Which two actions should you perform?

Your network contains an Active Directory domain named contoso.com. The domain contains a member server
named Server1. All servers run Windows Server 2012 R2.
You need to collect the error events from all of the servers on Server1. The solution must ensure that when
new servers are added to the domain, their error events are collected automatically on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Your network contains an Active Directory domain named contoso.com. The domain contains a member server
named Server1. All servers run Windows Server 2012 R2.
You need to collect the error events from all of the servers on Server1. The solution must ensure that when
new servers are added to the domain, their error events are collected automatically on Server1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.
On Server1, create a collector initiated subscription.

B.
On Server1, create a source computer initiated subscription.

C.
From a Group Policy object (GPO), configure the Configure target Subscription Manager setting.

D.
From a Group Policy object (GPO), configure the Configure forwarder resource usage setting.

Explanation:

To set up a Source-Initiated Subscription with Windows Server 2003/2008 so that events of interest from the
Security event log of several domain controllers can be forwarded to an administrative workstation
* Group Policy
The forwarding computer needs to be configured with the address of the server to which the events are
forwarded. This can be done with the following group policy setting:
Computer configuration-Administrative templates-Windows components-Event forwarding-Configure the
server address, refresh interval, and issue certificate authority of a target subscription manager.
* Edit the GPO and browse to Computer Configuration | Policies | Administrative Templates | Windows
Components | Event Forwarding – Configure the server address, refresh interval, and issuer certificate
authority of a target Subscription Manager

Show Hint

Leave a Reply 3

Your email address will not be published. Required fields are marked *

Matt

Matt

Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer. This differs from a collector initiated subscription because in the collector initiated subscription model, the event collector must define all the event sources in the event subscription.

Reply

Jason

Jason

Actually, you’re wrong, this should be A and D. When creating source computer initiated subscriptions, all computers must be entered at the time of the subscription: it’s a static list. With collector initiated, you can specify a group and when new computers are added to that group, they automatically receive that subscription. Provided answers are wrong, it’s A and D.

Reply

Jason

Jason

nevermind, had those backwards

Reply