Which tool is used to manage Windows audit policy settings?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which tool is used to manage Windows audit policy settings?

Explanation:
Auditing in Windows is controlled by what events are tracked, and the tool you use to configure those settings is auditpol. This utility lets you view and modify which categories and subcategories of events are audited, and whether those events are logged on success, failure, or both. For example, you can check current settings with a command like auditpol /get /category:* and enable or disable specific records with commands such as auditpol /set /subcategory:'Logon/Logoff' /success:enable /failure:disable. This separation matters because the actual log content is stored in event logs, but the criteria for what gets recorded is governed by the audit policy, which auditpol manages. Other options don’t fit because Cipher.exe handles file encryption, Clear-EventLog only clears logs, and Wevtutil manages the logs themselves (exporting, querying, clearing) rather than configuring what gets logged.

Auditing in Windows is controlled by what events are tracked, and the tool you use to configure those settings is auditpol. This utility lets you view and modify which categories and subcategories of events are audited, and whether those events are logged on success, failure, or both. For example, you can check current settings with a command like auditpol /get /category:* and enable or disable specific records with commands such as auditpol /set /subcategory:'Logon/Logoff' /success:enable /failure:disable. This separation matters because the actual log content is stored in event logs, but the criteria for what gets recorded is governed by the audit policy, which auditpol manages. Other options don’t fit because Cipher.exe handles file encryption, Clear-EventLog only clears logs, and Wevtutil manages the logs themselves (exporting, querying, clearing) rather than configuring what gets logged.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy