In a situation where unpopular policy decisions may lead to attacks, which resource should be audited aggressively?

Auditing authentication databases, including directory servers, is critical in situations where unpopular policy decisions may lead to attacks because these databases contain sensitive information about user credentials and access rights. If attackers gain unauthorized access to authentication databases, they could exploit legitimate user accounts or escalate privileges, potentially compromising the entire system.

When auditing authentication databases, you're focusing on ensuring that access controls are enforced correctly and that any unusual or unauthorized access attempts are logged and investigated. This proactive approach is vital in mitigating risks associated with dissent, where disgruntled users might attempt to breach security measures in retaliation against unpopular policies.

While other resources such as intrusion detection systems, log files on firewall systems, and firewall settings for desktop systems are important for overall security monitoring and defense, they do not provide the same level of direct insight into authentication processes and user access controls. Therefore, aggressive auditing of authentication databases allows organizations to strengthen their defenses against potential insider threats or retaliation attacks arising from unpopular policy decisions.