Fill This Form To Receive Instant Help

Help in Homework
trustpilot ratings
google ratings


Homework answers / question archive / Test Bank, Lesson 7 Configure Advanced Audit Policies Multiple Choice 1) Authentication is used for what purpose? a

Test Bank, Lesson 7 Configure Advanced Audit Policies Multiple Choice 1) Authentication is used for what purpose? a

Business

Test Bank, Lesson 7 Configure Advanced Audit Policies

Multiple Choice

1) Authentication is used for what purpose?

a. to grant access to a user

b. to verify a user’s identity

c. to determine security restrictions

d. to calculate effective permissions

 

2. Authorization is used for what purpose?

a. to grant access to a user

b. to verify a user’s identity

c. to determine security restrictions

d. to calculate effective permissions

 

 

3. Auditing is used for what purpose?

a. authenticating users

b. authorizing users

c. recording user’s actions

d. assessing a user’s permissions

 

4. Why is choosing what to audit, instead of auditing everything that a user does, a good idea?

a. High levels of auditing can affect system performance.

b. Auditing sets up an air of suspicion for users.

c. Extensive audit trails often lead to too much troubleshooting.

d. Auditing requires a high level of expertise to set up and maintain.

 

5. Before Windows 2008 R2, only nine basic audit settings existed. Windows Server 2012 introduces a total of how many audit subsettings?

a. 23

b. 53

c. 56

d. 64

 

6. What is the purpose of implementing new audit subsettings?

a. so that you can fill up Event Logs even faster than before

b. so that you can build intricate audit trails for regulatory compliance

c. so that you can audit every possible user process

d. so that you can focus on important audit items

 

7. Why should you avoid using basic audit policy settings and advanced audit policy settings together?

a. That amount of auditing will fill up Event Logs too quickly.

b. The two audit setting ranges have too much redundancy or overlap between them.

c. Setting too many policies can put your system in an “out of compliance” state.

d. Audit policies might cause conflicts or erratic behavior.

 

8. Which command do you use to manage auditing at the command prompt?

a. Audit.exe

b. AdPolicy.exe

c. AuditPol.exe

d. Policy.exe

 

9. Where can you view audit events?

a. in the C:\Temp\Logs folder as text files

b. in System logs in Event Viewer

c. in Security logs in Event Viewer

d. by using audit /logs at the command line

10. Which auditing feature allows you to define computer-wide system access control lists for the file system or the registry?

a. Global Object Access Auditing

b. Filereg Auditing

c. Registry Trail Auditing

d. System Tracker Auditing snap-in

 

 

11. By using what type of policy can you track, limit, or deny a user’s ability to use removable storage devices such as USB drives in Windows Server 2012 R2?

a. USB Storage Access

b. Removable Storage Access

c. Removable Device Access

d. Storage Device Audit

 

12. Which utility do you use to access advanced audit policy settings?

a. Local Policy Editor

b. Group Policy Editor

c. Domain Policy Editor

d. Schema Policy Editor

 

13. What type of audit event notifies you that an account failed to log on?

a. DS Access

b. Object Access

c. Privilege Use

d. Logon/Logoff

 

 

14. Shutting down the system is an example of what kind of audit event?

a. Privilege Use

b. System

c. Logon/Logoff

d. Policy Change

 

 

15. When resetting audit settings back to basic mode, what file must you remove as part of the process?

a. policies.txt

b. audit.txt

c. policies.csv

d. audit.csv

 

 

Short Answer

 

16. Auditing NTFS files, NTFS folders, and printers is a two-step process. What are the two steps?

 

 

17. When you enable object auditing, you generate many other events that also get recorded, including what two types of filtering?

 

 

18. On which types of objects can you enable object auditing?

 

 

19. List any three of the nine basic audit events.

 

20. What do you hope to find by enabling basic auditing?

 

21. Active Directory sets up some default monitoring and auditing. List the three account-related default audited events.

 

 

Best Answer

 

22. Why is it a good idea (other than the effect on system performance) to set up auditing for only those objects that you really need to focus on?

a. Object auditing is complex and requires a lot of time to set up.

b. Searching through too many events makes finding problems more difficult.

c. By enabling object auditing, you also enable many other events.

d. Auditing too many events adds an extra layer of complexity to management tasks.

 

 

23. Why are success audits as important as failure audits?

a. Successes are important to troubleshooting for establishing baselines of normal behavior.

b. Successes are included by default and can be filtered out.

c. Successes can point to security breaches as well as normal behavior.

d. Successes allow you to track activity such as new account creation.

 

 

24. Why would auditing include logon and logoff times?

a. These are simply default audit types for accounts.

b. Logon and logoff times can help track user’s work hours.

c. Logon and logoff times can help pinpoint who was logged on during a failure.

d. Logon and logoff events can track system usage for capacity planning.

 

 

Build List

 

25. Order the following steps for setting up Printer Event Auditing.

a. Right-click and select Printer properties.

b. On the Security tab, click Advanced.

c. To specify a user or group, click Select a principal.

d. Select the Auditing tab.

e. For Type, select Success, Fail, or All.

f. Click the Add button to open the Auditing Entry for Microsoft XPS Document Writer dialog box.

g. Choose Control Panel > View devices and printers.

 

 

26. Order the following steps required to audit account logon.

a. Double-click Audit account logon events.

b. Expand Computer Configuration, Windows Settings, Security Settings, Local Policies, and select Audit Policy.

c. Select Define these policy settings and select both Success and Failure.

d. Right-click the Default Domain Control Default Policy and click Edit.

e. Expand the Domain Controllers to show the Default Domain Controllers Policy.

f. Server Manager->Tools->Group Policy Management.

27. Order the following steps required to configure monitoring of removable storage devices.

a. In the console tree, right-click a group policy object, and then click Edit.

b. Select the Configure the following audit events check box, select the Success check box, and then click OK.

c. Choose Server Manager > Tools > Group Policy Management.

d. Double-click Computer Configuration, double-click Security Settings, double-click Advanced Audit Policy Configuration, and double-click Object Access.

e. Double-click Audit Removable Storage.

 

Repeated Answer

 

28. The powerful auditpol.exe command-line utility is widely used in automated scripting solutions. Select the correct action for the auditpol.exe /remove /allusers command.

a. Delete the per-user audit policy for all users, reset or disable the system audit policy for all subcategories, and then set the audit policies settings to disable.

b. Remove the per-user audit policy for a single user’s account.

c. Remove the per-user audit policy for all users.

d. Show an authoritative report on what audit settings are being applied.

 

 

29. The powerful auditpol.exe command-line utility is widely used in automated scripting solutions. Select the correct action for the auditpol.exe /get /category:* command.

a. Delete the per-user audit policy for all users, reset or disable the system audit policy for all subcategories, and then set the audit policies settings to disable.

b. Remove the per-user audit policy for a single user’s account.

c. Remove the per-user audit policy for all users.

d. Show an authoritative report on what audit settings are being applied.

 

 

30. The powerful auditpol.exe command-line utility is widely used in automated scripting solutions. Select the correct action for the auditpol.exe /clear command.

a. Delete the per-user audit policy for all users, reset or disable the system audit policy for all subcategories, and then set the audit policies settings to disable.

b. Remove the per-user audit policy for a single user’s account.

c. Remove the per-user audit policy for all users.

d. Show an authoritative report on what audit settings are being applied.

 

 

 

31. The powerful auditpol.exe command-line utility is widely used in automated scripting solutions. Select the correct action for the auditpol.exe /remove /user:username command.

a. Delete the per-user audit policy for all users, reset or disable the system audit policy for all subcategories, and then set the audit policies settings to disable.

b. Remove the per-user audit policy for a single user’s account.

c. Remove the per-user audit policy for all users.

d. Show an authoritative report on what audit settings are being applied.

 

 

Option 1

Low Cost Option
Download this past answer in few clicks

8.87 USD

PURCHASE SOLUTION

Already member?


Option 2

Custom new solution created by our subject matter experts

GET A QUOTE