Microsoft 70-411 Exam – Q44

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. A local account named Admin1 is a member of the Administrators group on Server1.

You need to generate an audit event whenever Admin1 is denied access to a file or folder.
What should you run?

A. auditpol.exe /set /userradmin1 /failure:enable
B. auditpol.exe /set /user:admin1 /category:”detailed tracking” /failure:enable
C. auditpol.exe /resourcesacl /set /type:file /user:admin1 /failure
D. auditpol.exe /resourcesacl /set /type:key /user: admin1 /failure /access:ga

Correct Answer: B

Explanation:

Auditpol.exe /set
Sets the per-user audit policy, system audit policy, or auditing options.

Syntax
Auditpol /set
[/user[:|<{sid}>][/include][/exclude]]
[/category:|<{guid}>[,:…]]
[/success:|][/failure:|]

Example
To set the per-user audit policy for all subcategories under the Detailed Tracking category for the user mikedan so that all the user’s successful attempts will be audited, type:
Auditpol /set /user:mikedan /category:”Detailed Tracking” /success:enable