ePolicy Orchestrator - MA0-100 - Previous Flashcards Preview

McAfee Academy Certs > ePolicy Orchestrator - MA0-100 - Previous > Flashcards

Flashcards in ePolicy Orchestrator - MA0-100 - Previous Deck (257)
Loading flashcards...
1
Q

Which of the following uses a proprietary SPIPE protocol to encapsulate unsecured HTPP traffic?

A. PA Agent

B. HIPS Agent

C. DLP Agent

D. McAfee Agent

A

D. McAfee Agent

2
Q

Which of the following is a core architecture component of ePO?

A. Internet Explorer

B. Event Parser

C. SuperAgent

D. SQL Server

A

B. Event Parser

3
Q

What option can be configured in the On-Access General Policy that is not an option in the local VirusScan console?

A. Boot sectors

B. Floppy during shutdown

C. Enable on-access scanning at system startup

D. Enable on-access scanning when the policy is enforced

A

D. Enable on-access scanning when the policy is enforced

4
Q

Which of the following system properties does the ePO server write to the database? Select the three that apply.

A. Total disk space

B. Total physical memory

C. Last communication

D. VirusScan version

E. McAfee agent version

A

A. Total disk space

B. Total physical memory

C. Last communication

5
Q

To ensure that a Rogue System Detection Sensor is not installed on a managed system, what action needs to be performed?

A. Add the system to the Exception List

B. Add the system to the Blacklist

C. Add the system as Ignored

D. Add the system as Managed

A

B. Add the system to the Blacklist

6
Q

The ePO server uses which format to write to the database tables?

A. Extensible Configuration Checklist Description Format (XCCDF)

B. Common Events Format (CEF)

C. Security Content Automation Protocol Format (SCAP)

D. Data Access Layer (DAL)

A

B. Common Events Format (CEF)

7
Q

When configuring a Synchronization Type for a group within the System Tree which of the following is a valid choice? Select the three that apply.

A. Leave systems in their current system tree location only.

B. Add systems to the synchronized group and leave them in the current system tree location only

C. Add systems to the synchronized group and delete duplicate entries

D. Add systems to the synchronized group and mark duplicate entries

E. Move systems from their current system tree location to the synchronized group

A

A. Leave systems in their current system tree location only.

B. Add systems to the synchronized group and leave them in the current system tree location only

D. Add systems to the synchronized group and mark duplicate entries

8
Q

Which of the following are examples of default column headers on the Server Task area of the interface? Selecty the two that apply.

A. Description

B. Duration

C. Name

D. Source

E. Status

A

C. Name

E. Status

9
Q

Which options must be selected when creating a maintenance plan for the SQL Database? Select the three that apply.

A. Shrink Database

B. Check Database Integrity

C. Rebuild Index

D. Clean Up History

E. Back up Database

A

B. Check Database Integrity

C. Rebuild Index

E. Back up Database

10
Q

If you specify the McAfee Agent Policy to collect only minimal properties, the agent collects only which of the following? Select the the two that apply.

A. Installed software information

B. DAT file version number

C. Processor speed

D. Installation path

E. Operation system

A

B. DAT file version number

D. Installation path

11
Q

What is the default number of sensors that will be active per subnet?

A. 1

B. 2

C. 3

D. 4

A

B. 2

12
Q

A Subnet that has a Rogue System Detection Sensor installed is

A. active

B. inactive

C. uncovered

D. covered

A

D. covered

13
Q

Which of the following are valid server tasks for updating the ePO repositories ? Select the two that apply.

A. Repository pull

B. Update

C. Repository replication

D. Mirror

E. Product deployment

A

A. Repository pull

C. Repository replication

14
Q

Which of the following is used to create policy? Select the two that apply.

A. Copy

B. Duplicate

C. Clone

D. New Policy

E. Save As

A

B. Duplicate

D. New Policy

15
Q

What options are available to the administrator when creating a client task to limit the systems that receive the task?

A. Tasks can only be assigned globally

B. Tasks can only be assigned to a specific group

C. Task can be configured with defined criteria

D. Task can be enabled when the desired systems are online.

A

C. Task can be configured with defined criteria

16
Q

Deployment packages that are checked into the ePO server have which of the following file extension?

A. .arc

B. .rar

C. .zip

D. .jar

A

C. .zip

17
Q

When creating a new query, what is the function title used to limit the resulting output?

A. Result type

B. Chart

C. Filter

D. Columns

A

C. Filter

18
Q

Which of the following types of distributed repositories is supported by ePO?

A. HTTP

B. FTP

C.UNC

D.DHCP

E. LDAP

A

A. HTTP

B. FTP

C. UNC

19
Q

If a policy that is assigned to the My Organization group is deleted, what policy is assigned in its place?

A. McAfee Default

B. Parent Group

C. My Default

D. Global Root

A

A. McAfee Default

20
Q

When running a Run Tag Criteria server task and the box for Reset manually tagged and excluded systems box is checked, this would

A. Include both systems that match and don’t match

B. remove the tag on systems that do match the criteria.

C. add the tag on systems that don’t match the criteria

D. remove the tag on systems that don’t match the criteria

A

D. remove the tag on systems that don’t match the criteria

21
Q

Which of the following server services is responsible for communication with the McAfee Agent?

A. Apache

B. Tomcat

C. SQL

D. Event Parser

A

A. Apache

22
Q

Which of the following are valid Server Task Sub-Actions that can be selected from a result of a query? Select the three that apply.

A. Install Point Products

B. Assign Policy

C. Move Systems to another Group

D. Email File

E. Remove Point Products

A

B. Assign Policy

C. Move Systems to another Group

D. Email File

23
Q

Which of the following should be the primary consideration when deploying Agent Handlers?

A. Database increasing in size

B. Log files increasing in size

C. Memory and resource allocation

D. High speed and low latency connection

A

D. High speed and low latency connection

24
Q

When creating a permission set, which of the following users are automatically assigned? Select the two that apply.

A. Admin

B. Group Admin

C. System

D. Global Administrator

A

A. Admin

C. System

25
Q

Which of the following are used to update the master repository on a regular basis?

A. Automatic Response

B. Client Task

C. Server Task

D. Server Settings

A

C. Server Task

26
Q

Query results are displayed within ePO in what form?

Select the two that apply.

A. PDF

B. Charts

C. XML

D. Tables

E. TXT

A

B. Charts

D. Tables

27
Q

What port is used to access the McAfee Agent Activity Log from a remote machine?

A. 80

B. 443

C. 8081

D. 8082

A

C. 8081

28
Q

What default port is used for Rogue System Detection

Sensors for communication to he ePO server?

A.8081

B.8082

C.8443

D.8444

A

D.8444

29
Q

What is used to configure the SQL server to drop the transaction logs once a checkpoint is complete?

A. Full

B. Simple

C. Bulk-Logged

D. Recovery

A

B. Simple

30
Q

To remove computers from ePO using the Active Synchronization task, it is required that the account has access to the

A. deleted computers.

B. deleted Objects container.

C. Organizational Unit.

D. Active Directory.

A

D. Active Directory.

31
Q

When configuring Product Deployment Client Tasks, the Enable randomization setting should be activated when managed client nodes exceed.

A. 100

B. 500

C. 750

D. 1000

A

D. 1000

32
Q

Where in the ePO Database is ePO Agent gathered system information stored?

A. epocomputerproperties

B. epobranc

C. epoleafnode

D. epoproductproperties

A

A. epocomputerproperties

33
Q

What location is used to change the deafult Dashboard for new ePO Console users?

A. Personal Settings

B. Permission Sets

C. Contacts

D. Server Settings

A

D. Server Settings

34
Q

When configuring the Active Directory settings, exceptions can include which of the following?

A. Organizational Units

B. Computers

C. Domain Groups

D. Users

A

A. Organizational Units

35
Q

Which of the following is the correct order for creating a query?

A. Configure Chart, choose Columns, select Result Type, apply Filter

B. Select Result Type, choose Columns, configure Chart, apply Filter

C. Configure Chart, select Result Type, choose Columns, apply Filter

D. Select Result Type, configure Chart, choose Columns, apply Filter

A

D. Select Result Type, configure Chart, choose Columns, apply Filter

36
Q

Which of the following cannot be completed within the Policy Catalog?

A. Edit

B. Rename

C. Duplicate

D. Assign

A

D. Assign

37
Q

Which of the following can NOT be placed into a dashboard?

A. Boolean pie chart

B. Multi-group summary table

C. Single-group summary table

D. Table

A

D. Table

38
Q

When a policy is locked, it prevents modification of the

A. policy

B. assignment

C. system tree

D. sub groups

A

B. assignment

39
Q

Which of the following are valid deployment package types? Select the two that apply.

A. Catalog.z

B. Agent Language pack

C. Extradat

D. Artemis pack

E. ePOMain

A

B. Agent Language pack

C. Extradat

40
Q

Private queries are available to

A. the creator

B. GlobalAdministrators

C. administrators who have permission

D. Group Administrators

A

A. the creator

41
Q

Which of the following steps are needed for Policy Sharing? Select the three that apply.

A. Register the remote ePO servers

B. Share the individual policies

C. Configure Server Task

D. Enable Global Updating

E. Share default policies

A

A. Register the remote ePO servers

B. Share the individual policies

C. Configure Server Task

42
Q

What detail property includes the local Time Zone value of a managed machine?

A. VirusScan Enterprise Properties

B. McAfee Agent Properties

C. Host Intrusion Preventions Properties

D. System information Properties

A

D. System information Properties

43
Q

Which of the following Lost&Found group characteristics can be modified?

A. Group Name

B. Sorting Criteria

C. Sorting Criteria for subgroups

D. Tree location

A

C. Sorting Criteria for subgroups

44
Q

Which component controls the scheduled tasks and communicates with the common agent?

A. Task Manager

B. McShield

C. Framework Service

D. Scan32.exe

A

C. Framework Service

45
Q

Which VirusScan policy configures the option Allow this system to make remote console connections to other systems?

A. User interface

B. On-Access Scanner

C. Quarantine Manager

D. Unwanted Programs

A

A. User interface

46
Q

When backing up an ePO server, which of the following security keys is required to restore agent server communication?

A. Local Master Repository Communication

B. Agent Server Secure Communication

C. Legacy Agent Server Communication

D. McAfee SIA Repository Communication

A

B. Agent Server Secure Communication

47
Q

Why would a managed system appear in the Lost & Found group?

A. No matching criteria were found

B. Matched sorting criteria were found

C. Inactive Agent

D. Rogue Agent

A

A. No matching criteria were found

48
Q

An RSD Sensor has been deployed from the ePO console. However, it has not reported back. Which of the following is the most likely cause? Select the three that apply.

A. The sensor is unable to resolve the IP address for ePO

B. The sensor is blacklisted

C. Deployment of the sensor failed

D. Sensor service is disabled after installation

E. The sensor is an exception

A

A. The sensor is unable to resolve the IP address for ePO

C. Deployment of the sensor failed

D. Sensor service is disabled after installation

49
Q

Which of the following are example of client tasks? Select the three that apply.

A. Agent Wakeup

B. Product Update

C. Repository pull

D. Mirror Repositories

E. Event Migration

A

A. Agent Wakeup

B. Product Update

D. Mirror Repositories

50
Q

Which of the following options are available from ePO Server settings? Select the three that apply.

A. Ports

B. Global Updating

C. Event Migration

D. Active Directory Synchronization

E. Email Server

A

A. Ports

B. Global Updating

E. Email Server

51
Q

Which two items are modified on the Full Scan Task when installing the anti-Spyware module? Select the two that apply.

A. Registry

B. Cookies

C. Running Process

D. Recycle bin

E. Memory for Rootkits

A

A. Registry

B. Cookies

52
Q

What VirusScan Menu option is used to unlock the User Interface?

A. Task

B. Edit

C. View

D. Tools

A

D. Tools

53
Q

Which policies can be configured to record the Session settings for reporting? Select the two that apply.

A. On-delivery email Scan Policies

B. On-Access Default Processes Policies

C. On-Access General Policies

D. Quarantine Manager Policies

A

A. On-delivery email Scan Policies

C. On-Access General Policies

54
Q

What function is disabled for the default ePO Summary dashboard?

A. Edit

B. Delete

C. Make active

D. Make public

A

D. Make public

55
Q

When opening an existing policy, the policy settings are organized across.

A. interfaces

B. tabs

C. screens

D. columns

A

B. tabs

56
Q

An administrator can configure a query to run a scheduled sub-action to do which of the following?

A. Resort Systems

B. Create Tag

C. Move Systems to Another Group

D. Clear Policy

E. Add to Rogue Systems

A

A. Resort Systems

C. Move Systems to Another Group

57
Q

Product deployment packages are checked into what repository?

A. Distributed

B. Master

C. Fallback

D. Source

A

B. Master

58
Q

Which of the following are ePO Server Maintenance

tasks? Select the two that apply.

A. Master Repository Update Failed

B. Purge Repository tasks

C. Update sensor deployment

D. Product License Usage

E. Query New Rogue Detection

A

C. Update sensor deployment

D. Product License Usage

59
Q

What Artemis sensitivity level is selected to protect systems or areas that are regularly infected?

A. Low

B. Medium

C. High

D. Very High

A

C. High

60
Q

Which of the following services is related to Super Agents?

A. Framework

B. Application Server

C. Event Parser

D. Tomcat

A

A. Framework

61
Q

What utility is used to create a custom VirusScan installation package that contains updated DAT and engine files?

A. Deployment task

B. Manual install

C. Installation Designer

D. MSI installer

A

C. Installation Designer

62
Q

Which of the following options are available when right clicking a file and selecting Scan for threats? Select the two that apply.

A. Clean

B. Delete

C. Continue

D. Prompt for action

E. Continue scanning

A

A. Clean

C. Continue

63
Q

Which of the following ports need to be open on the Firewall for an Agent Handler to communicate with ePO and database server (s) inside of a network? Select the two that apply.

A. Port 80

B. Port 1433

C. Port 8082

D. Port 8081

E. Port 8445

A

A. Port 80

B. Port 1433

64
Q

Which of the following are available within the Policy Catalog? Select the three that apply.

A. Share

B. Duplicate

C. Assign

D. View

E. Lock

A

A. Share

B. Duplicate

D. View

65
Q

When a policy is deleted, all systems for which it is currently applied to will inherit which policy?

A. McAfee Default

B. Parent Group

C. My Default

D. Global Root

A

B. Parent Group

66
Q

A rogue/alien Agent is a system that

A. has not reported back to ePO in the last 30 days.

B. does not have a McAfee Agent installed.

C. has the Agent Component disabled.

D. is reporting to a different ePO Server

A

D. is reporting to a different ePO Server

67
Q

Which of the following is a default permission set?

A. Executive Previewer

B. Site Administrator

C. Site Reviewer

D. Group Reviewer

A

D. Group Reviewer

68
Q

What file contains the list of disabled event ids?

A. EventFilter.cfg

B. EventFilter.ini

C. Evtfiltr.ini

D. Server.ini

A

C. Evtfiltr.ini

69
Q

Which of the following Server Services is responsible for Automatic Responses?

A. Event Parser

B. Framework service

C. Tomcat

D. Apache

A

C. Tomcat

70
Q

Which of the following is an available default notification rule?

A. Daily known category notification

B. Virus detected and not removed

C. Virus detected and removed

D. Non-compliant computer detected

A

D. Non-compliant computer detected

71
Q

What Artemis sensitivity level is selected when the regular risk of exposure to malware is greater than the risk of a false positive?

A. Low

B. Medium

C. High

D. Very High

A

B. Medium

72
Q

Within the Server Services, which component manages events, Group management, Tag management, and Agent sorting?

A. Event Parser

B. Framework service

C. Tomcat

D. Apache

A

D. Apache

73
Q

What scheduling options are available when setting up a Product Deployment Task? Select the three that apply.

A. Enable Randomization

B. Stop the task if it runs for a specified amount of time.

C. Run at every policy enforcement

D. Defer scan when using battery power

E. Run missed task at a specified time delay

A

A. Enable Randomization

B. Stop the task if it runs for a specified amount of time.

E. Run missed task at a specified time delay

74
Q

What protocol is used for secure communication between the McAfee Agent and server?

A. IPSEC

B. SPIPE

C. SFTP

D. HTTP

A

B. SPIPE

75
Q

Policy catalogue pages are added to the ePO server by what function?

A. Adding a package to the Master Repository

B. Installing an extension to ePO server

C. Registering a new server configuration

D. Executing the appropriate pacakagecheckin.exe for that point product

A

B. Installing an extension to ePO server

76
Q

An ePO server needs to have a dedicated SQL

Server when managing more than

A. 1,000 nodes.

B. 5,000 nodes

C. 10,000 nodes.

D. 20,000 nodes

A

B. 5,000 nodes

77
Q

When an on-demand scan starts, the feature takes

CPU and IO samples over the first

A. 20 seconds

B. 30 seconds

C. 40 seconds

D. 50 seconds

A

B. 30 seconds

78
Q

When managing tags what is NOT available in the System Tree?

A. Clear Tag

B. Exclude Tag

C. Apply Tag

D. New Tag

A

D. New Tag

79
Q

When performing the On-Demand scan, what System utilization settings are affected?

A. Cookie

B. Registry

C. Encrypted files

D. Targeted files

A

D. Targeted files

80
Q

Which of the following are methods that can be used to access System Information? Select the two that apply.

A. Open the computer property query under reports

B. Click a computer in the system tree

C. Select computer properties under system actions

D. Open a query and then click a computer in the report

A

B. Click a computer in the system tree

D. Open a query and then click a computer in the report

81
Q

Which of the following is a supported browser on Windows for ePO?

Select the three that apply?

A. Internet Explorer

B. Firefox

C. Safari

D. Chrome

E. Opera

A

A. Internet Explorer

B. Firefox

D. Chrome

Comment:

If the exam asks for two, then it may be referring to an older release. If so, then select A and B

Notes from KB51569 as of 4/9/2017 :

Browser/ePO 5.1/ePO 5.3/ePO 5.9

Safari 6.0 and later (on Mac OS X)/Yes/Yes/Yes

Chrome 17 and later/Yes/Yes/Yes

Edge/No**/No**/Yes (** as of 11/16/2016 KB85265 states ePolicy Orchestrator does not currently support the Microsoft Edge browser that will ship with Windows 10. Support for this browser is planned for a future release.)

Internet Explorer 9.0 and later/Yes/Yes/Yes

Mozilla Firefox 10.0 and later/Yes/Yes/Yes

82
Q

After a query has been completed, additional actions can be taken on the

A. lower right hand corner of page

B. lower left hand corner of page

C. upper right hand corner of page

D. upper left hand corner of page

A

B. lower left hand corner of page

83
Q

Which of the following methods can be used to add systems to groups within the system tree? Select the three that apply.

A. Login scripts

B. Importing AD Containers

C. Import using a text file

D. Importing AD systems

E. Rogue system detections

A

B. Importing AD Containers

C. Import using a text file

D. Importing AD systems

84
Q

Which areas of the console allow the resetting of inheritance? Select the three that apply.

A. Assigned

B. Policy Catalog

C. Group Details

D. Systems

E. Client Tasks

A

A. Assigned

B. Policy Catalog

E. Client Tasks

85
Q

Which of the following command line options for the cmdagent.exe will check for new policies and enforces them immediately upon receipt?

A. /N

B. /P

C. /C

D. /E

A

C. /C

86
Q

When creating a Run Query Server Task, which sub-actions can be selected to allow the system to automatically act upon the results of a query? Select the three that apply.

A. Apply tag

B. Delete system

C. Create group

D. Export to file

E. Send snmp trap

A

A. Apply tag

B. Delete system

D. Export to file

87
Q

Agent Handlers are used to:

A. replace distributed repositories

B. ensure agents receive policies, tasks, and product updates.

C. fix a broken network segment

D. identify Rogue Systems on the network

A

B. ensure agents receive policies, tasks, and product updates.

88
Q

What is the only Dashboard that is active by default?

A. RSD Summary

B. Executive Dashboard

C. HIP Dashboard

D. ePO Summary

A

D. ePO Summary

89
Q

When a group has four sorting criteria assigned, the system will be placed into the group when it meets how many of the conditions?

A. One

B. Two

C. Three

D. Four

A

A. One

90
Q

What is the maximum amount of time in seconds that can be configured for ping timeout in the McAfee Agent Policy?

A. 15

B. 30

C. 60

D. 90

A

C. 60

91
Q

Which settings are preserved when installing VirusScan on a computer that had a previous version installed? Select three that Apply.

A. Help files

B. Scanning Engine

C. Detection definition file

D. Log file names and locations

E. Registry Keys containing product versions

A

B. Scanning Engine

C. Detection definition file

D. Log file names and locations

92
Q

Which file found in the \Program Files\McAfee\ePolicy Orchestrator\Server\conf directory needs to be modified to change the default ePO Console session timeout.

A. server.xml

B. web.xml

C. tomcat-users.xml

D. context.xml

A

B. web.xml

93
Q

How many managed machines are required before it is recommended to use a dedicated ePO server?

A. 50

B. 500

C. 5000

D. 50000

A

C. 5000

94
Q

Framework Service is responsible for which of the following functions? Select the two that apply

A. Schedule Server Tasks

B. Enforce Policies

C. Collect and Send system Properties

D. Scan for threats and vulnerabilities

E. Policy throttling

A

B. Enforce Policies

C. Collect and Send system Properties

95
Q

McAfee ePO server listens on Port 8443 for connection to the administrative console. The Apache service port listens is on which of the following default ports?

A. 80, 8081

B. 8081, 8443

C. 80, 443

D. 8444, 1433

A

C. 80, 443

96
Q

When computers check into the System Tree, subgroups are considered for matching criteria according to

A. criteria

B. tag

C. sorting order

D. IP filtering

A

C. sorting order

97
Q

What tag options are available in the system tree?

A
  • Clear tag
  • Exclude
  • Apply tag
98
Q

What two users are automatically added to newly created permission sets?

A
  • Admin
  • System
99
Q

When a subgroup’s policy is deleted, which policy will it inherit?

A
  • Parent Group
100
Q

What actions are available from the Policy Catalog?

(Actions column on the far right)

A
  • Rename
  • Duplicate
  • Delete
  • Export
  • Share
  • View
101
Q

What options exist when creating a Product Deployment Client Task? (Row headers on the column on the left)

A
  • Type of Deployment (continues or fixed)
  • Select Software
  • Select Systems
  • Select Start Time
102
Q

Name the 5 client tasks categories for McAfee Agent.

A
  • McAfee Agent Statistics
  • McAfee Agent Wakeup
  • Mirror Repositories
  • Product Deployment
  • Product Update
103
Q

What 2 options are available in the popup after right clicking a file & selecting “Scan for threats”?

A
  • Clean and continue
104
Q

In what VSE policies is the ability to set log file sites?

A
  • Access Protection
  • BOF
  • On-Access General
  • On-Delivery Email Scans
105
Q

Name 2 policies that can be configured to record Session settings for reporting?

A
  • On-Delivery Email Scan
  • On-Access General Policies
106
Q

Where are the server logs installed?

A
  • Install directory org
    • \DB\logs
    • \Server\logs

Notes:

According to McAfee KB81641

ePO is comprised of three server-side services and a Microsoft SQL database, each of which serves a different purpose:

The Application Server service (or Tomcat) is responsible for displaying the ePO console GUI.

The Event Parser service takes events uploaded from clients in the environment and parses them into the SQL database.

The Server service (or Apache) processes and receives all Agent-to-Server communication in the environment.

The following are the primary log locations for these services:

Application Server service (Tomcat): orion.log or orion_servername.log located in:
…\server\logs\

Event Parser service: eventparser.log or eventparser_servername.log located in:
…\db\logs\

Server service (Apache): server.log or server\_servername.log located in:
...\\db\logs\
107
Q

What are the 7 default server tasks column headings?

A
  • Name
  • Status
  • Type
  • Schedule
  • Next Run
  • Last Run
  • Actions
108
Q

What are 3 settings that are preserved when upgrading VSE?

A
  • Scan Engine
  • Detection definitions files (DAT)
  • Log file names & locations
109
Q

What is the order for creating a query?

A
  • Select results type
  • Configure chart
  • Choose columns
  • Apply filter
110
Q

What detail property includes the Local Time Zone value of a managed machine?
A. Virus Scan Enterprise properties
B. McAfee Agent properties
C. Host Intrusion Prevention properties
D. System Information properties

A

D. System Information properties

111
Q

What 3 options are available when scheduling a product deployment task to run daily?

(last box at the bottom of the page)

A
  • Enable Randomization
  • Stop the task if it runs for specified time
  • Run missed task at specified time delay
112
Q

What McAfee Agent Policy allows configuration for enabling remote access to the Agent - (computer) XML log file?

A
  • Logging
113
Q

Where do you set the default dashboards for users?

A
  • Server Settings
114
Q

Name 3 reasons why a RSD Sensor hasn’t reported back after deployment.

A
  • Unable to resolve IP address
  • Deployment failed
  • Sensor service is disabled after installed
115
Q

Where can you enable system tree sorting?

A
  • Server settings
116
Q

What are the 2 sync types in a system tree?

A
  • NT Domain
  • Active Directory
117
Q

McAfee Agent push install to client machines relies on access to the ______ share

A

Admin$

118
Q

What are the two types of replication for distributed repositories?

A
  • Full
  • Incremental
119
Q

Name the VSE policies

A
  • Access protection
  • Alert
  • Buffer Overflow Protection
  • General Options
  • On-Access Default Processes
  • On-Access General
  • On-Acess High-Risk Processes
  • On-Acess Low-Risk Processes
  • On Delivery Email Scan
  • Quarantine Manager
  • Unwanted Programs

​​

120
Q

What is the max timeout, in seconds, to ping an Agent?

A

60 seconds

121
Q

When configuring AD settings, exceptions can include ____________________.

A

Organizational Units

122
Q

Name both valid server tasks for updating ePO Repositories

A
  • Repository Pull
  • Repository Replication
123
Q

What do the following default ports do?

8443

8444

A

8443 - Console-to-application server communication port.

Tomcat (application server) — Console UI

TCP port that the ePO Application Server service uses to allow web browser UI access.

8444 - Client-to-server authenticated communication port

TCP Port that the Agent Handler uses to communicate with the ePO server to get required information (such as LDAP servers).

NOTE: See KB66797

124
Q

When creating a VSE Memory Scan what locations do you Scan?

A
  • Memory for rootkits
  • Running Processes
125
Q

What locations do you scan when creating a VSE On-Demand Scan?

A
  • Memory for rootkit
  • Running Processes
  • All local drives
  • Registry
126
Q

Name the purge tasks and the frequency the tasks run.

A
  • Audit logs - 6 months
  • Client Events - 6 months
  • Server Tasks - Threat events, 1 day
  • SAE Events - 10 days
127
Q

What is the Default Dashboard that provides text-based search field?

A
  • Quick system search
128
Q

When creating a VSE Active User Scan, what locations do you scan?

A
  • User Profile
  • Temp
  • Registry
  • Registered Files
  • Windows folder
129
Q

When using CmdAgent.exe from the Command line, what do the following options do?

/h

/l

A

/h - List all the switches with their description

/l - Set the location of the log file

See KB article KB52707

130
Q

When using CmdAgent.exe from the Command line, what do the following options do?

/c

/s

/i

A

/c - Check for new policies. The agent contacts the ePO server for new or updated
policies, then enforces them immediately upon receipt.

/s - Display the Agent Monitor

/i - Display McAfee Agent information

See KB article KB52707

131
Q

What are the 3 types of synchronization available in the system tree (for LDAP)

A
  1. Leave systems in their current location only
  2. Add systems to the sync group and leave them in the current location
  3. Move system tree from their current System Tree location to synchronized group
132
Q

What are the first 5 sub-actions for a “Run Query” server task? (hint: A-D)

A

A-D

  • Apply Tag
  • Assign Policy
  • Clear Tag
  • Delete Systems
  • Deploy McAfee Agent

E-M

  • Email File
  • Exclude Tag
  • Export to file
  • Generate Compliance event
  • Move Systems

R-W

  • Resort sytems
  • Run client task now
  • Run External cmd
  • Set User properties
  • Transfer systems
  • Wakeup Agents
133
Q

Tomcat is responsible for Automatic Responses.

A. True

B. False

A

A. True

134
Q

What does the Apache server handle do in ePO?

A

Manages Events, Group management, Tag management and Agent sorting.

AKA Agent Handler

Reference: KB81641 - The Server service (or Apache) processes and receives all Agent-to-Server communication in the environment

135
Q

Which VSE menu option is used to unlock the user interface?

A
  • Tools
136
Q

Name the three places/ways to reset inheritance.

A
  • Assigned Policies
  • Policy Catalog
  • Client Tasks
137
Q

What file is used to restore repository list during re-installation?

A
  • SiteMGR.xml
138
Q

What is the name of the ePO query and reporting system?

A
  • Query Building Wizard
139
Q

What are the four tabs of the query builder?

A
  • All
  • Private Groups
  • Shared Groups
  • Public Groups
140
Q

What file in the /…/server/conf directory needs to be modified to change the default timeout?

A
  • Web.xml
141
Q

Name these default ports.

  • 389
  • 636
  • 445
A
  • 389 - LDAP Server Port
  • 636 - SSL LDAP
  • 445 - SMB Windows Domain Controller
142
Q

Name these default ports:

  • 8081
  • 8082
A
  • 8081 - Agent Wake Up
  • 8082 - Agent Broadcast - Superagents use this
143
Q

What are the order of events for an ePO fresh install?

