Test your basic knowledge |

MCTS: Monitoring Computers

Subjects : certifications, mcts, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. This Windows log contains core system events. Other system events are contained with Applications And Services Logs.
ds
5985 and 5986
System
event forwarding

2. With event forwarding - only these Windows versions can act as forwarding computers:
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
wecutil qc
winrm quickconfig
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2

3. With ______ - you can send events that match specific criteria to an administrative computer - allowing you to centralize event management.
Server Manager
Custom Views
Wireless Diagnostics
event forwarding

4. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
winrm quickconfig -transport:https
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
5985 and 5986
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)

5. This Windows log contains events generated while installing and updating Windows.
winrm quickconfig
Setup
System
winrm quickconfig -transport:https

6. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
10
Start A Program - Send An E-mail - Display A Message
ds

7. Because the forwarding computer must have HTTP and possibly HTTPS available - you can attempt to connect to it from the collecting computer by using Windows Internet Explorer
wecutil qc
NMCap /network * /capture "DNS" /file filename.cap
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
DiagnosticsPerformanceMonitoring Tools

8. To trigger a task when an event occurs - follow one of these three procedures:
103
Windows Logs and Applications And Services Logs.
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
winrm quickconfig

9. The wecutil ______ parameter deletes a subscription.
winrm quickconfig -transport:https
ds
event forwarding
wecutil qc

10. Present only on DCs - the ______ Data Collector Set logs kernel trace data - AD trace data - performance counters - and AD registry configuration.
Active Directory Diagnostics
5985 and 5986
Performance Monitor
multiple logs

11. You can create two types of subscriptions:
Collector initiated
Collector initiated - Source computer initiated
Ctrl+C
wecutil qc

12. Windows Logs contains five subnodes:
Active Directory Diagnostics
Source computer initiated
network adapter
Application - Security - Setup - System - Forwarded Events

13. The wecutil ______ parameter performs the initial configuration required to collect events. If a subscription already exists - the necessary configuration must have already been performed.
Custom Views
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
qc

14. Find an example of the event in Event Viewer. Then - right-click the event and click ______. A wizard will guide you through the process.
logman start "<Data Collector Set>"
10
Reliability Monitor
Attach Task To This Event

15. With ______ subscriptions - the forwarding computers contact the collecting computer.
Windows Remote Management - Windows Event Collector
System Diagnostics
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Source computer initiated

16. Present only on computers with wireless capabilities - the ______ Data Collector Set logs the same info as the LAN Diagnostics Data Collector Set - plus info relevant to troubleshooting wireless network connections.
System Diagnostics
Wireless Diagnostics
qc
Performance Monitor

17. With event forwarding - only these Windows versions can act as collecting computers:
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
10
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2

18. This captures all traffic on all network interfaces and saves it to a file named Filename.cap. When you are finished capturing - press ______.
network adapter
winrm enumerate winrm/config/Listener
wecutil qc
Ctrl+C

19. This Windows log contains events generated by applications.
Application
System Performance
qc
Collector initiated

20. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
Windows Logs and Applications And Services Logs.
Subscriptions
DiagnosticsPerformanceMonitoring Tools
Wireless Diagnostics

21. When you create a custom view - Event Viewer saves it within the ______ node so that you can quickly view the same set of events.
Custom Views
multiple logs
Start A Program - Send An E-mail - Display A Message
gr

22. With ______ subscriptions - the collecting computer contacts the source computers to retrieve events.
System
winrm quickconfig
103
Collector initiated

23. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
network adapter
Windows Remote Management - Windows Event Collector
Wireless Diagnostics
Performance Monitor

24. Logs processor - disk - memory - and network performance counters and kernel tracing. Use the ______ Data Collector Set when troubleshooting a slow computer or intermittent performance problems.
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Start
System Performance

25. After using a Data Collector Set to gather information and then stopping the Data Collector Set - you can view a summary by right-clicking the Data Collector Set and then choosing ______.
event forwarding
Start
logman start "<Data Collector Set>"
Latest Report

26. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
Setup
winrm enumerate winrm/config/Listener
5985 and 5986
Collector initiated - Source computer initiated

27. Custom views are filters that can display events from ______.
Setup
multiple logs
System Diagnostics
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"

28. ______ gather system information - including configuration settings and performance data - and store it in a data file.
NMCap /network * /capture "DNS" /file filename.cap
Active Directory Diagnostics
Network Monitor
Data Collector Sets

29. One of the most useful ways to use Task Scheduler is to launch a task in response to a specific event type that appears in Event Viewer. You can respond to events in three ways:
System
103
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Start A Program - Send An E-mail - Display A Message

30. To configure a computer running Vista - Win 7 - Win Srvr 2008 - or Win Srvr 2008 R2 to collect events - open a command prompt with administrative privileges. Then - run the following command to configure the Windows Event Collector service:
winrm quickconfig
Source computer initiated
multiple logs
wecutil qc

31. Check the Applications And Services LogsMicrosoftWindowsEventlog-ForwardingPluginOperational event log and verify that the subscription was created successfully. Event ID 100 indicates a new subscription whereas Event ID ______ indicates a subscripti
103
System
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
winrm quickconfig

32. Logs all the info included in the System Performance Data Collector Set - plus detailed system information. Use the ______ Data Collector Set when troubleshooting reliability problems such as problematic hardware - driver failures - or Stop errors (a
When A Specific Event Is Logged
event forwarding
System Diagnostics
wecutil qc

33. The wecutil ______ parameter displays the status of subscriptions.
network adapter
Security
gr
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2

34. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
Server Manager
System Diagnostics
Windows Logs and Applications And Services Logs.
Active Directory Diagnostics

35. Event forwarding uses ______ or ______ to send events from a forwarding computer to a collecting computer.
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
System Performance
winrm quickconfig

36. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
Application
Active Directory Diagnostics
winrm quickconfig
Subscriptions

37. Network Monitor can capture only traffic that the ______ receives.
winrm get winrm/config
wecutil qc
network adapter
Attach Task To This Event

38. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
Windows Logs and Applications And Services Logs.
Windows Remote Management - Windows Event Collector
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Latest Report

39. Event forwarding uses HTTP or HTTPS to send events from a forwarding computer to a collecting computer. Instead of using the standard TCP ports 80 and 443 - HTTP and HTTPS use ports ______ - respectively.
Server Manager
5985 and 5986
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
event forwarding

40. The log files are contained in two subnodes:
wecutil qc
Latest Report
Windows Logs and Applications And Services Logs.
Data Collector Sets

41. To capture network traffic from a command prompt - switch to the Network Monitor installation folder (C:Program FilesMicrosoft Network Monitor 3 by default) and run the following command:
Setup
Ctrl+C
NMCap /network * /capture /file filename.cap
Application - Security - Setup - System - Forwarded Events

42. To run a file named Respond.exe whenever event 177 is published in the System event log - run the following command:
Subscriptions
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Custom Views

43. To use a filter capture - type the filter capture in quotation marks after the /capture parameter. For example - the following command captures only DNS traffic:
Forwarded Events
Latest Report
Source computer initiated
NMCap /network * /capture "DNS" /file filename.cap

44. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
Wireless Diagnostics
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
When A Specific Event Is Logged

45. In Win Srvr 2008 and Win Srvr 2008 R2 - you can also simply select the ______ node in the console tree of Event Viewer to confiture the collecting computer.
Forwarded Events
Performance Monitor
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Subscriptions

46. The Reliability Monitor displays data gathered by the Reliability Analysis Component (RAC) - which is implemented using ______ command.
RACAgent.exe
Collector initiated - Source computer initiated
Data Collector Sets
http://computername:5985 (or https://computername:5986 if you are using HTTPS)

47. To use a Data Collector Set - right-click it - and then choose ______.
winrm quickconfig -transport:https
Collector initiated
Start
qc

48. To create a custom Data Collector Set - follow these steps:
5985 and 5986
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
gr

49. This Windows log contains auditing events that Windows adds when a user accesses or attempts to access a resource that has been configured for auditing.
103
Ctrl+C
Security
Performance Monitor

50. ______ tracks a computer's stability.
Server Manager
Reliability Monitor
NMCap /network * /capture /file filename.cap
Windows Remote Management - Windows Event Collector