Your network contains an Active Directory domain named contoso.com. The domain contains a file
server named Server1 that runs Windows Server 2012 R2.
You view the effective policy settings of Server1 as shown in the exhibit. (Click the Exhibit button.)
On Server1, you have a folder named C:\Share1 that is shared as Share1. Share1 contains
confidential dat
a. A group named Group1 has full control of the content in Share1.
You need to ensure that an entry is added to the event log whenever a member of Group1 deletes a
file in Share1.
What should you configure?
A.
the Audit File Share setting of Servers GPO
B.
the Sharing settings of C:\Share1
C.
the Audit File System setting of Servers GPO
D.
the Security settings of C:\Share1
Explanation:
You can use Computer Management to track all connections to shared resources on a Windows
Server 2008 R2 system.
Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a
connection in the Sessions node.
File access, modification and deletion can only be tracked, if the object access auditing is enabled
you can see the entries in the event log.To view connections to shared resources, type net session at a command prompt or follow these
steps:
In Computer Management, connect to the computer on which you created the shared resource.
In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can
now view connections to shares for users and computers.
To enable folder permission auditing, you can follow the below steps:
Click start and run “secpol. msc” without quotes.
Open the Local Policies\Audit Policy
Enable the Audit object access for “Success” and “Failure”.
Go to target files and folders, right click the folder and select properties.
Go to Security Page and click Advanced.
Click Auditing and Edit.
Click add, type everyone in the Select User, Computer, or Group.
Choose Apply onto: This folder, subfolders and files.
Tick on the box “Change permissions”
Click OK.
After you enable security auditing on the folders, you should be able to see the folder permission
changes in the server’s Security event log. Task Category is File System.httpHYPERLINK “http://social.technet.microsoft.com/Forums/enUS/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/#_blank”: //socialHYPERLINK
“http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-
8014-f2eb10f3f10f/#_blank”. technetHYPERLINK “http://social.technet.microsoft.com/Forums/enUS/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/#_blank”. microsoftHYPERLINK
“http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-
8014-f2eb10f3f10f/#_blank”. com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-
f2eb10f3f10f/
httpHYPERLINK “http://technet.microsoft.com/en-us/library/cc753927(v=ws.10).aspx#_blank”:
//technetHYPERLINK “http://technet.microsoft.com/en-us/library/cc753927(v=ws.10).aspx#_blank”.
microsoftHYPERLINK “http://technet.microsoft.com/en-us/library/cc753927(v=ws.10).aspx#_blank”.
com/en-us/library/cc753927(v=wsHYPERLINK “http://technet.microsoft.com/enus/library/cc753927(v=ws.10).aspx#_blank”. 10)HYPERLINK “http://technet.microsoft.com/enus/library/cc753927(v=ws.10).aspx#_blank”. aspx
httpHYPERLINK “http://social.technet.microsoft.com/Forums/enUS/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/#_blank”: //socialHYPERLINK
“http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-
8014-f2eb10f3f10f/#_blank”. technetHYPERLINK “http://social.technet.microsoft.com/Forums/enUS/winservergen/thread/13779c78-0c73-4477-8014-f2eb10f3f10f/#_blank”. microsoftHYPERLINK
“http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-
8014-f2eb10f3f10f/#_blank”. com/Forums/en-US/winservergen/thread/13779c78-0c73-4477-8014-
f2eb10f3f10f/httpHYPERLINK “http://support.microsoft.com/kb/300549#_blank”: //supportHYPERLINK
“http://support.microsoft.com/kb/300549#_blank”. microsoftHYPERLINK
“http://support.microsoft.com/kb/300549#_blank”. com/kb/300549
httpHYPERLINK “http://www.windowsitpro.com/article/permissions/auditing-folder-permissionchanges#_blank”: //wwwHYPERLINK “http://www.windowsitpro.com/article/permissions/auditingfolder-permission-changes#_blank”. windowsitproHYPERLINK
“http://www.windowsitpro.com/article/permissions/auditing-folder-permission-changes#_blank”.
com/article/permissions/auditing-folder-permission-changes
httpHYPERLINK “http://www.windowsitpro.com/article/permissions/auditing-permission-changeson-a-folder#_blank”: //wwwHYPERLINK
“http://www.windowsitpro.com/article/permissions/auditing-permission-changes-on-afolder#_blank”. windowsitproHYPERLINK
“http://www.windowsitpro.com/article/permissions/auditing-permission-changes-on-afolder#_blank”. com/article/permissions/auditing-permission-changes-on-a-folder
We like to honor quite a few other net internet sites around the net, even when they arent linked to us, by linking to them. Underneath are some webpages really worth checking out.
0
3
The answer is correct. The GPO must be have Audit Enable and it clearly shows on the exhibit. Next the Audit has to be enable on the server share. This can be accomplished by using the Security Setting, Advanced, then from the tabs, click on Auditing and configure what you want to Audit there.
Answer is D
0
0
missing info should read:
“On Server1, you have a folder named C:\Share1 that is shared as Share1. Share1 contains confidential data.
A group named Group1 has full control of the content in Share1.
You need to ensure that an entry is added to the event log, wherever a member of Group1 deletes a file in Share1.
What should you configure?”
0
0