Test your basic knowledge |

MCTS: Monitoring Computers

Subjects : certifications, mcts, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. In Win Srvr 2008 and Win Srvr 2008 R2 - you can also simply select the ______ node in the console tree of Event Viewer to confiture the collecting computer.
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Subscriptions
Custom Views
DiagnosticsPerformanceMonitoring Tools

2. Microsoft provides ______ - a powerful protocol analyzer - as a free download.
Application - Security - Setup - System - Forwarded Events
ds
event forwarding
Network Monitor

3. This Windows log contains core system events. Other system events are contained with Applications And Services Logs.
103
System
Performance Monitor
http://computername:5985 (or https://computername:5986 if you are using HTTPS)

4. Event forwarding uses HTTP or HTTPS to send events from a forwarding computer to a collecting computer. Instead of using the standard TCP ports 80 and 443 - HTTP and HTTPS use ports ______ - respectively.
5985 and 5986
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
gr
Active Directory Diagnostics

5. Because the forwarding computer must have HTTP and possibly HTTPS available - you can attempt to connect to it from the collecting computer by using Windows Internet Explorer
ds
gr
System Diagnostics
http://computername:5985 (or https://computername:5986 if you are using HTTPS)

6. With ______ subscriptions - the forwarding computers contact the collecting computer.
Security
Custom Views
Active Directory Diagnostics
Source computer initiated

7. ______ graphically shows real-time performance data - including processor utilization - network bandwidth usage - and thousands of other statistics.
Performance Monitor
Windows Logs and Applications And Services Logs.
Application - Security - Setup - System - Forwarded Events
winrm get winrm/config

8. To configure a computer running Vista - Win 7 - Win Srvr 2008 - or Win Srvr 2008 R2 to collect events - open a command prompt with administrative privileges. Then - run the following command to configure the Windows Event Collector service:
wecutil qc
Windows Logs and Applications And Services Logs.
Start A Program - Send An E-mail - Display A Message
Source computer initiated

9. ______ gather system information - including configuration settings and performance data - and store it in a data file.
Data Collector Sets
System
Reliability Monitor
Windows Remote Management - Windows Event Collector

10. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
DiagnosticsPerformanceMonitoring Tools
When A Specific Event Is Logged
ds
103

11. With ______ - you can send events that match specific criteria to an administrative computer - allowing you to centralize event management.
Start A Program - Send An E-mail - Display A Message
103
Data Collector Sets
event forwarding

12. Logs all the info included in the System Performance Data Collector Set - plus detailed system information. Use the ______ Data Collector Set when troubleshooting reliability problems such as problematic hardware - driver failures - or Stop errors (a
When A Specific Event Is Logged
Forwarded Events
System Diagnostics
System

13. To create a custom Data Collector Set - follow these steps:
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
ds
winrm enumerate winrm/config/Listener
Ctrl+C

14. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
Server Manager
winrm quickconfig
Latest Report
Ctrl+C

15. To trigger a task when an event occurs - follow one of these three procedures:
103
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
winrm quickconfig
Start

16. You can create two types of subscriptions:
Subscriptions
Collector initiated - Source computer initiated
wecutil qc
winrm enumerate winrm/config/Listener

17. Present only on DCs - the ______ Data Collector Set logs kernel trace data - AD trace data - performance counters - and AD registry configuration.
multiple logs
Security
NMCap /network * /capture "DNS" /file filename.cap
Active Directory Diagnostics

18. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
Latest Report
winrm enumerate winrm/config/Listener
10
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2

19. This captures all traffic on all network interfaces and saves it to a file named Filename.cap. When you are finished capturing - press ______.
Custom Views
Source computer initiated
Ctrl+C
Wireless Diagnostics

20. To run a file named Respond.exe whenever event 177 is published in the System event log - run the following command:
DiagnosticsPerformanceMonitoring Tools
Application
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2

21. The log files are contained in two subnodes:
Windows Logs and Applications And Services Logs.
Application - Security - Setup - System - Forwarded Events
Latest Report
multiple logs

22. The Minimize Bandwidth and Minimize Latency options of Event Subscriptions - both batch a default number of items at a time. You can determine the value of this default by typing the following command at a command prompt:
Active Directory Diagnostics
Reliability Monitor
winrm get winrm/config
Attach Task To This Event

23. Network Monitor can capture only traffic that the ______ receives.
10
logman start "<Data Collector Set>"
Custom Views
network adapter

24. Present only on computers with wireless capabilities - the ______ Data Collector Set logs the same info as the LAN Diagnostics Data Collector Set - plus info relevant to troubleshooting wireless network connections.
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Wireless Diagnostics
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Start

25. Check the Applications And Services LogsMicrosoftWindowsEventlog-ForwardingPluginOperational event log and verify that the subscription was created successfully. Event ID 100 indicates a new subscription whereas Event ID ______ indicates a subscripti
103
Network Monitor
Start A Program - Send An E-mail - Display A Message
wecutil qc

26. ______ tracks a computer's stability.
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Performance Monitor
Reliability Monitor
System Performance

27. This Windows log contains auditing events that Windows adds when a user accesses or attempts to access a resource that has been configured for auditing.
Security
NMCap /network * /capture "DNS" /file filename.cap
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
Start

28. The wecutil ______ parameter performs the initial configuration required to collect events. If a subscription already exists - the necessary configuration must have already been performed.
Wireless Diagnostics
qc
winrm quickconfig
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.

29. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
Forwarded Events
Security
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Windows Remote Management - Windows Event Collector

30. The wecutil ______ parameter defines subscription configuration. To specify a custom interval for a subscription - run the following commands: ______.
Attach Task To This Event
RACAgent.exe
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
winrm get winrm/config

31. To use a Data Collector Set - right-click it - and then choose ______.
103
Start A Program - Send An E-mail - Display A Message
Application
Start

32. What command should you run to configure a collecting computer?
Forwarded Events
wecutil qc
Start A Program - Send An E-mail - Display A Message
Wireless Diagnostics

33. After using a Data Collector Set to gather information and then stopping the Data Collector Set - you can view a summary by right-clicking the Data Collector Set and then choosing ______.
Latest Report
Windows Remote Management - Windows Event Collector
Network Monitor
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.

34. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Source computer initiated

35. The wecutil ______ parameter deletes a subscription.
winrm quickconfig -transport:https
ds
logman start "<Data Collector Set>"
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>

36. This Windows log contains events forwarded to this computer from other computers.
System Performance
Latest Report
NMCap /network * /capture "DNS" /file filename.cap
Forwarded Events

37. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
ds
Source computer initiated
winrm quickconfig -transport:https

38. The wecutil ______ parameter displays the status of subscriptions.
Security
Application - Security - Setup - System - Forwarded Events
gr
winrm get winrm/config

39. Computers that have no errors and no new software installations are considered stable and can achieve the maximum system stability index of ______.
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Security
network adapter
10

40. What command should you run to configure a forwarding computer?
DiagnosticsPerformanceMonitoring Tools
System Performance
Network Monitor
winrm quickconfig

41. The Reliability Monitor displays data gathered by the Reliability Analysis Component (RAC) - which is implemented using ______ command.
RACAgent.exe
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Subscriptions

42. This Windows log contains events generated by applications.
Application
Server Manager
5985 and 5986
Ctrl+C

43. Windows Logs contains five subnodes:
Application - Security - Setup - System - Forwarded Events
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Server Manager
Subscriptions

44. Event forwarding uses ______ or ______ to send events from a forwarding computer to a collecting computer.
winrm get winrm/config
Ctrl+C
Custom Views
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)

45. Logs processor - disk - memory - and network performance counters and kernel tracing. Use the ______ Data Collector Set when troubleshooting a slow computer or intermittent performance problems.
logman start "<Data Collector Set>"
System Performance
5985 and 5986
Ctrl+C

46. One of the most useful ways to use Task Scheduler is to launch a task in response to a specific event type that appears in Event Viewer. You can respond to events in three ways:
RACAgent.exe
DiagnosticsPerformanceMonitoring Tools
Start A Program - Send An E-mail - Display A Message
winrm quickconfig

47. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
Network Monitor
When A Specific Event Is Logged
10
http://computername:5985 (or https://computername:5986 if you are using HTTPS)

48. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Subscriptions
Active Directory Diagnostics

49. This Windows log contains events generated while installing and updating Windows.
Setup
Reliability Monitor
logman start "<Data Collector Set>"
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.

50. With event forwarding - only these Windows versions can act as collecting computers:
Data Collector Sets
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
5985 and 5986