Securing Windows Server 2016 — Question 38

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
You have an organizational unit (OU) named Administration that contains the computer account of Server1.
You import the Active Directory module to Server1.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to the Administration OU.
You need to log an event each time an Active Directory cmdlet is executed successfully from Server1.
What should you do?

Answer options

• A. From Advanced Audit Policy in GPO1, configure auditing for directory service changes.
• B. Run the(Get-Module ActiveDirectory).LogPipelineExecutionDetails = $falsecommand.
• C. Run the(Get-Module ActiveDirectory).LogPipelineExecutionDetails = $truecommand.
• D. From Advanced Audit Policy in GPO1, configure for other privilege use events.
• E. From Administrative Templates in GPO1, configure an Event Logging policy.
• F. From Administrative Templates in GPO1, configure a Windows PowerShell policy.

Correct answer: C

Explanation

The correct answer is C because setting LogPipelineExecutionDetails to $true enables logging of successful executions of Active Directory cmdlets. The other options either do not enable the specific logging needed or address different aspects of auditing that are not relevant to cmdlet execution success.