Your company has a serverthat runs Windows Server 2008 R2.
Active Directory Certificate Services (AD CS) is configured as a standalone Certification Authority (CA)
on the server.
You need to audit changes to the CA configuration settings and the CA security settings.
Which two tasksshould you perform?
(Each correct answer presents part of the solution. Choose two.)

A.
Configure auditing in the Certification Authoritysnap-in.

B.
Enable auditing of successful and failed attemptsto change permissions on files in the %SYSTEM32%
\CertSrv directory.

C.
Enable auditing of successful and failed attemptsto write to files in the %SYSTEM32%\CertLog directory.

D.
Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate
Services (AD CS) server.

Explanation:
http://technet.microsoft.com/en-us/library/cc772451.aspx
Configure CA Event Auditing
You can audit a variety of events relating to the management and activities of a certification authority (CA):
Back up and restore the CA database.
Change the CA configuration.
Change CA security settings.
Issue and manage certificate requests.
Revoke certificates and publish certificate revocation lists (CRLs).
Store and retrieve archived keys.
Start and stop Active Directory Certificate Services (AD CS).
To configure CA event auditing
1. Open the Certification Authority snap-in.
2. In the console tree, click the name of the CA.
3. On the Action menu, click Properties.
4. On the Auditing tab, click the events that you want to audit, and then click OK.
5. On the Action menu, point to All Tasks, and then click Stop Service.
6. On the Action menu, point to All Tasks, and then click Start Service.
Additional considerations
To audit events, the computer must also be configured for auditing of object access. Audit policy options
can be viewed and managed in local or domain Group Policy under Computer Configuration\Windows
Settings\Security Settings\Local Policies.