What is the purpose of auditing in Windows Server 2008, and how do you enable object access auditing?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Longhorn Server Training Test with our quiz. Study with flashcards and multiple choice questions. Each question includes hints and explanations to enhance your learning experience. Get ready to ace your exam!

Multiple Choice

What is the purpose of auditing in Windows Server 2008, and how do you enable object access auditing?

Explanation:
Auditing is about tracking security-related actions, such as who accessed a resource, what they did, and when it happened. In Windows Server 2008, you turn this on by enabling a policy that controls auditing and then specifying exactly which objects should log access events. First, enable the auditing policy for object access through Group Policy (Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy, and enable Audit object access for success and/or failure). Then tell Windows what to audit on each object: go to the object's Security settings, open Advanced, use the Auditing tab to add a principal (for example, Everyone or a specific user or group) and choose the access types to log (Read, Write, Delete, etc.) plus whether to log successful attempts, failed attempts, or both. Once configured, access events for those objects will appear in the Security log, providing a record of who did what and when. This matches why the statement is correct: auditing records security-related events and requires both policy configuration and object-level auditing settings to log actual access events. It’s not limited to servers or to automatic operation, and it isn’t only about audit logs themselves.

Auditing is about tracking security-related actions, such as who accessed a resource, what they did, and when it happened. In Windows Server 2008, you turn this on by enabling a policy that controls auditing and then specifying exactly which objects should log access events.

First, enable the auditing policy for object access through Group Policy (Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy, and enable Audit object access for success and/or failure). Then tell Windows what to audit on each object: go to the object's Security settings, open Advanced, use the Auditing tab to add a principal (for example, Everyone or a specific user or group) and choose the access types to log (Read, Write, Delete, etc.) plus whether to log successful attempts, failed attempts, or both. Once configured, access events for those objects will appear in the Security log, providing a record of who did what and when.

This matches why the statement is correct: auditing records security-related events and requires both policy configuration and object-level auditing settings to log actual access events. It’s not limited to servers or to automatic operation, and it isn’t only about audit logs themselves.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy