If you shut down a server, an audit event occurs. This event is this.
What is the Privilege Use event?
100
The reason behind event auditing including logon and logoff times in the case of a system outage.
What is - it allows the administrator to pinpoint who was logged in during a failure.
100
The purpose for implementing new audit subsettings.
What is - you cut down the number of log entries and can focus on what is important to you?
200
DNS uses this TSP/UDP port.
What is 53?
200
Use this utility to access advanced audit policy settings.
What is Group Policy Editor?
200
This gives access to an authenticated user.
What is authorization?
200
This event is generated by a failed attempt to log on to a locked-out account.
What is the Audit Account Lockout event?
200
DNS uses this to map a host name to an IP address.
What is FQDN? (Fully Qualified Domain Name)
300
Purpose for implementing auditing selectively instead of auditing everything.
What is high levels of auditing can affect the performance of the computer you audit.
300
Every time a user accesses a web page and before the web server can be contacted the client computer must have this information.
What is the IP address?
300
List the two steps used audit NTFS files, NTFS folders, and printers.
What is - You must first enable object access using Group Policy, and then you must specify which objects you want to audit?
300
To view audit events open this log in Event Viewer.
What is the security log?
300
The basic reason(s) behind enabling basic auditing.
What is - Using auditing logs enables you to determine whether any security breaches have occurred and to what extent?
400
Name the reason why success audits are as important as failure audits.
What is successes allow you to track activity such as new account creation?
400
This lets you define computer-wide system access control lists for the file system or the registry.
What is Global Object Access Auditing?
400
Organizations can limit or deny users the ability to use removable storage devices by using this.
What is using the Removable Storage Access policy?
400
Command line command used to obtain an authoritative report on what audit settings are being applied.
What is auditpol.exe /get /category:* ?
400
This keeps a record of users who have logged on, what they accessed or tried to access, and what actions they performed.
What is auditing?
500
Use this command to manage auditing at the command prompt.
What is auditpol.exe
500
Command line command used to remove per-user audit policy for all users.
What is auditpol.exe /remove /allusers?
500
Reason to avoid using basic and advanced audit policy settings together.
What is using both together can cause conflicts or erratic behavior?
500
Name the types of objects on which you can enable object auditing.
What are registry objects, files, folders, and printers?
500
If you need to go back to the basic audit settings after enabling Advanced Audit Policy Configuration, you need to perform this action and then delete this file.
What is Set all Advanced Audit Policy subcategories to Not configured, delete the %systemroot%\security\audit\audit.csv file ?