Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services （AD CS） is configured as a standalone Certification Authority （CA） on the server. You need to audit changes to the CA configuration settings and the CA security settings. Which two tasks should you perform（）

A. Configure auditing in the Certification Authority snap-in.
B. Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32%\CertSrv dire
C. Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%\CertLog directory.
D. Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate Service