Please answer the questions carefully - carefully. Thanks Ann, a new systems adm
ID: 3911920 • Letter: P
Question
Please answer the questions carefully - carefully. Thanks
Ann, a new systems administrator, is enabling auditing of server file access successes and failures. She has configured the System policy to enable auditing for file access. However, when she reviews the event logs, she does not see any updates to the log files, which of the following should be done to ensure capture of audit logs?
A) Restart the audit service to enable the logs to be collected,
B) Enable the objects' properties for auditing,
C) Set write permissions on the folders to be audited.
D) Configure an audit security group, and assign the group to the share files
Explanation / Answer
The answer for the above question is B Enable the objects' properties for auditing.
The main purpose of auditing a file/folder is to find out any unauthorised ways of attempt to enter to the system has been performed.
The steps involved in auditing success or failure of any file/folder is as follows,
1. Before performing any audit, we have to ensure that we are enabling the enable object access setting in the group policy. To open this , we have log the machine using any local account->control panel->Administrative Tools icon -> Local Security Policy . Move the tree and find Security Settings -> Local Policies ->Audit Policy. When you select the Audit Policy container, the column to the right will display a number of different events that you can audit from which we can decide on the things that need to be audited. If you do not enable this setting then there will be a error message and no file or folder will be audited.
2. now we can either :
3. Type box will indicate what actions you want to audit by selecting the appropriate check boxes: