70-698 Chp 12
WinRM quickconfig
-Applies the default configuration of WinRM and allows it to accept WS-Management requests from other remote machines. - Which command is used to Start the Windows Remote Management service from a command prompt -Configures the Windows Remote Management HTTP listener -It additionally creates a Windows Firewall exception
Event viewer - Custom view
-Includes Administrative Events -Allows you to create custom views of events
Event Viewer Logs File Levels
-Information - Indicates that a change in an application or component has occurred -Warning - Indicates that an issue has occurred that can impact service for result in a more serious problem if action is not taken -Error - Indicates that a problem has occurred that might impact functionality that is external to the application or component that triggered the event -Critical - Indicates that a failure has occurred from which the application or component that triggered the event cannot automatically recover -Success Audit - Indicates that the exercise of a user right was successful -Failure Audit - Indicates that the exercise of a user right has failed
Reliability Monitor
A Control Panel/Action Panel tool that measures hardware and software problems and other changes to your computer that could affect the reliability of the computer -1 (the least stable) 10(the most stable)
Event Viewer (Eventvwr.msc)
A Windows tool useful for troubleshooting problems with Windows, applications, and hardware. It displays logs of significant events such as a hardware or network failure, OS failure, OS error messages, a device or service that has failed to start, or General Protection Faults. -an MMC snap-in that enables you to browse and manage event logs.
Level
A classification of the event severity: Information, Warning, Error, Critical, Success Audit, Failure Audit
Processor, memory, disk, and network
A computer is composed of four primary systems
Paging file
A file used by Windows for virtual memory. Also called the swap file. The actual filename in Windows is PAGEFILE.SYS. (9) (75%)
XML (Extensible Markup Language)
A markup language that is designed to carry data, in contrast to HTML, which indicates how to display data.
Performance alert
A notification or task that is executed when a performance value is reached.
Event ID
A number identifying the particular event type
Resource monitor (resmon.exe)
A system tool that allows you to view information about the use of hardware (CPU, memory, disk, and network) and software resources (file handlers and modules) in real time.
Performance monitor user groups
Administrators, Performance Monitor Users, Performance Log Users
Data Collector Sets (DCS)
Allows you to organize a set of performance counters, event trace data, and system configuration data into a single object that can be reused as needed.
Performance Monitor (perfmon)
An MMC snap-in that provides tools for analyzing system performance.
Page fault
An event that occurs when an accessed page is not present in main memory. -if pages/sec is 1,000 or higher you should increase the memory
Process
An instance of a program that is being executed
Microsoft Active Protection Service (MAPS)
An online community that can help you decide how to respond to certain threat types and it serves as a resource to help stop the spread of new viruses and malware.
Configuration information
Collected from key values in the Windows Registry
Event trace data
Collected from trace providers, which are components of the OS or of individual applications that report actions or events.
Net Local Group "administrators" <collecting_computer_name>$@<domain_name> /add
Command to Add the collecting computer name to the Administrators group
Process Identification (PID)
Composed of unique numbers that identify a process while it is running.
wecutil qc
Configures a receiving computer to receive events.
Event viewer - Windows Logs - System
Contains events logged by Windows system components, including errors displayed by Windows during boot and errors with services.
Event viewer - Windows Logs - Application
Contains events logged by applications or programs
Event viewer - Windows Logs - Setup
Contains events related to applications setup
Event viewer - Windows Logs - Security
Contains events such as valid and invalid logon attempts and access to designated objects such as files and folders, printers, and Active Directory objects. Security log is empty until you enabling auditing.
Windows Defender
Designed to protect your computer against viruses, spyware, and other types of malware. Real-time protection.
Event viewer - Application and Services Logs
Displays a set of events related to an application or service. E.g. DHCP, DNS, & Active Directory
Event Viewer - Applications and Services Logs
Displays a set of events related to an application or service. E.g. DHCP, DNS, and Active Directory
Which of the following is used to view the Windows logs?
Event Viewer
Task manager
Gives you a quick glance at performance and provides information about programs and processes running on your computer.
Event viewer - Windows Logs
Includes logs that were available in previous versions of windows: Application, Security, Setup, System, Forwarded Events
Performance monitor graph types
Line (default), Histogram (bar graph), Report (written)
Performance counters
Measurements of system state or activity
%Processor Time
Measures how busy the processor is (80%)
Event subscription
Microsoft's new Event Viewer allows you to collect events from remote computers and store them locally. By what name is this collection of events known?
Working set delta (memory)
Shows the amount of change in working set memory used by the process
Paged pool
Shows the amount of committed virtual memory for a process that can be written to another storage medium, such as the hard disk
NP Pool (non-paged)
Shows the amount of committed virtual memory for a process that can't be written to another storage medium.
Working set (memory)
Shows the amount of memory in the private working set plus the amount of memory the process is using that can be shared by other processes.
Commit Size
Shows the amount of virtual memory that is reserved for use by a process
Peak working set (memory)
Shows the maximum amount of working set memory used by the process
Event viewer - Windows Logs - Forwarded Events
Stores events collected from remote computers. Must create an event subscription. Does not work with pre-Windows 7 and WinServer 2008.
Taskschd.msc
Task Scheduler command
Disk queue length
The number of read and write requests that are waiting to be processed. (Sustained average higher than 2 times the number of spindles)
Source
The software that logged the event
Real-time protection
Uses signature detection methodology and heuristics to monitor and catch malware behavior.
When troubleshooting a problem and using Event Viewer, which of the following should be used to help focus on a reduced set of events?
filters
Which of the following allows viewing events from multiple computers using Event Viewer?
subscriptions
