SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MCTS: Monitoring Computers
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Minimize Bandwidth and Minimize Latency options of Event Subscriptions - both batch a default number of items at a time. You can determine the value of this default by typing the following command at a command prompt:
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
winrm get winrm/config
DiagnosticsPerformanceMonitoring Tools
Setup
2. The wecutil ______ parameter performs the initial configuration required to collect events. If a subscription already exists - the necessary configuration must have already been performed.
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
winrm quickconfig -transport:https
qc
System Performance
3. Network Monitor can capture only traffic that the ______ receives.
winrm quickconfig -transport:https
network adapter
Data Collector Sets
Latest Report
4. Event forwarding uses ______ or ______ to send events from a forwarding computer to a collecting computer.
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Application
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
5. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
Start
5985 and 5986
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
When A Specific Event Is Logged
6. Although you can create data collector sets using the Logman tool - creating them using the Data Collector Sets console is easier. You can then run the data collector set by using the following command:
Source computer initiated
logman start "<Data Collector Set>"
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Collector initiated - Source computer initiated
7. To capture network traffic from a command prompt - switch to the Network Monitor installation folder (C:Program FilesMicrosoft Network Monitor 3 by default) and run the following command:
Wireless Diagnostics
System Performance
Network Monitor
NMCap /network * /capture /file filename.cap
8. The log files are contained in two subnodes:
multiple logs
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Windows Logs and Applications And Services Logs.
ds
9. To configure a computer running Vista - Win 7 - Win Srvr 2008 - or Win Srvr 2008 R2 to collect events - open a command prompt with administrative privileges. Then - run the following command to configure the Windows Event Collector service:
Start
wecutil qc
Subscriptions
logman start "<Data Collector Set>"
10. When you create a custom view - Event Viewer saves it within the ______ node so that you can quickly view the same set of events.
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Custom Views
ds
Start A Program - Send An E-mail - Display A Message
11. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
winrm get winrm/config
10
winrm quickconfig
12. Logs all the info included in the System Performance Data Collector Set - plus detailed system information. Use the ______ Data Collector Set when troubleshooting reliability problems such as problematic hardware - driver failures - or Stop errors (a
System Diagnostics
Collector initiated
Security
event forwarding
13. To run a file named Respond.exe whenever event 177 is published in the System event log - run the following command:
Start
System Diagnostics
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
14. In Win Srvr 2008 and Win Srvr 2008 R2 - you can also simply select the ______ node in the console tree of Event Viewer to confiture the collecting computer.
When A Specific Event Is Logged
NMCap /network * /capture "DNS" /file filename.cap
Subscriptions
Latest Report
15. This Windows log contains events generated while installing and updating Windows.
Network Monitor
Setup
RACAgent.exe
Start A Program - Send An E-mail - Display A Message
16. To use a Data Collector Set - right-click it - and then choose ______.
Active Directory Diagnostics
winrm enumerate winrm/config/Listener
gr
Start
17. ______ graphically shows real-time performance data - including processor utilization - network bandwidth usage - and thousands of other statistics.
Performance Monitor
Reliability Monitor
Application
event forwarding
18. You can create two types of subscriptions:
Collector initiated - Source computer initiated
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
wecutil qc
System Performance
19. This Windows log contains core system events. Other system events are contained with Applications And Services Logs.
Collector initiated - Source computer initiated
Active Directory Diagnostics
wecutil qc
System
20. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
winrm get winrm/config
winrm quickconfig -transport:https
Setup
winrm enumerate winrm/config/Listener
21. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
NMCap /network * /capture /file filename.cap
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Active Directory Diagnostics
Network Monitor
22. Present only on DCs - the ______ Data Collector Set logs kernel trace data - AD trace data - performance counters - and AD registry configuration.
Subscriptions
Active Directory Diagnostics
event forwarding
Latest Report
23. This Windows log contains auditing events that Windows adds when a user accesses or attempts to access a resource that has been configured for auditing.
