On your network, the Domain Admins group is also a member of the Administrators local group on server S1. Someone makes an unauthorized change to the HKEY _LOCAL_MACHINE\SYSTEM key in the registry on S1, which causes the computer to fail. You fix the problem and plan to log all attempts to access the HKEY_LOCAL_MACHINE \SYSTEM key in the registry on S1. What should you do to enable auditing in the local security policy on S1?
A)Enable auditing in the local security policy on S1.Select the Audit object access (success and failure) option in the audit policy.
B)Enable auditing in the local security policy on S1. Select the Audit system events (success and failure) option in the audit policy.
C)Enable auditing in the local security policy on S1. Select the Audit privilege use (success and failure) option in the audit policy.
D)Configure the SACL on the HKEY _LOCAL_MACHINE\SYSTEM key in the registry. Specify auditing of the Full Control permission for everyone.

Question

Quizplus · Accepted Answer

To enable auditing in the local security policy on S1, you should enable auditing in the local security policy on S1 and select the Audit privilege use (success and failure) option in the audit policy.
Key Takeaway: This Audit setting will audit each event that is related to a user performing a task that is controlled by a user right. The list of user rights pertains to the ones in the Local Security Policy under Security Settings\Local Policies\User Right Assignment. To enable auditing privilege use, open the Group Policy Object Editor. Navigate to the following location: Computer Configuration\Windows Settings\Security Settings\
Local Policies\Audit Policy. In the details pane, double click Audit privilege use. Place a check beside Success and/or Failure and click OK.

On Your Network, the Domain Admins Group Is Also a Member