14.25-36

Question 1

NCDOC Roll up looks at these specific compliance

checks.

Answer 1

1. McAfee Agent Version
2. Virus Scan
3. DAT files

Question 2

What task is used to migrate events from old database to new database.

Answer 2

Event Migration

Question 3

What task is set for systems older than 14
days. Moves to inactive group. Needs to be modified to run daily. Systems are deleted
after 30 days.

Answer 3

Inactive Agent Cleanup

Question 4

Synchronizes select Windows NT domains and Active Directory containers that are mapped to System Tree groups. This task can also be performed manually.

Answer 4

NT Domain/Active Directory Synchronization

Question 5

Retrieves packages from the source site, and then places them in the master repository

Answer 5

Repository Pull

Question 6

Updates distributed repositories from the master repository.

Answer 6

Repository Replication

Question 7

Imports summary data from other registered ePO

servers

Answer 7

Roll Up Data: Managed Systems

Question 8

Runs a selected query and allows you to chain sub actions related to the
query results

Answer 8

Run Query

Question 9

Evaluates all managed systems against a selected tag’s criteria, and applies the tag to all matching systems.

Answer 9

Run Tag Criteria

Question 10

This runs the query “Systems with High Sequence Errors,” moves these agents to the
duplicate agent GUID list, and deletes the system from the System Tree– remove systems with potentially duplicate GUIDs

Answer 10

Duplicate Agent GUID

Question 11

What is an extension of the ePO and provides system and file activity monitoring.

Answer 11

McAfee ABM

Question 12

ABM provides automated support for INFOCON baseline assessments
Also focuses on:

Answer 12

Registry
Services
Local User/Groups
Ports
Files

Question 13

Asset Scan that is run once; the first time a system is added to the tree.

Answer 13

Baseline Scan

Question 14

Scan captures changes to the monitored systems since last baseline

Answer 14

Activity Scan

Question 15

Who provides the HBSS Policy Layout guide, and pushes out revisions as new policies
emerge.

Answer 15

Program Executive Office C4I (PEO-C4I) Naval Networks

Question 16

What provides step-by-step procedures for installing ESX, as well as importing the virtual machine templates into the CND-OSE suite

Answer 16

CND-OSE 1.4 Site Installation Guide

Question 17

Six Step TroubleShooting

Answer 17

1. System Recognition 2. Symptom Elaboration 3. Listing Probable Faulty Function 4. Localizing Probable Faulty Function 5. Localizing Probable Faulty Component 6. Failure Analysis

Question 18

VMWare Tools Resolves what issues.

Answer 18

1. Low video resolution 2. Inadequate color depth 3. Incorrect display of network speed
2. Restricted movement of the mouse
3. Inability to copy and paste and drag-and-drop files
4. Missing sound 7. Provides the ability to take quiesced snapshots of the guest OS 8. Synchronizes the time in the guest operating system with the time on the host

Question 19

HBSS VM requires 3 services to be running in order.

Answer 19

1. MCAFEETOMCATSVC
2. MCAFEEEVENTPARSERSRV
3. MCAFEEAPACHESRV

Question 20

SQL server and SQL Server Agent depend on what account?

Answer 20

cnd_a_db

Question 21

What log stores RSS Actions?

Answer 21

RSDSensor_out.log

Question 22

Which log stores retina scan events?

Answer 22

_RetinaScanner.log

Question 23

Which log stores retina update events

Answer 23

debug_Syncit.log

Question 24

What details all actions of ePO server.

Answer 24

Server.log

Question 25

What contains database logs that are required to be reviewed in accordance with PMS
checks?

Answer 25

MSSQL log

Question 26

What logs are generated on each managed asset and are accessible via the Client UI Activity
Log.

Answer 26

HIP Logs

Question 27

How to get to the activity log if icon isn’t working.

Answer 27

C:\Program Files\McAfee\Common Framework\CmdAgent.exe

Question 28

CND-OSE Backup types and schedule.

Answer 28

All backups are started at 0030.
MSSQL- daily
SCCVI/ACAS and Audit Data- weekly on Sundays

Question 29

The Host IPS log found on ePO is broken into what 4 major sections

Answer 29

1. Events
2. IPS Client Rules
3. Firewall Client Rules
4. App Blocking Client Rules

Question 30

What info is found on the Client UI Logs

Answer 30

Event Type, IP Address/ User, Application

Question 31

Trusted Networks policy affects what?

Answer 31

Firewall rules stating “Trusted” as the source, as well

as NIPS.

Question 32

What within HIP is responsible for host intrusions, network intrusions, as well as
the shielding and enveloping of applications.

Answer 32

The IPS software

Question 33

What controls which application can open?

Answer 33

App Blocking-Creation

Question 34

What controls which applications can bind together?

Answer 34

App Blocking- Hooking

Question 35

What can configure HIP agent interface.

Answer 35

General- Client UI

Question 36

What is the active directory account used to perform repository pulls?

Answer 36

cndose_proxy account

Question 37

What error is caused by an issue with the account used to perform repository pulls?

Answer 37

“invalid credentials”

Question 38

Logs to review in troubleshooting.

Answer 38

Packet Filter Log, Firewall Log Web Proxy Log