Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 and a domain controller named DC1.
On Server1, you configure a collector-initiated subscription for the Application log of DC1.
The subscription is configured to collect all events.
After several days, you discover that Server1 failed to collect any events from DC1, although
there are more than 100 new events in the Application log of DC1.
You need to ensure that Server1 collects events from DC1.
What should you do?

A.
On Server1, run wecutil quick-config.

B.
On Server1, run winrm quickconfig.

C.
On DC1, run wecutil quick-config.

D.
On DC1, run winrm quickconfig.

Explanation:
Since the subscription has been created, wecutil quick-config has already run on Server1.
Only thing left is to configure DC1 to forward the events, using winrm quickconfig.
Reference1)
Mastering Windows Server 2008 R2 (Sybex, 2010) page 773
Windows event Collector Service
The first time you select the Subscriptions node of Event Viewer or the Subscription tab of
any log, a dialog box will appear stating that the Windows Event Collector Service must be
running and configured. It then asks whether you want to start and configure the service. If
you click Yes, it starts the service and changes the startup type from Manual to Automatic
(Delayed Start), causing it to start each time Windows starts.
Reference 2)
http://technet.microsoft.com/en-us/library/cc748890.aspx
To configure computers in a domain to forward and collect events
1. Log on to all collector and source computers. It is a best practice to use a domain account
with administrative privileges.
2. On each source computer, type the following at an elevated command prompt: winrm
quickconfig