ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-100 All Questions

View all questions & answers for the MD-100 exam
Go to Exam

Exam MD-100 topic 4 question 28 discussion

Actual exam question from Microsoft's MD-100
Question #: 28
Topic #: 4
[All MD-100 Questions]

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab.
But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

Username and password -

Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.

Username: Contoso/Administrator -
Password: Passw0rd!
The following information is for technical support purposes only:

Lab Instance: 11145882 -


You have already prepared Client1 for remote management.
You need to forward all events from the Application event log on Client1 to DC1.
To complete this task, sign in to the required computer or computers.

Show Suggested Answer Hide Answer
Suggested Answer: See explanation below.
Configuring the event source computer
1. Run the following command from an elevated privilege command prompt on the Windows Server domain controller to configure Windows Remote Management: winrm qc -q
2. Start group policy by running the following command:
%SYSTEMROOT%\System32\gpedit.msc
3. Under the Computer Configuration node, expand the Administrative Templates node, then expand the Windows Components node, then select the Event
Forwarding node.
4. Right-click the SubscriptionManager setting, and select Properties. Enable the SubscriptionManager setting, and click the Show button to add a server address to the setting. Add at least one setting that specifies the event collector computer. The SubscriptionManager Properties window contains an Explain tab that describes the syntax for the setting.
5. After the SubscriptionManager setting has been added, run the following command to ensure the policy is applied: gpupdate /force
Configuring the event collector computer
1. Run the following command from an elevated privilege command prompt on the Windows Server domain controller to configure Windows Remote Management: winrm qc -q
2. Run the following command to configure the Event Collector service: wecutil qc /q
3. Create a source initiated subscription. This can either be done programmatically, by using the Event Viewer, or by using Wecutil.exe. If you use Wecutil.exe, you must create an event subscription XML file and use the following command: wecutil cs configurationFile.xml
Reference:
https://docs.microsoft.com/en-us/windows/win32/wec/setting-up-a-source-initiated-subscription#forwarding-the-security-log
by jsblah at Nov. 14, 2020, 11:52 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Anthony_2770
Highly Voted 4 years, 6 months ago
The source computer is Client1 not the Domain controller. The answer has specified the source computer and the collector computer as the same computer
upvoted 7 times
RodrigoT
3 years, 4 months ago
I agree that the link provided is quite confusing because it has the anchor "#forwarding-the-security-log" wrong. Try this with the correct anchor: https://docs.microsoft.com/en-us/windows/win32/wec/setting-up-a-source-initiated-subscription#setting-up-a-source-initiated-subscription-where-the-event-sources-are-in-the-same-domain-as-the-event-collector-computer
upvoted 1 times
...
...
jsblah
Highly Voted 4 years, 7 months ago
A much better, less confusing set of instructions can be found at https://docs.microsoft.com/en-us/advanced-threat-analytics/configure-event-collection
upvoted 7 times
RodrigoT
3 years, 4 months ago
Thanks for the link with nice instructions but those are specific for Security events. The lab asks for Application events.
upvoted 1 times
devilcried
3 years, 3 months ago
The only difference is to step d. Click Select Events. i. Click By log and select Application.
upvoted 3 times
...
...
...
flabezerra
Most Recent 2 years, 8 months ago
Follow these two articles in order and you will be fine. First article https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc748890(v=ws.11) Second article https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc722010(v=ws.10) When you click to select the events you will see the Applications and Services logs. After that, do the folowing: 1 - Right-click Forwarded Events in the left pane, and then select Create Custom View. 2 - In the Create Custom View dialog box, leave it as it is and then select OK. 3 - In the Save Filter to Custom View dialog box, in the Name box, type Application logs from Client1, and then select OK.
upvoted 1 times
flabezerra
2 years, 8 months ago
When you click to select the events you will see the Windows Logs > Application.
upvoted 1 times
...
Agneya
2 years ago
Can we complete tasks by only following the steps provided in 2nd Article?
upvoted 1 times
...
...
redadz
4 years, 6 months ago
In a real live scenario, we should forward the Servers (Source/Forwarding) Eventlogs to Technician Computer (Client or Collector)
upvoted 6 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel