GIAC
GSEC · Question #400
GSEC Question #400: Real Exam Question with Answer & Explanation
Sign in or unlock GSEC to reveal the answer and full explanation for question #400. The question stem and answer options stay visible for context.
Question
You have reason to believe someone with a domain user account has been accessing and modifying sensitive spreadsheets on one of your application servers. You decide to enable auditing for the files to see who is accessing and changing them. You enable the Audit Object Access policy on the files via Group Policy. Two weeks later, when you check on the audit logs, you see they are empty. What is the most likely reason this has happened?
Options
- AYou cannot enable auditing on files, just folders
- BYou did not enable auditing on the files
- CThe person modifying the files turned off auditing
- DYou did not save the change to the policy
Unlock GSEC to see the answer
You've previewed enough free GSEC questions. Unlock GSEC for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.