Your network contains an Active Directory domain named contoso.com. The domain contains five file servers that run Windows Server 2016.
You have an organizational unit (OU) named Finance that contains all of the servers.
You create a Group Policy object (GPO) and link the GPO to the Finance OU.
You need to ensure that when a user in the finance department deletes a file from a file server, the event is logged. The solution must log only users who have a manager attribute of Ben Smith.
Which audit policy setting should you configure in the GPO?
A. File system in Global Object Access Auditing
B. Audit Detailed File Share
C. Audit Other Account Logon Events
D. Audit File System in Object Access
A. File system in Global Object Access Auditing
A – File system in Global Object Access Auditing
is the correct answer.
This options gives you the ability to add in the additional rules for “The solution must log only users who have a manager attribute of Ben Smith.”
Answer, D is just success or failure from my testing in my lab.
given answer is wrong .
the answer should be : A. File system in Global Object Access Auditing
id: 4660
Category: Object Access
Subcategory: File System
Windows 4656 A handle to an object was requested
Windows 4658 The handle to an object was closed
Windows 4659 A handle to an object was requested with intent to delete
Windows 4660 An object was deleted
Windows 4663 An attempt was made to access an object
Windows 4664 An attempt was made to create a hard link
Windows 4670 Permissions on an object were changed
Windows 4985 The state of a transaction has changed
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/Default.aspx?catid=1&subcatid=53