8.1.9

As part of the regular system maintenance on your Windows system, you are checking Performance Monitor statistics and Event Log events.

You notice that there are several Error events listed with the same ID number. They also contain a description that sounds as if the error is related to system hardware. You check your Performance Monitor logs but don't notice anything unusual around the time that the events were generated.

Which step must you take to receive an email every time the event is logged so you can check the system statistics at that moment?

Attach a task to the event.

Using Event Viewer, you have created a Custom View to track Warning and Error events from both the Application and System logs.

After a few days, there are several events in the Custom View. You would like to clear the messages from the view so that you only see messages starting from today.

How do you make sure that any messages from today that are in the corresponding logs still exist?

Edit the Custom View properties and create a custom range for the logged events, starting with today's date.

On your Windows system, you run a custom application that was developed in-house.

The application generates Event Viewer events and logs those events to the default Application and the Security logs in Event Viewer.

As you monitor the application, you would like to be able to do the following:

• View all events related to the application from a single log.

• View only the events related to the application and no others.

• View the necessary events with minimal future configuration.

• Save the Event Viewer configuration so that you can easily export and import the solution to other servers that will be running the application.

What should you do?

Create a Custom View.

You are troubleshooting a problem that keeps occurring on your Windows system. When the problem happens, Event Viewer shows several Error events in the Application and System logs.

From a single view, you would like to see only Error events from both the Application and the System logs.

What can you do in Event Viewer to make this happen?

On the Application log, filter the log to show only Error events. Save the filter to a Custom View and then add the System event log as an additional filter.

You are troubleshooting a problem that keeps occurring on your Windows system. When the problem happens, there are several Warning and Error events logged to the Application log in Event Viewer.

You create a Custom View that shows only Warning and Error events. During troubleshooting, you filter the Custom View to show only the Error messages.

How can you create a new Custom View using the current filter settings?

Save the filter to a Custom View.

You would like to configure Event Subscriptions on your Windows system to forward events to a network server. You need to configure your computer as a source computer for a collector-initiated subscription.

Which of the following will be part of your configuration? (Select two.)

1.Run the winrm qc command.

2.Add the collector computer to the Event Log Readers group.

You have two Windows systems named Computer 1 and Computer 2.

Over the next few days, you want to be able to monitor Computer 1 from Computer 2. To do this, you want to automatically save and send Computer 1's Application and System logs to Computer 2.

How would you do this?

On both computers, enable and configure Event Subscriptions. Configure Computer 1 as a source and Computer 2 as a collector.

You would like to configure Event Subscriptions on your Windows system to forward events to a network server. You need to configure your computer as a source computer for a source-initiated subscription.

Which of the following will be part of your configuration? (Select two.)

1.Run the winrm qc -q command.

2.Configure the Local Security Policy to identify the FQDN of the collector computer.

You manage two Windows systems named Computer 1 and Computer 2.

You have configured Event Subscriptions with the default settings to forward events from these two computers to a third Windows system named Computer 3.

How do you view the events from these two computers on Computer 3?

In Event Viewer, open the Forwarded Events log.

You manage three Windows systems that are part of a Workgroup. You would like to configure Event Subscriptions so that you can view all events from those computers on your Windows notebook.

You need to configure the three source computers and one collector computer. The subscription will be a source-initiated subscription.

What should you do? (Select two. Each answer is part of the complete solution.)

1. On all four computers, run the winrm qc-q command. On the collector computer, run the wecutil qc /q command.

2. On the collector computer, configure the subscription.