You are the database administrator of your company. You configure automatic auditing by using SQL ServerAudit on a server that runs an instance of SQL Server 2008.
You want to ensure that the failed login attempts tothe instance are logged in the Windows Security event log. What should you do to achieve this?
A.
Add the SQL Server Agent service account to the Generate security audits policy.
B.
Add the SQL Server Writer service to the Generate security audit
C.
Add the SQL Server Integration service to the Generate security audits policy.
D.
Add the SQL Server service account to the Generate security audits policy.
Explanation:
You should add the SQL Server service account to the Generate security audits policy. Audit events can bestored in a file, in the Windows Application event log, or in the Windows Security event log. The WindowsApplication event log contains events logged by applications or programs running on the computer. Events that are logged to the Windows Application event log are determined by users who developed the application orprogram. The Windows Security event log records only security-related events. You require administrativeprivileges to be able to use and specify events that should be logged in the Windows Security event log. Toensure that failed login attempts are recorded in the Windows Security event log, the SQL Server service accountmust be added to the Generate security audits policy. Additionally, you must also configure the Audit objectaccess security policy to audit successful login attempts, failed login attempts, or both successful and failed loginattempts. You can configure these policies by using the secpol.msc tool. You should not add the SQL Server Agent service account, SQL Server Writer service, or the SQL ServerIntegration service to the Generate security audits policy. Adding these services to the Generate securityaudits
policy will not enable the SQL server to write audit events to the Windows Security event log. To ensurethat failed login attempts are recorded in the Windows Security log, the SQL Server service account must beadded to the Generate security audits policy.Objective:
Managing SQL Server SecuritySub-Objective:
Audit SQL Server instances.References:
MSDN > MSDN Library > Servers and Enterprise Development > SQL Server > SQL Server 2008 > ProductDocumentation > SQL Server 2008 Books Online > Database Engine > Security and Protection > SecureOperation > SQL Server Encryption > Auditing (Database Engine) > SQL Server Audit How-to Topics > How to:Write Server Audit Events to the Security Log MSDN > MSDN Library > Servers and Enterprise Development > SQL Server > SQL Server 2008 > ProductDocumentation > SQL Server 2008 Books Online > Database Engine > Security and Protection > SecureOperation > SQL Server Encryption > Auditing (Database Engine) > Understanding SQL Server Audit