Test your basic knowledge |

MCTS: Monitoring Computers

Subjects : certifications, mcts, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. This Windows log contains events generated by applications.
event forwarding
logman start "<Data Collector Set>"
Setup
Application

2. To configure a computer running Vista - Win 7 - Win Srvr 2008 - or Win Srvr 2008 R2 to collect events - open a command prompt with administrative privileges. Then - run the following command to configure the Windows Event Collector service:
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Attach Task To This Event
Forwarded Events
wecutil qc

3. The Minimize Bandwidth and Minimize Latency options of Event Subscriptions - both batch a default number of items at a time. You can determine the value of this default by typing the following command at a command prompt:
NMCap /network * /capture /file filename.cap
winrm get winrm/config
Server Manager
Active Directory Diagnostics

4. In Win Srvr 2008 and Win Srvr 2008 R2 - you can also simply select the ______ node in the console tree of Event Viewer to confiture the collecting computer.
NMCap /network * /capture /file filename.cap
5985 and 5986
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Subscriptions

5. ______ gather system information - including configuration settings and performance data - and store it in a data file.
Security
Data Collector Sets
Network Monitor
NMCap /network * /capture "DNS" /file filename.cap

6. What command should you run to configure a forwarding computer?
wecutil qc
Wireless Diagnostics
winrm quickconfig
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.

7. The log files are contained in two subnodes:
qc
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Attach Task To This Event
Windows Logs and Applications And Services Logs.

8. This Windows log contains core system events. Other system events are contained with Applications And Services Logs.
winrm quickconfig
System
Security
gr

9. The wecutil ______ parameter deletes a subscription.
ds
10
Security
When A Specific Event Is Logged

10. After using a Data Collector Set to gather information and then stopping the Data Collector Set - you can view a summary by right-clicking the Data Collector Set and then choosing ______.
10
Windows Remote Management - Windows Event Collector
Latest Report
DiagnosticsPerformanceMonitoring Tools

11. Event forwarding uses ______ or ______ to send events from a forwarding computer to a collecting computer.
RACAgent.exe
Server Manager
winrm quickconfig
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)

12. One of the most useful ways to use Task Scheduler is to launch a task in response to a specific event type that appears in Event Viewer. You can respond to events in three ways:
winrm quickconfig -transport:https
Start A Program - Send An E-mail - Display A Message
DiagnosticsPerformanceMonitoring Tools
Custom Views

13. This Windows log contains auditing events that Windows adds when a user accesses or attempts to access a resource that has been configured for auditing.
event forwarding
Collector initiated - Source computer initiated
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
Security

14. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
DiagnosticsPerformanceMonitoring Tools
Network Monitor

15. Logs processor - disk - memory - and network performance counters and kernel tracing. Use the ______ Data Collector Set when troubleshooting a slow computer or intermittent performance problems.
Wireless Diagnostics
System Performance
System Diagnostics
Start

16. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
winrm enumerate winrm/config/Listener
Network Monitor
Custom Views

17. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
Security
winrm quickconfig
When A Specific Event Is Logged
System Performance

18. Find an example of the event in Event Viewer. Then - right-click the event and click ______. A wizard will guide you through the process.
winrm quickconfig
Attach Task To This Event
winrm get winrm/config
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2

19. Although you can create data collector sets using the Logman tool - creating them using the Data Collector Sets console is easier. You can then run the data collector set by using the following command:
Latest Report
RACAgent.exe
logman start "<Data Collector Set>"
Collector initiated - Source computer initiated

20. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
winrm quickconfig -transport:https
Wireless Diagnostics
Custom Views
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics

21. Windows Logs contains five subnodes:
Application - Security - Setup - System - Forwarded Events
logman start "<Data Collector Set>"
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
System Diagnostics

22. The wecutil ______ parameter displays the status of subscriptions.
Source computer initiated
gr
network adapter
Application - Security - Setup - System - Forwarded Events

23. Event forwarding uses HTTP or HTTPS to send events from a forwarding computer to a collecting computer. Instead of using the standard TCP ports 80 and 443 - HTTP and HTTPS use ports ______ - respectively.
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
5985 and 5986
NMCap /network * /capture /file filename.cap
Application - Security - Setup - System - Forwarded Events

24. Custom views are filters that can display events from ______.
wecutil qc
winrm quickconfig
multiple logs
Custom Views

25. To trigger a task when an event occurs - follow one of these three procedures:
10
103
Ctrl+C
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.

26. The wecutil ______ parameter performs the initial configuration required to collect events. If a subscription already exists - the necessary configuration must have already been performed.
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
qc
RACAgent.exe
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]

27. Computers that have no errors and no new software installations are considered stable and can achieve the maximum system stability index of ______.
NMCap /network * /capture /file filename.cap
10
Application
gr

28. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
winrm quickconfig
RACAgent.exe
Wireless Diagnostics
Data Collector Sets

29. To capture network traffic from a command prompt - switch to the Network Monitor installation folder (C:Program FilesMicrosoft Network Monitor 3 by default) and run the following command:
Application
Source computer initiated
5985 and 5986
NMCap /network * /capture /file filename.cap

30. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
Reliability Monitor
Server Manager
Network Monitor
103

31. To run a file named Respond.exe whenever event 177 is published in the System event log - run the following command:
Active Directory Diagnostics
Collector initiated
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>

32. To use a filter capture - type the filter capture in quotation marks after the /capture parameter. For example - the following command captures only DNS traffic:
DiagnosticsPerformanceMonitoring Tools
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
NMCap /network * /capture "DNS" /file filename.cap
103

33. With ______ subscriptions - the collecting computer contacts the source computers to retrieve events.
10
Reliability Monitor
winrm quickconfig
Collector initiated

34. What command should you run to configure a collecting computer?
Reliability Monitor
event forwarding
wecutil qc
Security

35. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
Subscriptions
Windows Remote Management - Windows Event Collector
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.

36. ______ graphically shows real-time performance data - including processor utilization - network bandwidth usage - and thousands of other statistics.
5985 and 5986
Wireless Diagnostics
Custom Views
Performance Monitor

37. You can create two types of subscriptions:
ds
System Performance
Collector initiated - Source computer initiated
multiple logs

38. To use a Data Collector Set - right-click it - and then choose ______.
Performance Monitor
When A Specific Event Is Logged
event forwarding
Start

39. With ______ - you can send events that match specific criteria to an administrative computer - allowing you to centralize event management.
System Performance
event forwarding
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Network Monitor

40. Present only on DCs - the ______ Data Collector Set logs kernel trace data - AD trace data - performance counters - and AD registry configuration.
Source computer initiated
Latest Report
Application
Active Directory Diagnostics

41. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
RACAgent.exe
winrm enumerate winrm/config/Listener
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Security

42. The wecutil ______ parameter defines subscription configuration. To specify a custom interval for a subscription - run the following commands: ______.
Setup
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Application - Security - Setup - System - Forwarded Events

43. With event forwarding - only these Windows versions can act as collecting computers:
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Attach Task To This Event
Active Directory Diagnostics
Reliability Monitor

44. This captures all traffic on all network interfaces and saves it to a file named Filename.cap. When you are finished capturing - press ______.
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Ctrl+C
System Performance
winrm get winrm/config

45. Check the Applications And Services LogsMicrosoftWindowsEventlog-ForwardingPluginOperational event log and verify that the subscription was created successfully. Event ID 100 indicates a new subscription whereas Event ID ______ indicates a subscripti
103
winrm quickconfig
Reliability Monitor
Application - Security - Setup - System - Forwarded Events

46. Because the forwarding computer must have HTTP and possibly HTTPS available - you can attempt to connect to it from the collecting computer by using Windows Internet Explorer
Attach Task To This Event
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
5985 and 5986
Windows Logs and Applications And Services Logs.

47. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
Attach Task To This Event
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
winrm enumerate winrm/config/Listener
Start

48. When you create a custom view - Event Viewer saves it within the ______ node so that you can quickly view the same set of events.
Start
Custom Views
Attach Task To This Event
System Performance

49. To create a custom Data Collector Set - follow these steps:
103
10
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
Windows Remote Management - Windows Event Collector

50. Network Monitor can capture only traffic that the ______ receives.
logman start "<Data Collector Set>"
Source computer initiated
network adapter
multiple logs