70-217 Question of the Day
|
|
| Deja-vue 2002-12-16, 11:38 pm |
| Here is Tuesday's Question:
You are the Windows 2000 network administrator for your company. You are implementing the company's network security model. You network has several servers that contain sensitive or confidential information. You want to configure security auditing on these servers to monitor access to specific folders. You also want to prevent users from gaining access to these servers when the security logs become full.
What should you do?
A. Create a GPO that applies to the servers. Configure the GPO to enable auditing for object access. Set up the individual objects to be audited in Windows Explorer and then customize the Event Viewer logs to limit the size of the security log to 1,024 kb.
B. Create a GPO that applies to the servers. Configure the GPO to enable auditing for Directory Services access. Set up the individual objects to be audited in Windows Explorer and then customize the Event Viewer logs to limit the size of the security log to 1,024 KB. Configure the security event log so that it does not overwrite events.
C. Create a GPO that applies to the servers. Configure the GPO to enable auditing for Directory Service access. Set up the individual objects to be audited in Windows Explorer. Configure the Security Event log so that it does not overwrite events. Then configure the GPO to enable the "Shut down the system immediately if unable to log security audits" setting.
D. Create a GPO that applies to the servers. Configure the GPO to enable auditing for object access. Setup the individual objects to be audited in Windows Explorer. Configure the security event log so that it does not overwrite events. Then configure the GPO to enable the "Shut down the system immediately if unable to log security audits" setting.
We'll see ya tomorrow with the Answer!
 | |
| CyberDude 2002-12-17, 1:24 am |
| Hi De-ja,
D for me as it is the only one that will work. A. is ok but forgets to configure the servers to shut down when the logs are full. B & C are wrong as Directory Access only monitors directory objects and not specific files or folders.  | |
| mdeneau 2002-12-17, 6:37 am |
| I will take D pls for 500$ | |
| dvinton 2002-12-17, 7:30 am |
| I agree with D. | |
| Deja-vue 2002-12-17, 9:30 am |
| Hey, Cyberdude... long time, no see!
| |
| maxmax79 2002-12-17, 9:45 am |
| D for me as well | |
| jocampo 2002-12-17, 10:06 am |
| I think is "D" | |
| Deja-vue 2002-12-17, 11:37 pm |
| quote:
Originally posted by Deja-vue
Here is Tuesday's Question:
You are the Windows 2000 network administrator for your company. You are implementing the company's network security model. You network has several servers that contain sensitive or confidential information. You want to configure security auditing on these servers to monitor access to specific folders. You also want to prevent users from gaining access to these servers when the security logs become full.
What should you do?
A. Create a GPO that applies to the servers. Configure the GPO to enable auditing for object access. Set up the individual objects to be audited in Windows Explorer and then customize the Event Viewer logs to limit the size of the security log to 1,024 kb.
B. Create a GPO that applies to the servers. Configure the GPO to enable auditing for Directory Services access. Set up the individual objects to be audited in Windows Explorer and then customize the Event Viewer logs to limit the size of the security log to 1,024 KB. Configure the security event log so that it does not overwrite events.
C. Create a GPO that applies to the servers. Configure the GPO to enable auditing for Directory Service access. Set up the individual objects to be audited in Windows Explorer. Configure the Security Event log so that it does not overwrite events. Then configure the GPO to enable the "Shut down the system immediately if unable to log security audits" setting.
D. Create a GPO that applies to the servers. Configure the GPO to enable auditing for object access. Setup the individual objects to be audited in Windows Explorer. Configure the security event log so that it does not overwrite events. Then configure the GPO to enable the "Shut down the system immediately if unable to log security audits" setting.
We'll see ya tomorrow with the Answer!
Yepp, D was correct!
The two parts of auditing are to setup an audit policy at either the local or domain level (through a GPO) that defines the types of events to be audited (in this case object access). Secondly, the specific events must be specified (in this case by setting up the objects to be audited using Windows Explorer). To meet the last requirement of preventing users' access when log is full then you must configure the GPO to enable the "Shut down the system if unable to log" setting. This setting is actually called CrashOnAuditFail in the registry and in this case, must be set to 1. | |
| CyberDude 2002-12-18, 12:56 am |
| Hi Deja, well life is a bit intense at work, so I do not have much time to surf lately as I am studing for my second company exam. | |
| Deja-vue 2002-12-18, 1:05 am |
| Same here, my Friend.
It is 11:03 PM (23:03) here and i am still working recovering some huge Files of a Dell-Server in my Lab.
The Company lost all of their Backups, and i took it home to fix it.
They will need it first thing in the Morning.
 | |
| CyberDude 2002-12-23, 2:21 pm |
| How do you lose backups? | |
| me? I dunno... 2002-12-23, 3:00 pm |
| quote:
How do you lose backups?
Maybe they weren't written down?  | |
| Deja-vue 2002-12-23, 6:16 pm |
| They had a fire in the back of the Building, where they kept some of the Backups, most of them were lost.
Then the Server became unbootable.
Thank god for Winternals and Ontrack recovery, i was able to recover 99.9 % of the Data.
(@ $125 an hour ) | |
| CyberDude 2002-12-31, 12:00 pm |
| WOW, what a dilema. I bet they think youre ACE after that superb recovery. |
|
|
|