Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
A local account named Admin1 is a member of the Administrators group on Server1.
You need to generate an audit event whenever Admin1 is denied access to a file or folder.
What should you run?
A . auditpol.exe /set /userradmin1 /failure: enable
B . auditpol.exe /set /user: admin1 /category: "detailed tracking" /failure: enable
C . auditpol.exe /resourcesacl /set /type: file /user: admin1 /failure
D . auditpol.exe /resourcesacl /set /type: key /user: admin1 /failure /access: ga
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/ff625687.aspx
To set a global resource SACL to audit successful and failed attempts by a user to perform generic read and write functions on files or folders:
auditpol /resourceSACL /set /type: File /user: MYDOMAINmyuser /success /failure /access: FRFW
http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx
Syntax
auditpol /resourceSACL
[/set /type: <resource> [/success] [/failure] /user: <user> [/access: <access flags>]]
[/remove /type: <resource> /user: <user> [/type: <resource>]]
[/clear [/type: <resource>]]
[/view [/user: <user>] [/type: <resource>]]
References:
http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/ff625687.aspx
http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx