Security Pro Section Win Logging 12.4.6 quiz

Specific user service account

Default machine account

Collector computer account

Network server machine account

Application log

System log

Security log

Forwarded Events log

Choose the correct subscription type

Define a filter

Use the Runtime Status link

Use the default machine account

Create a Windows firewall exception for HTTP or HTTPS on all source computers.

Start Windows Event Collector service on collector computer.

Start Windows Remote Management service on both the source and collector computers.

computer group is for a source-initiated subscription.

Selecting a computer would be for the collector-initiated subscription.

The Forwarded Events log is selected, not the System log.

Content filtering is a strategy to keep employees from accessing unauthorized content on the web.

Runtime Status to verify communications after you have created a subscription

wecutil qc command would simply run the Windows Event Collector service.

winrm qc -q command would initiate the Windows Remote Management service

Event Viewer System log would not verify current communications

Group Policy

service account only provides permissions to run properly

Event forwarding settings for source-initiated subscriptions are unavailable in Event Viewer

Filters define what is collected. They do not enable and configure event forwarding.

Source-initiated

Collector-initiated is more efficient if you have a limited number of source computers

Event forwarding uses HTTP to transfer the events from the source to the collector

Event Viewer is used to configure collector-initiated subscriptions

Collector-initiated event subscriptions are not configured using Group Policy

Device Manager offers no settings to configure event subscription

Computer Management offers no settings to configure event subscriptions