Test your basic knowledge |

MCTS: Monitoring Computers

Subjects : certifications, mcts, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Microsoft provides ______ - a powerful protocol analyzer - as a free download.
winrm enumerate winrm/config/Listener
System Diagnostics
Windows Remote Management - Windows Event Collector
Network Monitor

2. This Windows log contains events forwarded to this computer from other computers.
Forwarded Events
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Reliability Monitor
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]

3. To trigger a task when an event occurs - follow one of these three procedures:
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
System Performance
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.

4. With ______ subscriptions - the forwarding computers contact the collecting computer.
Start A Program - Send An E-mail - Display A Message
multiple logs
Source computer initiated
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)

5. This Windows log contains events generated while installing and updating Windows.
wecutil qc
Setup
Custom Views
Wireless Diagnostics

6. In Win Srvr 2008 and Win Srvr 2008 R2 - you can also simply select the ______ node in the console tree of Event Viewer to confiture the collecting computer.
Subscriptions
5985 and 5986
wecutil qc
http://computername:5985 (or https://computername:5986 if you are using HTTPS)

7. ______ gather system information - including configuration settings and performance data - and store it in a data file.
multiple logs
Data Collector Sets
10
winrm enumerate winrm/config/Listener

8. The Minimize Bandwidth and Minimize Latency options of Event Subscriptions - both batch a default number of items at a time. You can determine the value of this default by typing the following command at a command prompt:
Source computer initiated
Data Collector Sets
winrm get winrm/config
Server Manager

9. You can create two types of subscriptions:
Application
network adapter
Custom Views
Collector initiated - Source computer initiated

10. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
Collector initiated - Source computer initiated
When A Specific Event Is Logged
Network Monitor
multiple logs

11. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
Server Manager
Wireless Diagnostics
Ctrl+C
wecutil qc

12. The wecutil ______ parameter defines subscription configuration. To specify a custom interval for a subscription - run the following commands: ______.
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Server Manager
RACAgent.exe

13. Present only on DCs - the ______ Data Collector Set logs kernel trace data - AD trace data - performance counters - and AD registry configuration.
Active Directory Diagnostics
Source computer initiated
winrm quickconfig -transport:https
Start

14. ______ graphically shows real-time performance data - including processor utilization - network bandwidth usage - and thousands of other statistics.
qc
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Performance Monitor
RACAgent.exe

15. Because the forwarding computer must have HTTP and possibly HTTPS available - you can attempt to connect to it from the collecting computer by using Windows Internet Explorer
Subscriptions
event forwarding
qc
http://computername:5985 (or https://computername:5986 if you are using HTTPS)

16. Present only on computers with wireless capabilities - the ______ Data Collector Set logs the same info as the LAN Diagnostics Data Collector Set - plus info relevant to troubleshooting wireless network connections.
Application
Ctrl+C
System Performance
Wireless Diagnostics

17. Event forwarding uses HTTP or HTTPS to send events from a forwarding computer to a collecting computer. Instead of using the standard TCP ports 80 and 443 - HTTP and HTTPS use ports ______ - respectively.
5985 and 5986
Application - Security - Setup - System - Forwarded Events
Latest Report
event forwarding

18. With event forwarding - only these Windows versions can act as collecting computers:
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Wireless Diagnostics
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Forwarded Events

19. Check the Applications And Services LogsMicrosoftWindowsEventlog-ForwardingPluginOperational event log and verify that the subscription was created successfully. Event ID 100 indicates a new subscription whereas Event ID ______ indicates a subscripti
Collector initiated
winrm quickconfig
103
winrm enumerate winrm/config/Listener

20. The Reliability Monitor displays data gathered by the Reliability Analysis Component (RAC) - which is implemented using ______ command.
RACAgent.exe
When A Specific Event Is Logged
Wireless Diagnostics
multiple logs

21. Although you can create data collector sets using the Logman tool - creating them using the Data Collector Sets console is easier. You can then run the data collector set by using the following command:
Server Manager
event forwarding
Windows Logs and Applications And Services Logs.
logman start "<Data Collector Set>"

22. To configure a computer running Vista - Win 7 - Win Srvr 2008 - or Win Srvr 2008 R2 to collect events - open a command prompt with administrative privileges. Then - run the following command to configure the Windows Event Collector service:
Start A Program - Send An E-mail - Display A Message
wecutil qc
NMCap /network * /capture /file filename.cap
winrm get winrm/config

23. What command should you run to configure a forwarding computer?
Security
Source computer initiated
NMCap /network * /capture /file filename.cap
winrm quickconfig

24. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
Server Manager
Windows Remote Management - Windows Event Collector
System
Custom Views

25. To use a Data Collector Set - right-click it - and then choose ______.
5985 and 5986
Start
winrm quickconfig
Reliability Monitor

26. To create a custom Data Collector Set - follow these steps:
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
103
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>

27. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
System Diagnostics
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
winrm get winrm/config

28. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Setup
wecutil qc
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics

29. Logs processor - disk - memory - and network performance counters and kernel tracing. Use the ______ Data Collector Set when troubleshooting a slow computer or intermittent performance problems.
wecutil qc
gr
Setup
System Performance

30. To capture network traffic from a command prompt - switch to the Network Monitor installation folder (C:Program FilesMicrosoft Network Monitor 3 by default) and run the following command:
Application - Security - Setup - System - Forwarded Events
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
NMCap /network * /capture /file filename.cap
Source computer initiated

31. ______ tracks a computer's stability.
Reliability Monitor
System Diagnostics
Forwarded Events
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics

32. With event forwarding - only these Windows versions can act as forwarding computers:
System Diagnostics
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
winrm quickconfig -transport:https

33. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
Network Monitor
Latest Report
System Diagnostics
winrm quickconfig -transport:https

34. Custom views are filters that can display events from ______.
Application - Security - Setup - System - Forwarded Events
multiple logs
winrm enumerate winrm/config/Listener
5985 and 5986

35. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
Performance Monitor
DiagnosticsPerformanceMonitoring Tools
Network Monitor
logman start "<Data Collector Set>"

36. Event forwarding uses ______ or ______ to send events from a forwarding computer to a collecting computer.
Attach Task To This Event
ds
Application
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)

37. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
wecutil qc
System
NMCap /network * /capture "DNS" /file filename.cap
winrm quickconfig

38. The wecutil ______ parameter displays the status of subscriptions.
qc
gr
Network Monitor
Forwarded Events

39. Find an example of the event in Event Viewer. Then - right-click the event and click ______. A wizard will guide you through the process.
Attach Task To This Event
Application
Subscriptions
10

40. What command should you run to configure a collecting computer?
Server Manager
Security
wecutil qc
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]

41. This Windows log contains events generated by applications.
Application
Start A Program - Send An E-mail - Display A Message
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
When A Specific Event Is Logged

42. When you create a custom view - Event Viewer saves it within the ______ node so that you can quickly view the same set of events.
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Subscriptions
Custom Views
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)

43. With ______ subscriptions - the collecting computer contacts the source computers to retrieve events.
Collector initiated
wecutil qc
winrm enumerate winrm/config/Listener
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2

44. The wecutil ______ parameter deletes a subscription.
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
System Performance
ds

45. This Windows log contains auditing events that Windows adds when a user accesses or attempts to access a resource that has been configured for auditing.
Ctrl+C
winrm quickconfig
winrm quickconfig -transport:https
Security

46. One of the most useful ways to use Task Scheduler is to launch a task in response to a specific event type that appears in Event Viewer. You can respond to events in three ways:
Custom Views
Wireless Diagnostics
Latest Report
Start A Program - Send An E-mail - Display A Message

47. Computers that have no errors and no new software installations are considered stable and can achieve the maximum system stability index of ______.
network adapter
Start A Program - Send An E-mail - Display A Message
10
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)

48. With ______ - you can send events that match specific criteria to an administrative computer - allowing you to centralize event management.
event forwarding
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
System Performance
Attach Task To This Event

49. This Windows log contains core system events. Other system events are contained with Applications And Services Logs.
System
Source computer initiated
Server Manager
Collector initiated - Source computer initiated

50. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
winrm enumerate winrm/config/Listener
Performance Monitor
network adapter
5985 and 5986