HOTSPOT
Your network contains 25 Web servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:
Generate an event each time a new process is created.
Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure?
To answer, select the appropriate two auditing policies in the answer area.
Answer: 
Explanation:
Further information:
http://www.microsoft.com/en-us/download/details.aspx?id=17871
0
0
A well explained example on how to use it:
http://www.petri.com/configure-global-object-access-auditing-windows-server.htm
0
0
Detailed Trackingmonitor the activities of individual applications, to understand how a computer is being used, and the activities of users on that computer. This category includes the following subcategories:
Audit DPAPI Activity
Audit Process Creation
Audit Process Termination
Audit RPC Events
Object Accessa user accessing an object–for example, a file, folder, registry key, printer, and so forth–that has its own system access control list (SACL) specified.
Meaning that afterwards, you will have to configure the SACL of the file.
0
0
https://technet.microsoft.com/en-us/library/dd772743(v=ws.10).aspx
answer is correct
0
0
detailed tracking and object access
https://technet.microsoft.com/en-us/library/Dn319056.aspx
0
0
“Generate an event each time a user attempts to access a file share.”
Wouldn’t Logon/Logoff – Audit Logon be best suited for the task? Quoting from the explanation in the gpedit snapin;
“For a network logon, such as accessing a shared folder on the network, the [logon] security audit event is generated on the computer hosting the resource.”
0
1