Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Server Admin I > Server Admin I Unit 8.4 Audit Policy > Flashcards

Server Admin I Unit 8.4 Audit Policy Flashcards

1
Q

auditing

A

Recording of system events and other system changes which are enabled by audit policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Account Logon Audit Policy(2)

A

Tracks when a user account authenticates to a computer.

Local user accounts are recorded on local computer and domain user accounts are recorded on domain controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Event Log Subscription

A

Allows for centralizing of event logs from multiple computers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Account Management Audit Policy

A

Tracks changes to user accounts including create, rename, disable/enable, delete, and password changes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Directory Service Access

A

Tracks changes to Active Directory objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

4 Subcategories of Directory Service

A
  1. Directory Service Access
  2. Directory Service Changes
  3. Directory Service Replication
  4. Detailed Directory Service Replication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the difference between Directory Service Access Audit Policy and Directory Service Changes Audit Policy?

A

Directory Service Access tells when a change was made.

Directory Service Changes records the values for the original setting as well as the values for the change.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

auditpol/set/

A

cmd to enable auditing for individual categories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Logon Audit Policy

A

Tracks login/off on local system or when network connection is made.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Object Access Audit Policy

A

Tracks access to files , folders, printers, certificate authority actions, access to specific registry settings, or access to specific Internet Information Services Metabase settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Policy Change Audit Policy

A

Tracks changes to user rights, trust relationships, IPsec and Kerberos policies or audit policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Priviledge Use Audit Policy

A

Tracks when a user exercises a user right or when admin takes ownership of an object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Process Tracking Audit Policy

A

Records actions taken by applications, which is mainly used for debugging and tracking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

System Audit Policy

A

Tracks system shutdown, restart, or system services starts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Where must auditing be enabled for Directory Service Access & Object Access Audit Policies ?

A
  1. Enable auditing in local security policy or Group Policy.

2. Configure auditing in specific objects to be tracked.
System Access Control List of AD object or NTFS file/folder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How to configure logs to properly save audit data.

A
  1. Use Event Log policies to configure Security log size and retention method.
  2. Preserve logged actions by configuring to not overwrite events.
  3. Enable “Audit: Shut down system immediately if unable to log security audits” (aka Crash On Audit Fail)
17
Q

What is needed to make Advanced Auditing Changes in pre WinServer’08 R2 systems?

A

auditpol.exe

Server Admin I (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions