CompTIA
Exam Vouchers
Save money on CompTIA exams
| Question of the day
Sign up to receive
interactive practice questions
for MCSE, CompTIA
Cisco and other exams
| TestKing
Get MCSE, MCSD, CCNA, CCNP,A+, N+ and many more | * ExamSheets *
Guide for Success!
Actual Questions & Answers
MCSE, MCSD, A+ ,CCNA, CCNP
Oracle 8i, Oracle 9i Online practice tests
Certification sites Online university Online college Online education Distance learning Software forum Server administration forum Programming resources
|
|  |
Pages (3): [1] 2 3 »
scottdg
Member
M
Registered: Jun 2001
Location: Lakewood, NJ
Country: United States
State:
Certifications: A+, Network+, MCP (210, 215)
Working on: MCSA, MCSE
Total Posts: 93
|
|
 Auditing
I came across the following question on Exam Drill:
Gregory is member of the Administrators group. Some executives in his company feel that he may be reading or even altering confidential company documents. What can you do as the head of IT for the company to track which users are accessing sensitive files?
A. Enable auditing for success of object access in the Local Security Settings console.
B. Enable auditing for failure of object access in the Local Security Settings console.
C. Enable auditing for the folder that contains the confidential files. Audit activities such as successful List Contents/Read Data ans successful Create Files/Write Data.
D. Enable auditing for success and failure of process tracking in the Local Security Settings console.
I answered A, B, C to the question and was told it was incorrect and given the following answers and explanation:
Enable auditing for success of object access in the Local Security Settings console.
Enable auditing for the folder that contains the confidential files. Audit activities such as successful List Contents/Read Data and successful Create Files/Write Data.
And then the following explanation...
Enable auditing for success, failure, or both for object access from the Local Security Settings console. Then you can audit the success of object access events.
This explanation leads me to believe that I am correct and it should be A, B, & C since it says to enable for both success or failure. Either that or they are just looking for the minimum amount of work needed to audit.
If anyone has any ideas please let me know what you think.
Report this post to a moderator
|
|
 03-26-02 04:46 PM
|
|
Pavlov
Old Timer
F
Registered: Jan 2001
Location: California
Country: United States
State:
Certifications: A+, Net+, i-Net+, CIW-A, MCP NT4, MCSA 2000, MCSE 2000
Working on: Having Fun
Total Posts: 2615
|
|
|
I am no where near ready to schedule this test, but let me take a stab at this...
I would agree with you. One of two possibilities - Exam Drill had a typo in the answers and D should read "Enable auditing for success and failure of object access in the Local Security Settings console." In which case the answer would be C & D.
Or... You're right and the engine just has the wrong answer programmed 
Anyone else?......
__________________
The supreme accomplishment is to blur the line between work and play.
---------------------------------------
We have enough youth, how about a fountain of smart?
Report this post to a moderator
|
|
|
03-26-02 04:55 PM
|
|
scottdg
Member
M
Registered: Jun 2001
Location: Lakewood, NJ
Country: United States
State:
Certifications: A+, Network+, MCP (210, 215)
Working on: MCSA, MCSE
Total Posts: 93
|
|
|
I didn't even consider that Pavlov, that is another possibility. The way I look at it now though if I came across that question on a test I would have to stick with my original answer
Report this post to a moderator
|
|
|
03-26-02 05:14 PM
|
|
wbafrank
Moderator
M
Registered: Nov 2001
Location:
Country: Great Britain (UK)
State:
Certifications: MCP, MCSA, MCSE, MCSD, MCDBA, A+, CCNA, i-Net+, M CIW SD, CIW P, CIW Associate
Working on: CCNP (2/4)
Total Posts: 3787
|
|
|
|
03-26-02 05:38 PM
|
|
scottdg
Member
M
Registered: Jun 2001
Location: Lakewood, NJ
Country: United States
State:
Certifications: A+, Network+, MCP (210, 215)
Working on: MCSA, MCSE
Total Posts: 93
|
|
|
That link says that you can choose successful , failed or both but is there anything in this question that would limit it to one or the other that I am missing? After reading that link I would think that it should be A, B, C.
