Test your basic knowledge |

MCTS: Monitoring Computers

Subjects : certifications, mcts, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. With ______ subscriptions - the forwarding computers contact the collecting computer.
Network Monitor
Active Directory Diagnostics
Source computer initiated
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.

2. To use a filter capture - type the filter capture in quotation marks after the /capture parameter. For example - the following command captures only DNS traffic:
winrm get winrm/config
gr
Application
NMCap /network * /capture "DNS" /file filename.cap

3. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
Subscriptions
NMCap /network * /capture /file filename.cap
Server Manager
http://computername:5985 (or https://computername:5986 if you are using HTTPS)

4. In Win Srvr 2008 and Win Srvr 2008 R2 - you can also simply select the ______ node in the console tree of Event Viewer to confiture the collecting computer.
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Subscriptions
RACAgent.exe

5. Find an example of the event in Event Viewer. Then - right-click the event and click ______. A wizard will guide you through the process.
network adapter
Attach Task To This Event
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.

6. When you create a custom view - Event Viewer saves it within the ______ node so that you can quickly view the same set of events.
Custom Views
NMCap /network * /capture "DNS" /file filename.cap
winrm get winrm/config
ds

7. With ______ - you can send events that match specific criteria to an administrative computer - allowing you to centralize event management.
When A Specific Event Is Logged
gr
event forwarding
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.

8. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
gr
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
winrm enumerate winrm/config/Listener

9. To configure a computer running Vista - Win 7 - Win Srvr 2008 - or Win Srvr 2008 R2 to collect events - open a command prompt with administrative privileges. Then - run the following command to configure the Windows Event Collector service:
winrm quickconfig
wecutil qc
5985 and 5986
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>

10. Network Monitor can capture only traffic that the ______ receives.
winrm quickconfig
network adapter
Setup
gr

11. This Windows log contains core system events. Other system events are contained with Applications And Services Logs.
winrm quickconfig
winrm enumerate winrm/config/Listener
ds
System

12. Present only on DCs - the ______ Data Collector Set logs kernel trace data - AD trace data - performance counters - and AD registry configuration.
NMCap /network * /capture "DNS" /file filename.cap
Active Directory Diagnostics
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
Security

13. To capture network traffic from a command prompt - switch to the Network Monitor installation folder (C:Program FilesMicrosoft Network Monitor 3 by default) and run the following command:
winrm enumerate winrm/config/Listener
NMCap /network * /capture /file filename.cap
Windows Remote Management - Windows Event Collector
winrm quickconfig

14. Although you can create data collector sets using the Logman tool - creating them using the Data Collector Sets console is easier. You can then run the data collector set by using the following command:
NMCap /network * /capture /file filename.cap
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
logman start "<Data Collector Set>"
Latest Report

15. Custom views are filters that can display events from ______.
multiple logs
winrm quickconfig -transport:https
System Diagnostics
Network Monitor

16. Because the forwarding computer must have HTTP and possibly HTTPS available - you can attempt to connect to it from the collecting computer by using Windows Internet Explorer
Security
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
winrm enumerate winrm/config/Listener

17. This Windows log contains auditing events that Windows adds when a user accesses or attempts to access a resource that has been configured for auditing.
Security
Start A Program - Send An E-mail - Display A Message
DiagnosticsPerformanceMonitoring Tools
System

18. The wecutil ______ parameter deletes a subscription.
ds
Application
Application - Security - Setup - System - Forwarded Events
http://computername:5985 (or https://computername:5986 if you are using HTTPS)

19. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
Subscriptions
Ctrl+C
winrm quickconfig -transport:https
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.

20. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
Server Manager
ds
Windows Remote Management - Windows Event Collector
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics

21. This Windows log contains events generated while installing and updating Windows.
network adapter
winrm quickconfig
Setup
Source computer initiated

22. Event forwarding uses HTTP or HTTPS to send events from a forwarding computer to a collecting computer. Instead of using the standard TCP ports 80 and 443 - HTTP and HTTPS use ports ______ - respectively.
Server Manager
Ctrl+C
103
5985 and 5986

23. Event forwarding uses ______ or ______ to send events from a forwarding computer to a collecting computer.
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Windows Logs and Applications And Services Logs.
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Collector initiated - Source computer initiated

24. The Reliability Monitor displays data gathered by the Reliability Analysis Component (RAC) - which is implemented using ______ command.
winrm quickconfig
Wireless Diagnostics
RACAgent.exe
System Performance

25. The Minimize Bandwidth and Minimize Latency options of Event Subscriptions - both batch a default number of items at a time. You can determine the value of this default by typing the following command at a command prompt:
winrm get winrm/config
ds
network adapter
winrm quickconfig

26. To run a file named Respond.exe whenever event 177 is published in the System event log - run the following command:
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Setup
Wireless Diagnostics
qc

27. ______ tracks a computer's stability.
Reliability Monitor
Application
System Performance
NMCap /network * /capture /file filename.cap

28. Windows Logs contains five subnodes:
Start
RACAgent.exe
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Application - Security - Setup - System - Forwarded Events

29. With ______ subscriptions - the collecting computer contacts the source computers to retrieve events.
10
Collector initiated
Setup
wecutil qc

30. This captures all traffic on all network interfaces and saves it to a file named Filename.cap. When you are finished capturing - press ______.
Ctrl+C
Start A Program - Send An E-mail - Display A Message
Wireless Diagnostics
Subscriptions

31. Check the Applications And Services LogsMicrosoftWindowsEventlog-ForwardingPluginOperational event log and verify that the subscription was created successfully. Event ID 100 indicates a new subscription whereas Event ID ______ indicates a subscripti
10
Security
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
103

32. You can create two types of subscriptions:
Data Collector Sets
Application
Collector initiated - Source computer initiated
Active Directory Diagnostics

33. The wecutil ______ parameter displays the status of subscriptions.
gr
multiple logs
System
http://computername:5985 (or https://computername:5986 if you are using HTTPS)

34. With event forwarding - only these Windows versions can act as collecting computers:
Data Collector Sets
Forwarded Events
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Server Manager

35. Microsoft provides ______ - a powerful protocol analyzer - as a free download.
Custom Views
System Diagnostics
Network Monitor
winrm get winrm/config

36. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
winrm quickconfig
5985 and 5986
Subscriptions
Source computer initiated

37. Present only on computers with wireless capabilities - the ______ Data Collector Set logs the same info as the LAN Diagnostics Data Collector Set - plus info relevant to troubleshooting wireless network connections.
Wireless Diagnostics
winrm quickconfig
Latest Report
Ctrl+C

38. With event forwarding - only these Windows versions can act as forwarding computers:
Network Monitor
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
multiple logs
wecutil qc

39. The wecutil ______ parameter performs the initial configuration required to collect events. If a subscription already exists - the necessary configuration must have already been performed.
logman start "<Data Collector Set>"
10
Application - Security - Setup - System - Forwarded Events
qc

40. The wecutil ______ parameter defines subscription configuration. To specify a custom interval for a subscription - run the following commands: ______.
qc
NMCap /network * /capture /file filename.cap
System Performance
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>

41. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
When A Specific Event Is Logged
Server Manager
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
NMCap /network * /capture /file filename.cap

42. To use a Data Collector Set - right-click it - and then choose ______.
Start
System Performance
Ctrl+C
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>

43. This Windows log contains events generated by applications.
Application
10
Attach Task To This Event
System Diagnostics

44. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
winrm quickconfig
System

45. This Windows log contains events forwarded to this computer from other computers.
logman start "<Data Collector Set>"
Forwarded Events
Performance Monitor
103

46. What command should you run to configure a collecting computer?
wecutil qc
event forwarding
Windows Logs and Applications And Services Logs.
ds

47. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
event forwarding
Windows Remote Management - Windows Event Collector
DiagnosticsPerformanceMonitoring Tools
Network Monitor

48. What command should you run to configure a forwarding computer?
Reliability Monitor
winrm quickconfig
When A Specific Event Is Logged
winrm get winrm/config

49. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
multiple logs
Application
DiagnosticsPerformanceMonitoring Tools
Windows Remote Management - Windows Event Collector

50. To create a custom Data Collector Set - follow these steps:
wecutil qc
System Diagnostics
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
Subscriptions