Test your basic knowledge |

MCTS: Monitoring Computers

Subjects : certifications, mcts, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Event forwarding uses ______ or ______ to send events from a forwarding computer to a collecting computer.
Latest Report
ds
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)

2. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
System Diagnostics
Application
Network Monitor
winrm quickconfig

3. With ______ subscriptions - the forwarding computers contact the collecting computer.
qc
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Attach Task To This Event
Source computer initiated

4. This captures all traffic on all network interfaces and saves it to a file named Filename.cap. When you are finished capturing - press ______.
Server Manager
winrm enumerate winrm/config/Listener
Attach Task To This Event
Ctrl+C

5. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Active Directory Diagnostics
Server Manager

6. Although you can create data collector sets using the Logman tool - creating them using the Data Collector Sets console is easier. You can then run the data collector set by using the following command:
event forwarding
winrm quickconfig -transport:https
Active Directory Diagnostics
logman start "<Data Collector Set>"

7. Logs processor - disk - memory - and network performance counters and kernel tracing. Use the ______ Data Collector Set when troubleshooting a slow computer or intermittent performance problems.
multiple logs
System Performance
Start
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>

8. Logs all the info included in the System Performance Data Collector Set - plus detailed system information. Use the ______ Data Collector Set when troubleshooting reliability problems such as problematic hardware - driver failures - or Stop errors (a
System Diagnostics
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
Attach Task To This Event
5985 and 5986

9. To create a custom Data Collector Set - follow these steps:
Attach Task To This Event
5985 and 5986
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>

10. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
winrm enumerate winrm/config/Listener
Forwarded Events
10
network adapter

11. In Win Srvr 2008 and Win Srvr 2008 R2 - you can also simply select the ______ node in the console tree of Event Viewer to confiture the collecting computer.
winrm get winrm/config
Subscriptions
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Network Monitor

12. Present only on computers with wireless capabilities - the ______ Data Collector Set logs the same info as the LAN Diagnostics Data Collector Set - plus info relevant to troubleshooting wireless network connections.
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Wireless Diagnostics
Forwarded Events

13. This Windows log contains core system events. Other system events are contained with Applications And Services Logs.
System Diagnostics
5985 and 5986
System
Ctrl+C

14. With ______ subscriptions - the collecting computer contacts the source computers to retrieve events.
Windows Remote Management - Windows Event Collector
Forwarded Events
Collector initiated
Start A Program - Send An E-mail - Display A Message

15. To use a filter capture - type the filter capture in quotation marks after the /capture parameter. For example - the following command captures only DNS traffic:
NMCap /network * /capture "DNS" /file filename.cap
Start
System Diagnostics
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics

16. What command should you run to configure a collecting computer?
Performance Monitor
winrm enumerate winrm/config/Listener
wecutil qc
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics

17. Custom views are filters that can display events from ______.
multiple logs
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
System
winrm quickconfig -transport:https

18. The Minimize Bandwidth and Minimize Latency options of Event Subscriptions - both batch a default number of items at a time. You can determine the value of this default by typing the following command at a command prompt:
Network Monitor
10
winrm quickconfig -transport:https
winrm get winrm/config

19. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
multiple logs
Server Manager
System Diagnostics
Setup

20. What command should you run to configure a forwarding computer?
logman start "<Data Collector Set>"
winrm quickconfig
gr
Collector initiated

21. The log files are contained in two subnodes:
Ctrl+C
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Application - Security - Setup - System - Forwarded Events
Windows Logs and Applications And Services Logs.

22. Network Monitor can capture only traffic that the ______ receives.
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
wecutil qc
network adapter
qc

23. The wecutil ______ parameter performs the initial configuration required to collect events. If a subscription already exists - the necessary configuration must have already been performed.
winrm get winrm/config
Data Collector Sets
qc
Server Manager

24. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
wecutil qc
Server Manager
5985 and 5986
Windows Remote Management - Windows Event Collector

25. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
Network Monitor
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
System Diagnostics
DiagnosticsPerformanceMonitoring Tools

26. Find an example of the event in Event Viewer. Then - right-click the event and click ______. A wizard will guide you through the process.
network adapter
Attach Task To This Event
Application - Security - Setup - System - Forwarded Events
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2

27. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
Attach Task To This Event
ds
When A Specific Event Is Logged
qc

28. You can create two types of subscriptions:
Forwarded Events
Collector initiated - Source computer initiated
Start A Program - Send An E-mail - Display A Message
winrm get winrm/config

29. The wecutil ______ parameter defines subscription configuration. To specify a custom interval for a subscription - run the following commands: ______.
Source computer initiated
NMCap /network * /capture /file filename.cap
Custom Views
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>

30. To configure a computer running Vista - Win 7 - Win Srvr 2008 - or Win Srvr 2008 R2 to collect events - open a command prompt with administrative privileges. Then - run the following command to configure the Windows Event Collector service:
wecutil qc
winrm quickconfig
Network Monitor
Security

31. The wecutil ______ parameter displays the status of subscriptions.
winrm quickconfig
logman start "<Data Collector Set>"
gr
Forwarded Events

32. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
103
Latest Report
winrm quickconfig -transport:https
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.

33. To use a Data Collector Set - right-click it - and then choose ______.
winrm enumerate winrm/config/Listener
System Performance
System
Start

34. Event forwarding uses HTTP or HTTPS to send events from a forwarding computer to a collecting computer. Instead of using the standard TCP ports 80 and 443 - HTTP and HTTPS use ports ______ - respectively.
5985 and 5986
Setup
Security
logman start "<Data Collector Set>"

35. Because the forwarding computer must have HTTP and possibly HTTPS available - you can attempt to connect to it from the collecting computer by using Windows Internet Explorer
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Subscriptions
RACAgent.exe
Wireless Diagnostics

36. To trigger a task when an event occurs - follow one of these three procedures:
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
NMCap /network * /capture "DNS" /file filename.cap
System

37. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
Network Monitor
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Performance Monitor
Active Directory Diagnostics

38. This Windows log contains events forwarded to this computer from other computers.
Server Manager
Forwarded Events
Setup
DiagnosticsPerformanceMonitoring Tools

39. To capture network traffic from a command prompt - switch to the Network Monitor installation folder (C:Program FilesMicrosoft Network Monitor 3 by default) and run the following command:
NMCap /network * /capture /file filename.cap
System Performance
winrm get winrm/config
Collector initiated - Source computer initiated

40. This Windows log contains events generated by applications.
System Diagnostics
RACAgent.exe
Application
Source computer initiated

41. Computers that have no errors and no new software installations are considered stable and can achieve the maximum system stability index of ______.
Latest Report
10
Start
network adapter

42. ______ gather system information - including configuration settings and performance data - and store it in a data file.
logman start "<Data Collector Set>"
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Data Collector Sets
DiagnosticsPerformanceMonitoring Tools

43. Microsoft provides ______ - a powerful protocol analyzer - as a free download.
5985 and 5986
Network Monitor
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
ds

44. ______ graphically shows real-time performance data - including processor utilization - network bandwidth usage - and thousands of other statistics.
Performance Monitor
logman start "<Data Collector Set>"
Source computer initiated
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.

45. When you create a custom view - Event Viewer saves it within the ______ node so that you can quickly view the same set of events.
Windows Logs and Applications And Services Logs.
10
Custom Views
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics

46. Windows Logs contains five subnodes:
wecutil qc
System Performance
winrm quickconfig
Application - Security - Setup - System - Forwarded Events

47. One of the most useful ways to use Task Scheduler is to launch a task in response to a specific event type that appears in Event Viewer. You can respond to events in three ways:
winrm quickconfig
multiple logs
Reliability Monitor
Start A Program - Send An E-mail - Display A Message

48. Present only on DCs - the ______ Data Collector Set logs kernel trace data - AD trace data - performance counters - and AD registry configuration.
Attach Task To This Event
Active Directory Diagnostics
Windows Logs and Applications And Services Logs.
winrm quickconfig

49. With event forwarding - only these Windows versions can act as collecting computers:
10
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
winrm quickconfig -transport:https
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2

50. This Windows log contains events generated while installing and updating Windows.
multiple logs
Collector initiated - Source computer initiated
Setup
Ctrl+C