Test your basic knowledge |

MCTS: Monitoring Computers

Subjects : certifications, mcts, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To verify that the forwarding computer has the Windows Remote Management listener properly configured - from an elevated command prompt - run the following command:
winrm enumerate winrm/config/Listener
Application - Security - Setup - System - Forwarded Events
Security
Windows Remote Management - Windows Event Collector

2. With ______ subscriptions - the collecting computer contacts the source computers to retrieve events.
Collector initiated
NMCap /network * /capture /file filename.cap
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
5985 and 5986

3. Event forwarding uses HTTP or HTTPS to send events from a forwarding computer to a collecting computer. Instead of using the standard TCP ports 80 and 443 - HTTP and HTTPS use ports ______ - respectively.
5985 and 5986
Subscriptions
NMCap /network * /capture /file filename.cap
Server Manager

4. To run a file named Respond.exe whenever event 177 is published in the System event log - run the following command:
Start A Program - Send An E-mail - Display A Message
Application - Security - Setup - System - Forwarded Events
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
logman start "<Data Collector Set>"

5. This Windows log contains core system events. Other system events are contained with Applications And Services Logs.
winrm enumerate winrm/config/Listener
System
5985 and 5986
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2

6. The wecutil ______ parameter deletes a subscription.
ds
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Forwarded Events
Windows Remote Management - Windows Event Collector

7. One of the most useful ways to use Task Scheduler is to launch a task in response to a specific event type that appears in Event Viewer. You can respond to events in three ways:
Subscriptions
network adapter
winrm quickconfig -transport:https
Start A Program - Send An E-mail - Display A Message

8. This Windows log contains events forwarded to this computer from other computers.
Windows Remote Management - Windows Event Collector
Start
Forwarded Events
Start A Program - Send An E-mail - Display A Message

9. With event forwarding - only these Windows versions can act as collecting computers:
Start A Program - Send An E-mail - Display A Message
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
winrm get winrm/config
10

10. Although you can create data collector sets using the Logman tool - creating them using the Data Collector Sets console is easier. You can then run the data collector set by using the following command:
logman start "<Data Collector Set>"
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
winrm quickconfig -transport:https
Attach Task To This Event

11. ______ gather system information - including configuration settings and performance data - and store it in a data file.
When A Specific Event Is Logged
Data Collector Sets
Network Monitor
Forwarded Events

12. You can also use the /inputcapture parameter of NMCap to process an existing capture file.E.g. To read a file named Capture1.cap and write a new capture file containing only HTTP packets - use this command:
Subscriptions
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
103
winrm enumerate winrm/config/Listener

13. To capture network traffic from a command prompt - switch to the Network Monitor installation folder (C:Program FilesMicrosoft Network Monitor 3 by default) and run the following command:
Application - Security - Setup - System - Forwarded Events
NMCap /network * /capture /file filename.cap
Collector initiated
Find an example of the event in Event Viewer. - In Task Scheduler - click Create Basic Task in the actions pane. - Use the Schtasks command-line tool from a command prompt or a script.

14. Logs processor - disk - memory - and network performance counters and kernel tracing. Use the ______ Data Collector Set when troubleshooting a slow computer or intermittent performance problems.
Latest Report
System Performance
Security
Start

15. Present only on DCs - the ______ Data Collector Set logs kernel trace data - AD trace data - performance counters - and AD registry configuration.
Active Directory Diagnostics
Application
gr
Application - Security - Setup - System - Forwarded Events

16. With event forwarding - only these Windows versions can act as forwarding computers:
System Diagnostics
Win XP SP2 - Win Srvr 2003 SP1 or 2 - Win Srvr 2003 R2 - Vista - Win 7 - Win Srvr 2008 - and Win Srvr 2008 R2
Subscriptions
Setup

17. To configure Event Forwarding to use HTTPS - create a Windows Firewall exception for TCP port 5986 and run the following command:
System
winrm quickconfig -transport:https
Subscriptions
NMCap /network * /capture "DNS" /file filename.cap

18. At a command prompt with administrative privileges - run the following command to configure the Windows Remote Management service on the forwarding computer:
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Setup
NMCap /network * /capture /file filename.cap
winrm quickconfig

19. What command should you run to configure a forwarding computer?
Latest Report
10
SCHTASKS /Create /TN EventLog /TR respond.exe /SC ONEVENT /EC System /MO *[System/EventID=177]
winrm quickconfig

20. To use a Data Collector Set - right-click it - and then choose ______.
Wireless Diagnostics
Windows Logs and Applications And Services Logs.
NMCap /network * /capture /file filename.cap
Start

21. ______ tracks a computer's stability.
Attach Task To This Event
Reliability Monitor
ds
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)

22. You can create two types of subscriptions:
DiagnosticsPerformanceMonitoring Tools
Server Manager
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
Collector initiated - Source computer initiated

23. Find an example of the event in Event Viewer. Then - right-click the event and click ______. A wizard will guide you through the process.
gr
Collector initiated - Source computer initiated
Data Collector Sets
Attach Task To This Event

24. The Reliability Monitor displays data gathered by the Reliability Analysis Component (RAC) - which is implemented using ______ command.
Windows Logs and Applications And Services Logs.
logman start "<Data Collector Set>"
RACAgent.exe
Ctrl+C

25. This Windows log contains events generated by applications.
Application
When A Specific Event Is Logged
System Diagnostics
Forwarded Events

26. In Task Scheduler - click Create Basic Task in the actions pane. On the Trigger page of the wizard - select ______. Then - specify the Log - Source - and Event ID.
Windows Logs and Applications And Services Logs.
5985 and 5986
When A Specific Event Is Logged
Wireless Diagnostics

27. Using event forwarding requires you to configure both the forwarding and collecting computers. First - you must start the following services on both the forwarding and collecting computer:
NMCap /InputCapture "Capture1.cap" /capture "HTTP" /file "HttpOnlyCapture.cap"
network adapter
Windows Remote Management - Windows Event Collector
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)

28. Microsoft provides ______ - a powerful protocol analyzer - as a free download.
Network Monitor
System Performance
logman start "<Data Collector Set>"
multiple logs

29. The wecutil ______ parameter displays the status of subscriptions.
gr
Attach Task To This Event
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
qc

30. To use a filter capture - type the filter capture in quotation marks after the /capture parameter. For example - the following command captures only DNS traffic:
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Application
NMCap /network * /capture "DNS" /file filename.cap
DiagnosticsPerformanceMonitoring Tools

31. The wecutil ______ parameter performs the initial configuration required to collect events. If a subscription already exists - the necessary configuration must have already been performed.
event forwarding
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
qc
NMCap /network * /capture /file filename.cap

32. Logs all the info included in the System Performance Data Collector Set - plus detailed system information. Use the ______ Data Collector Set when troubleshooting reliability problems such as problematic hardware - driver failures - or Stop errors (a
Source computer initiated
logman start "<Data Collector Set>"
System Diagnostics
ds

33. To create a custom Data Collector Set - follow these steps:
Network Monitor
Collector initiated - Source computer initiated
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
103

34. You can open Event Viewer from within ______ by selecting the DiagnosticsEvent Viewer node.
Application - Security - Setup - System - Forwarded Events
multiple logs
Server Manager
qc

35. Custom views are filters that can display events from ______.
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
logman start "<Data Collector Set>"
multiple logs
Windows Logs and Applications And Services Logs.

36. To open Reliability Monitor - right-click the ______ node in Server Manager and then click View System Reliability.
Ctrl+C
DiagnosticsPerformanceMonitoring Tools
wecutil qc
System Diagnostics

37. This captures all traffic on all network interfaces and saves it to a file named Filename.cap. When you are finished capturing - press ______.
System
Security
Reliability Monitor
Ctrl+C

38. Because the forwarding computer must have HTTP and possibly HTTPS available - you can attempt to connect to it from the collecting computer by using Windows Internet Explorer
Setup
http://computername:5985 (or https://computername:5986 if you are using HTTPS)
RACAgent.exe
Active Directory Diagnostics

39. ______ graphically shows real-time performance data - including processor utilization - network bandwidth usage - and thousands of other statistics.
Performance Monitor
Application
Start A Program - Send An E-mail - Display A Message
Collector initiated - Source computer initiated

40. This Windows log contains events generated while installing and updating Windows.
Ctrl+C
When A Specific Event Is Logged
Collector initiated - Source computer initiated
Setup

41. What command should you run to configure a collecting computer?
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
103
5985 and 5986
wecutil qc

42. The wecutil ______ parameter defines subscription configuration. To specify a custom interval for a subscription - run the following commands: ______.
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
ss - wecutil ss <subscription_name> /cm:custom wecutil ss <subscription_name> /hi:<milliseconds_delay>
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
ds

43. In Win Srvr 2008 and Win Srvr 2008 R2 - you can also simply select the ______ node in the console tree of Event Viewer to confiture the collecting computer.
Subscriptions
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
103
ds

44. Event forwarding uses ______ or ______ to send events from a forwarding computer to a collecting computer.
Application
DiagnosticsPerformanceMonitoring Tools
Hypertext Transfer Protocol (HTTP) or HTTPS (Hypertext Transfer Protocol Secure)
Source computer initiated

45. To configure a computer running Vista - Win 7 - Win Srvr 2008 - or Win Srvr 2008 R2 to collect events - open a command prompt with administrative privileges. Then - run the following command to configure the Windows Event Collector service:
multiple logs
Performance Monitor
wecutil qc
Application - Security - Setup - System - Forwarded Events

46. With ______ - you can send events that match specific criteria to an administrative computer - allowing you to centralize event management.
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Custom Views
event forwarding
Ctrl+C

47. After using a Data Collector Set to gather information and then stopping the Data Collector Set - you can view a summary by right-clicking the Data Collector Set and then choosing ______.
System Diagnostics
Latest Report
event forwarding
Security

48. With ______ subscriptions - the forwarding computers contact the collecting computer.
Vista - Win 7 - Win Server 2003 R2 - Win Server 2008 - and Win Server 2008 R2
Source computer initiated
Setup
ds

49. When you create a custom view - Event Viewer saves it within the ______ node so that you can quickly view the same set of events.
multiple logs
System Performance
Wireless Diagnostics
Custom Views

50. Windows Server 2008 R2 includes several built-in Data Collector Sets located at Data Collector SetsSystem:
Active Directory Diagnostics - System Performance - System Diagnostics - Wireless Diagnostics
Custom Views
Right-click Data Collector SetsUser Defined - choose New - and then choose Data Collector Set. The Create New Data Collector Set Wizard appears.
System Performance