SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MCTS: Monitoring Computers
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To run a file named Respond.exe whenever event 177 is published in the System event log - run the following command:
NMCap /network * /capture "DNS" /file filename.cap
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
System
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
2. After using a Data Collector Set to gather information and then stopping the Data Collector Set - you can view a summary by right-clicking the Data Collector Set and then choosing ______.
Application - Security - Setup - System - Forwarded Events
winrm enumerate winrm/config/Listener
Latest Report
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
3. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
winrm quickconfig
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Active Directory Diagnostics
System Performance
4. When you create a custom view - Event Viewer saves it within the ______ node so that you can quickly view the same set of events.
System Diagnostics
Windows Remote Management - Windows Event Collector
Custom Views
Collector initiated
5. Present only on DCs - the ______ Data Collector Set logs kernel trace data - AD trace data - performance counters - and AD registry configuration.
Active Directory Diagnostics
NMCap /network * /capture /file filename.cap
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
System
6. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
winrm enumerate winrm/config/Listener
Custom Views
Attach Task To This Event
ds
7. Microsoft provides ______ - a powerful protocol analyzer - as a free download.
System Performance
winrm quickconfig
Network Monitor
103
8. Computers that have no errors and no new software installations are considered stable and can achieve the maximum system stability index of ______.
winrm enumerate winrm/config/Listener
10
logman start "<Data Collector Set>"
When A Specific Event Is Logged
9. Network Monitor can capture only traffic that the ______ receives.
Server Manager
Wireless Diagnostics
ds
network adapter
10. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
winrm get winrm/config
103
winrm quickconfig -transport:https
System Diagnostics
11. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
Server Manager
Source computer initiated
5985 and 5986
When A Specific Event Is Logged
12. This Windows log contains events generated while installing and updating Windows.
wecutil qc
Windows Remote Management - Windows Event Collector
Wireless Diagnostics
Setup
13. Present only on computers with wireless capabilities - the ______ Data Collector Set logs the same info as the LAN Diagnostics Data Collector Set - plus info relevant to troubleshooting wireless network connections.
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Wireless Diagnostics
Windows Logs and Applications And Services Logs.
10
14. This captures all traffic on all network interfaces and saves it to a file named Filename.cap. When you are finished capturing - press ______.
Ctrl+C
When A Specific Event Is Logged
10
DiagnosticsPerformanceMonitoring Tools
15. To use a filter capture - type the filter capture in quotation marks after the /capture parameter. For example - the following command captures only DNS traffic:
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Source computer initiated
System Diagnostics
NMCap /network * /capture "DNS" /file filename.cap
16. ______ tracks a computer's stability.
Application
5985 and 5986
Collector initiated
Reliability Monitor
17. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
NMCap /network * /capture "DNS" /file filename.cap
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Source computer initiated
Attach Task To This Event
18. To capture network traffic from a command prompt - switch to the Network Monitor installation folder (C:Program FilesMicrosoft Network Monitor 3 by default) and run the following command:
Start
When A Specific Event Is Logged
Setup
NMCap /network * /capture /file filename.cap
19. Logs processor - disk - memory - and network performance counters and kernel tracing. Use the ______ Data Collector Set when troubleshooting a slow computer or intermittent performance problems.
System Performance
RACAgent.exe
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Ctrl+C
20. With ______ subscriptions - the forwarding computers contact the collecting computer.
Source computer initiated
Subscriptions
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Wireless Diagnostics
21. This Windows log contains events generated by applications.
Application
Start
Start A Program - Send An E-mail - Display A Message
Ctrl+C
22. With ______ - you can send events that match specific criteria to an administrative computer - allowing you to centralize event management.
Reliability Monitor
event forwarding
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Wireless Diagnostics
23. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Collector initiated
DiagnosticsPerformanceMonitoring Tools
Server Manager
24. What command should you run to configure a forwarding computer?
NMCap /network * /capture /file filename.cap
Source computer initiated
Start A Program - Send An E-mail - Display A Message
winrm quickconfig
25. In Win Srvr 2008 and Win Srvr 2008 R2 - you can also simply select the ______ node in the console tree of Event Viewer to confiture the collecting computer.
