SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MCTS: Monitoring Computers
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In Win Srvr 2008 and Win Srvr 2008 R2 - you can also simply select the ______ node in the console tree of Event Viewer to confiture the collecting computer.
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
Windows Remote Management - Windows Event Collector
Subscriptions
wecutil qc
2. What command should you run to configure a forwarding computer?
winrm quickconfig -transport:https
System Performance
winrm quickconfig
network adapter
3. Windows Logs contains five subnodes:
Subscriptions
Server Manager
Application - Security - Setup - System - Forwarded Events
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
4. To configure a computer running Vista - Win 7 - Win Srvr 2008 - or Win Srvr 2008 R2 to collect events - open a command prompt with administrative privileges. Then - run the following command to configure the Windows Event Collector service:
winrm quickconfig
wecutil qc
Custom Views
Data Collector Sets
5. To capture network traffic from a command prompt - switch to the Network Monitor installation folder (C:Program FilesMicrosoft Network Monitor 3 by default) and run the following command:
Windows Logs and Applications And Services Logs.
NMCap /network * /capture /file filename.cap
Setup
System
6. What command should you run to configure a collecting computer?
wecutil qc
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Windows Logs and Applications And Services Logs.
Start
7. ______ graphically shows real-time performance data - including processor utilization - network bandwidth usage - and thousands of other statistics.
System Diagnostics
Forwarded Events
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Performance Monitor
8. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
System
DiagnosticsPerformanceMonitoring Tools
System Diagnostics
9. Check the Applications And Services LogsMicrosoftWindowsEventlog-ForwardingPluginOperational event log and verify that the subscription was created successfully. Event ID 100 indicates a new subscription whereas Event ID ______ indicates a subscripti
103
Setup
Reliability Monitor
Source computer initiated
10. You can create two types of subscriptions:
qc
5985 and 5986
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Collector initiated - Source computer initiated
11. To create a custom Data Collector Set - follow these steps:
gr
10
Active Directory Diagnostics
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
12. With ______ subscriptions - the forwarding computers contact the collecting computer.
DiagnosticsPerformanceMonitoring Tools
winrm get winrm/config
Source computer initiated
logman start "<Data Collector Set>"
13. The wecutil ______ parameter performs the initial configuration required to collect events. If a subscription already exists - the necessary configuration must have already been performed.
Windows Remote Management - Windows Event Collector
winrm quickconfig
qc
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
14. One of the most useful ways to use Task Scheduler is to launch a task in response to a specific event type that appears in Event Viewer. You can respond to events in three ways:
Start A Program - Send An E-mail - Display A Message
System Performance
Start
When A Specific Event Is Logged
15. After using a Data Collector Set to gather information and then stopping the Data Collector Set - you can view a summary by right-clicking the Data Collector Set and then choosing ______.
RACAgent.exe
logman start "<Data Collector Set>"
Latest Report
event forwarding
16. Network Monitor can capture only traffic that the ______ receives.
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
network adapter
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
multiple logs
17. To use a Data Collector Set - right-click it - and then choose ______.
Start
network adapter
gr
winrm quickconfig
18. This captures all traffic on all network interfaces and saves it to a file named Filename.cap. When you are finished capturing - press ______.
10
Latest Report
Ctrl+C
network adapter
19. To run a file named Respond.exe whenever event 177 is published in the System event log - run the following command:
winrm quickconfig -transport:https
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
RACAgent.exe
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
20. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
When A Specific Event Is Logged
winrm get winrm/config
Application
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
21. ______ gather system information - including configuration settings and performance data - and store it in a data file.
Network Monitor
Ctrl+C
Data Collector Sets
Application
22. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
Server Manager
winrm quickconfig
Source computer initiated
Application - Security - Setup - System - Forwarded Events
23. Logs processor - disk - memory - and network performance counters and kernel tracing. Use the ______ Data Collector Set when troubleshooting a slow computer or intermittent performance problems.
Active Directory Diagnostics
Security
System Performance
Ctrl+C
24. Present only on DCs - the ______ Data Collector Set logs kernel trace data - AD trace data - performance counters - and AD registry configuration.
Windows Logs and Applications And Services Logs.
Reliability Monitor
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Active Directory Diagnostics
25. To use a filter capture - type the filter capture in quotation marks after the /capture parameter. For example - the following command captures only DNS traffic:
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
DiagnosticsPerformanceMonitoring Tools
winrm quickconfig -transport:https
NMCap /network * /capture "DNS" /file filename.cap
26. Microsoft provides ______ - a powerful protocol analyzer - as a free download.
Network Monitor
DiagnosticsPerformanceMonitoring Tools
10
Reliability Monitor
27. This Windows log contains events forwarded to this computer from other computers.
Forwarded Events
Server Manager
Start
Data Collector Sets
28. ______ tracks a computer's stability.
Reliability Monitor
103
Forwarded Events
System Performance
29. Custom views are filters that can display events from ______.
multiple logs
Active Directory Diagnostics
Attach Task To This Event
103
30. With event forwarding - only these Windows versions can act as collecting computers:
Windows Logs and Applications And Services Logs.
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Data Collector Sets
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
31. To trigger a task when an event occurs - follow one of these three procedures:
winrm quickconfig
winrm get winrm/config
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
ds
32. The wecutil ______ parameter displays the status of subscriptions.
Reliability Monitor
gr
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
33. With ______ - you can send events that match specific criteria to an administrative computer - allowing you to centralize event management.
Application
10
Custom Views
event forwarding
34. This Windows log contains events generated by applications.
Start A Program - Send An E-mail - Display A Message
Application
Active Directory Diagnostics
RACAgent.exe
35. The wecutil ______ parameter defines subscription configuration. To specify a custom interval for a subscription - run the following commands: ______.
Collector initiated
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
winrm quickconfig
36. Although you can create data collector sets using the Logman tool - creating them using the Data Collector Sets console is easier. You can then run the data collector set by using the following command:
logman start "<Data Collector Set>"
Security
Start A Program - Send An E-mail - Display A Message
Attach Task To This Event
37. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
winrm quickconfig -transport:https
qc
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
103
38. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
winrm quickconfig -transport:https
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
winrm enumerate winrm/config/Listener
event forwarding
39. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
System
winrm quickconfig
Latest Report
40. Because the forwarding computer must have HTTP and possibly HTTPS available - you can attempt to connect to it from the collecting computer by using Windows Internet Explorer
Wireless Diagnostics
wecutil qc
winrm quickconfig -transport:https
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
41. This Windows log contains events generated while installing and updating Windows.
Setup
winrm quickconfig -transport:https
Reliability Monitor
System Diagnostics
42. Present only on computers with wireless capabilities - the ______ Data Collector Set logs the same info as the LAN Diagnostics Data Collector Set - plus info relevant to troubleshooting wireless network connections.
103
Wireless Diagnostics
Subscriptions
Ctrl+C
43. Event forwarding uses HTTP or HTTPS to send events from a forwarding computer to a collecting computer. Instead of using the standard TCP ports 80 and 443 - HTTP and HTTPS use ports ______ - respectively.
5985 and 5986
Start A Program - Send An E-mail - Display A Message
Windows Logs and Applications And Services Logs.
network adapter
44. With ______ subscriptions - the collecting computer contacts the source computers to retrieve events.
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
wecutil qc
Collector initiated
logman start "<Data Collector Set>"
45. Find an example of the event in Event Viewer. Then - right-click the event and click ______. A wizard will guide you through the process.
System Performance
When A Specific Event Is Logged
wecutil qc
Attach Task To This Event
46. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
RACAgent.exe
NMCap /network * /capture "DNS" /file filename.cap
47. Logs all the info included in the System Performance Data Collector Set - plus detailed system information. Use the ______ Data Collector Set when troubleshooting reliability problems such as problematic hardware - driver failures - or Stop errors (a
System Diagnostics
winrm quickconfig
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
Attach Task To This Event
48. With event forwarding - only these Windows versions can act as forwarding computers:
Setup
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Subscriptions
49. The log files are contained in two subnodes:
logman start "<Data Collector Set>"
Windows Logs and Applications And Services Logs.
NMCap /network * /capture "DNS" /file filename.cap
winrm quickconfig
50. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
Windows Remote Management - Windows Event Collector
Application
Network Monitor
Collector initiated - Source computer initiated
