ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-100 All Questions

View all questions & answers for the MD-100 exam
Go to Exam

Exam MD-100 topic 3 question 10 discussion

Actual exam question from Microsoft's MD-100
Question #: 10
Topic #: 3
[All MD-100 Questions]

You have a computer named Computer1 that runs Windows 10. Computer1 contains a folder named Folder1.
You need to log any users who take ownership of the files in Folder1.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Modify the folder attributes of Folder1.
  • B. Modify the Advanced Security Settings for Folder1.
  • C. From a Group Policy object (GPO), configure the Audit Sensitive Privilege Use setting.
  • D. From a Group Policy object (GPO), configure the Audit File System setting.
  • E. Install the Remote Server Administration Tools (RSAT).
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by Lefteris at Jan. 10, 2020, 3:33 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Nullianac
Highly Voted 4 years, 10 months ago
Hi guys, the original answer is correct - B and D. I've just tested this on my own machine - after setting the auditing in folder permissions, i then enabled the Audit object access for success and failure. Took ownership of a file in the test folder and could clearly see the corresponding logs in the Security event log. I then turned off Audit object access, then changed the owner again, this time there were no log entries. Doesn't look like you need to enable Audit sensitive privilege use in this case if all they are asking for is who is taking ownership.
upvoted 22 times
neobahamutk
3 years, 4 months ago
That's right. B,D. Audit Sensitive Privilege has the option Take ownership of files or other objects, but it does not generate a event stating that the file's owner has been changed. It generates an event when an attempt was made to perform privileged system service operations. So it doesn't generate a event with owner change information. The audit file system has the log 4670(S): Permissions on an object were changed, This event generates when the permissions for an object are changed. The object could be a file system, registry, or security token object. And this event only appears when the audit file system is used. Look on descritions of the event that each generate. https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-file-system https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-sensitive-privilege-use https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4670
upvoted 6 times
...
...
Mizzjhaded
Highly Voted 4 years, 11 months ago
I highly recommend to whoever is the moderator of this page to try to get your sources from official Microsoft article pages.
upvoted 6 times
...
992376247
Most Recent 1 year, 10 months ago
duvidei...
upvoted 1 times
...
dlast
2 years, 1 month ago
Selected Answer: BC
Answer is correct https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-sensitive-privilege-use
upvoted 1 times
...
Buruguduystunstugudunstuy
2 years, 3 months ago
Selected Answer: BD
The two actions that you should perform to log any users who take ownership of the files in Folder1 are: B. Modify the Advanced Security Settings for Folder1. You can modify the Advanced Security Settings for Folder1 to enable auditing of the "Take ownership of files or other objects" privilege. This will allow you to log any users who take ownership of the files in Folder1. To do this, follow these steps: 1. Right-click on Folder1 and select "Properties". 2. Click on the "Security" tab and then click on the "Advanced" button. 3. Click on the "Auditing" tab and then click on the "Add" button. 4. Enter the name of the user or group that you want to audit and then click on the "OK" button. 5. In the "Auditing Entry" dialog box, select the "Successful" option for the "Take ownership of files or other objects" privilege. 6. Click on the "OK" button to save the changes.
upvoted 1 times
Buruguduystunstugudunstuy
2 years, 3 months ago
D. From a Group Policy object (GPO), configure the Audit File System setting. You can use Group Policy to configure the "Audit File System" setting to enable auditing of file and folder access on the Windows 10 computer. This will allow you to log any changes made to the files and folders, including changes in ownership. To do this, follow these steps: 1. Open the Group Policy Management Console. 2. Create or select a Group Policy Object that applies to the Windows 10 computer. 3. Navigate to "Computer Configuration" > "Windows Settings" > "Security Settings" > "Advanced Audit Policy Configuration" > "Audit Policies" > "Object Access". 4. Double-click on the "Audit File System" policy setting. 5. Select the "Success" option to audit successful file and folder access. 6. Click on the "OK" button to save the changes.
upvoted 1 times
Buruguduystunstugudunstuy
2 years, 3 months ago
Answers A and E are not related to configuring auditing settings for Folder1. Answer C, configuring the Audit Sensitive Privilege Use setting from a Group Policy object (GPO), is not necessary to log users who take ownership of files in Folder1. This setting is used to audit the use of sensitive privileges, such as the "Act as part of the operating system" privilege.
upvoted 1 times
...
...
...
ccontec
2 years, 4 months ago
Selected Answer: B
BC is correct, tested on lab
upvoted 1 times
...
flabezerra
2 years, 9 months ago
Selected Answer: BC
Notice first: “You need to log any users who take ownership of the files in Folder1.” Come on guys it’s been more than two years and people did not find this answer provided by examtopics. Examtopics is right all this time in this question. A lot of people did not get this question yet. To understand this question you have to go first at this path in gpedit Computer Configuration > Windows Settings > Advanced Audit Policy Configuration > System Audit Policies - Local Group Policy Object > Privilege Use > Audit Sensitive Privilege Use

From here you have all that you want to configure from there. Link: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn319113(v=ws.11)#:~:text=Take%20ownership%20of%20files%20or%20other%20objects
upvoted 2 times
flabezerra
2 years, 9 months ago
Computer Configuration > Windows Settings > Security Settings > Advanced Audit Policy Configuration > System Audit Policies - Local Group Policy Object > Privilege Use > Audit Sensitive Privilege Use
upvoted 1 times
...
...
Alvaroll
2 years, 11 months ago
Folder 1 is not a "File System" folder, so B & C are correct.
upvoted 1 times
...
Tommo
3 years, 3 months ago
Selected Answer: BD
B D is right answer.
upvoted 2 times
...
neobahamutk
3 years, 4 months ago
Selected Answer: BD
B D is right answer.
upvoted 3 times
...
FartyHippo
3 years, 4 months ago
Selected Answer: BC
BC Take a look at the Audit Sensitive Privilege Use doc
upvoted 1 times
...
Gresch123123
3 years, 4 months ago
Selected Answer: BD
B and D https://social.technet.microsoft.com/wiki/contents/articles/32447.how-to-detect-who-changed-the-filefolder-owner.aspx Audit File System → Define → Success and Failures Open Event Viewer and search Security log for event id 4663 with “File Server” or “Removable Storage” task category and with “Accesses: WRITE_OWNER” string. “Subject Security ID” will show you who changed the file’s/folders owner.
upvoted 3 times
...
MR_Eliot
3 years, 7 months ago
Answer is BC. With "Audit Sensitive Privilege Use" you don't need to configure auditing from Advanced security settings. "Audit Sensitive Privilege Use" also doesn't contain any information about the file / folder.
upvoted 1 times
...
Goofer
3 years, 8 months ago
Answer B and D https://www.netwrix.com/how_to_detect_who_changed_file_or_folder_owner.html 1. Advanced security = B 4. Audit File System = D
upvoted 1 times
...
CARIOCA
3 years, 9 months ago
Is the final answer correct or is it B and C?
upvoted 1 times
...
encxorblood
3 years, 10 months ago
B + D. Object Acces. I use it in company.
upvoted 1 times
...
CARIOCA
4 years ago
Essa questão ficou muito dividida no gabarito, afinal qual seria a resposta e qual a justificativa? Após um debate de 27 comentários, o gabarito é o mesmo ou não?
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel