Which of the following reasons justifies why you should audit failed events?
A.
To log resource access for reporting and billing
B.
To monitor for malicious attempts to access a resource which has been denied
C.
None of these
D.
To monitor access that would suggest users are performing actions greater than you had planned
Explanation:
http://technet.microsoft.com/en-us/library/cc778162%28v=ws.10%29.aspx
Auditing Security Events Best practices
If you decide to audit failure events in the policy change event category, you can see if unauthorized
users or attackers are trying to change policy settings, including security policy settings. Although this
can be helpful for intrusion detection, the increase in resources that is required and the possibility of a
denial-of-service attack usually outweigh the benefits.
P.S. Download part of that 611q 70-417 dumps for free here:
https://doc.co/QB11rj
Good Luck!
0
0