HOTSPOT
You have a Group Policy object (GPO) named Server Audit Policy. The settings of the GPO are shown
in the Settings exhibit. (Click the Exhibit button.)
The scope of the GPO is shown in the Scope exhibit. (Click the Exhibit button.)
The domain contains a group named Group1. The membership of Group1 is shown in the Group1
exhibit. (Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise
select No. Each correct selection is worth one point.
Answer: 
Not all answers have been provided?
0
0
Maybe YNNN?
0
0
I thought the same too
0
0
I’ve tried on a lab, you’re right!
0
0
GPO is disabled so NNNN
https://technet.microsoft.com/en-us/library/cc776004%28v=ws.10%29.aspx
0
0
I think you may be looking at the wrong GPO?
0
0
I think YYNN ?
1
0
Answer should be YNYN. Look at the GPO, security filtering is enabled which means the GPO is only applied to Server28. Even though User 2 isn’t in Group 1, Server28 will still be audited since the GPO only applies to server 28
0
0
the correct answer is
YNNN
The “(GPO) named Server Audit Policy” audits only Success
and user2 is not in the group1
2
0
You’re right! Tested on a lab.
0
0
Audit File System: Success, Failure
Audit Group1: Success
Security Filtering: Server28
Answer: YYYY
0
1
Shawn is right. Think of this as about TWO separate rules invoking auditing.
First rule “Object Access” dosn’t differ WHO is accesing, it does audit when acces results end with success or failure. So it works with any user.
The second criteria is more stricts, it audits only attempts made by Group1 and only successfull ones. But anyway, it does not matter much, first criteria does its job. Result: YYYY
0
0
I believe Nelson is correct, NNNN. Why? Because all of you are overlooking the fact that the answers are in regards to Users…not Computers. And if you look at the GPO for User Configurations, it is disabled. Am I wrong?
0
0
Yes you are wrong.
This is a computer policy applied to a server.
0
0
The answer is: YNNN
The reason is that the questions asks if ALL succesful and failed attempts are logged.
Since NOT ALL files have a SACL the answer is NO by default.
However the “Global Object Access Auditing” policy is being applied to ALL files.
Since we only enabled “Success” it means the first question is Yes since User1 is member of Group1 which this policy is being applied to.
Short version of this article:
http://blogs.technet.com/b/askds/archive/2011/03/10/global-object-access-auditing-is-magic.aspx
Object Access\Audit File System:
If you configure this policy setting, an audit event is generated each time an account accesses a file system object with a matching SACL.
You can check if a file\folder has this setting enabled by going to it’s properties and then the Security Tab followed by the Advanced option and there is the “Auditing Tab”.
Global Object Access Auditing:
This policy setting allows you to apply a comprehensive object access audit policy to every file and folder on the file system for a computer.
LSASS.EXE is the process that handles Windows security auditing.
When the file is opened using GOAA, LSASS also adds to the SACL in memory, then reads it like it had been assigned on the resource directly.
3
0
You’re right, tested on lab. It is YNNN for sure.
0
0
Yup, BenSolo is right. We have audit only on Success. So YNNN
0
0
http://www.mcseanswers.com/new-updated-microsoft-mcsa-70-410-real-exam-questions-and-answers-download-311-320.html
0
0
Well I’ve tested and I only was able to audit success with both users. Still dont know what the real answer is.
0
0
Bensolo is right. YNNN is correct.
0
0