ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-100 All Questions

View all questions & answers for the MD-100 exam
Go to Exam

Exam MD-100 topic 3 question 36 discussion

Actual exam question from Microsoft's MD-100
Question #: 36
Topic #: 3
[All MD-100 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer that runs Windows 10. The computer contains a folder. The folder contains sensitive data.
You need to log which user reads the contents of the folder and modifies and deletes files in the folder.
Solution: From the properties of the folder, you configure the Auditing settings and from the Audit Policy in the local Group Policy, you configure Audit system events.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Files and folders are objects and are audited through object access, not though system events.
Reference:
https://www.netwrix.com/how_to_detect_who_changed_file_or_folder_owner.html
by Duyons at Dec. 5, 2020, 5:55 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
redadz
Highly Voted 4 years, 5 months ago
Answer is correct: You should enable "Audit Object Access" Policy NOT Audit System Events
upvoted 7 times
...
Buruguduystunstugudunstuy
Most Recent 2 years, 1 month ago
Selected Answer: B
B. No. Configuring the Auditing settings for the folder will allow you to log which user reads the contents of the folder and modifies and deletes files in the folder. However, configuring Audit system events in the local Group Policy is not relevant to the goal of logging user access to the folder. To meet the goal of logging user access to the folder, you should configure Audit object access in the local Group Policy. This setting will allow the computer to log which user reads the contents of the folder and modifies and deletes files in the folder.
upvoted 1 times
Buruguduystunstugudunstuy
2 years, 1 month ago
To configure Audit object access in the local Group Policy, follow these steps: 1. Press the Windows key + R to open the Run dialog box. 2. Type "gpedit.msc" and press Enter to open the Local Group Policy Editor. 3. Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy. 4. Double-click on Audit object access. 5. Check the box for "Success" and/or "Failure" depending on what you want to audit. 6. Click on OK to save the changes. To configure Auditing settings for the folder, follow these steps: 1. Right-click on the folder and select Properties. 2. Click on the Security tab. 3. Click on Advanced. 4. Click on the Auditing tab. 5. Click on Add, and then enter the name of the user or group you want to audit. 6. Select the activities you want to audit (e.g., Read, Write, Delete). 7. Click on OK to save the changes.
upvoted 1 times
Buruguduystunstugudunstuy
2 years, 1 month ago
By configuring Audit object access in the local Group Policy and the Auditing settings for the folder, you will be able to track which user reads the contents of the folder and modifies and deletes files in the folder. Therefore, the correct answer is B. No.
upvoted 1 times
...
...
...
StudyBM
2 years, 6 months ago
You need to enable audit object access in order to log it, can do that from clicking properties on said folder and audit policy in lgp
upvoted 1 times
...
mikl
3 years, 6 months ago
Agree. "Audit system events" is not Folder Events. Correct answer is : "From the properties of the folder, you configure the Auditing settings and from Audit Policy in the local Group Policy, you configure Audit object access."
upvoted 2 times
...
Duyons
4 years, 5 months ago
B. No - Given answer is correct Audit system events Determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log. If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when a logon attempt succeeds. Failure audits generate an audit entry when a logon attempt fails. https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-system-events#:~:text=Determines%20whether%20to%20audit%20when,the%20event%20type%20at%20all.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago