SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MCTS: Monitoring Computers
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To capture network traffic from a command prompt - switch to the Network Monitor installation folder (C:Program FilesMicrosoft Network Monitor 3 by default) and run the following command:
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
When A Specific Event Is Logged
Start
NMCap /network * /capture /file filename.cap
2. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
network adapter
Attach Task To This Event
NMCap /network * /capture "DNS" /file filename.cap
winrm quickconfig
3. One of the most useful ways to use Task Scheduler is to launch a task in response to a specific event type that appears in Event Viewer. You can respond to events in three ways:
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Start A Program - Send An E-mail - Display A Message
System
winrm enumerate winrm/config/Listener
4. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
Collector initiated
Wireless Diagnostics
Windows Logs and Applications And Services Logs.
Server Manager
5. This Windows log contains events generated by applications.
NMCap /network * /capture /file filename.cap
Application
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Subscriptions
6. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
Security
network adapter
Data Collector Sets
Windows Remote Management - Windows Event Collector
7. ______ graphically shows real-time performance data - including processor utilization - network bandwidth usage - and thousands of other statistics.
winrm enumerate winrm/config/Listener
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Performance Monitor
Collector initiated - Source computer initiated
8. Event forwarding uses ______ or ______ to send events from a forwarding computer to a collecting computer.
Performance Monitor
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Collector initiated - Source computer initiated
Start
9. ______ gather system information - including configuration settings and performance data - and store it in a data file.
System Performance
Attach Task To This Event
Data Collector Sets
gr
10. The wecutil ______ parameter performs the initial configuration required to collect events. If a subscription already exists - the necessary configuration must have already been performed.
qc
winrm quickconfig -transport:https
Latest Report
NMCap /network * /capture "DNS" /file filename.cap
11. With ______ subscriptions - the forwarding computers contact the collecting computer.
event forwarding
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Source computer initiated
Start
12. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
winrm quickconfig
winrm get winrm/config
RACAgent.exe
13. Because the forwarding computer must have HTTP and possibly HTTPS available - you can attempt to connect to it from the collecting computer by using Windows Internet Explorer
103
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Latest Report
multiple logs
14. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
NMCap /network * /capture "DNS" /file filename.cap
When A Specific Event Is Logged
Wireless Diagnostics
Custom Views
15. Network Monitor can capture only traffic that the ______ receives.
System
NMCap /network * /capture /file filename.cap
Start
network adapter
16. With ______ - you can send events that match specific criteria to an administrative computer - allowing you to centralize event management.
RACAgent.exe
Network Monitor
event forwarding
winrm quickconfig -transport:https
17. Custom views are filters that can display events from ______.
Setup
multiple logs
Collector initiated
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
18. The Reliability Monitor displays data gathered by the Reliability Analysis Component (RAC) - which is implemented using ______ command.
RACAgent.exe
Subscriptions
Start
logman start "<Data Collector Set>"
19. Windows Logs contains five subnodes:
Network Monitor
Wireless Diagnostics
Application - Security - Setup - System - Forwarded Events
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
20. When you create a custom view - Event Viewer saves it within the ______ node so that you can quickly view the same set of events.
gr
Custom Views
winrm quickconfig
10
21. Computers that have no errors and no new software installations are considered stable and can achieve the maximum system stability index of ______.
Collector initiated
Security
Source computer initiated
10
22. What command should you run to configure a forwarding computer?
Subscriptions
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
winrm enumerate winrm/config/Listener
winrm quickconfig
23. Event forwarding uses HTTP or HTTPS to send events from a forwarding computer to a collecting computer. Instead of using the standard TCP ports 80 and 443 - HTTP and HTTPS use ports ______ - respectively.
5985 and 5986
10
winrm quickconfig
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
24. Logs all the info included in the System Performance Data Collector Set - plus detailed system information. Use the ______ Data Collector Set when troubleshooting reliability problems such as problematic hardware - driver failures - or Stop errors (a
DiagnosticsPerformanceMonitoring Tools
logman start "<Data Collector Set>"
Start
System Diagnostics
25. Check the Applications And Services LogsMicrosoftWindowsEventlog-ForwardingPluginOperational event log and verify that the subscription was created successfully. Event ID 100 indicates a new subscription whereas Event ID ______ indicates a subscripti
103
Forwarded Events
Custom Views
Server Manager
26. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
DiagnosticsPerformanceMonitoring Tools
Ctrl+C
event forwarding
Network Monitor
27. The Minimize Bandwidth and Minimize Latency options of Event Subscriptions - both batch a default number of items at a time. You can determine the value of this default by typing the following command at a command prompt:
10
winrm get winrm/config
Start A Program - Send An E-mail - Display A Message
ds
28. ______ tracks a computer's stability.
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Reliability Monitor
gr
Attach Task To This Event
29. This Windows log contains core system events. Other system events are contained with Applications And Services Logs.
System
wecutil qc
RACAgent.exe
NMCap /network * /capture /file filename.cap
30. Microsoft provides ______ - a powerful protocol analyzer - as a free download.
Network Monitor
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
NMCap /network * /capture "DNS" /file filename.cap
When A Specific Event Is Logged
31. What command should you run to configure a collecting computer?
wecutil qc
5985 and 5986
logman start "<Data Collector Set>"
Application - Security - Setup - System - Forwarded Events
32. To use a filter capture - type the filter capture in quotation marks after the /capture parameter. For example - the following command captures only DNS traffic:
Collector initiated
Server Manager
NMCap /network * /capture "DNS" /file filename.cap
Attach Task To This Event
33. To create a custom Data Collector Set - follow these steps:
NMCap /network * /capture /file filename.cap
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
Reliability Monitor
wecutil qc
34. The wecutil ______ parameter displays the status of subscriptions.
Data Collector Sets
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
logman start "<Data Collector Set>"
gr
35. Present only on computers with wireless capabilities - the ______ Data Collector Set logs the same info as the LAN Diagnostics Data Collector Set - plus info relevant to troubleshooting wireless network connections.
Start
Wireless Diagnostics
winrm quickconfig -transport:https
103
36. With event forwarding - only these Windows versions can act as forwarding computers:
Reliability Monitor
Network Monitor
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
logman start "<Data Collector Set>"
37. With ______ subscriptions - the collecting computer contacts the source computers to retrieve events.
Collector initiated
winrm enumerate winrm/config/Listener
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
10
38. This Windows log contains events generated while installing and updating Windows.
NMCap /network * /capture "DNS" /file filename.cap
Setup
logman start "<Data Collector Set>"
Latest Report
39. You can create two types of subscriptions:
Start A Program - Send An E-mail - Display A Message
wecutil qc
Collector initiated - Source computer initiated
Subscriptions
40. The log files are contained in two subnodes:
Collector initiated
Source computer initiated
ds
Windows Logs and Applications And Services Logs.
41. To use a Data Collector Set - right-click it - and then choose ______.
winrm enumerate winrm/config/Listener
Start
103
5985 and 5986
42. The wecutil ______ parameter deletes a subscription.
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Application - Security - Setup - System - Forwarded Events
RACAgent.exe
ds
43. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
Performance Monitor
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
System
winrm enumerate winrm/config/Listener
44. The wecutil ______ parameter defines subscription configuration. To specify a custom interval for a subscription - run the following commands: ______.
Ctrl+C
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Windows Logs and Applications And Services Logs.
45. Present only on DCs - the ______ Data Collector Set logs kernel trace data - AD trace data - performance counters - and AD registry configuration.
When A Specific Event Is Logged
Active Directory Diagnostics
winrm get winrm/config
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
46. To trigger a task when an event occurs - follow one of these three procedures:
event forwarding
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Performance Monitor
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
47. With event forwarding - only these Windows versions can act as collecting computers:
DiagnosticsPerformanceMonitoring Tools
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
winrm quickconfig -transport:https
Windows Remote Management - Windows Event Collector
48. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
winrm quickconfig -transport:https
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
49. This Windows log contains events forwarded to this computer from other computers.
Performance Monitor
Subscriptions
Forwarded Events
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
50. In Win Srvr 2008 and Win Srvr 2008 R2 - you can also simply select the ______ node in the console tree of Event Viewer to confiture the collecting computer.
Subscriptions
Windows Logs and Applications And Services Logs.
Ctrl+C
winrm quickconfig
