Audit SQL Server Instances

Question 1

What is SQL Server Auditing?

Answer 1

Tracking and logging events.

Question 2

What are the components to a SQL Server Audit?

Answer 2

Audit (the actions to monitor)
Server Audit Specification
Database Audit Specification

Question 3

How many audit specifications can you have per server and per database?

Answer 3

One of each.

Question 4

Where can you send the results of an audit?

Answer 4

File
Windows Security Event Log
Windows Application Event Log

Question 5

Where can you start an audit?

Answer 5

Server->Security->Audits

Question 6

What two things do you need to start an audit?

Answer 6

Audit File

Server Audit Specification

Question 7

What is contained in the Server Audit Specification?

Answer 7

All of the actions that are being audited.

Question 8

What is contained in the Audit File

Answer 8

It’s basically the header file (where it’s going to be saved, and other settings of the audit file)

Question 9

What is the system view that gives you current permissions for any given user?

Answer 9

sys.server_permissions

Question 10

Where can you audit logins without creating an audit file?

Answer 10

Within Server Properties - Login Audit

Question 11

What is C2 Audit Tracing?

Answer 11

Government Standard Auditing Level All event clusters in audit - Performance hit

Question 12

What is Common Criteria Compliance?

Answer 12

Residual Information Protection (Information needs to be overwritten) performance hit
Login Auditing
A grant on a column with Deny on a table will equal a deny on a select or update

Question 13

How can you track who modified an object?

Answer 13

Using a Database level audit

Question 14

When can you make changes to an audit specification?

Answer 14

When the audit is disabled.