Home » Microsoft » 70-417 v.2 » Which setting should you identify?
You have a server named Server1 that runs Windows Server 2012 R2. You apply a security policy to Server1 by using the Security Configuration Wizard (SCW).
You plan to roll back the security policy. You need to identify the setting that are prevented from rolling back using the SCW.
Which setting should you identify?
A. the outbound authentication methods
B. the system access control lists (SACLs)
C. the service startup mode
D. the network security rules
Correct Answer: B
Explanation/Reference:
Explanation:
System Keeps Auditing After Rollback
In the auditing section of SCW there is an option to include the SCWAudit.inf template. If you do so, SCW configures System Access Control Lists (SACL) on a number of files. Without this template SCW will configure the system to perform object access auditing but since no files have SACLs on them by default, no file access will actually be audited.
If you apply a policy with this option turned on and you subsequently roll back the policy, the SACLs will remain on the system. Consequently, if the system is configured to perform Object Access Auditing you will find auditing events in the Security Event Log. This is by design. SCW is not designed to roll back ACLs. To clear these SACLs you would need to manually restore any pre-existing SACLs. As long as these were defined in a security template doing so is a simple matter of re-applying that security template.
References:
http://blog.netwrix.com/2015/06/19/configure-audit-policy-and-security-using-security-configuration-wizard/