WGU FEC1 700 Monitoring and Maintenance Questions With 100% Correct Answers.

Define "Event Subscriptions"? - Use Event Subscriptions to collect a set of events from multiple remote computers and store the events on a local computer. When you create an event subscription, events are sent from the source (or forwarder) computer (the computer where the event is generated) to the collector computer (the computer where the events are sent). The events are saved on the collector computer where they can be manipulated in the event logs like any other events. The event subscription allows you to define which events to collect and in which logs the events are stored. what is "Collector initiated" event subscription? - Collector initiated subscriptions create an event subscription for all source computers, inform the source computers of the subscription, and then receive the events on the collector computer. This type is best if you know all the event source computers that will forward events. how is a Collector initiated subscription configured? - 1. On the source computer, run the winrm qc command to run WinRM. 2. On the source computer, add the collector computer account to the local Administrators group. In a workgroup, you must also add a user account with administrative privileges to the Event Log Readers group. 3. On the collector computer, run the wecutil qc command to run Wecsvc. You must also run winrm qc on the collector if the collector is to use delivery optimization options other than normal. what is "Source computer initiated" event subscription? - Source initiated subscriptions define an event subscription on a collector computer without identifying each source computer. This type is best for environments where the source computers are managed using Group Policy. how is a "Source computer initiated" event subscription configured? - 1. On the source computer, run the winrm qc -q command to run WinRM. 2. On the source computer, configure and enable the Event Forwarding policy through Group Policy or the local security policy, and specify the collector computer's FQDN. 3. On the collector computer, run the winrm qc -q command to run WinRM. 4. On the collector computer, run the wecutil qc /q command to run Wecsvc.5. In Active Directory or on the collector computer, add the source computers to a computer group that identifies the source computers. what does the event subscription identify? - The log where events are saved. By default, events received from source computers are saved in the ForwardedEvents log. The source computers. 1: For a collector initiated subscription, you identify each source computer. 2: For a source computer initiated subscription, you identify a computer group of which source computers are members. 3: A user account that has administrative permissions to the collector computers. 4: The events that you want to collect. If a filter is not defined, all events are collected. 5: The protocol by which the source and collector communicate. HTTP over TCP port 80 is the default. HTTPS over TCP 443 is an option. Define event subscription delivery options? - Normal : pull delivery mode, batches 5 items, 15 minute batch delivery timeout (recommended unless granular control is needed)