1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

70-215 QOTD 10/5/2004

Discussion in 'Windows Server 2003 / 2008 / 2012 Exams' started by AJ, May 10, 2004.

  1. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    You are a W2K network administrator for your company. All computers in the Marketing Dept belong to the Marketing organisational unit (OU). You suspect that someone has been trying to gain unauthorised access to files on the computers in Marketing. You want to identify that person without affecting other computers. Which 2 steps should you take to accomplish this task with the least amount of administrative effort?

    a. Enable an audit policy for the Marketing OU

    b. Enable auditing for the Everyone grouop for the files or folders that you suspect are under attack.

    c. Enable an audit policy for each computer in the Marketing OU.

    d. Enable auditing for the Marketing group.

    Answer tomorrow
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  2. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    Well no takers for this one yet. Come on, who's first :?: :?:
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  3. flex22

    flex22 Gigabyte Poster

    1,679
    0
    69
    Tonight Matthew, i'm going to be ABBA :!:

    Answer: ABBA
     
  4. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    errrrm, don't know how to say this without seeming rude but the question says 2 answers Flex :oops:

    @ Flex - Doh :eek:
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  5. flex22

    flex22 Gigabyte Poster

    1,679
    0
    69
    Good grief man, can't you see :eek:

    I've put it twice :tongue
     
  6. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    I'll choose A and B too.

    @Flex, does putting two answers twice mean that you have four answers? :lol:
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  7. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    A and B
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  8. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    I'll go with the consensus opinion: A and B. Besides, I remember that group from the '80s. :wink:
     
    Certifications: A+ and Network+
  9. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    Well folks full points all round the answer is A + B

    Explanation

    To track access attempts to file resources on computers in the Marketing OU, you should first create a Group Policy object(GPO) linked to the OU. Open the policy in Group Policy Editor and navigate to the node Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy. In the right pane, click Audit object access, select Security from the Action window and enable auditing of success and failure. Then you should use Windows Explorer to configure auditing for particular files and folders on the appropriate computers. Instead of creating a GPO for the OU, you can enable an audit policy locally on each computer. However this would require more effort than configuring a single policy one time. If you audit access only by users who belong to the Marketing group, then you may miss the perpetrator because he or she may be anyone, not necessarily a member of the Marketing group.
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................

Share This Page

Loading...