18/01/2024, 17:56 Check Answers
6.5.4 Configure Audit Policies
Lab Report
Time Spent: 16:14
Score: 9/9 (100%)
TASK SUMMARY
Required Actions
Enable Audit policies Show Details
Enable Event Log policy
Enable Account Logon Audit policy
Enable Account Management Audit policies Show Details
Enable Detailed Tracking Audit policy
Enable Logon/Logoff Audit policies Show Details
Enable Policy Change Audit policies Show Details
Enable Privelege Use Audit policy
Enable System Audit policies Show Details
EXPLANATION
While completing this lab, use the following WorkstationGPO settings:
Local Policies Setting
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings Enabled
Audit: Shut down system immediately if unable to log security audits Enabled
Event Log Setting
Retention method for security log Define: Do not overwrite events (clear log manually)
Advanced Audit Policy Configuration Setting
Account Logon: Audit Credential Validation Success and Failure
Account Management: Audit User Account Management Success and Failure
Account Management: Audit Security Group Management Success and Failure
Account Management: Audit Other Account Management Events Success and Failure
Account Management: Audit Computer Account Management Success
Detailed Tracking: Audit Process Creation Success
Logon/Logoff: Audit Logon Success and Failure
Logon/Logoff: Audit Logoff Success
Policy Change: Audit Authentication Policy Change Success
Policy Change: Audit Audit Policy Change Success and Failure
Privilege Use: Audit Sensitive Privilege Use Success and Failure
System: Audit System Integrity Success and Failure
System: Audit Security System Extension Success and Failure
System: Audit Security State Change Success and Failure
System: Audit IPsec Driver Success and Failure
Edit the audit policies as follows:
1. Using Group Policy Management, access CorpNet.local's Group Policy Objects.
a. From Server Manager's menu bar, select Tools > Group Policy Management.
b. Maximize the window for better viewing.
c. Expand Forest: CorpNet.local > Domains > CorpNet.local > Group Policy Objects.
2. Access WorkstationGPO's Security Options.
a. Right-click WorkstationGPO and select Edit.
https://labsimapp.testout.com/v6_0_581/index.html/productviewer/1203/6.5.4/5c4e1d6d-4dd1-4024-ac88-34ea6ed1ae34/outline?nonce=R_IvSMEor8qKoW4st… 1/2
�18/01/2024, 17:56 Check Answers
b. Maximize the window for better viewing.
c. Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies.
d. Select Security Options.
3. Modify Local Policies.
a. From the right pane, double-click the policy that you want to edit.
b. Select Define this policy setting.
c. Select the policy settings as required.
d. Select OK.
e. Select Yes to confirm changes as necessary.
f. Repeat steps 3a-3e for the additional policy setting.
4. Modify the Event Log.
a. From the left pane, select Event Log.
b. From the right pane, double-click the Retention method for security log.
c. Select Define this policy setting.
d. Select Do not overwrite events.
e. Select OK.
5. Modify the Advanced Audit Policy Configuration.
a. From the left pane, expand Advanced Audit Policy Configuration > Audit Policies.
b. Select the audit policy category.
c. From the right pane, double-click the policy that you want to edit.
d. Select Configure the following audit events.
e. Select the policy settings as required.
f. Select OK.
g. Repeat steps 5b–5f for the additional policy settings.
Copyright © 2024 TestOut Corp. Copyright © 2024 The Computing Technology Industry Association, Inc. All rights reserved.
https://labsimapp.testout.com/v6_0_581/index.html/productviewer/1203/6.5.4/5c4e1d6d-4dd1-4024-ac88-34ea6ed1ae34/outline?nonce=R_IvSMEor8qKoW4st… 2/2
