You work as the network administrator at certifyme.com. The certifyme.com
network consists of a single Active Directory domain named certifyme.com with sites
All servers on the certifyme.com network run Windows Server 2003 and all client
computers run Windows XP Professional. All users and computers belong to the
certifyme.com domain.
All file servers reside in an organizational unit (OU) named FileServers. Each file
server hosts several shared folders, some of which contain confidential financial
data. All domain users have permissions to access the information in the shared
folders. 350-001 You suspect that a domain user account has been used by a hacker to access
confidential financial information stored on a file server named certifyme-SR16.
You need to determine which user account has been compromised.
You plan to use auditing to track which users are logging on to the domain.
However, your desire is not to examine large volumes of information to view logon
attempts to domain resources. You want to use the least amount of disk space when
you audit access to domain resources.
What should you do?
A. Configure a Group Policy Object (GPO) that enables the Logon Events audit policy
for failure auditing and success auditing.
Link the GPO to the Active Directory container that contains your domain controllers.
B. Configure a Group Policy Object (GPO) that enables the Logon Events audit policy
for success auditing.
Link the GPO to the Active Directory container that contains your domain controllers.
C. Configure a Group Policy Object (GPO) that enables the Account Logon Events audit
policy for success auditing.
Link the GPO to the Active Directory container that contains your domain controllers
D. Configure a Group Policy Object (GPO) that enables the Account Logon Events audit
policy for failure auditing.
Link the GPO to the Active Directory container that contains your domain controllers.
Answer: C
Leading the way in IT testing and certification tools, www.certifyme.com
- 27 -
Explanation: The Account Logon Events policy setting is used to track which users
are logging on to your domain. 640-802
The Account Logon Events policy is enabled on
domain controllers. Enabling success auditing will result in an entry being placed in
the security log whenever a user makes a successful attempt to log on to the
certifyme.com domain by using a domain user account.
Incorrect Answers
A: The Logon Events audit policy is used to audit logon attempts using local computer
accounts. This policy will only log an event when a user logs on to a domain controller.
B: The Logon Events audit policy is used to audit logon attempts using local computer
accounts. This policy will only log an event when a user logs on to a domain controller.
D: Enabling failure auditing will result in an entry being placed in the security log
whenever a user makes an unsuccessful attempt to log on to the certifyme.com domain by
using a domain user account. You suspect that a domain user account is already being
used to access domain resources. VCP-310
Reference:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment