ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-100 All Questions

View all questions & answers for the MD-100 exam
Go to Exam

Exam MD-100 topic 3 question 41 discussion

Actual exam question from Microsoft's MD-100
Question #: 41
Topic #: 3
[All MD-100 Questions]

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab.
But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

Username and password -

Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.

Username: Contoso/Administrator -
Password: Passw0rd!
The following information is for technical support purposes only:

Lab Instance: 10921597 -

You need to identify the total number of events that have Event ID 63 in the Application event log. You must type the number of identified events into C:\Folder1
\FileA.txt.
To complete this task, sign in to the required computer or computers and perform the required action.

Show Suggested Answer Hide Answer
Suggested Answer: See explanation below.
1. Open Event Viewer.
2. Click the log that you want to filter, then click Filter Current Log from the Action pane or right-click menu. This will open the Filter Current Log dialog box.
3. You can specify a time period if you know approximately when the relevant events occurred. You can specify the event level, choosing between Critical,
Warning, Verbose, Error and Information. If you select none of these, all event levels will be returned. You can't modify which event log is being checked as filters apply only to a single log.
4. You can choose the event sources which have generated the log entries, and search for key words, users, or computers. You can also search using specific event IDs.
Reference:
https://www.manageengine.com/products/active-directory-audit/kb/how-to/how-to-search-the-event-viewer.html
by doodoo3211 at Oct. 8, 2020, 8:14 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Merma
Highly Voted 4 years, 1 month ago
Here's a helpful step by step video https://www.youtube.com/watch?v=corhqJp_HNw
upvoted 14 times
...
doodoo3211
Highly Voted 4 years, 6 months ago
Does it mention the computer you meant to do this on at the exam? Do you just gamble where you meant to do this?
upvoted 11 times
goldengodiva
4 years, 2 months ago
If they don't mention a computer I assume you do it for all of them.
upvoted 1 times
...
RodrigoT
3 years, 2 months ago
The question says: "computer or computers". I guess you'll have to sign in on the clients one by one and check who has the C:\Folder1\FileA.txt. In that "computer or computers" you open the Event Viewer and perform the task.
upvoted 1 times
...
...
El_Cabron
Most Recent 2 years, 7 months ago
I know there's a lot of ways to achieve this but the simplest one would be to filter the application log by ID63, note how many there are and type in the number in the txt file. No need to overcomplicate the methods.
upvoted 1 times
...
Sumi2021
3 years, 3 months ago
This will get you the nos of events with 63 in a single line : (Get-EventLog -LogName Application | Where-Object {$_.EventID -eq '63'}).count | Out-File -FilePath "C:\Folder1\FileA.txt"
upvoted 2 times
...
imtiazL
3 years, 8 months ago
does this need to be done all on 3 clients ?
upvoted 1 times
...
imtiazL
3 years, 8 months ago
Go to Event Viewer - Windows Logs - Applications - Create Custom View - <All Event IDs> type 63 - okay - give it a name - top middle of the screen will give you the number of events - C:\Folder1\FileA.txt add the number in text file
upvoted 7 times
...
Arndog
3 years, 11 months ago
Once you filter on Event ID 63 you can use the right menu to 'Save filtered log file as...' and pick a text file like C:\Folder1\FileA.txt
upvoted 3 times
...
Hisandy
4 years ago
I get that how to get number of events, but I do not understand that I need to type the number of identified events into C:\Folder1\FileA.txt. Does this mean I need to create the file and type the numbers?
upvoted 1 times
...
Ptit_filou
4 years, 2 months ago
"You must type the number of identified events into C:\Folder1\FileA.txt" I don't know whether this is what is asked, but we can write the total number of events with the following PowerShell command: (Get-WinEvent -FilterHashTable @{ LogName = "Application"; ID = 63 }).count | Out-File C:\Folder1\FileA.txt
upvoted 3 times
DodoE
4 years, 2 months ago
a bit easier to remember parameters - as we are only working with the standard "Application" log: (Get-EventLog -LogName Application -InstanceId 63).Count | Out-File C:\Folder1\FileA.txt
upvoted 1 times
KirilA
3 years, 11 months ago
This returns less coint 30 vs 41 on my pc.
upvoted 1 times
zerikun
3 years, 6 months ago
I think the instanceId of some logs is different from their EventId. Better use this (Get-EventLog -LogName Application | Where-Object {$_.EventID -eq 63}).count
upvoted 1 times
...
...
...
...
cankayahmet
4 years, 3 months ago
steps do not include to write total results to txt file!
upvoted 2 times
AVP_Riga
4 years, 1 month ago
"You must TYPE the number of identified events"
upvoted 2 times
...
ownydepowny
4 years, 2 months ago
After you replace <All Event IDs> with 63 and you click OK, the number of events will be displayed at the top of the page.
upvoted 5 times
...
AVP_Riga
4 years, 1 month ago
You can do it manually.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago