Your network consists of a single Active Directory domain. All servers run Windows Server 2008 R2.
You have a server named Server1 that hosts shared documents. Users report extremely slow
response times when they try to open the shared documents on Server1. You log on to Server1 and
observe real-time data indicating that the processor is operating at 100 percent of capacity. You
need to gather additional data to diagnose the cause of the problem. What should you do?

Your company has a network that has 100 servers. You install a new server that runs Windows
Server 2008 R2. The server has the Web Server (IIS) server role installed. After a week, you discover
that the Reliability Monitor has no data, and that the Systems Stability chart has never been
updated. You need to configure the server to collect the Reliability Monitor data. What should you
do?

Your company has a network that has 100 servers. A server named Server1 is configured as a file
server. Server1 is connected to a SAN and has 15 logical drives. You want to automatically run a data
archiving script if the free space on any of the logical drives is below 30 percent. You need to
automate the script execution. You create a new Data Collector Set. What should you do next?

Your company has an Active Directory domain that has two domain controllers named DC1 and DC2.
You prepare both servers to support event subscriptions. On DC1, you create a new default
subscription for DC2. You need to review system events for DC2. Which event log should you select?

Your company has a network that has an Active Directory domain. The domain has two servers
named DC1 and DC2. You plan to collect events from DC2 and transfer them to DC1. You configure
the required subscriptions by selecting the Normal option for the Event delivery optimization setting
and by using the HTTP protocol. You discover that none of the subscriptions work. You need to
ensure that the servers support the event collectors. Which three actions should you perform? (Each
correct answer presents part of the solution. Choose three.)

Your company has a main office and a branch office. The branch office has three servers that run a
Server Core installation of Windows Server 2008 R2. The servers are named Server1, Server2, and
Server3. You want to configure the Event Logs subscription on Server1 to collect events from Server2
and Server3. You discover that you cannot create a subscription on Server1 from another computer.
You need to configure a subscription on Server1. Which two actions should you perform? (Each
correct answer presents part of the solution. Choose two.)

Your company has a server named DC1 that runs Windows Server 2008 R2. Server1 has the DHCP
Server server role installed. You find that a desktop computer named Computer1 is unable to obtain
an IP configuration from the DHCP server. You install the Microsoft Network Monitor 3.0 application
on Server1. You enable P-mode in the Network Monitor application configuration. You plan to
capture only the DHCP server-related traffic between Server1 and Computer1. The network
interface configuration for the two computers is shown in the following table.

You need to build a filter in the Network Monitor application to capture the DHCP traffic between
Server1 and Computer1. Which filter should you use?

You perform a security audit of a server named CRM1. You want to build a list of all DNS requests
that are initiated by the server. You install the Microsoft Network Monitor 3.0 application on CRM1.
You capture all local traffic on CRM1 for 24 hours. You save the capture file as data.cap. You find that
the size of the file is more than 1 GB. You need to create a file named DNSdata.cap from the existing
capture file that contains only DNS-related data. What should you do?

You perform a security audit on a server named Server1. You install the Microsoft Network Monitor
3.0 application on Server1. You find that only some of the captured frames display host mnemonic
names in the Source column and the Destination column. All other frames display IP addresses. You
need to display mnemonic host names instead of IP addresses for all the frames. What should you
do?

You perform a security audit of a server named DC1. You install the Microsoft Network Monitor 3.0
application on DC1. You plan to capture all the LDAP traffic that comes to and goes from the server
between 20:00 and 07:00 the next day and save it to the E:\data.cap file.
You create a scheduled task. You add a new Start a program action to the task. You need to add the
application name and the application arguments to the new action. What should you do?