Your network contains an Active Directory domainnamed contoso.com.
You need to audit changes to a service account.
The solution must ensure that the audit logs contain the before and after values of all the changes.
Which security policy setting should you configure?
A.
Audit Sensitive Privilege Use
B.
Audit User Account Management
C.
Audit Directory Service Changes
D.
Audit Other Account Management Events
Explanation:
Reference 1:
http://technet.microsoft.com/en-us/library/dd772641.aspx
Audit Directory Service Changes
This security policy setting determines whether theoperating system generates audit events when changes are
made to objects in Active Directory Domain Services(AD DS).
Reference 2:
http://technet.microsoft.com/en-us/library/cc731607.aspx
AD DS Auditing Step-by-Step Guide
This guide includes a description of the new ActiveDirectory® Domain Services (AD DS) auditing feature in
Windows Server® 2008. With the new auditing feature, you can log events that show old and new values; for
example, you can show that Joe’s favorite drink changed from single latte to triple-shot latte.