Audit Policies

Practice Labs Module
Time
8 minutes
Difficulty
Intermediate

Welcome to the "Audit Policies Practice Lab". In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

Overview

Introduction

Welcome to the Audit Policies Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

  • Exercise 1 - Manage Audit Policies

After completing this lab, you will be able to:

  • View default audit policies
  • Enable auditing for specific events
  • Find out where audit information is saved and how to secure audit information

Exam Objectives

The following exam objectives are covered in this lab:

  • Understand audit policies - Types of auditing; what can be audited; enable auditing; what to audit for specific purposes; where to save audit information; how to secure audit informations

Lab Duration

It will take approximately 30 minutes to complete this lab.

Exercise 1 - Manage Audit Policies

Auditing is the process of collecting log files that describe activities that transpire on Windows computers. The recorded Windows log files are classified into four types namely: system, application, security, and setup.

The System log record events logged by Windows system components such as device driver that failed to initialize during a start-up.

The Application log record events logged by programs. For Windows Server, this log type refers to activities reported by server-based programs such as messaging system like Exchange Server.

The Security log record security events namely login attempts, resource usages such as creating folders, files, and other objects.

The Setup log record event when a Microsoft Standalone Update or “.msu” file like Remote Server Administration Tools or RSAT is installed.

In this exercise, you will examine the default audit policies that are enabled in Windows, view login events and enable object access auditing.

Learning Outcomes

After completing this exercise, you will be able to:

  • View default audit policies
  • Enable auditing for specific events
  • Find out where audit information is saved and how to secure audit information
Learning Partner
Practice Labs

IT & Cybersecurity certification hands on practice labs and practice exams for certifications and skill development.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.

Courses