Home > Sample chapters

Administering Windows Server 2012 R2: Monitoring and Auditing

Answers

This section contains the answers to the lesson review questions in this chapter.

Lesson 1

  1. Correct answer: C

    1. Incorrect. Resource Monitor enables you to view point-in-time resource utilization information. You can’t use this tool to record resource utilization information for later review.
    2. Incorrect. Task Manager does enable you to view resource utilization information, but you can’t record that data for later review.
    3. Correct. A data collector set can be used to capture performance counters and trace information related to resource utilization for later review.
    4. Incorrect. Message Analyzer, the successor to Network Monitor, enables you to capture and analyze network traffic. Although it can capture and record network traffic, you can’t use this tool to record processor and memory utilization information.
  2. Correct answer: B

    1. Incorrect. Task Manager provides real-time information about network utilization, but doesn’t provide information about port utilization and firewall configuration.
    2. Correct. Resource Monitor provides information about services, the ports that they listen on, and firewall configuration.
    3. Incorrect. Message Analyzer enables you to capture and analyze network traffic, but it can’t be used to determine port utilization and associated firewall configuration.
    4. Incorrect. A data collector set can record performance information and system trace information, but it can’t be used to determine port utilization and associated firewall configuration.
  3. Correct answer: B

    1. Incorrect. A data collector set can be used to capture performance counters and trace information related to network traffic, but it can’t be used to capture network traffic.
    2. Correct. Message Analyzer, the successor to Network Monitor, enables you to capture and analyze network traffic.
    3. Incorrect. Resource Monitor enables you to view point-in-time network utilization information. You can’t use Resource Monitor to capture and analyze network traffic.
    4. Incorrect. Task Manager does enable you to view network traffic, but doesn’t enable you to capture and analyze that traffic.
  4. Correct answer: D

    1. Incorrect. Members of the Backup Operators group are enabled to perform backups; they do not have access to the Security event log.
    2. Incorrect. The Power Users group is included for backward compatibility; members of this group do not have access to the Security event log.
    3. Incorrect. Although members of the Event Log Readers group have access to the other event logs, they don’t have access to the Security event log. Only members of the local Administrators group have access to the Security event log.
    4. Correct. When configuring event log subscriptions involving events in the Security event log, it is necessary to add the account of the collector computer to the local Administrators group on the source computer.

Lesson 2

  1. Correct answer: B

    1. Incorrect. This command enables success and failure auditing for the File System subcategory.
    2. Correct. This command enables success and failure auditing for all subcategories under the Object Access category.
    3. Incorrect. This command disables success and failure auditing for all subcategories under the Object Access category.
    4. Incorrect. This command enables only failure auditing, not success auditing, for all subcategories under the Object Access category.
  2. Correct answer: A

    1. Correct. This command enables only failure auditing, not success auditing, for all subcategories under the Object Access category.
    2. Incorrect. This command disables success and failure auditing for all subcategories under the Object Access category.
    3. Incorrect. This command enables success and failure auditing for all subcategories under the Object Access category.
    4. Incorrect. This command enables success and failure auditing for the File System subcategory.
  3. Correct answer: C

    1. Incorrect. This command enables success and failure auditing for all subcategories under the Object Access category.
    2. Incorrect. This command enables only failure auditing, not success auditing, for all subcategories under the Object Access category.
    3. Correct. This command enables success and failure auditing for the File System subcategory.
    4. Incorrect. This command disables success and failure auditing for all subcategories under the Object Access category.
  4. Correct answer: A

    1. Correct. This command disables success and failure auditing for all subcategories under the Object Access category.
    2. Incorrect. This command enables only failure auditing, not success auditing, for all subcategories under the Object Access category.
    3. Incorrect. This command enables success and failure auditing for all subcategories under the Object Access category.
    4. Incorrect. This command enables success and failure auditing for the File System subcategory.