多选题You enabled an audit policy by issuing the following statements: SQL> AUDIT POLICY ORA_DATABASE_PARAMETER BY SCOTT; SQL> AUDIT POLICY ORA_DATABASE_PARAMETER BY SYS, SYSTEM; For which database users and for which executions is the audit policy now activ

第1题：

You have a computer that runs Windows 7. You need to record when an incoming connection is allowedthrough Windows firewall. What should you do?（）

• A、In Local Group Policy， modify the audit policy.
• B、In Local Group Policy， modify the system audit policy.
• C、From the Windows Firewall with Advanced Security properties， set the logging settings to Log successfulconnections.
• D、From the Windows Firewall with Advanced Security properties， set the Data Protection （Quick Mode）IPSec settings to Advanced.

第2题：

You installed Oracle Database 11g afresh. Which statements are true regarding the default audit settings in this database？（） 

• A、 The audit trail is stored in an operating system file.
• B、 Auditing is disabled for all privileges.
• C、 The audit trail is stored in the database.
• D、 Auditing is enabled for all privileges.
• E、 Auditing is enabled for certain privileges related to database security.

第3题：

You enabled an audit policy by issuing the following statements: SQL> AUDIT POLICY ORA_DATABASE_PARAMETER BY SCOTT; SQL> AUDIT POLICY ORA_DATABASE_PARAMETER BY SYS, SYSTEM; For which database users and for which executions is the audit policy now active? （）

• A、SYS, SYSTEM
• B、SCOTT
• C、Only for successful executions
• D、Only for failed executions
• E、Both successful and failed executions

第4题：

You execute the following commands to audit database activities: SQL > ALTER SYSTEM SET AUDIT_TRIAL=DB, EXTENDED SCOPE=SPFILE; SQL > AUDIT SELECT TABLE, INSERT TABLE, DELETE TABLE BY JOHN By SESSION WHENEVER SUCCESSFUL; Which statement is true about the audit record that generated when auditing after instance restarts?（）

• A、One audit record is created for every successful execution of a SELECT, INSERT OR DELETE command on a table, and contains the SQL text for the SQL Statements.
• B、One audit record is created for every successful execution of a SELECT, INSERT OR DELETE command, and contains the execution plan for the SQL statements.
• C、One audit record is created for the whole session if john successfully executes a SELECT, INSERT, or DELETE command, and contains the execution plan for the SQL statements.
• D、One audit record is created for the whole session if JOHN successfully executes a select command, and contains the SQL text and bind variables used.
• E、One audit record is created for the whole session if john successfully executes a SELECT, INSERT,or DELETE command on a table, and contains the execution plan, SQL text, and bind variables used.

第5题：

Your network contains an Active Directory domain. All servers run Windows Server 2008 R2.     You need to audit the deletion of registry keys on each server.     What should you do（）

• A、From Audit Policy， modify the Object Access settings and the Process Tracking settings.
• B、From Audit Policy， modify the System Events settings and the Privilege Use settings.
• C、From Advanced Audit Policy Configuration， modify the System settings and the Detailed Tracking settings.
• D、From Advanced Audit Policy Configuration， modify the Object Access settings and the Global Object Access Auditin

第6题：

Certkiller .com has organizational units in the Active Directory domain. There are 10 servers in the organizational unit called Security. As an administrator at Certkiller .com， you generate a Group Policy Object （GPO） and link it to the Security organizational unit. What should you do to monitor the network connections to the servers in Security organizational unit（）

• A、Start the Audit Object Access option
• B、Start the Audit System Events option
• C、Start the Audit Logon Events option
• D、Start the Audit process tracking option
• E、All of the above

第7题：

Your network consists of a single Active Directory domain. All domain controllers run Windows  Server 2008 R2.     The Audit account management policy setting and Audit directory services access setting are  enabled for the entire domain.     You need to ensure that changes made to Active Directory objects can be logged. The logged  changes must include the old and new values of any attributes.     What should you do（）

• A、Enable the Audit account management policy in the Default Domain Controller Policy.
• B、Run auditpol.exe and then configure the Security settings of the Domain Controllers OU.
• C、Run auditpol.exe and then enable the Audit directory service access setting in the Default Domain policy.
• D、From the Default Domain Controllers policy， enable the Audit directory service access setting and enable directory

第8题：

Your network contains an Active Directory domain. All servers run Windows Server 2008 R2.   You need to audit the deletion of registry keys on each server.   What should you do（）

• A、From Audit Policy， modify the Object Access settings and the Process Tracking settings.
• B、From Audit Policy， modify the System Events settings and the Privilege Use settings.
• C、From Advanced Audit Policy Configuration， modify the System settings and the Detailed Tracking  settings.
• D、From Advanced Audit Policy Configuration， modify the Object Access settings and the Global Object  Access Auditing settings.

第9题：

Your network consists of a single Active Directory domain. You have a member server named Server1 that runs Windows Server 2003 Service Pack 2 （SP2）.You need to record all attempts by domain users and local users to log on to Server1. What should you do？（）

• A、In the Default Domain Controller Policy， enable success and failure for the Audit logon events policy setting.
• B、In the Default Domain Controller Policy， enable success and failure for the Audit account logon events policy setting.
• C、In the Local Security Policy on Server1， enable success and failure for the Audit logon events policy.
• D、In the Local Security Policy on Server1， enable success and failure for the Audit account logon events policy setting.

第10题：

第11题：

第12题：

You execute the following command to audit database activities： SQL> AUDIT DROP ANY TABLE BY scott BY SESSION WHENEVER SUCCESSFUL； What is the effect of this command（）

• A、One audit record is created for every successful DROP TABLE command executed in the session of SCOTT.
• B、One audit record is generated for the session when SCOTT grants the DROP ANY TABLE privilege to otherusers.
• C、One audit record is created for the whole session if user SCOTT successfully drops one or more tables inhis session.
• D、One audit record is created for every session of any other user in which a table owned by SCOTT isdropped successfully.
• E、One audit record is created for every successful DROP TABLE command executed by any user to drop Tables owned by SCOTT

第13题：

You execute the following command to audit the database activities：   SQL> AUDIT DROP ANY TABLE BY scott BY SESSION WHENEVER SUCCESSFUL；  What is the effect of this command？（）

• A、One audit record is created for the whole session if user SCOTT successfully drops one or more tables in his session.
• B、One audit record is created for every session when any user successfully drops a table owned by SCOTT.
• C、One audit record is created for each successful DROP TABLE command executed by any user to drop tables owned by SCOTT.
• D、One audit record is generated for the session when SCOTT grants the DROP ANY TABLE privilege to other users in his session.
• E、One audit record is created for each successful DROP TABLE command executed in the session of SCOTT.

第14题：

You execute the following PL/SQL:Which two statements are true?（）

• A、Fine-Grained Auditing (FGA) is enabled for the PRICE column in the PRODUCTS table for SELECT statements only when a row with PRICE > 10000 is accessed.
• B、FGA is enabled for the PRODUCTS.PRICE column and an audit record is written whenever a row with PRICE > 10000 is accessed.
• C、FGA is enabled for all DML operations by JIM on the PRODUCTS.PRICE column.
• D、FGA is enabled for the PRICE column of the PRODUCTS table and the SQL statements is captured in the FGA audit trial.

第15题：

You wish to enable an audit policy for all database users, except SYS, SYSTEM, and SCOTT.You issue the following statements: SQL> AUDIT POLICY ORA_DATABASE_PARAMETER EXCEPT SYS;SQL> AUDIT POLICY ORA_DATABASE_PARAMETER EXCEPT SYSTEM; SQL> AUDIT POLICY ORA_DATABASE_PARAMETER EXCEPT SCOTT; For which database users is the audit policy now active?（）

• A、All users except SYS
• B、All users except SCOTT
• C、All users except sys and SCOTT
• D、All users except sys, system, and SCOTT

第16题：

You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains 35 Windows Server 2003 computers； 3，000 Windows XP Professional computers； and 2，200 Windows 2000 Professional computers.  The written company security policy states that all computers in the domain must be examined， with the following goals：  （1）to find out whether all available security updates are present   （2）to find out whether shared folders are present  to record the file system type on each hard disk   You need to provide this security assessment of every computer and verify that the requirementsof the written security policy are met.  What should you do？（）

• A、Open the Default Domain Policy and enable the Configure Automatic Updates policy.
• B、Open the Default Domain Policy and enable the Audit object access policy， the Audit account management policy， and the Audit system events policy.
• C、On a server， install and run mbsacli.exe with the appropriate configuration switches.
• D、On a server， install and run HFNetChk.exe with the appropriate configuration switches.

第17题：

Your network contains an Active Directory domain. All domain controllers run Windows Server 2008  R2. Client computers run either Windows 7 or Windows Vista Service Pack 2 （SP2）.  You need to audit user access to the administrative shares on the client computers.   What should you do（）

• A、Deploy a logon script that runs Icacls.exe.
• B、Deploy a logon script that runs Auditpol.exe.
• C、From the Default Domain Policy， modify the Advanced Audit Policy Configuration.
• D、From the Default Domain Controllers Policy， modify the Advanced Audit Policy Configuration.

第18题：

Your network contains an Active Directory domain named contoso.com. All domain controllers  and member servers run Windows Server 2008. All client computer run Windows 7.  From a client computer， you create an audit policy by using the Advanced Audit Policy  Configuration settings in the Default Domain Policy Group Policy object （GPO）.   You discover that the audit policy is not applied to the member servers.    The audit policy is  applied to the client computers.   You need to ensure that the audit policy is applied to all member servers and all client computers.     What should you do（）

• A、Add a WMI filter to the Default Domain Policy GPO
• B、Modify the security settings of the Default Domain Policy GPO
• C、Configure a startup script that runs auditpol.exe on the member servers.
• D、Configure a startup script that runs auditpol.exe on the domain controllers.

第19题：

You are the administrator of a SQL Server 2005 computer named SQL1. SQL1 is a member of a Microsoft Active Directory domain. You do not have any rights or privileges to perform domain administration. However， you have been granted membership in the local Administrators group on SQL1. You perform most of the management of SQL1 from your administrative workstation. However， for security reasons， you want to track all attempts for interactive logons and network connections to SQL1. What should you do？（）

• A、Create a Group Policy object （GPO） that is configured for success and failure auditing of the Audit account logon events setting. Ask the domain administrator to link the GPO to the object containing SQL1.
• B、Configure the SQL Server service on SQL1 to audit all successful and failed logon attempts.
• C、Edit the local security policy of SQL1. Then， configure success and failure auditing on the Audit logon events setting.
• D、Run the SQL Server Profiler and use a standard default template.

第20题：

第21题：

第22题：