SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MCTS: Monitoring Computers
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To trigger a task when an event occurs - follow one of these three procedures:
Application - Security - Setup - System - Forwarded Events
NMCap /network * /capture "DNS" /file filename.cap
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
2. This Windows log contains events generated by applications.
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Application
Data Collector Sets
Wireless Diagnostics
3. With event forwarding - only these Windows versions can act as forwarding computers:
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Source computer initiated
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
System
4. The wecutil ______ parameter displays the status of subscriptions.
103
When A Specific Event Is Logged
Windows Logs and Applications And Services Logs.
gr
5. Check the Applications And Services LogsMicrosoftWindowsEventlog-ForwardingPluginOperational event log and verify that the subscription was created successfully. Event ID 100 indicates a new subscription whereas Event ID ______ indicates a subscripti
103
Subscriptions
DiagnosticsPerformanceMonitoring Tools
winrm quickconfig -transport:https
6. The wecutil ______ parameter deletes a subscription.
ds
System Diagnostics
Start A Program - Send An E-mail - Display A Message
Performance Monitor
7. In Win Srvr 2008 and Win Srvr 2008 R2 - you can also simply select the ______ node in the console tree of Event Viewer to confiture the collecting computer.
Collector initiated
event forwarding
Start A Program - Send An E-mail - Display A Message
Subscriptions
8. This Windows log contains events generated while installing and updating Windows.
Windows Remote Management - Windows Event Collector
Wireless Diagnostics
logman start "<Data Collector Set>"
Setup
9. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
winrm get winrm/config
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
winrm quickconfig
System Diagnostics
10. With ______ subscriptions - the collecting computer contacts the source computers to retrieve events.
NMCap /network * /capture /file filename.cap
Latest Report
Collector initiated
DiagnosticsPerformanceMonitoring Tools
11. To run a file named Respond.exe whenever event 177 is published in the System event log - run the following command:
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Server Manager
NMCap /network * /capture "DNS" /file filename.cap
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
12. The Minimize Bandwidth and Minimize Latency options of Event Subscriptions - both batch a default number of items at a time. You can determine the value of this default by typing the following command at a command prompt:
winrm get winrm/config
Forwarded Events
ds
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
13. This Windows log contains core system events. Other system events are contained with Applications And Services Logs.
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Setup
System
14. ______ tracks a computer's stability.
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Active Directory Diagnostics
Reliability Monitor
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
15. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Windows Logs and Applications And Services Logs.
When A Specific Event Is Logged
Start
16. The wecutil ______ parameter performs the initial configuration required to collect events. If a subscription already exists - the necessary configuration must have already been performed.
Collector initiated - Source computer initiated
NMCap /network * /capture "DNS" /file filename.cap
DiagnosticsPerformanceMonitoring Tools
qc
17. After using a Data Collector Set to gather information and then stopping the Data Collector Set - you can view a summary by right-clicking the Data Collector Set and then choosing ______.
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Latest Report
Start A Program - Send An E-mail - Display A Message
18. Microsoft provides ______ - a powerful protocol analyzer - as a free download.
Network Monitor
Reliability Monitor
Windows Logs and Applications And Services Logs.
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
19. One of the most useful ways to use Task Scheduler is to launch a task in response to a specific event type that appears in Event Viewer. You can respond to events in three ways:
Start A Program - Send An E-mail - Display A Message
winrm quickconfig
Windows Logs and Applications And Services Logs.
gr
20. Network Monitor can capture only traffic that the ______ receives.
Security
network adapter
Application - Security - Setup - System - Forwarded Events
winrm quickconfig
21. What command should you run to configure a forwarding computer?
winrm enumerate winrm/config/Listener
winrm quickconfig
event forwarding
Application
22. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
Application - Security - Setup - System - Forwarded Events
Server Manager
network adapter
Windows Remote Management - Windows Event Collector
23. The Reliability Monitor displays data gathered by the Reliability Analysis Component (RAC) - which is implemented using ______ command.
wecutil qc
RACAgent.exe
Application
Network Monitor
24. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
winrm quickconfig -transport:https
Windows Logs and Applications And Services Logs.
Performance Monitor
25. To create a custom Data Collector Set - follow these steps:
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Start
Reliability Monitor
26. To configure a computer running Vista - Win 7 - Win Srvr 2008 - or Win Srvr 2008 R2 to collect events - open a command prompt with administrative privileges. Then - run the following command to configure the Windows Event Collector service:
Active Directory Diagnostics
103
wecutil qc
Subscriptions
27. This captures all traffic on all network interfaces and saves it to a file named Filename.cap. When you are finished capturing - press ______.
Ctrl+C
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Latest Report
Setup
28. Although you can create data collector sets using the Logman tool - creating them using the Data Collector Sets console is easier. You can then run the data collector set by using the following command:
logman start "<Data Collector Set>"
Performance Monitor
Application - Security - Setup - System - Forwarded Events
winrm get winrm/config
29. Custom views are filters that can display events from ______.
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
ds
Latest Report
multiple logs
30. With event forwarding - only these Windows versions can act as collecting computers:
Performance Monitor
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
winrm enumerate winrm/config/Listener
Custom Views
31. To use a filter capture - type the filter capture in quotation marks after the /capture parameter. For example - the following command captures only DNS traffic:
5985 and 5986
NMCap /network * /capture "DNS" /file filename.cap
ds
103
32. With ______ subscriptions - the forwarding computers contact the collecting computer.
ds
Setup
Active Directory Diagnostics
Source computer initiated
33. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
winrm quickconfig
Data Collector Sets
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
34. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
Server Manager
winrm enumerate winrm/config/Listener
Subscriptions
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
35. Event forwarding uses HTTP or HTTPS to send events from a forwarding computer to a collecting computer. Instead of using the standard TCP ports 80 and 443 - HTTP and HTTPS use ports ______ - respectively.
wecutil qc
Forwarded Events
5985 and 5986
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
36. The log files are contained in two subnodes:
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
winrm quickconfig -transport:https
Windows Logs and Applications And Services Logs.
wecutil qc
37. What command should you run to configure a collecting computer?
wecutil qc
logman start "<Data Collector Set>"
winrm get winrm/config
multiple logs
38. Logs all the info included in the System Performance Data Collector Set - plus detailed system information. Use the ______ Data Collector Set when troubleshooting reliability problems such as problematic hardware - driver failures - or Stop errors (a
Windows Remote Management - Windows Event Collector
Collector initiated - Source computer initiated
System Diagnostics
Server Manager
39. The wecutil ______ parameter defines subscription configuration. To specify a custom interval for a subscription - run the following commands: ______.
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
event forwarding
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
40. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Active Directory Diagnostics
winrm quickconfig
41. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
10
DiagnosticsPerformanceMonitoring Tools
Windows Remote Management - Windows Event Collector
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
42. Computers that have no errors and no new software installations are considered stable and can achieve the maximum system stability index of ______.
DiagnosticsPerformanceMonitoring Tools
Forwarded Events
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
10
43. Windows Logs contains five subnodes:
Active Directory Diagnostics
Application - Security - Setup - System - Forwarded Events
winrm quickconfig
wecutil qc
44. You can create two types of subscriptions:
NMCap /network * /capture "DNS" /file filename.cap
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Collector initiated - Source computer initiated
winrm quickconfig -transport:https
45. Present only on computers with wireless capabilities - the ______ Data Collector Set logs the same info as the LAN Diagnostics Data Collector Set - plus info relevant to troubleshooting wireless network connections.
Wireless Diagnostics
System
wecutil qc
DiagnosticsPerformanceMonitoring Tools
46. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
winrm quickconfig -transport:https
Windows Remote Management - Windows Event Collector
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Ctrl+C
47. This Windows log contains auditing events that Windows adds when a user accesses or attempts to access a resource that has been configured for auditing.
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
qc
Security
Start A Program - Send An E-mail - Display A Message
48. This Windows log contains events forwarded to this computer from other computers.
Forwarded Events
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
NMCap /network * /capture /file filename.cap
When A Specific Event Is Logged
49. Because the forwarding computer must have HTTP and possibly HTTPS available - you can attempt to connect to it from the collecting computer by using Windows Internet Explorer
winrm get winrm/config
logman start "<Data Collector Set>"
10
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
50. Find an example of the event in Event Viewer. Then - right-click the event and click ______. A wizard will guide you through the process.
Attach Task To This Event
ds
NMCap /network * /capture /file filename.cap
Wireless Diagnostics
