Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services  （AD CS） is configured as a standalone Certification Authority （CA） on the server. You need to audit changes to the CA configuration settings and the CA security settings. Which two tasks should you perform（）

• A、Configure auditing in the Certification Authority snap-in.
• B、 Enable  auditing  of  successful  and  failed  attempts  to  change  permissions  on  files  in  the %SYSTEM32%/CertSrv directory.
• C、Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%/CertLog directory.
• D、Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate  Services （AD CS） server.