单项选择题
You are the network administrator for The network consists of a single Active Directory domain named All network servers run Windows Server 2003.
A member server named TK1 is located in an organizational unit (OU) named Servers. TK1 contains a folder named Contracts, which is configured to audit all the activity.
You are directed to review the audit log on Contracts. You want to identify any files that were modified during the past week by a user named Andrew. However, the audit log contains thousands of entries for the past week.
You need to view entries for Andrew's user account only.
What should you do?()
A. In Active Directory Users and Computers, open the properties for Andrew's user account. View the Auditing tab of the Advanced Security Setting dialog box for his account.
B. In Windows Explorer, open Contracts. Add the Owner column for the file pane. Search for files that list Andrew as the owner.
C. On TK1, use WordPad to open C:\windows\system32\config\SecEvent.evt. Search for entries that contain Adrew's user account.
D. Edit the Group Policy object (GPO) for the Servers OU. Add Andrew's user account to the Generate security audits Group Policy option.
E. In Event Viewer, apply a filter to display only events that contain Andrew's user account in the User field.
相关考题
-
单项选择题
You are the network administrator for The network consists of a single Active Directory domain named The TestKing Staff department has a Windows 2003 computer that functions as a file server. The computer contains a folder named TestKingData. Auditing is enabled on the TestKingData folder. The TestKing Staff department reports that confidential files were deleted from the folder. You need to identify the user who deleted the confidential files. What should you do?()
A. In Event Viewer, create a new log view from the security log. Filter the log view to display only success audits.
B. In Event Viewer, create a new log view from the security log. Filter the log view to display only failure audits.
C. In Event Viewer, create a new log view from the system log. Filter the log view to display only success audits.
D. In Event Viewer, create a new log view from the system log. Filter the log view to display only failure audits. -
单项选择题
You are the network administrator for The network consists of a single Active Directory domain named All five domain controllers run Windows Server 2003, and all client computers run Windows XP Professional. The domains audit policy ensures that all account logon events are audited. A temporary employee named King uses a client computer named TestKing1. When Kings temporary assignment concludes, his employment is terminated. Now you need to learn the times and dates when King logged on to the domain. You need to accomplish this goal by reviewing the minimum amount of information. What should you do?()
A. Log on to TestKing1 as a local Administrator. Use Event Viewer to view the local security log. Use the Find option to list only the events for King's user account.
B. Log on to TestKing1 as a local Administrator. Use Event Viewer to view the local security log. Use the Find option to list only the events for the TestKing1 computer account.
C. Use Event Viewer to view the security log on each domain controller. Use the Find option to list only the events for King's user account.
D. Use Event Viewer to view the security log on each domain controller. Set a filter to list only the events for King's user account.
E. Use Event Viewer to view the security log on each domain controller. Set a filter to list only the events for the TestKing1 computer account. -
单项选择题
You are the network administrator for the Berlin office of The company network consists of a single Active Directory domain named The Berlin office contains 15 file servers that contain confidential files. All the file servers run either Windows Server 2003 or Windows 2000 Server. All the file servers are in the BerlinFilePrint organizational unit (OU). TestKings security department sets a rule that specifies the size and retention settings for the Security event log of all file servers. The rule also specified that local administrators on servers cannot override the changes you make to the settings for the Security event log. You need to define a method to modify the Security event log settings on each file server in the Berlin office in order to meet the states requirements. What should you do?()
A. Modify the local security policy on each file server.Define the size and retention settings for the Security event log.
B. Create a security template on one of the file servers by using the Security Configuration and Analysis tool. Define the size and retention settings for the Security event log in the template. Import the security template into the local security policy of the other 14 file servers.
C. Use Event Viewer to modify the event log properties on each file server. Define the size and retention settings for the Security event log.
D. Create a new Group Policy object (GPO) and link it to the BerlinFilePrint OU. In the GPO, define the size and retention settings for the Security event log.
