Windows Event Viewer

Questions and Answers

Which Event Viewer task enables administrators to save specific filtered events for later use or distribution?

• Analyzing Security Logs
• Filtering System Logs
• Managing Forwarded Events
• Creating Custom Views (correct)

Which log category in Event Viewer would contain information about user logon attempts, both successful and unsuccessful?

• Application Log
• System Log
• Setup Log
• Security Log (correct)

An application setup program fails to install correctly. In which Event Viewer log category would you likely find relevant information to diagnose the issue?

• Setup Log (correct)
• Application Log
• Forwarded Events
• System Log

If a Windows operating system component, such as a driver, experiences an issue, where would the event details typically be logged?

System Log (C)

An administrator wants to collect events from several remote computers for centralized monitoring. Which Event Viewer feature facilitates this?

Event Subscription (C)

Which level in Event Viewer suggests a condition that could lead to a more serious problem if not addressed?

Warning (D)

An application encounters a problem affecting other applications or system components. Which Event Viewer level is most applicable?

Error (D)

Which Event Viewer level indicates that an application or component has experienced a failure and cannot automatically recover?

Critical (C)

When troubleshooting system performance, what term describes a component that restricts overall system efficiency?

Bottleneck (D)

When analyzing system performance, what is used to establish a standard for identifying performance issues?

Baseline (D)

Which tool provides real-time analysis of CPU, Memory, Disk, and Network usage by processes and services?

Resource Monitor (A)

You need to quickly check which applications are using the most CPU resources. Which tool is the most suitable for this task?

Task Manager (A)

An administrator wants to monitor disk I/O performance over a period of time. Which tool is best suited for this purpose, offering the ability to log data for later analysis?

Performance Monitor (C)

Within Resource Monitor, which tab provides a graphical representation of network utilization by individual processes?

Network (C)

An administrator needs to collect specific performance counters and event data related to a particular application. Which feature in Performance Monitor simplifies this process?

Data Collector Sets (DCS) (C)

Which Windows feature provides real-time protection against viruses and malware?

Windows Defender (D)

What method does real-time protection use to identify and block malware behavior?

Signature Detection and Heuristics (A)

Which type of scan checks only the areas of your system most commonly affected by malware?

Quick scan (C)

Which type of scan examines every file on your hard drive, including running programs?

Full scan (A)

You want to scan only a specific folder for potential malware. Which type of scan should you use?

Custom scan (D)

In Windows Defender, what happens to items that are detected as threats but not removed from your computer?

They are quarantined. (C)

What is the function of the 'Allowed Items' list in Windows Defender?

It lists items that are permitted to run on your computer. (B)

Where can you find a comprehensive list of all items detected by Windows Defender, regardless of their current status (quarantined, allowed, or removed)?

All detected items (D)

A system administrator notices that a server is experiencing slow performance during peak hours. They suspect a resource bottleneck. Which sequence of tools would be MOST efficient to identify the cause?

Task Manager -> Resource Monitor -> Performance Monitor (D)

An application is experiencing frequent crashes. To investigate, you need to view the application's error logs and also monitor its resource usage. Which combination of tools is MOST suitable?

Event Viewer and Resource Monitor (D)

A user reports that their computer has been running slower than usual. You suspect a malware infection. What is the MOST appropriate first step to take using the tools available?

Run a Full scan using Windows Defender. (B)

After installing a new program, the system becomes unstable. Which action, using built-in tools, would BEST help diagnose potential conflicts or errors introduced by the new software?

Examine the Application log in Event Viewer. (C)

You need to ensure that a critical service on a remote server is running efficiently and without errors. To proactively monitor this, what combination of tools would provide the MOST comprehensive overview?

Performance Monitor on the remote server and forwarded events in Event Viewer on the local machine. (A)

A server administrator wants to establish a long-term record of CPU utilization, disk I/O, and network traffic to facilitate capacity planning. Which tool is BEST suited for this purpose?

Performance Monitor with Data Collector Sets (D)

Flashcards

Event Viewer Tasks

Enables viewing events from multiple logs and saving event filters as custom views.

Event Viewer Log Categories

Application, Security, Setup, System, and Forwarded Events.

Application Log

Contains events logged by applications or programs.

Security Log

Records valid and invalid logon attempts and access events, it is crucial for security auditing.

Setup Log

Contains events related to application setup processes.

System Log

Contains events logged by Windows system components.

Forwarded Events

Stores events collected from remote computers.

Information Level (Event Viewer)

Indicates a change in an application.

Warning Level (Event Viewer)

Indicates a potential issue that might impact service or lead to a more serious problem.

Error Level (Event Viewer)

Indicates a problem that might impact functionality outside the application.

Critical Level (Event Viewer)

Indicates a failure from which the application cannot automatically recover.

Event Subscription

Specifies events to collect from systems, gathering events from multiple remote computers.

Bottleneck

A component that limits overall performance.

Baseline

Helps users identify performance problems by providing a point of reference.

Tools to Analyze Performance

Task Manager, Performance Monitor, and Resource Monitor.

Resource Monitor

Analyzes system resource usage by processes and services.

Resource Monitor Tabs

Overview, CPU, Memory, Disk, and Network.

Performance Monitor

An MMC snap-in for analyzing system performance, included in Computer Management.

Data Collector Sets (DCS)

Organizes performance counters and event data into manageable sets.

Windows Defender

Protects against viruses and malware with real-time protection.

Real-Time Protection

Uses signature detection and heuristics to monitor and catch malware behavior in real time.

Types of Scans (Windows Defender)

Quick, Full, and Custom scan.

Quick Scan

Checks areas that are most commonly affected by threats.

Full Scan

Checks all files on your disk, including running programs.

Custom Scan

Checks only the locations and files you specify.

Quarantined Items

Blocked items that are not removed from the computer.

Allowed Items

Items that are allowed to run on your computer.

All Detected Items

Provides a list of all items detected on your computer by Windows Defender.

Study Notes

• Event Viewer enables viewing events from multiple event logs.
• Event Viewer enables saving useful event filters as custom, shareable views.
• Event Viewer displays 5 log categories: Application, Security, Setup, System, and Forwarded Events.

Event Log Categories

• Application logs contain events logged by applications or programs.
• Security logs record valid/invalid logon attempts and access events.
• Setup logs contain events related to application setup.
• System logs contain events logged by Windows system components.
• Forwarded Events stores events collected from remote computers.

Event Levels

• Information level indicates a change in application.
• Warning level indicates an issue that could impact service or lead to a more serious problem if ignored.
• Error level indicates a problem that might impact functionality external to the triggering application/component.
• Critical level indicates a failure from which the triggering application/component cannot automatically recover.

Event Subscription

• Event Subscription specifies events to collect from systems.
• Event Subscription collects events from multiple remote computers.

Performance Analysis

• A bottleneck is a component that limits overall performance.
• Baselines help users identify performance problems.
• Tools to analyze performance include Task Manager, Performance Monitor, and Resource Monitor.

Resource Monitor

• Resource Monitor analyzes system resource usage by processes and services.
• Resource Monitor's tabs: Overview, CPU, Memory, Disk, and Network.

Performance Monitor

• Performance Monitor is an MMC snap-in for analyzing system performance, included in Computer Management.
• Data Collector Sets (DCS) organizes performance counters and event data.

Windows Defender

• Windows Defender protects against viruses and malware.
• It provides real-time protection, notifying you if malware attempts to install itself.
• Real-time protection uses signature detection and heuristics to monitor and catch malware behavior.

Windows Defender Scans

• Quick Scan checks areas most likely to be affected.
• Full Scan checks all files on the disk, including running programs.
• Custom Scan checks only specified locations and files.

Windows Defender Items

• Quarantined Items are blocked but not removed from the computer.
• Allowed Items are items permitted to run on the computer.
• All Detected Items provides a list of all items detected on the computer.