70-215 QOTD 10/5/2004

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

You are a W2K network administrator for your company. All computers in the Marketing Dept belong to the Marketing organisational unit (OU). You suspect that someone has been trying to gain unauthorised access to files on the computers in Marketing. You want to identify that person without affecting other computers. Which 2 steps should you take to accomplish this task with the least amount of administrative effort?

a. Enable an audit policy for the Marketing OU

b. Enable auditing for the Everyone grouop for the files or folders that you suspect are under attack.

c. Enable an audit policy for each computer in the Marketing OU.

d. Enable auditing for the Marketing group.

Answer tomorrow

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Well no takers for this one yet. Come on, who's first :?: :?:

 

errrrm, don't know how to say this without seeming rude but the question says 2 answers Flex

@ Flex - Doh

 

Well folks full points all round the answer is A + B

Explanation

To track access attempts to file resources on computers in the Marketing OU, you should first create a Group Policy object(GPO) linked to the OU. Open the policy in Group Policy Editor and navigate to the node Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy. In the right pane, click Audit object access, select Security from the Action window and enable auditing of success and failure. Then you should use Windows Explorer to configure auditing for particular files and folders on the appropriate computers. Instead of creating a GPO for the OU, you can enable an audit policy locally on each computer. However this would require more effort than configuring a single policy one time. If you audit access only by users who belong to the Marketing group, then you may miss the perpetrator because he or she may be anyone, not necessarily a member of the Marketing group.