SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MCTS: Monitoring Computers
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
Subscriptions
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
winrm quickconfig
winrm quickconfig -transport:https
2. The wecutil ______ parameter displays the status of subscriptions.
gr
Custom Views
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
NMCap /network * /capture /file filename.cap
3. With event forwarding - only these Windows versions can act as forwarding computers:
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Source computer initiated
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
4. To configure a computer running Vista - Win 7 - Win Srvr 2008 - or Win Srvr 2008 R2 to collect events - open a command prompt with administrative privileges. Then - run the following command to configure the Windows Event Collector service:
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
wecutil qc
Attach Task To This Event
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
5. Present only on computers with wireless capabilities - the ______ Data Collector Set logs the same info as the LAN Diagnostics Data Collector Set - plus info relevant to troubleshooting wireless network connections.
Wireless Diagnostics
Start A Program - Send An E-mail - Display A Message
Source computer initiated
5985 and 5986
6. Although you can create data collector sets using the Logman tool - creating them using the Data Collector Sets console is easier. You can then run the data collector set by using the following command:
Network Monitor
System Diagnostics
logman start "<Data Collector Set>"
ds
7. To use a filter capture - type the filter capture in quotation marks after the /capture parameter. For example - the following command captures only DNS traffic:
wecutil qc
multiple logs
When A Specific Event Is Logged
NMCap /network * /capture "DNS" /file filename.cap
8. Event forwarding uses HTTP or HTTPS to send events from a forwarding computer to a collecting computer. Instead of using the standard TCP ports 80 and 443 - HTTP and HTTPS use ports ______ - respectively.
logman start "<Data Collector Set>"
5985 and 5986
Reliability Monitor
Ctrl+C
9. This Windows log contains events forwarded to this computer from other computers.
System
5985 and 5986
When A Specific Event Is Logged
Forwarded Events
10. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
Subscriptions
When A Specific Event Is Logged
Data Collector Sets
Windows Remote Management - Windows Event Collector
11. Logs all the info included in the System Performance Data Collector Set - plus detailed system information. Use the ______ Data Collector Set when troubleshooting reliability problems such as problematic hardware - driver failures - or Stop errors (a
Data Collector Sets
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
System Diagnostics
Latest Report
12. Custom views are filters that can display events from ______.
103
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
ds
multiple logs
13. Find an example of the event in Event Viewer. Then - right-click the event and click ______. A wizard will guide you through the process.
Security
event forwarding
Attach Task To This Event
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
14. Network Monitor can capture only traffic that the ______ receives.
Collector initiated
Custom Views
network adapter
winrm quickconfig -transport:https
15. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
winrm quickconfig -transport:https
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Application
gr
16. To run a file named Respond.exe whenever event 177 is published in the System event log - run the following command:
5985 and 5986
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
NMCap /network * /capture /file filename.cap
17. The Reliability Monitor displays data gathered by the Reliability Analysis Component (RAC) - which is implemented using ______ command.
multiple logs
RACAgent.exe
NMCap /network * /capture "DNS" /file filename.cap
Reliability Monitor
18. What command should you run to configure a collecting computer?
Application - Security - Setup - System - Forwarded Events
Data Collector Sets
wecutil qc
Collector initiated
19. ______ tracks a computer's stability.
System Diagnostics
System Performance
Reliability Monitor
Attach Task To This Event
20. To create a custom Data Collector Set - follow these steps:
Latest Report
System
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
logman start "<Data Collector Set>"
21. ______ graphically shows real-time performance data - including processor utilization - network bandwidth usage - and thousands of other statistics.
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
DiagnosticsPerformanceMonitoring Tools
103
Performance Monitor
22. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
logman start "<Data Collector Set>"
Wireless Diagnostics
winrm quickconfig
winrm get winrm/config
23. Check the Applications And Services LogsMicrosoftWindowsEventlog-ForwardingPluginOperational event log and verify that the subscription was created successfully. Event ID 100 indicates a new subscription whereas Event ID ______ indicates a subscripti
RACAgent.exe
System
103
System Performance
24. Microsoft provides ______ - a powerful protocol analyzer - as a free download.
Network Monitor
5985 and 5986
Windows Logs and Applications And Services Logs.
