Test your basic knowledge |

MCTS: Monitoring Computers

Subjects : certifications, mcts, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
Windows Remote Management - Windows Event Collector
winrm quickconfig
Source computer initiated
5985 and 5986

2. Custom views are filters that can display events from ______.
multiple logs
Application - Security - Setup - System - Forwarded Events
qc
System Performance

3. After using a Data Collector Set to gather information and then stopping the Data Collector Set - you can view a summary by right-clicking the Data Collector Set and then choosing ______.
Attach Task To This Event
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Latest Report
When A Specific Event Is Logged

4. With ______ subscriptions - the forwarding computers contact the collecting computer.
Ctrl+C
Application
Performance Monitor
Source computer initiated

5. Windows Logs contains five subnodes:
DiagnosticsPerformanceMonitoring Tools
gr
Application - Security - Setup - System - Forwarded Events
Latest Report

6. This Windows log contains events generated while installing and updating Windows.
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Setup
Server Manager
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]

7. One of the most useful ways to use Task Scheduler is to launch a task in response to a specific event type that appears in Event Viewer. You can respond to events in three ways:
qc
winrm quickconfig
Start A Program - Send An E-mail - Display A Message
Windows Remote Management - Windows Event Collector

8. To run a file named Respond.exe whenever event 177 is published in the System event log - run the following command:
event forwarding
qc
gr
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]

9. With event forwarding - only these Windows versions can act as forwarding computers:
When A Specific Event Is Logged
103
Windows Remote Management - Windows Event Collector
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2

10. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
DiagnosticsPerformanceMonitoring Tools
multiple logs
Reliability Monitor
Server Manager

11. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
winrm get winrm/config
Collector initiated
Wireless Diagnostics

12. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
Application
DiagnosticsPerformanceMonitoring Tools
winrm quickconfig -transport:https
qc

13. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
logman start "<Data Collector Set>"
System Diagnostics
ds
winrm quickconfig

14. ______ graphically shows real-time performance data - including processor utilization - network bandwidth usage - and thousands of other statistics.
winrm enumerate winrm/config/Listener
Performance Monitor
DiagnosticsPerformanceMonitoring Tools
Wireless Diagnostics

15. This Windows log contains events forwarded to this computer from other computers.
Forwarded Events
wecutil qc
Ctrl+C
When A Specific Event Is Logged

16. Microsoft provides ______ - a powerful protocol analyzer - as a free download.
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
multiple logs
Network Monitor
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2

17. To trigger a task when an event occurs - follow one of these three procedures:
Wireless Diagnostics
Windows Logs and Applications And Services Logs.
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
winrm quickconfig

18. The wecutil ______ parameter performs the initial configuration required to collect events. If a subscription already exists - the necessary configuration must have already been performed.
qc
Subscriptions
DiagnosticsPerformanceMonitoring Tools
wecutil qc

19. With ______ subscriptions - the collecting computer contacts the source computers to retrieve events.
Collector initiated - Source computer initiated
Custom Views
Collector initiated
Application - Security - Setup - System - Forwarded Events

20. Present only on DCs - the ______ Data Collector Set logs kernel trace data - AD trace data - performance counters - and AD registry configuration.
network adapter
Active Directory Diagnostics
NMCap /network * /capture /file filename.cap
Application - Security - Setup - System - Forwarded Events

21. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
winrm enumerate winrm/config/Listener
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Application - Security - Setup - System - Forwarded Events

22. In Win Srvr 2008 and Win Srvr 2008 R2 - you can also simply select the ______ node in the console tree of Event Viewer to confiture the collecting computer.
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Subscriptions
Performance Monitor
Forwarded Events

23. ______ tracks a computer's stability.
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Windows Remote Management - Windows Event Collector
Reliability Monitor
qc

24. With ______ - you can send events that match specific criteria to an administrative computer - allowing you to centralize event management.
Application - Security - Setup - System - Forwarded Events
winrm quickconfig -transport:https
Start A Program - Send An E-mail - Display A Message
event forwarding

25. Event forwarding uses ______ or ______ to send events from a forwarding computer to a collecting computer.
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
winrm get winrm/config
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Reliability Monitor

26. You can create two types of subscriptions:
Collector initiated - Source computer initiated
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
winrm get winrm/config
winrm quickconfig

27. When you create a custom view - Event Viewer saves it within the ______ node so that you can quickly view the same set of events.
Latest Report
Custom Views
Wireless Diagnostics
Network Monitor

28. This captures all traffic on all network interfaces and saves it to a file named Filename.cap. When you are finished capturing - press ______.
5985 and 5986
Windows Remote Management - Windows Event Collector
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Ctrl+C

29. Check the Applications And Services LogsMicrosoftWindowsEventlog-ForwardingPluginOperational event log and verify that the subscription was created successfully. Event ID 100 indicates a new subscription whereas Event ID ______ indicates a subscripti
winrm quickconfig -transport:https
103
Custom Views
10

30. Although you can create data collector sets using the Logman tool - creating them using the Data Collector Sets console is easier. You can then run the data collector set by using the following command:
Setup
DiagnosticsPerformanceMonitoring Tools
Attach Task To This Event
logman start "<Data Collector Set>"

31. The log files are contained in two subnodes:
Windows Logs and Applications And Services Logs.
gr
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2

32. To use a filter capture - type the filter capture in quotation marks after the /capture parameter. For example - the following command captures only DNS traffic:
NMCap /network * /capture "DNS" /file filename.cap
Attach Task To This Event
System Diagnostics
qc

33. Logs processor - disk - memory - and network performance counters and kernel tracing. Use the ______ Data Collector Set when troubleshooting a slow computer or intermittent performance problems.
Data Collector Sets
5985 and 5986
System Performance
Setup

34. To use a Data Collector Set - right-click it - and then choose ______.
qc
Start
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2

35. To configure a computer running Vista - Win 7 - Win Srvr 2008 - or Win Srvr 2008 R2 to collect events - open a command prompt with administrative privileges. Then - run the following command to configure the Windows Event Collector service:
wecutil qc
5985 and 5986
logman start "<Data Collector Set>"
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)

36. This Windows log contains auditing events that Windows adds when a user accesses or attempts to access a resource that has been configured for auditing.
Security
Wireless Diagnostics
Application - Security - Setup - System - Forwarded Events
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"

37. Present only on computers with wireless capabilities - the ______ Data Collector Set logs the same info as the LAN Diagnostics Data Collector Set - plus info relevant to troubleshooting wireless network connections.
Wireless Diagnostics
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
System Diagnostics
Start

38. The Minimize Bandwidth and Minimize Latency options of Event Subscriptions - both batch a default number of items at a time. You can determine the value of this default by typing the following command at a command prompt:
gr
Data Collector Sets
Start A Program - Send An E-mail - Display A Message
winrm get winrm/config

39. This Windows log contains core system events. Other system events are contained with Applications And Services Logs.
103
System
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Collector initiated

40. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
10
Windows Logs and Applications And Services Logs.
ds
DiagnosticsPerformanceMonitoring Tools

41. The wecutil ______ parameter deletes a subscription.
ds
5985 and 5986
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
10

42. ______ gather system information - including configuration settings and performance data - and store it in a data file.
Windows Remote Management - Windows Event Collector
Server Manager
Data Collector Sets
winrm get winrm/config

43. Network Monitor can capture only traffic that the ______ receives.
network adapter
Latest Report
103
Ctrl+C

44. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
Reliability Monitor
System Performance
Wireless Diagnostics
When A Specific Event Is Logged

45. What command should you run to configure a forwarding computer?
Application
gr
winrm quickconfig
wecutil qc

46. The Reliability Monitor displays data gathered by the Reliability Analysis Component (RAC) - which is implemented using ______ command.
Network Monitor
RACAgent.exe
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.

47. The wecutil ______ parameter defines subscription configuration. To specify a custom interval for a subscription - run the following commands: ______.
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
ds
Security
System Performance

48. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
Wireless Diagnostics
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
winrm enumerate winrm/config/Listener
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.

49. With event forwarding - only these Windows versions can act as collecting computers:
System Performance
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Latest Report

50. Logs all the info included in the System Performance Data Collector Set - plus detailed system information. Use the ______ Data Collector Set when troubleshooting reliability problems such as problematic hardware - driver failures - or Stop errors (a
System Diagnostics
DiagnosticsPerformanceMonitoring Tools
network adapter
System