| Author |
Deja's Tue 70-217 Question of the Day
|
|
| Deja-vue 2003-01-13, 11:26 pm |
| And today's question:
You are the network administrator for Just Hogs. Your Windows 2000 network consists of 15,000 users. Users have recently reported that documents are missing from the servers. You need to track the actions of the users to find out who has been deleting the files. You create a GPO on the justHogs.com domain and assign the appropriate permissions to the GPO.
What actions should you audit? (Choose two)
A. Directory Services access
B. Object access
C. Process tracking
D. Privileged use
E. Delete and Delete subfolders and files
See ya' all tomorrow with the Answer. | |
| Slinky 2003-01-13, 11:29 pm |
| First dibs on this one. I'll go with B & E. | |
| hlang 2003-01-14, 12:31 am |
| I'll pop in for B & E | |
| kopman 2003-01-14, 1:13 am |
| Damn you Slinky it's my job to go first :P
I'll go with B and E as well.
Kopman | |
| B4yaman3 2003-01-14, 8:12 am |
| I will go with B & E | |
|
| Always one of the last to post!
I agree with B & E | |
| Deja-vue 2003-01-15, 8:45 am |
| quote:
Originally posted by Deja-vue
And today's question:
You are the network administrator for Just Hogs. Your Windows 2000 network consists of 15,000 users. Users have recently reported that documents are missing from the servers. You need to track the actions of the users to find out who has been deleting the files. You create a GPO on the justHogs.com domain and assign the appropriate permissions to the GPO.
What actions should you audit? (Choose two)
A. Directory Services access
B. Object access
C. Process tracking
D. Privileged use
E. Delete and Delete subfolders and files
See ya' all tomorrow with the Answer.
Good Job! B&E was correct!
The two parts of auditing are to setup an audit policy at either the local or domain level (through a GPO) that defines the types of events to be audited (in this case object access). Secondly, the specific events must be specified (in this case by setting up the objects to be audited using Windows Explorer). To audit files and folders, you must be logged on as a member of the Administrators group or have been granted the "Manage auditing and security log" right in Group Policy. Administrators can also monitor access to Active Directory, causing successful and failed audit attempts to be logged in the Directory Service event log. This isn't what the question is asking here, though. |
|
|
|