A user reports that each day some files are deleted from the department share.
The administrator needs to find who deleted these files.
Which of the following actions should the administrator perform?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The correct answer for this question is A. Enable audit object access and specify files and folders to monitor using Task Manager.
Explanation: In order to track who deleted files from the department share, the administrator needs to enable auditing for object access. By enabling auditing for object access, the operating system will generate an event in the Security Event Log whenever a file is accessed, modified or deleted.
To enable audit object access and specify files and folders to monitor, the administrator can use Task Manager in Windows Server. Here are the steps to follow:
Open Task Manager by right-clicking the taskbar and selecting "Task Manager" or by pressing Ctrl+Shift+Esc on the keyboard.
Click on the "Performance" tab and then click "Open Resource Monitor" at the bottom of the window.
In the Resource Monitor, click on the "Disk" tab and then expand the "Disk Activity" section.
Right-click on the folder or file that you want to monitor and select "Properties".
In the Properties window, click on the "Security" tab and then click "Advanced".
In the Advanced Security Settings window, click on the "Auditing" tab and then click "Add".
Enter the name of the user or group that you want to audit and then click "OK".
Select the types of access that you want to audit (e.g., Delete, Write) and then click "OK".
Click "OK" again to close the Properties window.
After enabling auditing for object access, the administrator can view the Security Event Log to see who deleted the files. The log will contain information about the user who performed the action, the time it occurred and the name of the file that was deleted.