PrepAway - Latest Free Exam Questions & Answers

You need to ensure that events from the Security log ofDC1 are collected on Computer1

You have a client computernamed Computer1that runs Windows 7.
On Computer1, you configure a source-initiated subscription.
You configure the subscriptionto retrieve all events from the Windows logs of a domain controller
named DC1.
The subscription is configured to use the HTTP protocol.
You discover thatevents from theSecurity log ofDC1 arenot collected on Computer1.
Eventsfrom the Application logof DC1and the System logof DC1 are collectedon Computer1.
You need to ensure that events from the Security log ofDC1 are collected on Computer1.
What should you do?

PrepAway - Latest Free Exam Questions & Answers

A.
Add the computer account of Computer1 to the Event Log Readers group on the domain controller.

B.
Add the Network Service security principal to theEvent Log Readers group on the domain.

C.
Configure the subscription to use custom Event Delivery Optimization settings.

D.
Configure the subscription to use the HTTPS protocol.

Explanation:
Reference 1:
http://blogs.technet.com/b/askds/archive/2011/08/29/the-security-log-haystack-event-forwarding-and-you.aspx
Preparing Windows Server 2008 and Windows Server 2008 R2
You have to prepare your Windows Server 2008/2008 R2 machines for collection of security events. To dothis,
simply add the Network Service accountto the Built-in Event Log Readers group.
Reference 2:
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/8434ffb3-1621-4bc5-8311-66d88b215886/
How to collect security logs using event forwarding?
For Windows Vista, Windows Server 2008 and later version of clients, please follow the steps below to
configure it.
1. Click start->run, type CompMgmt.msc to open Computer Management Console.
2. Under Local Users and Groups, click Groups->EventLog Readers to open Event Log Readers Properties.
3. Click Add, then click Location button, select your computer and click OK.
4. Click Object Types button, check the checkbox of Build-in security principals and click OK.
5. Add “Network Service”build-in account to Event Log Readers group.
6. Reboot the client computer.
After these steps have been taken, you will see thesecurity event logs in the Forwarded Events on your event
collector.


Leave a Reply