Audit Common Threats

Assessment Description

Using the attachment "ITT-121 Audit Common Threats," create an audit policy that monitors these events.

• If the audit is triggered, generate an alert within the event log that details the results of the audit.
• Using a workstation within the domain, triggers the audit and record the results within the server event viewer.
• As you go, take instructional notes and screenshots that will help to reproduce your process. Submit these notes as proof of completion.

Matching Audit Policies Recommended Settings Audit Policy Audit account logon events Audit account management Audit directory service access Audit logon events Audit object access Audit policy change Audit privilege use Audit process tracking Audit system events Recommended Setting Success and Failure Success and Failure Success Success and Fallure Not Defined Success Mot Defined Success Success The recommended settings are designed to address specific threats. These threats are primarily password attacks and misuse of privilege. Table 20,4 matches the threats o the specitic audit policies. TABLE 20.4 Malching Specific Threals to Audit Policy Recommended Setlings Threat Addressed Random password attacks Stolen password attacks Misuse of privileges Audit Pollcy Audit account logon events (failures) Audit logon events (failures) Audit account logon events (successes) Audit logon events (successes) Audit account management Audit directory service access Audit policy change Audit process tracking Audit system events