Microsoft Exam Questions

Which two auditing policies should you configure?

Your network contains 25 Web servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:
Generate an event each time a new process is created.

Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure? To answer, select the appropriate two auditing
policies in the answer area.

A.
Audit access management (Not Defined)

B.
Audit directory service access (Not Defined)

C.
Audit logon events (Not Defined)

D.
Audit Object (Not Defined)

E.
Audit policy change(Not Defined)

F.
Audit privilege use (Not Defined)

G.
Audit process tracking (Not Defined)

H.
Audit system events(Not Defined)

Explanation:
* Audit Object Access
Determines whether to audit the event of a user accessing an object (for example, file, folder,
registry key, printer, and so forth) which has its own system access control list (SACL) specified.
* Audit Process Tracking
Determines whether to audit detailed tracking information for events such as program activation,
process exit, handle duplication, and indirect object access.

Audit object access
https://technet.microsoft.com/en-us/library/cc976403.aspx

Audit Process Tracking
https://technet.microsoft.com/en-us/library/cc976411.aspx