I think the sections "Audit Policy Settings" and "Audit Policies & Logging" are essentially saying the same thing twice. I noticed they both cover the exact same ground—mentioning visibility, password spraying, and Kerberoasting—just with slightly different phrasing.