Report this post to a moderator
|
|
|
03-26-02 06:20 PM
|
|
Slinky
Junior Member
Registered: Aug 2000
Location: 35° 24' N 97° 36' W
Country: US of A
State:
Certifications: A+, N+, MCSA
Working on: MCSE
Total Posts: 2009
|
|
|
quote:
Originally posted by scottdg
That link says that you can choose successful , failed or both but is there anything in this question that would limit it to one or the other that I am missing? After reading that link I would think that it should be A, B, C.
You are not missing anything. The correct answers should be A, B, and C.
Report this post to a moderator
|
|
|
03-26-02 06:42 PM
|
|
claudio rivas
Back to Microsoft
Registered: Feb 2002
Location:
Country: Mexico
State:
Certifications: MCSE, CUSE
Working on:
Total Posts: 203
|
|
|
A question...
Why B?
You don't need to audit failure access, only when you want to know who is TRYING (the user is not trying, he is ACCESSING) to access confidential files you need to track failure object access.
Maybe the question is not so well outlined.
And that is what is confusing me.
I'll apreciate your help.
Thanks Everybody.
Report this post to a moderator
|
|
|
03-26-02 07:54 PM
|
|
claudio rivas
Back to Microsoft
Registered: Feb 2002
Location:
Country: Mexico
State:
Certifications: MCSE, CUSE
Working on:
Total Posts: 203
|
|
|
For me A & C, but i have a question...
Why B?
You don't need to audit failure access, only when you want to know who is TRYING (the user is not trying, he is ACCESSING) to access confidential files you need to track failure object access.
Maybe the question is not so well outlined.
And that is what is confusing me.
I'll apreciate your help.
Thanks Everybody.
Report this post to a moderator
|
|
|
03-26-02 07:57 PM
|
|
Teck Shark
Caffeine Fueled Member
Registered: Feb 2002
Location: Somewhere in the plains
Country: United States
State:
Certifications: AA, AS, MCSE 2K, MCSA 2K, MCP 2K, A+, Network+, HP, IBM, Linksys, & Canon certified service tech.
Working on: CCNA/CCNP, RHCE, MCIS Degree
Total Posts: 1713
|
|
The correct answers are "A" & "C".
You do have the option to enable both success & failed object access in the Group Policy snap-in. But this question is saying that Gregory is reading or even altering confidential company documents.
So you would enable auditing for successful object access. And then configure auditing on the folder containing these company documents to audit activities such as successful List Contents/Read Data and successful Create Files/Write Data.
You don't need to enable auditing for failed object access in this scenario.
-Shark
__________________
Tech Shark
MCSE 2000
MCSA 2000 Charter Member
A+, Net+
Words to Live by:
"No! Try not. Do, or do not. There is no try!"
Einstein's theory of relativity:
"Put your hands on a hot pan, a second can seem like an hour. Grab hold of a hot woman, an hour can seem like a second... it's all relative!"
Sound Advice:
"You shouldn't take life too seriously. You'll never get out alive!"
Report this post to a moderator
|
|
|
03-26-02 08:08 PM
|
|
claudio rivas
Back to Microsoft
Registered: Feb 2002
Location:
Country: Mexico
State:
Certifications: MCSE, CUSE
Working on:
Total Posts: 203
|
|
|
|
03-26-02 08:17 PM
|
|
|
Click here for the list of 70-210 study guides
MCSE exam notes
70-210 exam details
Forum Rules:
Who Can Read The Forum? Any registered user or guest.
Who Can Post New Topics? Any registered user.
Who Can Post Replies? Any registered user.
Changes: Messages can be edited by their author.
Posts: HTML code is OFF. Smilies are ON. vB code is ON. [IMG] code is ON. |
|
ExamNotes forum archive
|
