Home » Microsoft » 70-417 v.2 » Which of the following reasons justifies why you should audit failed events?
Which of the following reasons justifies why you should audit failed events?
A. To log resource access for reporting and billing
B. To monitor for malicious attempts to access a resource which has been denied
C. None of these
D. To monitor access that would suggest users are performing actions greater than you had planned
Correct Answer: B
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc778162%28v=ws.10%29.aspx
Auditing Security Events Best practices
If you decide to audit failure events in the policy change event category, you can see if unauthorized users or attackers are trying to change policy settings, including security policy settings. Although this can be helpful for intrusion detection, the increase in resources that is required and the possibility of a denial-ofservice attack usually outweigh the benefits.
