HOTSPOT
Yournetwork contains 25 Web servers that run Windows Server 2012 R2.
You need to configure auditing policies that meet the following requirements:
Generate an event each time a new process is created.
Generate an event each time a user attempts to access a file share.
Which two auditing policies should you configure?
To answer, select the appropriate two auditing policies in the answer area.
Explanation:
<map><m x1=”269″ x2=”371″ y1=”139″ y2=”152″ ss=”0″ a=”0″ /><m x1=”269″ x2=”378″
y1=”179″ y2=”195″ ss=”0″ a=”0″ /></map>
* Audit object access
Determines whether to audit the event of a user accessing an object (for example, file, folder,
registry key, printer, and so forth) which has its own system access control list (SACL) specified.
* Audit process tracking
This security setting determines whether to audit detailed tracking information for events such as
program activation, process exit, handle duplication, and indirect object access. https://technet.microsoft.com/en-us/library/cc976403.aspx https://technet.microsoft.com/sv-se/library/Cc775520(v=WS.10).aspx
411
1
0