What should you run?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.

A local account named Admin1 is a member of the Administrators group on Server1.

You need to generate an audit event whenever Admin1 is denied access to a file or folder.

What should you run?
A . auditpol.exe /set /userradmin1 /failure: enable
B . auditpol.exe /set /user: admin1 /category: "detailed tracking" /failure: enable
C . auditpol.exe /resourcesacl /set /type: file /user: admin1 /failure
D . auditpol.exe /resourcesacl /set /type: key /user: admin1 /failure /access: ga

View Answer

Answer: C

Explanation:

http://technet.microsoft.com/en-us/library/ff625687.aspx

To set a global resource SACL to audit successful and failed attempts by a user to perform generic read and write functions on files or folders:

auditpol /resourceSACL /set /type: File /user: MYDOMAINmyuser /success /failure /access: FRFW

http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx

Syntax

auditpol /resourceSACL

[/set /type: <resource> [/success] [/failure] /user: <user> [/access: <access flags>]]

[/remove /type: <resource> /user: <user> [/type: <resource>]]

[/clear [/type: <resource>]]

[/view [/user: <user>] [/type: <resource>]]

References:

http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx

http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx

http://technet.microsoft.com/en-us/library/ff625687.aspx

http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx