nerdexam
ExamsSSCPQuestions#1174
(ISC)2(ISC)2

SSCP · Question #1174

SSCP Question #1174: Real Exam Question with Answer & Explanation

The correct answer is A: Logon and Logoff. NT Audit events include significant security activities like user logon/logoff, the use of special user rights, and changes to system security policies.

Submitted by yuriko_h· Apr 18, 2026Security Operations and Administration

Question

Which of the following are NT Audit events? (Choose all that apply)

Options

  • ALogon and Logoff
  • BUse of User Rights
  • CSecurity Policy Change
  • DRegistry Tracking
  • EAll of choices are correct

Explanation

NT Audit events include significant security activities like user logon/logoff, the use of special user rights, and changes to system security policies.

Common mistakes.

  • D. While specific registry object access can be audited under 'Object Access', 'Registry Tracking' is not a distinct, high-level NT Audit event category in the same manner as the others.
  • E. This is incorrect because 'Registry Tracking' is not a primary, distinct NT audit event category.

Concept tested. Windows NT Audit event categories

Reference. https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations

Topics

#Security Auditing#Event Logging#Windows Security#Audit Events

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SSCP PracticeBrowse All SSCP Questions