Subscriptions
Attach Task To This Event
NMCap /network * /capture /file filename.cap
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
26. Find an example of the event in Event Viewer. Then - right-click the event and click ______. A wizard will guide you through the process.
Attach Task To This Event
Latest Report
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
27. With ______ subscriptions - the collecting computer contacts the source computers to retrieve events.
Server Manager
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Security
Collector initiated
28. The wecutil ______ parameter deletes a subscription.
winrm quickconfig
qc
ds
When A Specific Event Is Logged
29. Logs all the info included in the System Performance Data Collector Set - plus detailed system information. Use the ______ Data Collector Set when troubleshooting reliability problems such as problematic hardware - driver failures - or Stop errors (a
Collector initiated
Application
System Diagnostics
network adapter
30. ______ gather system information - including configuration settings and performance data - and store it in a data file.
RACAgent.exe
System Performance
Collector initiated - Source computer initiated
Data Collector Sets
31. To configure a computer running Vista - Win 7 - Win Srvr 2008 - or Win Srvr 2008 R2 to collect events - open a command prompt with administrative privileges. Then - run the following command to configure the Windows Event Collector service:
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
Subscriptions
winrm quickconfig
wecutil qc
32. You can create two types of subscriptions:
Collector initiated - Source computer initiated
Latest Report
multiple logs
Application - Security - Setup - System - Forwarded Events
33. This Windows log contains events forwarded to this computer from other computers.
multiple logs
Custom Views
Data Collector Sets
Forwarded Events
34. With event forwarding - only these Windows versions can act as forwarding computers:
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
multiple logs
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
35. The Reliability Monitor displays data gathered by the Reliability Analysis Component (RAC) - which is implemented using ______ command.
5985 and 5986
Ctrl+C
Security
RACAgent.exe
36. With event forwarding - only these Windows versions can act as collecting computers:
RACAgent.exe
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Forwarded Events
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
37. Windows Logs contains five subnodes:
Start A Program - Send An E-mail - Display A Message
Application - Security - Setup - System - Forwarded Events
Reliability Monitor
Start
38. The wecutil ______ parameter displays the status of subscriptions.
Collector initiated
winrm quickconfig
gr
winrm get winrm/config
39. The wecutil ______ parameter performs the initial configuration required to collect events. If a subscription already exists - the necessary configuration must have already been performed.
winrm quickconfig
RACAgent.exe
Windows Logs and Applications And Services Logs.
qc
40. The Minimize Bandwidth and Minimize Latency options of Event Subscriptions - both batch a default number of items at a time. You can determine the value of this default by typing the following command at a command prompt:
winrm get winrm/config
NMCap /network * /capture "DNS" /file filename.cap
Subscriptions
Attach Task To This Event
41. This Windows log contains core system events. Other system events are contained with Applications And Services Logs.
System
winrm quickconfig
Attach Task To This Event
System Performance
42. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
Windows Logs and Applications And Services Logs.
Collector initiated - Source computer initiated
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
5985 and 5986
43. What command should you run to configure a collecting computer?
wecutil qc
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
logman start "<Data Collector Set>"
Application - Security - Setup - System - Forwarded Events
44. Custom views are filters that can display events from ______.
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Data Collector Sets
gr
multiple logs
45. To create a custom Data Collector Set - follow these steps:
Windows Logs and Applications And Services Logs.
Server Manager
System Diagnostics
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
46. Event forwarding uses ______ or ______ to send events from a forwarding computer to a collecting computer.
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
winrm quickconfig
Ctrl+C
winrm quickconfig
47. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Windows Remote Management - Windows Event Collector
System Performance
Security
48. ______ graphically shows real-time performance data - including processor utilization - network bandwidth usage - and thousands of other statistics.
DiagnosticsPerformanceMonitoring Tools
5985 and 5986
Performance Monitor
Subscriptions
49. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
DiagnosticsPerformanceMonitoring Tools
winrm quickconfig
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
50. Although you can create data collector sets using the Logman tool - creating them using the Data Collector Sets console is easier. You can then run the data collector set by using the following command:
Active Directory Diagnostics
wecutil qc
event forwarding
logman start "<Data Collector Set>"
