Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server1 and a domain controller named DC1.
On Server1, you configure a collector-initiated subscription for the Application log of DC1. The subscription is
configured to collect all events.
After several days, you discover that Server1 failed to collect any events from DC1, although there are more
than 100 new events in the Application log of DC1.
You need to ensure that Server1 collects events from DC1.
What should you do?

A.
On Server1, run wecutil quick-config.

B.
On Server1, run winrm quickconfig.

C.
On DC1, run wecutil quick-config.

D.
On DC1, run winrm quickconfig.

Explanation:
Since the subscription has been created, wecutil quick-config has already run on Server1. Only thing left is to
configure DC1 to forward the events, using winrm quickconfig.
Reference1 :
Mastering Windows Server 2008 R2 (Sybex, 2010)
page 773
Windows event Collector Service
The first time you select the Subscriptions node ofEvent Viewer or the Subscription tab of any log, adialog box
will appear stating that the Windows Event Collector Service must be running and configured. It then asks
whether you want to start and configure the service. If you click Yes, it starts the service and changes the
startup type from Manual to Automatic (Delayed Start), causing it to start each time Windows starts.
Reference 2:
http://technet.microsoft.com/en-us/library/cc748890.aspx
To configure computers in a domain to forward and collect events
1. Log on to all collector and source computers. It is a best practice to use a domain account with
administrative privileges.
2. On each sourcecomputer, type the following at an elevated command prompt: winrm quickconfig