Test your basic knowledge |

MCTS: Monitoring Computers

Subjects : certifications, mcts, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You can create two types of subscriptions:
winrm quickconfig
RACAgent.exe
Collector initiated - Source computer initiated
Subscriptions

2. What command should you run to configure a collecting computer?
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
wecutil qc
103
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.

3. With ______ - you can send events that match specific criteria to an administrative computer - allowing you to centralize event management.
Application
Forwarded Events
System
event forwarding

4. Microsoft provides ______ - a powerful protocol analyzer - as a free download.
Attach Task To This Event
winrm get winrm/config
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
Network Monitor

5. What command should you run to configure a forwarding computer?
winrm quickconfig
NMCap /network * /capture "DNS" /file filename.cap
DiagnosticsPerformanceMonitoring Tools
winrm get winrm/config

6. To trigger a task when an event occurs - follow one of these three procedures:
NMCap /network * /capture "DNS" /file filename.cap
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
ds
winrm get winrm/config

7. In Win Srvr 2008 and Win Srvr 2008 R2 - you can also simply select the ______ node in the console tree of Event Viewer to confiture the collecting computer.
Performance Monitor
Subscriptions
System Performance
Setup

8. This Windows log contains auditing events that Windows adds when a user accesses or attempts to access a resource that has been configured for auditing.
Reliability Monitor
Application - Security - Setup - System - Forwarded Events
Security
Start A Program - Send An E-mail - Display A Message

9. To configure a computer running Vista - Win 7 - Win Srvr 2008 - or Win Srvr 2008 R2 to collect events - open a command prompt with administrative privileges. Then - run the following command to configure the Windows Event Collector service:
wecutil qc
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
winrm enumerate winrm/config/Listener
Latest Report

10. With event forwarding - only these Windows versions can act as forwarding computers:
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
NMCap /network * /capture "DNS" /file filename.cap
Attach Task To This Event
event forwarding

11. Find an example of the event in Event Viewer. Then - right-click the event and click ______. A wizard will guide you through the process.
Data Collector Sets
System
Attach Task To This Event
qc

12. ______ graphically shows real-time performance data - including processor utilization - network bandwidth usage - and thousands of other statistics.
Performance Monitor
wecutil qc
Active Directory Diagnostics
System

13. The wecutil ______ parameter performs the initial configuration required to collect events. If a subscription already exists - the necessary configuration must have already been performed.
qc
10
Windows Logs and Applications And Services Logs.
winrm get winrm/config

14. The Minimize Bandwidth and Minimize Latency options of Event Subscriptions - both batch a default number of items at a time. You can determine the value of this default by typing the following command at a command prompt:
winrm get winrm/config
wecutil qc
Application - Security - Setup - System - Forwarded Events
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"

15. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
DiagnosticsPerformanceMonitoring Tools
Latest Report
Reliability Monitor
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.

16. The Reliability Monitor displays data gathered by the Reliability Analysis Component (RAC) - which is implemented using ______ command.
winrm quickconfig
RACAgent.exe
Data Collector Sets
Forwarded Events

17. After using a Data Collector Set to gather information and then stopping the Data Collector Set - you can view a summary by right-clicking the Data Collector Set and then choosing ______.
Latest Report
winrm quickconfig -transport:https
System Diagnostics
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.

18. Event forwarding uses HTTP or HTTPS to send events from a forwarding computer to a collecting computer. Instead of using the standard TCP ports 80 and 443 - HTTP and HTTPS use ports ______ - respectively.
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
System
Start A Program - Send An E-mail - Display A Message
5985 and 5986

19. Computers that have no errors and no new software installations are considered stable and can achieve the maximum system stability index of ______.
10
Windows Remote Management - Windows Event Collector
winrm quickconfig -transport:https
Subscriptions

20. When you create a custom view - Event Viewer saves it within the ______ node so that you can quickly view the same set of events.
Forwarded Events
wecutil qc
Custom Views
103

21. To use a filter capture - type the filter capture in quotation marks after the /capture parameter. For example - the following command captures only DNS traffic:
NMCap /network * /capture "DNS" /file filename.cap
Collector initiated - Source computer initiated
Collector initiated
Setup

22. This Windows log contains core system events. Other system events are contained with Applications And Services Logs.
wecutil qc
qc
System
event forwarding

23. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
Server Manager
When A Specific Event Is Logged
Collector initiated
Wireless Diagnostics

24. Because the forwarding computer must have HTTP and possibly HTTPS available - you can attempt to connect to it from the collecting computer by using Windows Internet Explorer
Performance Monitor
10
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
wecutil qc

25. The log files are contained in two subnodes:
Windows Logs and Applications And Services Logs.
gr
Security
When A Specific Event Is Logged

26. One of the most useful ways to use Task Scheduler is to launch a task in response to a specific event type that appears in Event Viewer. You can respond to events in three ways:
NMCap /network * /capture /file filename.cap
Start A Program - Send An E-mail - Display A Message
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Windows Remote Management - Windows Event Collector

27. With event forwarding - only these Windows versions can act as collecting computers:
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
wecutil qc
Custom Views
wecutil qc

28. The wecutil ______ parameter displays the status of subscriptions.
gr
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
System
Application

29. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
System Performance
Collector initiated
Wireless Diagnostics
winrm quickconfig

30. ______ gather system information - including configuration settings and performance data - and store it in a data file.
Custom Views
System Diagnostics
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Data Collector Sets

31. Although you can create data collector sets using the Logman tool - creating them using the Data Collector Sets console is easier. You can then run the data collector set by using the following command:
logman start "<Data Collector Set>"
Ctrl+C
When A Specific Event Is Logged
Windows Logs and Applications And Services Logs.

32. Network Monitor can capture only traffic that the ______ receives.
winrm quickconfig
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
network adapter
winrm quickconfig

33. To create a custom Data Collector Set - follow these steps:
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Setup
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.

34. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
winrm quickconfig -transport:https
event forwarding
System Performance
wecutil qc

35. The wecutil ______ parameter defines subscription configuration. To specify a custom interval for a subscription - run the following commands: ______.
Performance Monitor
Collector initiated - Source computer initiated
Subscriptions
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>

36. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Forwarded Events
qc
When A Specific Event Is Logged

37. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
gr
NMCap /network * /capture "DNS" /file filename.cap
wecutil qc

38. To capture network traffic from a command prompt - switch to the Network Monitor installation folder (C:Program FilesMicrosoft Network Monitor 3 by default) and run the following command:
NMCap /network * /capture /file filename.cap
Custom Views
Wireless Diagnostics
ds

39. Custom views are filters that can display events from ______.
multiple logs
Collector initiated
Subscriptions
winrm enumerate winrm/config/Listener

40. This Windows log contains events generated while installing and updating Windows.
10
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Setup
System Performance

41. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
Windows Logs and Applications And Services Logs.
qc
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
winrm enumerate winrm/config/Listener

42. ______ tracks a computer's stability.
Reliability Monitor
When A Specific Event Is Logged
RACAgent.exe
Collector initiated - Source computer initiated

43. This Windows log contains events forwarded to this computer from other computers.
Forwarded Events
Performance Monitor
Ctrl+C
Source computer initiated

44. To run a file named Respond.exe whenever event 177 is published in the System event log - run the following command:
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Start
winrm get winrm/config

45. Event forwarding uses ______ or ______ to send events from a forwarding computer to a collecting computer.
5985 and 5986
network adapter
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
System Performance

46. Windows Logs contains five subnodes:
Application - Security - Setup - System - Forwarded Events
Data Collector Sets
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
10

47. With ______ subscriptions - the forwarding computers contact the collecting computer.
winrm enumerate winrm/config/Listener
Source computer initiated
DiagnosticsPerformanceMonitoring Tools
Ctrl+C

48. The wecutil ______ parameter deletes a subscription.
System Performance
NMCap /network * /capture "DNS" /file filename.cap
ds
Subscriptions

49. To use a Data Collector Set - right-click it - and then choose ______.
103
Start
Application - Security - Setup - System - Forwarded Events
winrm quickconfig

50. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
winrm quickconfig -transport:https
System
Wireless Diagnostics
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics