You work as the network administrator at certifyme.com. The certifyme.com
network consists of a single Active Directory domain named certifyme.com. All
servers on the certifyme.com network run Windows Server 2003 and all client
computers run Windows XP Professional. All servers reside in an organizational
unit (OU) named Servers.
Leading the way in IT testing and certification tools, www.certifyme.com
- 37 -
One of the servers named certifyme-DC01 has been configured as a domain
controller and another server named certifyme-FS02 has been configured as a file
server. certifyme-FS02 hosts several shared folders; one of these shared folders is
named ConfidentialDocs. As the name indicates, it holds sensitive data that is meant
for the certifyme.com managers only. 350-001 All the certifyme.com managers enjoy
membership of a global security group named Managers. This group has been
granted Full Control permission over the ConfidentailDocs folder.
One of the certifyme.com managers named Clive Wilson complained that he is no
longer able to access the ConfidentialDocs folder and requested that the issue be
resolved. You investigate the mater and discover that Clive Wilson's user account
has been removed from the Managers global group. You then add Clive Wilson's
user account to the Managers global group again. Now you want to find the culprit
that removed Clive Wilson's user account from the Managers global group. Thus
you need to monitor all attempts to modify any group's membership.
What should you do?
A. Configure Audit account management policy for failure.
B. Configure Audit directory service access policy for success and failure.
C. Configure Audit account management policy for success and failure.
D. Configure Audit object access policy for success and failure.
E. Configure Audit privilege use policy for success and failure.
F. Configure Audit directory service access policy for failure.
Answer: C
Explanation: This policy will allow you to track events such as password changes and
the creation, deletion as well as modification of user account groups. The requirements in
this questions states that you need to monitor all attempts at modifying the group
membership of the Managers global group, thus you should audit both success and failed
events. 640-802
Incorrect Answers:
A : This is only partly correct since you need to monitor both success and failed attempts.
B : The Audit directory service access policy monitors the events that are created when a
user who accesses an Active Directory object has its own SACL. Thus configuring this
policy to track failed and successful events will result in a record of all events in which a
user gains access to a directory service object, e.g. the Managers global group. Thus it
would not yield the required records in this scenario.
D : The Audit privilege use policy will track events created when a user exercises a user
right. This policy auditing will not yield the required information tracking.
Leading the way in IT testing and certification tools, www.certifyme.com
- 38 -
E : The Audit object access setting is configured to record every time that a user accesses
an object whether it was successful or not. This is not what needs to be monitored.
F : The Audit directory service access policy monitors the events that are created when a
user who accesses an Active Directory object has its own SACL. VCP-310 Thus configuring this
policy to track failed events will result in a record of all events in which a user gains
access to a directory service object, e.g. the Managers global group. Thus it would not
yield the required records in this scenario.
Reference:
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment