Your network consists of a single Active Directory domain and 10 Web servers that run Windows Server 2003 Service Pack 2 (SP2). You need to archive the Application event logs from all of the Web servers so that the archived copies retain all of the information from the original logs. Which method should you use?

Introduction / Context:
Event logs on Windows servers record detailed information about applications, security, and system components. When you need to archive Application logs from production Web servers, it is important to preserve every detail, including event IDs, descriptions, binary data, and insertion strings. This question focuses on choosing the correct export format and tool so that the archived logs contain all information from the original logs.

Given Data / Assumptions:

• There is a single Active Directory domain with 10 Web servers.
• Each Web server runs Windows Server 2003 SP2.
• You must archive the Application event logs for later analysis or compliance.
• The archived logs must retain all information that exists in the original Application logs.

Concept / Approach:
The Microsoft Management Console Event Viewer snap in allows administrators to save event logs in different formats, including the native Event Log format (.evt) and text or CSV formats. The .evt format is specifically designed to preserve the full fidelity of the log, so that it can be reopened in Event Viewer and filtered exactly like the original. Text and CSV formats, while useful for reporting and importing into spreadsheets, do not always include every field and binary detail contained in the original log.

Step-by-Step Solution:
1. Determine which tool directly works with Application logs. Event Viewer is the standard tool for viewing and saving Windows event logs. 2. Identify which save formats are available in Event Viewer: typically .evt, .csv, .txt, or .xml. 3. Recall that the native Event Log (.evt) format is the only one guaranteed to retain all data, including details that text based formats may omit. 4. Recognize that Security Configuration and Analysis or Security Configuration Wizard deal with security templates and policies, not Application log archiving. 5. Conclude that the appropriate solution is to remotely connect to each Web server with Event Viewer and save the Application log using the .evt file format.

Verification / Alternative check:
If you open Event Viewer, right click the Application log, and choose Save Log File As, you can choose the .evt format. When you later open this .evt file, Event Viewer treats it as a full event log, allowing you to filter, sort, and view all event details. By contrast, if you save the log as CSV or text, some structured information may be flattened or omitted, making it less suitable as a complete archive.

Why Other Options Are Wrong:
Option a (CSV format) is wrong because CSV does not preserve all binary and structured data, so the archive would not contain every detail from the original logs. Option c (Security Configuration and Analysis) and option d (Security Configuration Wizard) focus on security templates and system configuration baselines, not on archiving event logs; they would not meet the requirement to preserve the Application log contents.

Common Pitfalls:
Administrators sometimes choose CSV or text formats because they are easy to open in Excel, but later discover that these exports are unsuitable as legal or forensic evidence due to missing or transformed fields. Another pitfall is confusing configuration management tools with logging tools; only Event Viewer and related log management solutions operate on the actual event logs.

Final Answer:
You should connect to each Web server by using Event Viewer and save the Application log in the native Event Log (.evt) file format.