Which two actions should you perform?

You manage database servers in a high security environment. Your company has the following auditing requirements:

SQL Server auditing must be enabled on all server instances.

Auditing results must be logged in the Windows Security even log.

A routine review shows that a SQL Server is writing auditing entries to Windows Application event log. You change the SQL Server audit target to Windows Security event long. SQL Server auditing stops working on the server.

You need to ensure that the server meets the auditing requirements.

Which two actions should you perform? Each correct answer presents part of the solution.
A . Grant the manage auditing and security log permission to the SQL Server service account.
B . Grant the generate security audits permission on the SQL Server service account.
C . Update Windows security policy to audit object access.
D . Restart the SQL Server Agent service.

View Answer

Answer: BC

Explanation:

There are two key requirements for writing SQL Server audits to the Windows Security log:

The audit object access setting must be configured to capture the events.

The account that the SQL Server service is running under must have the generate security audits permission to write to the Windows Security log.

References: https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/write-sql-server-auditevents- to-the-security-log