PrepAway - Latest Free Exam Questions & Answers

You need to generate an audit event whenever Admin1 is denied access to a file or folder

Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2.
A local account named Admin1 is a member of the Administrators group on Server1.
You need to generate an audit event whenever Admin1 is denied access to a file or folder.
What should you run?

PrepAway - Latest Free Exam Questions & Answers

A.
auditpol.exe /set /userradmin1 /failure: enable

B.
auditpol.exe /set /user: admin1 /category: “detailed tracking” /failure: enable

C.
auditpol.exe /resourcesacl /set /type: file /user: admin1 /failure

D.
auditpol.exe /resourcesacl /set /type: key /user: admin1 /failure /access: ga

Explanation:
httpHYPERLINK “http://technet.microsoft.com/en-us/library/ff625687.aspx#_blank”:
//technetHYPERLINK “http://technet.microsoft.com/en-us/library/ff625687.aspx#_blank”.
microsoftHYPERLINK “http://technet.microsoft.com/en-us/library/ff625687.aspx#_blank”. com/enus/library/ff625687HYPERLINK “http://technet.microsoft.com/en-us/library/ff625687.aspx#_blank”.
aspx
To set a global resource SACL to audit successful and failed attempts by a user to perform generic
read and write functions on files or folders:
auditpol /resourceSACL /set /type: File /user: MYDOMAINmyuser /success /failure /access: FRFW
httpHYPERLINK “http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx#_blank”:
//technetHYPERLINK “http://technet.microsoft.com/enus/library/ff625687(v=ws.10).aspx#_blank”.HYPERLINK “http://technet.microsoft.com/enus/library/ff625687(v=ws.10).aspx#_blank”microsoftHYPERLINK “http://technet.microsoft.com/enus/library/ff625687(v=ws.10).aspx#_blank”.HYPERLINK “http://technet.microsoft.com/enus/library/ff625687(v=ws.10).aspx#_blank”com/en-us/library/ff625687%28v=wsHYPERLINK
“http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx#_blank”.HYPERLINK
“http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx#_blank”10%29HYPERLINK
“http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx#_blank”.HYPERLINK
“http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx#_blank”aspx
Syntax
auditpol /resourceSACL
[/set /type: <resource> [/success] [/failure] /user: <user> [/access: <access flags>]]
[/remove /type: <resource> /user: <user> [/type: <resource>]]
[/clear [/type: <resource>]]
[/view [/user: <user>] [/type: <resource>]]
References:
httpHYPERLINK “http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx #_blank”:
//technetHYPERLINK “http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx #_blank”.
microsoftHYPERLINK “http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx #_blank”.
com/en-us/library/ff625687%28v=wsHYPERLINK “http://technet.microsoft.com/enus/library/ff625687(v=ws.10).aspx #_blank”. 10%29HYPERLINK “http://technet.microsoft.com/enus/library/ff625687(v=ws.10).aspx #_blank”. aspx
httpHYPERLINK “http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx #_blank”:
//technetHYPERLINK “http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx #_blank”.
microsoftHYPERLINK “http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx #_blank”.

com/en-us/library/ff625687%28v=wsHYPERLINK “http://technet.microsoft.com/enus/library/ff625687(v=ws.10).aspx #_blank”. 10%29HYPERLINK “http://technet.microsoft.com/enus/library/ff625687(v=ws.10).aspx #_blank”. aspx
httpHYPERLINK “http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx #_blank”:
//technetHYPERLINK “http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx #_blank”.
microsoftHYPERLINK “http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx #_blank”.
com/en-us/library/ff625687HYPERLINK “http://technet.microsoft.com/enus/library/ff625687(v=ws.10).aspx #_blank”. aspx
httpHYPERLINK “http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx #_blank”:
//technetHYPERLINK “http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx #_blank”.
microsoftHYPERLINK “http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspx #_blank”.
com/en-us/library/ff625687%28v=wsHYPERLINK “http://technet.microsoft.com/enus/library/ff625687(v=ws.10).aspx #_blank”. 10%29HYPERLINK “http://technet.microsoft.com/enus/library/ff625687(v=ws.10).aspx #_blank”. aspx

4 Comments on “You need to generate an audit event whenever Admin1 is denied access to a file or folder

  1. Travis says:

    I couldn’t get answer C. to work until I added the /access parameter.

    “C:\Windows\system32>auditpol.exe /resourceSACL /set /type:File /user:itlab\adadmin /failure /access:FA”

    Otherwise, I would get this error:

    Examples:
    auditpol /resourceSACL /set /type:Key /user:MYDOMAIN\myuser /success
    auditpol /resourceSACL /set /type:File /user:MYDOMAIN\myuser /success /failure /access:FRFW
    auditpol /resourceSACL /set /type:File /user:everyone /success /failure /access:FRFW /condition:”(@Resource.Sensitivity == \”High\”)”
    auditpol /resourceSACL /type:File /clear
    auditpol /resourceSACL /remove /type:File /user:{S-1-5-21-56248481-1302087933-1644394174-1001}
    auditpol /resourceSACL /type:File /view
    auditpol /resourceSACL /type:File /view /user:MYDOMAIN\myuser
    Error 0x00000057 occurred:
    The parameter is incorrect.




    0



    0
  2. Arida says:

    Answer C: is right, without adding /access parameter, tested:

    auditpol /resourceSACL /set /type:File /user:moh /failure

    The command was successfully executed.




    0



    0

Leave a Reply