RACAgent.exe
25. When you create a custom view - Event Viewer saves it within the ______ node so that you can quickly view the same set of events.
Source computer initiated
Custom Views
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Setup
26. Computers that have no errors and no new software installations are considered stable and can achieve the maximum system stability index of ______.
Start
10
Performance Monitor
winrm enumerate winrm/config/Listener
27. Because the forwarding computer must have HTTP and possibly HTTPS available - you can attempt to connect to it from the collecting computer by using Windows Internet Explorer
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Source computer initiated
Attach Task To This Event
28. This Windows log contains core system events. Other system events are contained with Applications And Services Logs.
Setup
When A Specific Event Is Logged
System
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
29. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
Start
winrm enumerate winrm/config/Listener
Network Monitor
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
30. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
Performance Monitor
103
10
DiagnosticsPerformanceMonitoring Tools
31. The wecutil ______ parameter deletes a subscription.
ds
winrm get winrm/config
RACAgent.exe
event forwarding
32. This Windows log contains auditing events that Windows adds when a user accesses or attempts to access a resource that has been configured for auditing.
logman start "<Data Collector Set>"
Ctrl+C
Security
wecutil qc
33. After using a Data Collector Set to gather information and then stopping the Data Collector Set - you can view a summary by right-clicking the Data Collector Set and then choosing ______.
Latest Report
multiple logs
Subscriptions
Setup
34. With ______ subscriptions - the collecting computer contacts the source computers to retrieve events.
Ctrl+C
winrm enumerate winrm/config/Listener
10
Collector initiated
35. What command should you run to configure a forwarding computer?
winrm quickconfig
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
DiagnosticsPerformanceMonitoring Tools
10
36. To use a Data Collector Set - right-click it - and then choose ______.
Start A Program - Send An E-mail - Display A Message
Start
ds
System Diagnostics
37. This Windows log contains events generated by applications.
System
Application
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
38. To capture network traffic from a command prompt - switch to the Network Monitor installation folder (C:Program FilesMicrosoft Network Monitor 3 by default) and run the following command:
NMCap /network * /capture /file filename.cap
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
wecutil qc
39. With ______ - you can send events that match specific criteria to an administrative computer - allowing you to centralize event management.
RACAgent.exe
Ctrl+C
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
event forwarding
40. You can create two types of subscriptions:
Performance Monitor
RACAgent.exe
Ctrl+C
Collector initiated - Source computer initiated
41. The log files are contained in two subnodes:
winrm get winrm/config
Ctrl+C
Windows Logs and Applications And Services Logs.
DiagnosticsPerformanceMonitoring Tools
42. ______ gather system information - including configuration settings and performance data - and store it in a data file.
Ctrl+C
Latest Report
Data Collector Sets
wecutil qc
43. Event forwarding uses ______ or ______ to send events from a forwarding computer to a collecting computer.
Performance Monitor
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Start
qc
44. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
103
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Windows Logs and Applications And Services Logs.
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
45. This captures all traffic on all network interfaces and saves it to a file named Filename.cap. When you are finished capturing - press ______.
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Application - Security - Setup - System - Forwarded Events
gr
Ctrl+C
46. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
Forwarded Events
winrm get winrm/config
Windows Remote Management - Windows Event Collector
Start A Program - Send An E-mail - Display A Message
47. This Windows log contains events generated while installing and updating Windows.
Setup
qc
Application - Security - Setup - System - Forwarded Events
Performance Monitor
48. Present only on DCs - the ______ Data Collector Set logs kernel trace data - AD trace data - performance counters - and AD registry configuration.
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Windows Logs and Applications And Services Logs.
Active Directory Diagnostics
NMCap /network * /capture "DNS" /file filename.cap
49. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
Windows Remote Management - Windows Event Collector
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Server Manager
System
50. One of the most useful ways to use Task Scheduler is to launch a task in response to a specific event type that appears in Event Viewer. You can respond to events in three ways:
Application - Security - Setup - System - Forwarded Events
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
NMCap /network * /capture /file filename.cap
Start A Program - Send An E-mail - Display A Message