Subscriptions
Security
RACAgent.exe
Forwarded Events
24. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
qc
Windows Remote Management - Windows Event Collector
Source computer initiated
10
25. Custom views are filters that can display events from ______.
Ctrl+C
Custom Views
multiple logs
event forwarding
26. The Reliability Monitor displays data gathered by the Reliability Analysis Component (RAC) - which is implemented using ______ command.
event forwarding
network adapter
RACAgent.exe
5985 and 5986
27. To trigger a task when an event occurs - follow one of these three procedures:
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
winrm quickconfig
winrm quickconfig -transport:https
Application - Security - Setup - System - Forwarded Events
28. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
Application
winrm quickconfig -transport:https
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
When A Specific Event Is Logged
29. Computers that have no errors and no new software installations are considered stable and can achieve the maximum system stability index of ______.
103
winrm quickconfig -transport:https
10
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
30. The wecutil ______ parameter defines subscription configuration. To specify a custom interval for a subscription - run the following commands: ______.
Collector initiated
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Custom Views
31. This Windows log contains events generated by applications.
System Performance
Attach Task To This Event
Forwarded Events
Application
32. Event forwarding uses HTTP or HTTPS to send events from a forwarding computer to a collecting computer. Instead of using the standard TCP ports 80 and 443 - HTTP and HTTPS use ports ______ - respectively.
wecutil qc
RACAgent.exe
System Performance
5985 and 5986
33. What command should you run to configure a collecting computer?
Server Manager
wecutil qc
Ctrl+C
103
34. The wecutil ______ parameter displays the status of subscriptions.
Security
gr
Latest Report
Application
35. Present only on computers with wireless capabilities - the ______ Data Collector Set logs the same info as the LAN Diagnostics Data Collector Set - plus info relevant to troubleshooting wireless network connections.
Wireless Diagnostics
Latest Report
DiagnosticsPerformanceMonitoring Tools
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
36. Because the forwarding computer must have HTTP and possibly HTTPS available - you can attempt to connect to it from the collecting computer by using Windows Internet Explorer
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
DiagnosticsPerformanceMonitoring Tools
Source computer initiated
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
37. One of the most useful ways to use Task Scheduler is to launch a task in response to a specific event type that appears in Event Viewer. You can respond to events in three ways:
System Diagnostics
Wireless Diagnostics
winrm quickconfig -transport:https
Start A Program - Send An E-mail - Display A Message
38. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
5985 and 5986
When A Specific Event Is Logged
DiagnosticsPerformanceMonitoring Tools
Security
39. ______ gather system information - including configuration settings and performance data - and store it in a data file.
winrm quickconfig
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Data Collector Sets
103
40. With event forwarding - only these Windows versions can act as forwarding computers:
ds
Setup
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
41. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
When A Specific Event Is Logged
Custom Views
42. This captures all traffic on all network interfaces and saves it to a file named Filename.cap. When you are finished capturing - press ______.
winrm enumerate winrm/config/Listener
Ctrl+C
103
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
43. After using a Data Collector Set to gather information and then stopping the Data Collector Set - you can view a summary by right-clicking the Data Collector Set and then choosing ______.
Data Collector Sets
Latest Report
wecutil qc
Application - Security - Setup - System - Forwarded Events
44. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Server Manager
winrm quickconfig -transport:https
Attach Task To This Event
45. This Windows log contains events forwarded to this computer from other computers.
103
Forwarded Events
When A Specific Event Is Logged
5985 and 5986
46. Microsoft provides ______ - a powerful protocol analyzer - as a free download.
Attach Task To This Event
Wireless Diagnostics
RACAgent.exe
Network Monitor
47. ______ tracks a computer's stability.
Reliability Monitor
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
winrm quickconfig
48. To create a custom Data Collector Set - follow these steps:
Network Monitor
Custom Views
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
Attach Task To This Event
49. The wecutil ______ parameter deletes a subscription.
ds
Application
wecutil qc
network adapter
50. Find an example of the event in Event Viewer. Then - right-click the event and click ______. A wizard will guide you through the process.
event forwarding
5985 and 5986
Attach Task To This Event
Network Monitor
