Home » Microsoft » 70-462 v.2 » Which server-level audit action group should you use?
You administer a Microsoft SQL Server 2012 database.
You provide temporary securityadmin access to User1 to the database server.
You need to know if User1 adds logins to securityadmin.
Which server-level audit action group should you use?
A. SERVER_STATE_CHANGE_GROUP
B. SERVER_PRINCIPAL_IMPERSONATION_GROUP
C. SUCCESSFUL_LOGIN_GROUP
D. SERVER_ROLE_MEMBER_CHANGE_GROUP
Correct Answer: D
Explanation/Reference:
Explanation:
The SERVER_ROLE_MEMBER_CHANGE_GROUP event is raised whenever a login is added or removed from a fixed server role. This event is raised for the sp_addsrvrolemember and sp_dropsrvrolemember stored procedures. Equivalent to the Audit Add Login to Server Role Event Class.
Incorrect Answers:
A. The SERVER_STATE_CHANGE_GROUP event is raised when the SQL Server service state is modified. Equivalent to the Audit Server Starts and Stops Event
Class.
B. The SERVER_PRINCIPAL_IMPERSONATION_GROUP event is raised when there is an impersonation within server scope, such as EXECUTE AS <login>.
Equivalent to the Audit Server Principal Impersonation Event Class.
C. The SUCCESSFUL_LOGIN_GROUP Indicates that a principal has successfully logged in to SQL Server. Events in this class are raised by new connections or by connections that are reused from a connection pool. Equivalent to the Audit Login Event Class.
Reference:
http://technet.microsoft.com/en-us/library/cc280663.aspx