Test your basic knowledge |

MCTS: Monitoring Computers

Subjects : certifications, mcts, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The Minimize Bandwidth and Minimize Latency options of Event Subscriptions - both batch a default number of items at a time. You can determine the value of this default by typing the following command at a command prompt:
winrm quickconfig -transport:https
Security
Windows Logs and Applications And Services Logs.
winrm get winrm/config

2. This Windows log contains auditing events that Windows adds when a user accesses or attempts to access a resource that has been configured for auditing.
Security
Start A Program - Send An E-mail - Display A Message
NMCap /network * /capture "DNS" /file filename.cap
Server Manager

3. What command should you run to configure a forwarding computer?
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Wireless Diagnostics
Setup
winrm quickconfig

4. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
DiagnosticsPerformanceMonitoring Tools
Start
Windows Remote Management - Windows Event Collector

5. Network Monitor can capture only traffic that the ______ receives.
Forwarded Events
Active Directory Diagnostics
DiagnosticsPerformanceMonitoring Tools
network adapter

6. The wecutil ______ parameter deletes a subscription.
ds
wecutil qc
Network Monitor
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2

7. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
Attach Task To This Event
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
winrm enumerate winrm/config/Listener
Windows Logs and Applications And Services Logs.

8. To create a custom Data Collector Set - follow these steps:
NMCap /network * /capture /file filename.cap
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
Latest Report
gr

9. Event forwarding uses ______ or ______ to send events from a forwarding computer to a collecting computer.
When A Specific Event Is Logged
Application - Security - Setup - System - Forwarded Events
Attach Task To This Event
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)

10. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
10
Server Manager
Collector initiated - Source computer initiated
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics

11. Logs all the info included in the System Performance Data Collector Set - plus detailed system information. Use the ______ Data Collector Set when troubleshooting reliability problems such as problematic hardware - driver failures - or Stop errors (a
Forwarded Events
Subscriptions
System
System Diagnostics

12. Present only on computers with wireless capabilities - the ______ Data Collector Set logs the same info as the LAN Diagnostics Data Collector Set - plus info relevant to troubleshooting wireless network connections.
Custom Views
ds
When A Specific Event Is Logged
Wireless Diagnostics

13. One of the most useful ways to use Task Scheduler is to launch a task in response to a specific event type that appears in Event Viewer. You can respond to events in three ways:
5985 and 5986
Start A Program - Send An E-mail - Display A Message
wecutil qc
10

14. When you create a custom view - Event Viewer saves it within the ______ node so that you can quickly view the same set of events.
ds
qc
Custom Views
NMCap /network * /capture "DNS" /file filename.cap

15. The wecutil ______ parameter displays the status of subscriptions.
5985 and 5986
winrm quickconfig
gr
Attach Task To This Event

16. Custom views are filters that can display events from ______.
multiple logs
Performance Monitor
Custom Views
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.

17. Microsoft provides ______ - a powerful protocol analyzer - as a free download.
When A Specific Event Is Logged
Source computer initiated
System
Network Monitor

18. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
Network Monitor
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Subscriptions
When A Specific Event Is Logged

19. To trigger a task when an event occurs - follow one of these three procedures:
Collector initiated
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Subscriptions
10

20. Windows Logs contains five subnodes:
Collector initiated
Start A Program - Send An E-mail - Display A Message
System Performance
Application - Security - Setup - System - Forwarded Events

21. Because the forwarding computer must have HTTP and possibly HTTPS available - you can attempt to connect to it from the collecting computer by using Windows Internet Explorer
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
When A Specific Event Is Logged
Application
5985 and 5986

22. The Reliability Monitor displays data gathered by the Reliability Analysis Component (RAC) - which is implemented using ______ command.
winrm quickconfig
Ctrl+C
RACAgent.exe
Collector initiated - Source computer initiated

23. The wecutil ______ parameter defines subscription configuration. To specify a custom interval for a subscription - run the following commands: ______.
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
wecutil qc
Setup
10

24. Event forwarding uses HTTP or HTTPS to send events from a forwarding computer to a collecting computer. Instead of using the standard TCP ports 80 and 443 - HTTP and HTTPS use ports ______ - respectively.
Performance Monitor
Subscriptions
logman start "<Data Collector Set>"
5985 and 5986

25. To use a Data Collector Set - right-click it - and then choose ______.
Attach Task To This Event
Start
multiple logs
network adapter

26. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
When A Specific Event Is Logged
DiagnosticsPerformanceMonitoring Tools
Forwarded Events
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2

27. With ______ - you can send events that match specific criteria to an administrative computer - allowing you to centralize event management.
Windows Remote Management - Windows Event Collector
wecutil qc
event forwarding
gr

28. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
network adapter
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
winrm quickconfig
multiple logs

29. Although you can create data collector sets using the Logman tool - creating them using the Data Collector Sets console is easier. You can then run the data collector set by using the following command:
multiple logs
103
logman start "<Data Collector Set>"
wecutil qc

30. The wecutil ______ parameter performs the initial configuration required to collect events. If a subscription already exists - the necessary configuration must have already been performed.
qc
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Custom Views
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)

31. This Windows log contains events generated while installing and updating Windows.
Performance Monitor
System
winrm enumerate winrm/config/Listener
Setup

32. With ______ subscriptions - the collecting computer contacts the source computers to retrieve events.
Collector initiated
When A Specific Event Is Logged
Attach Task To This Event
Subscriptions

33. Present only on DCs - the ______ Data Collector Set logs kernel trace data - AD trace data - performance counters - and AD registry configuration.
Performance Monitor
Active Directory Diagnostics
Ctrl+C
Network Monitor

34. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
5985 and 5986
winrm quickconfig -transport:https
Start A Program - Send An E-mail - Display A Message
Reliability Monitor

35. ______ tracks a computer's stability.
When A Specific Event Is Logged
Reliability Monitor
qc
ds

36. ______ gather system information - including configuration settings and performance data - and store it in a data file.
Data Collector Sets
Security
Windows Remote Management - Windows Event Collector
Collector initiated

37. Logs processor - disk - memory - and network performance counters and kernel tracing. Use the ______ Data Collector Set when troubleshooting a slow computer or intermittent performance problems.
event forwarding
Attach Task To This Event
NMCap /network * /capture "DNS" /file filename.cap
System Performance

38. Check the Applications And Services LogsMicrosoftWindowsEventlog-ForwardingPluginOperational event log and verify that the subscription was created successfully. Event ID 100 indicates a new subscription whereas Event ID ______ indicates a subscripti
System Diagnostics
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
103
winrm get winrm/config

39. After using a Data Collector Set to gather information and then stopping the Data Collector Set - you can view a summary by right-clicking the Data Collector Set and then choosing ______.
Latest Report
Wireless Diagnostics
wecutil qc
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>

40. This Windows log contains events generated by applications.
qc
Custom Views
network adapter
Application

41. To capture network traffic from a command prompt - switch to the Network Monitor installation folder (C:Program FilesMicrosoft Network Monitor 3 by default) and run the following command:
Collector initiated - Source computer initiated
NMCap /network * /capture /file filename.cap
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.

42. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
ds
winrm get winrm/config
Wireless Diagnostics
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics

43. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
Windows Remote Management - Windows Event Collector
Data Collector Sets
ds
winrm quickconfig -transport:https

44. This Windows log contains events forwarded to this computer from other computers.
NMCap /network * /capture "DNS" /file filename.cap
Forwarded Events
Windows Remote Management - Windows Event Collector
When A Specific Event Is Logged

45. This captures all traffic on all network interfaces and saves it to a file named Filename.cap. When you are finished capturing - press ______.
5985 and 5986
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Ctrl+C

46. Computers that have no errors and no new software installations are considered stable and can achieve the maximum system stability index of ______.
RACAgent.exe
Ctrl+C
10
System

47. You can create two types of subscriptions:
Ctrl+C
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Collector initiated - Source computer initiated

48. With event forwarding - only these Windows versions can act as collecting computers:
event forwarding
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2

49. What command should you run to configure a collecting computer?
multiple logs
wecutil qc
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Subscriptions

50. In Win Srvr 2008 and Win Srvr 2008 R2 - you can also simply select the ______ node in the console tree of Event Viewer to confiture the collecting computer.
Data Collector Sets
Subscriptions
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
103