ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 98-367 All Questions

View all questions & answers for the 98-367 exam
Go to Exam

Exam 98-367 topic 1 question 28 discussion

Actual exam question from Microsoft's 98-367
Question #: 28
Topic #: 1
[All 98-367 Questions]

HOTSPOT -
You are preparing a local audit policy for your workstation. No auditing is enabled.
The settings of your policy are shown in the following image:

Use the drop-down menus to select the answer choice that completes each statement. Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Dozens of events can be audited in Windows. The events fall into several categories:
✑ Audit account logon events - audit each instance of a user logging on to or logging off from another computer in which this computer is used to validate the account. This event category is applicable to domain controllers only since DCs are used to validate accounts in domains.
✑ Audit account management - audit each event of account management on a computer. Examples of account maintenance include password changes, user account and group modifications.
✑ Audit directory service access - audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) specified.
✑ Audit logon events - audit each instance of a user logging on to or logging off from a computer. Note that this is different than the Audit account login events category. This tracks the logon event to a specific server. The former tracks which domain controller authenticated the user.
✑ Audit object access - audit the event of a user accessing an object that has its own system access control list (SACL) specified. Examples of objects are files, folders, registry keys, printers, etc.
✑ Audit policy change - audit every incident of a change to user rights assignment policies, audit policies, or trust policies.
✑ Audit privilege use - audit each instance of a user exercising a user right.
✑ Audit process tracking - audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access.
✑ Audit system events - audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log.
Reference: http://www.petri.co.il/windows_auditing.htm
by pastorterrylee at Sept. 4, 2019, 4:43 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
YuriiS
Highly Voted 5 years, 2 months ago
First drop-down: Audit logon events Second drop-down: Audit system events
upvoted 16 times
...
AhmadHamid
Highly Voted 5 years, 3 months ago
Since it's a local audit then it should be local logon, account logon would be on a domain logon.
upvoted 7 times
...
Lewdogg
Most Recent 2 years, 11 months ago
First drop-down: Audit logon events Second drop-down: Audit system events Since this is for a local audit on a WS, "Audit account login" would not apply--that logs domain user accounts authenticating (validating) on the DC as Scryptic mentioned below. Audit system events logs reboots, so it is the correct answer for the second drop-down. One can log on or off without a reboot, so Audit logon events would not provide accurate information.
upvoted 1 times
...
Scryptic
3 years, 11 months ago
Audit account logon events Determines whether to audit each instance of a user logging on to or logging off from another device in which this device is used to validate the account. This security setting determines whether to audit each instance of a user logging on to or logging off from another computer in which this computer is used to validate the account. converseley: Account logon events are generated when a domain user account is authenticated on a domain controller. The event is logged in the domain controller's security log. Logon events are generated when a local user is authenticated on a local computer. The event is logged in the local security log. Account logoff events are not generated. https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-account-logon-events
upvoted 1 times
...
policijosrem
4 years, 5 months ago
Audit account logon events Audit system events
upvoted 2 times
...
MCSA11
4 years, 8 months ago
First drop-down: Audit account logon events Second drop-down: Audit system events
upvoted 1 times
...
Blackbond
4 years, 10 months ago
So Pastor, for the first one, in order to log each time the computer validates account credentials the “Audit Account logon events” policy must be enabled. For the second, the “Audit logon events” policy logs reboots of the computer.
upvoted 1 times
...
Blackbond
4 years, 10 months ago
So Pastor, for the first one, in order to log each time the computer validates account credentials the “Audit Account logon events” needs to be enabled. For the second, the “Audit logon events” policy logs reboots of the computer. Hope this helps
upvoted 1 times
...
hafida
4 years, 12 months ago
audit account logon events audit system events
upvoted 2 times
...
rook7474
5 years, 8 months ago
First drop-down: Audit account logon events Second drop-down: Audit system events
upvoted 6 times
...
pastorterrylee
5 years, 9 months ago
What is the correct answer here?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel