Test your basic knowledge |

MCTS: Monitoring Computers

Subjects : certifications, mcts, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
Network Monitor
5985 and 5986
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
winrm quickconfig

2. Logs all the info included in the System Performance Data Collector Set - plus detailed system information. Use the ______ Data Collector Set when troubleshooting reliability problems such as problematic hardware - driver failures - or Stop errors (a
winrm enumerate winrm/config/Listener
System
System Diagnostics
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics

3. To run a file named Respond.exe whenever event 177 is published in the System event log - run the following command:
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
NMCap /network * /capture "DNS" /file filename.cap
RACAgent.exe
Source computer initiated

4. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
Active Directory Diagnostics
Windows Remote Management - Windows Event Collector
Windows Logs and Applications And Services Logs.
System

5. This Windows log contains events forwarded to this computer from other computers.
Forwarded Events
winrm quickconfig
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Windows Remote Management - Windows Event Collector

6. What command should you run to configure a forwarding computer?
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Windows Remote Management - Windows Event Collector
winrm quickconfig
Start A Program - Send An E-mail - Display A Message

7. The log files are contained in two subnodes:
Windows Logs and Applications And Services Logs.
Wireless Diagnostics
Collector initiated
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics

8. To capture network traffic from a command prompt - switch to the Network Monitor installation folder (C:Program FilesMicrosoft Network Monitor 3 by default) and run the following command:
NMCap /network * /capture /file filename.cap
winrm enumerate winrm/config/Listener
Data Collector Sets
Source computer initiated

9. With event forwarding - only these Windows versions can act as forwarding computers:
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
NMCap /network * /capture "DNS" /file filename.cap
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.

10. After using a Data Collector Set to gather information and then stopping the Data Collector Set - you can view a summary by right-clicking the Data Collector Set and then choosing ______.
Latest Report
Wireless Diagnostics
103
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"

11. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
System Performance
Source computer initiated
Application - Security - Setup - System - Forwarded Events
Server Manager

12. With ______ subscriptions - the forwarding computers contact the collecting computer.
Source computer initiated
5985 and 5986
Application
Ctrl+C

13. With ______ subscriptions - the collecting computer contacts the source computers to retrieve events.
Collector initiated
logman start "<Data Collector Set>"
Start
Setup

14. With event forwarding - only these Windows versions can act as collecting computers:
event forwarding
System Performance
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
103

15. The wecutil ______ parameter deletes a subscription.
Subscriptions
winrm quickconfig -transport:https
Forwarded Events
ds

16. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
winrm quickconfig
Performance Monitor
qc

17. Network Monitor can capture only traffic that the ______ receives.
When A Specific Event Is Logged
Setup
Active Directory Diagnostics
network adapter

18. What command should you run to configure a collecting computer?
10
Application - Security - Setup - System - Forwarded Events
wecutil qc
Collector initiated - Source computer initiated

19. This Windows log contains events generated while installing and updating Windows.
Setup
DiagnosticsPerformanceMonitoring Tools
When A Specific Event Is Logged
Custom Views

20. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
Windows Logs and Applications And Services Logs.
winrm quickconfig -transport:https
Start
System

21. The Minimize Bandwidth and Minimize Latency options of Event Subscriptions - both batch a default number of items at a time. You can determine the value of this default by typing the following command at a command prompt:
System Performance
10
Subscriptions
winrm get winrm/config

22. One of the most useful ways to use Task Scheduler is to launch a task in response to a specific event type that appears in Event Viewer. You can respond to events in three ways:
Start A Program - Send An E-mail - Display A Message
wecutil qc
ds
5985 and 5986

23. When you create a custom view - Event Viewer saves it within the ______ node so that you can quickly view the same set of events.
Custom Views
Network Monitor
Windows Remote Management - Windows Event Collector
winrm quickconfig -transport:https

24. This Windows log contains core system events. Other system events are contained with Applications And Services Logs.
Collector initiated
System
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Security

25. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
wecutil qc
When A Specific Event Is Logged
logman start "<Data Collector Set>"
Network Monitor

26. To use a Data Collector Set - right-click it - and then choose ______.
Forwarded Events
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Start
Windows Remote Management - Windows Event Collector

27. Present only on DCs - the ______ Data Collector Set logs kernel trace data - AD trace data - performance counters - and AD registry configuration.
System Performance
winrm quickconfig -transport:https
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Active Directory Diagnostics

28. The wecutil ______ parameter displays the status of subscriptions.
Setup
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
gr
winrm enumerate winrm/config/Listener

29. To configure a computer running Vista - Win 7 - Win Srvr 2008 - or Win Srvr 2008 R2 to collect events - open a command prompt with administrative privileges. Then - run the following command to configure the Windows Event Collector service:
DiagnosticsPerformanceMonitoring Tools
wecutil qc
winrm enumerate winrm/config/Listener
Collector initiated - Source computer initiated

30. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
DiagnosticsPerformanceMonitoring Tools
Security
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2

31. This Windows log contains events generated by applications.
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
ds
Application
Collector initiated - Source computer initiated

32. This captures all traffic on all network interfaces and saves it to a file named Filename.cap. When you are finished capturing - press ______.
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Forwarded Events
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Ctrl+C

33. Event forwarding uses ______ or ______ to send events from a forwarding computer to a collecting computer.
winrm quickconfig -transport:https
Performance Monitor
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Forwarded Events

34. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
Attach Task To This Event
Start A Program - Send An E-mail - Display A Message
DiagnosticsPerformanceMonitoring Tools
winrm enumerate winrm/config/Listener

35. You can create two types of subscriptions:
Setup
Collector initiated - Source computer initiated
10
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]

36. Although you can create data collector sets using the Logman tool - creating them using the Data Collector Sets console is easier. You can then run the data collector set by using the following command:
logman start "<Data Collector Set>"
When A Specific Event Is Logged
Ctrl+C
System

37. The wecutil ______ parameter defines subscription configuration. To specify a custom interval for a subscription - run the following commands: ______.
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Subscriptions
DiagnosticsPerformanceMonitoring Tools
NMCap /network * /capture "DNS" /file filename.cap

38. ______ gather system information - including configuration settings and performance data - and store it in a data file.
Application
Subscriptions
Data Collector Sets
Collector initiated

39. The Reliability Monitor displays data gathered by the Reliability Analysis Component (RAC) - which is implemented using ______ command.
RACAgent.exe
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Subscriptions
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2

40. ______ graphically shows real-time performance data - including processor utilization - network bandwidth usage - and thousands of other statistics.
Reliability Monitor
Latest Report
Performance Monitor
Collector initiated

41. Logs processor - disk - memory - and network performance counters and kernel tracing. Use the ______ Data Collector Set when troubleshooting a slow computer or intermittent performance problems.
System Performance
Latest Report
103
RACAgent.exe

42. To create a custom Data Collector Set - follow these steps:
System Diagnostics
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
logman start "<Data Collector Set>"
5985 and 5986

43. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
ds
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
network adapter

44. With ______ - you can send events that match specific criteria to an administrative computer - allowing you to centralize event management.
event forwarding
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
Source computer initiated

45. Windows Logs contains five subnodes:
DiagnosticsPerformanceMonitoring Tools
NMCap /network * /capture "DNS" /file filename.cap
multiple logs
Application - Security - Setup - System - Forwarded Events

46. To use a filter capture - type the filter capture in quotation marks after the /capture parameter. For example - the following command captures only DNS traffic:
Performance Monitor
winrm quickconfig
NMCap /network * /capture "DNS" /file filename.cap
DiagnosticsPerformanceMonitoring Tools

47. Event forwarding uses HTTP or HTTPS to send events from a forwarding computer to a collecting computer. Instead of using the standard TCP ports 80 and 443 - HTTP and HTTPS use ports ______ - respectively.
network adapter
Security
5985 and 5986
qc

48. Find an example of the event in Event Viewer. Then - right-click the event and click ______. A wizard will guide you through the process.
System Diagnostics
Attach Task To This Event
Data Collector Sets
10

49. ______ tracks a computer's stability.
Forwarded Events
DiagnosticsPerformanceMonitoring Tools
Attach Task To This Event
Reliability Monitor

50. Computers that have no errors and no new software installations are considered stable and can achieve the maximum system stability index of ______.
10
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.
winrm quickconfig
5985 and 5986