In Windows 2000 Event Viewer, which log should you examine to view the results of security auditing, such as successful and failed logon attempts or access to secured resources?

Introduction / Context:
Windows 2000 and later operating systems use Event Viewer to record important system, application, and security-related events. When auditing is enabled, events such as logon attempts, file access, and policy changes are written to a specific log. This question tests whether you can correctly identify which Event Viewer log stores these security auditing results.

Given Data / Assumptions:

You are working on a Windows 2000 or similar system that uses Event Viewer.
Security auditing has been configured, for example to track logon attempts or resource access.
You need to examine the results of these audits to troubleshoot security incidents or verify compliance.
The available Event Viewer logs include Application, Security, System, and in some cases Directory Service logs on domain controllers.
You must choose which log specifically stores security audit events.

Concept / Approach:
Event Viewer organizes events into separate logs based on their origin and purpose. The Application log records events logged by applications. The System log records events related to the operating system and device drivers. The Security log is dedicated to security-related events, such as logon successes and failures, object access, privilege use, and policy changes, as long as auditing is enabled. The Directory Service log is used on domain controllers to record events related to Active Directory operations. Therefore, the correct log for auditing results is the Security log.

Step-by-Step Solution:
Step 1: Identify that the question is explicitly about the results of security auditing. Step 2: Recall that the Security log in Event Viewer is designed to store such events. Step 3: Understand that the Application and System logs, while important, serve different purposes related to applications and operating system components. Step 4: Note that the Directory Service log is relevant only on domain controllers and focuses on Active Directory rather than generic security audit events. Step 5: Conclude that the Security log is the one to examine for audit results.

Verification / Alternative check:
In practice, when you open Event Viewer on a Windows 2000 system and wish to see whether a user’s logon attempt succeeded or failed, you select the Security log. There you can filter events by category, such as Logon/Logoff or Object Access. Using the other logs would not show the audit trail you are interested in. This real-world behavior confirms that the Security log is the correct answer.

Why Other Options Are Wrong:
Application Log – Records events generated by applications, such as errors or informational messages, not security audit results.

System Log – Contains events from core system components and drivers, including system errors and warnings, but not the main stream of audit events.

Directory Service Log – Present on domain controllers for recording directory service-specific events, not general security audit events.

Common Pitfalls:
Learners sometimes look in the System log for all important events, forgetting that security has a dedicated log. Another mistake is assuming that application-related security events might appear in the Application log. While some applications can log custom security information there, the official audit trail for logon, access, and policy events is in the Security log. Always remember this distinction for both troubleshooting and exam questions.

Final Answer:
The results of security auditing are recorded in the Security Log in Event Viewer.