Manage systems that are running Windows Vista

Posted on

These questions are based on 70-622 – PRO: Upgrading your MCDST Certification to MCITP Enterprise Support Microsoft Software Practice Self-Test.

 

Objective: Manage and maintain systems that are running Windows Vista
SubObjective: Troubleshoot policy settings

 

Single Answer, Multiple Choice

 

You are the desktop support technician for your company. All client computers on the company’s network run Windows Vista. You are in the process of configuring audit policies for the computers on the network. You want to ensure an event entry is logged each time a user attempts to clear the audit log.

 

Which audit policy should you enable?

 

 

  1. Audit system events
  2. Audit object access
  3. Audit privilege use
  4. Audit policy change

 

Answer:

 

 

  1. Audit system events

 

Tutorial:
You should enable the Audit system events policy. You can secure your computer by auditing or monitoring various types of events on the computer. By configuring auditing you can track events such as when a change is made and who made the change. There are five different types of events that can be monitored, namely account management, logon, object access, policy change and system events. When you configure auditing any of these types of events, Windows will record the events in a log that you can review by using Event Viewer. To ensure that an event entry is logged each time a user attempts to clear the audit log, you should enable the Audit system events policy. The Audit system events policy determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log. While defining this policy setting, you can specify whether to audit successful attempts, audit unsuccessful attempts, or not audit the event type at all. Success audits generate an audit entry when a system event is executed successfully. Failure audits generate an audit entry when a system event is attempted unsuccessfully.

 

You should not enable the Audit object access policy. This security setting can be used to audit the event of a user accessing an object, such as a file, folder, registry key or printer, which has its own System Access Control List (SACL) specified. For example, you can enable the Audit object access policy when you want to ensure that any user attempts to modify the registry settings are logged. Enabling the Audit object access policy will not ensure that an event entry is logged each time a user attempts to clear the audit log.

 

You should not enable the Audit privilege use policy. This policy setting can be used to determine whether to audit each instance of a user exercising a user right. Enabling the Audit privilege use policy will not ensure that an event entry is logged each time a user attempts to clear the audit log.

 

You should not enable the Audit policy change policy. This policy setting can be used to audit every incident of a change to user rights assignment policies, audit policies, or trust policies. Enabling the Audit policy change policy will not ensure that an event entry is logged each time a user attempts to clear the audit log.

 

Reference:
Windows Vista Help and Support > Monitor attempts to access and change settings on your computer

 

Windows Server 2003 Technical Library > Windows Server 2003: Product Help > Windows Server 2003 Product Help > Security > Security Configuration Manager > Security Configuration Manager Concepts > Using Security Configuration Manager > Security Setting Descriptions > Windows Server TechCenter > Local Policies > Auditing Policy

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: