Properly configuring and collecting audit logs requires meticulous care.
Complete the Practice Lab titled “Audit Logs.”
Capture screenshots taken during the lab in your Microsoft® Word document as specified within the lab instructions.
At the end of the lab, you will be asked to respond to the following in a 2- to 2.5-page response at the end of your Microsoft® Word document:
- Describe what information was contained in the logs and what value they might have in a security investigation.
- Think about the challenges of getting all of the Active Directory audit policy settings right. For an infrastructure administrator, how important are these types of settings?
- What are the risks associated with logging too little data or not auditing the correct events?
- What are the risks associated with logging too many events?
- When the default configuration is to create audit logs, what impact can this have on security incident investigations?
- This was just a single domain with two systems on a local LAN. How much more complicated would auditing and log management be for 100 computers? What about an enterprise with 10,000 computers in several domains on their LAN/WAN?
- Consider a cloud-hosted Infrastructure as a Service (IaaS) environment with many new, internet-accessible systems regularly being built and brought online. What challenges might there be managing audit policies and logs in such an environment?
- Finally, conclude this week’s assignment with a page explaining how the tools and processes demonstrated in the labs might be used by an infrastructure administrator to help secure an environment.
Submit your assignment using the Assignment Files tab.