The reason for NOT using basic audit settings with advanced audit policy settings together.
What is using both audit policies might cause conflicts or erratic behavior?
100
This event is generated by a failed attempt to log on to a locked-out account.
What is Audit Account Lockout ?
100
The main reason for using auditing logs.
What is using auditing logs enables you to determine whether any security breaches have occurred and to what extent?
100
A DNS resolver is a service that uses the DNS protocol to query for information about DNS servers using this port.
What is port 53?
200
This is used to record user's actions.
What is auditing?
200
To manage auditing at the command prompt or using script files, use this command.
What is AuditPol.exe?
200
This event is generated by the use of non-sensitive privileges, such as accessing this computer from the network, adding a workstation to the domain, allowing logging on locally, changing the system time, creating a page file, and shutting down the system.
What is the Privilege Use event ?
200
List any three account-related default audited events.
What are account logon, account management, directory service access, logon, object access, policy change, privilege use, process tracking, and system?
200
Second level domains are registered to these entities.
What is individuals and organizations?
300
A reason NOT to audit everything that a user does.
What is auditing everything will cause high levels of network activity and affect system performance.
300
To view audit events, open this log in the Event Viewer.
What is the Security logs?
300
Auditing NTFS files, NTFS folders, and printers is a two-step process. List these steps.
What is (1) enable object access using Group Policy?
What is (2) you must specify which objects you want to audit?
300
To remove the per-user audit policy for all users, perform this command.
What is auditpol.exe /remove /allusers?
300
In DNS terms a device on a network is called by this name.
What is a host?
400
Server 2012 introduced this number of auditing subsettings.
What is 56?
400
This lets you define computer-wide system access control lists for the file system or the registry.
What is Global Object Access Auditing
400
After you enable object access auditing, you have to enable auditing on the specific object that you want to enable. These objects include these things.
What is registry objects, files, folders, and printers?
400
If you want to get an authoritative report on what audit settings are being applied, use this command.
What is auditpol.exe /get /category:* ?
400
The DNS client is also known as this.
What is the DNS resolver?
500
This is the reason for implementing new audit subsettings in Server 2012.
What is so you can focus on important audit items?
500
Organizations can limit or deny users the ability to use removable storage devices by using this.
What is the Removable Storage Access policy?
500
There are nine basic audit events. Name any three.
What are authentication, authorization, successful login, failed login, AD account changes, accessed or changed files, used printers, restarted a system, and made system changes
500
To delete the per-user audit policy for all users, reset or disable the system audit policy for all subcategories, and then set the audit policies settings to disable, execute this command.
What is auditpol.exe /clear ?
500
By using Active Directory–integrated zones, DNS follows this type model.