Test your basic knowledge |

MCTS: Monitoring Computers

Subjects : certifications, mcts, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Network Monitor can capture only traffic that the ______ receives.
Source computer initiated
network adapter
Application
Active Directory Diagnostics

2. Event forwarding uses ______ or ______ to send events from a forwarding computer to a collecting computer.
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Custom Views
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Performance Monitor

3. Custom views are filters that can display events from ______.
Application
Windows Logs and Applications And Services Logs.
multiple logs
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2

4. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
Setup
5985 and 5986
Windows Remote Management - Windows Event Collector
wecutil qc

5. One of the most useful ways to use Task Scheduler is to launch a task in response to a specific event type that appears in Event Viewer. You can respond to events in three ways:
gr
When A Specific Event Is Logged
ds
Start A Program - Send An E-mail - Display A Message

6. Because the forwarding computer must have HTTP and possibly HTTPS available - you can attempt to connect to it from the collecting computer by using Windows Internet Explorer
winrm quickconfig
Ctrl+C
System
http://computername:5985 (or https://computername:5986 if you are using HTTPS)

7. To use a Data Collector Set - right-click it - and then choose ______.
Wireless Diagnostics
Performance Monitor
gr
Start

8. Computers that have no errors and no new software installations are considered stable and can achieve the maximum system stability index of ______.
103
winrm quickconfig
10
NMCap /network * /capture "DNS" /file filename.cap

9. This Windows log contains events generated while installing and updating Windows.
DiagnosticsPerformanceMonitoring Tools
Start A Program - Send An E-mail - Display A Message
Source computer initiated
Setup

10. Although you can create data collector sets using the Logman tool - creating them using the Data Collector Sets console is easier. You can then run the data collector set by using the following command:
Performance Monitor
winrm quickconfig
Network Monitor
logman start "<Data Collector Set>"

11. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
winrm enumerate winrm/config/Listener
Windows Logs and Applications And Services Logs.
Security
Collector initiated

12. The wecutil ______ parameter performs the initial configuration required to collect events. If a subscription already exists - the necessary configuration must have already been performed.
Data Collector Sets
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
qc
Server Manager

13. With event forwarding - only these Windows versions can act as collecting computers:
Attach Task To This Event
NMCap /network * /capture "DNS" /file filename.cap
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
System Diagnostics

14. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
Server Manager
multiple logs
Collector initiated - Source computer initiated
event forwarding

15. You can create two types of subscriptions:
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Wireless Diagnostics
Collector initiated - Source computer initiated
Performance Monitor

16. The log files are contained in two subnodes:
RACAgent.exe
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
System
Windows Logs and Applications And Services Logs.

17. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
winrm quickconfig -transport:https
winrm quickconfig
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
gr

18. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
event forwarding
When A Specific Event Is Logged
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics

19. Present only on DCs - the ______ Data Collector Set logs kernel trace data - AD trace data - performance counters - and AD registry configuration.
System
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Active Directory Diagnostics
qc

20. With ______ - you can send events that match specific criteria to an administrative computer - allowing you to centralize event management.
winrm get winrm/config
event forwarding
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
NMCap /network * /capture "DNS" /file filename.cap

21. The Minimize Bandwidth and Minimize Latency options of Event Subscriptions - both batch a default number of items at a time. You can determine the value of this default by typing the following command at a command prompt:
Server Manager
When A Specific Event Is Logged
winrm get winrm/config
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"

22. Present only on computers with wireless capabilities - the ______ Data Collector Set logs the same info as the LAN Diagnostics Data Collector Set - plus info relevant to troubleshooting wireless network connections.
event forwarding
Wireless Diagnostics
Start
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics

23. Logs processor - disk - memory - and network performance counters and kernel tracing. Use the ______ Data Collector Set when troubleshooting a slow computer or intermittent performance problems.
RACAgent.exe
Collector initiated
System Performance
winrm quickconfig

24. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
103
Data Collector Sets
Custom Views
When A Specific Event Is Logged

25. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Performance Monitor
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics

26. To create a custom Data Collector Set - follow these steps:
Server Manager
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
qc
Security

27. Event forwarding uses HTTP or HTTPS to send events from a forwarding computer to a collecting computer. Instead of using the standard TCP ports 80 and 443 - HTTP and HTTPS use ports ______ - respectively.
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
NMCap /network * /capture "DNS" /file filename.cap
Setup
5985 and 5986

28. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
Application - Security - Setup - System - Forwarded Events
DiagnosticsPerformanceMonitoring Tools
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Start A Program - Send An E-mail - Display A Message

29. When you create a custom view - Event Viewer saves it within the ______ node so that you can quickly view the same set of events.
Custom Views
winrm enumerate winrm/config/Listener
network adapter
winrm get winrm/config

30. What command should you run to configure a forwarding computer?
System Performance
winrm quickconfig
Application - Security - Setup - System - Forwarded Events
Latest Report

31. Check the Applications And Services LogsMicrosoftWindowsEventlog-ForwardingPluginOperational event log and verify that the subscription was created successfully. Event ID 100 indicates a new subscription whereas Event ID ______ indicates a subscripti
103
Network Monitor
multiple logs
Start

32. The wecutil ______ parameter defines subscription configuration. To specify a custom interval for a subscription - run the following commands: ______.
Ctrl+C
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Start
Attach Task To This Event

33. ______ gather system information - including configuration settings and performance data - and store it in a data file.
When A Specific Event Is Logged
Reliability Monitor
Active Directory Diagnostics
Data Collector Sets

34. This Windows log contains events forwarded to this computer from other computers.
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
multiple logs
Forwarded Events
network adapter

35. The wecutil ______ parameter displays the status of subscriptions.
Wireless Diagnostics
gr
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Network Monitor

36. This Windows log contains core system events. Other system events are contained with Applications And Services Logs.
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
winrm quickconfig -transport:https
System
Security

37. To use a filter capture - type the filter capture in quotation marks after the /capture parameter. For example - the following command captures only DNS traffic:
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
5985 and 5986
NMCap /network * /capture "DNS" /file filename.cap
System Diagnostics

38. To configure a computer running Vista - Win 7 - Win Srvr 2008 - or Win Srvr 2008 R2 to collect events - open a command prompt with administrative privileges. Then - run the following command to configure the Windows Event Collector service:
wecutil qc
DiagnosticsPerformanceMonitoring Tools
NMCap /network * /capture "DNS" /file filename.cap
winrm get winrm/config

39. This Windows log contains events generated by applications.
Forwarded Events
Application
System
Application - Security - Setup - System - Forwarded Events

40. With event forwarding - only these Windows versions can act as forwarding computers:
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
103
gr
Subscriptions

41. Find an example of the event in Event Viewer. Then - right-click the event and click ______. A wizard will guide you through the process.
5985 and 5986
ds
Data Collector Sets
Attach Task To This Event

42. Windows Logs contains five subnodes:
Start
Active Directory Diagnostics
Data Collector Sets
Application - Security - Setup - System - Forwarded Events

43. After using a Data Collector Set to gather information and then stopping the Data Collector Set - you can view a summary by right-clicking the Data Collector Set and then choosing ______.
Latest Report
Custom Views
wecutil qc
Attach Task To This Event

44. ______ tracks a computer's stability.
Reliability Monitor
winrm quickconfig
Setup
When A Specific Event Is Logged

45. Microsoft provides ______ - a powerful protocol analyzer - as a free download.
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Network Monitor
Wireless Diagnostics

46. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
winrm quickconfig
qc
winrm quickconfig -transport:https
gr

47. What command should you run to configure a collecting computer?
qc
Ctrl+C
wecutil qc
network adapter

48. The Reliability Monitor displays data gathered by the Reliability Analysis Component (RAC) - which is implemented using ______ command.
RACAgent.exe
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Forwarded Events
NMCap /network * /capture /file filename.cap

49. ______ graphically shows real-time performance data - including processor utilization - network bandwidth usage - and thousands of other statistics.
5985 and 5986
System
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Performance Monitor

50. With ______ subscriptions - the forwarding computers contact the collecting computer.
System Performance
multiple logs
Performance Monitor
Source computer initiated