Home » Microsoft » 70-417 v.2 » Which audit policy should you monitor for these activities?
Your IT manager is concerned that someone is trying to gain access to your company’s computers by logging on with valid domain user names and various password attempts.
Which audit policy should you monitor for these activities?
A. Policy Change
B. Account Logon
C. Privilege Use
D. Directory Service Access
Correct Answer: B
Explanation/Reference:
Explanation:
Old (removed questions as came out before the exam release =>unvalid but can be The Account Logon audit category in Windows Server 2008 generates events for credential validation. These events occur on the computer that is authoritative for the credentials