A
  1. Creat 2nd admin
  2. Registered Servers
  3. Server settings
  4. System Tree
  5. Software Manager
  6. Client Tasks
  7. Master Repo
  8. Server Tasks
  9. Contacts
  10. Automatic response
  11. Deploy agents
144
Q

Name these default ports.

  • 1433
  • 1434
A
  • 1433 SQL TCP
  • 1434 SQL UDP
145
Q

What are the 3 default permission sets other than Executive Reviewer?

A
  • Global Reviewer
  • Group Admin
  • Group Reviewer
146
Q

When using CmdAgent.exe from the command line, what do the following options do?

  • /p?
  • /e?
A
  • /p - Collect and send properties
  • /e - Enforce policies locally
147
Q

Where are install logs located?

A

% temp%\McAfeelogs

148
Q

How are products broken down?

A

By categories

149
Q

How are the policies broken down?

A

By tabs

150
Q

What file contains the list of disabled event ids?

A

Evtfilter.ini

151
Q

Name 2 valid deployment types (packages)

A
  • Agent language pack
  • ExtraDAT pack
152
Q

What is the only available dashboard in a bare ePO install?

A
  • ePO Summary
153
Q

Where is Agent gathered system information stored in the SQL database?

A
  • EPOComputerProperties
154
Q

What is the ePO standard log level?

A

7

155
Q

The framework service is responsible for which two functions?

A
  • Enforce policies
  • Collect and send system properties
156
Q

What is the ePO Debug log level?

A

8

157
Q

What options exist when scheduling a client task?

(Row headers on left side)

A
  • Scheduling status:
  • Schedule type:
  • Effective period:
  • Start time:
  • Task runs according to:
  • Options:
158
Q

When creating a custom dashboard and specifying the “Size:”, what is the minimum and maximum layout that can be defined?
A. 1x2, 6x4
B. 1x2, 5x5
C. 1x2, 5x4
D. 2x3,6x4

A

A. 1x2, 6x4

159
Q

Criteria-based tags can be created using:
A. Task settings
B. System Properties
C. Product Properties
D. Policy settings

A

B. System Properties

160
Q

What option should be selected in the SQL maintenance plan rebuild index?
A. Reorganize the pages with the default amount of free space
B. Change free space per page percentage to:
C. Sort results in tempdb
D. Keep index online while reindexing

A

B. Change free space per page percentage to:

161
Q

Which of the following needs to be enabled to successfully deploy an Agent from the ePO server?
(Choose three)
A. Framework service
B. Remote Registry service
C. File and Printer Sharing
D. Admin$share
E. C$share

A

Answer: B, C, D

B. Remote Registry service
C. File and Printer Sharing
D. Admin$share

162
Q

Under the Access Protection policy which of the following is a User-defined Rule?
A. Registry Blocking
B. Prevent FTP communication
C. Prevent McAfee Services from being stopped
D. Block read and write access to all shares

A

Answer: A

A. Registry Blocking

163
Q

Which of the following is the best formula to use to calculate the size of the database?
A. Installed database size + (number of clients x client system size) + (number of events generated x event size)
B. Installed database size + (number of clients I client system size) + (number of events generated I event size)
C. Installed database size I (number of clients - client system size) + (number of events generated
- event size)
D. Installed database size x (number of clients + client system size) + (number of events generated x event size)

A

Answer: A

A. Installed database size + (number of clients x client system size) + (number of events generated x event size)

164
Q

If it takes 90 seconds to accomplish an on-demand scan with the CPU utilization set at 90%, if the CPU utilization is set for 30% how many seconds will it take?
A. 180
B. 270
C. 360
D. 450

A

Answer: B

B. 270

165
Q

Which of the following are result types in the query builder used by Multi-Server Rollup Querying?
(Choose three)
A. Rolled-up Threat Events
B. Rolled-up RSD Detections
C. Rolled-up Managed Systems
D. Rolled-up Applied Policies
E. Rolled-up Audit Log

A

Answer: A,C,D

A. Rolled-up Threat Events
C. Rolled-up Managed Systems
D. Rolled-up Applied Policies

166
Q

Into which of the following formats can query results be exported? (Choose two)
A. CSV
B. TXT
C. PDF
D. DOC
E. SQL

A

Answer: A,C

A. CSV
C. PDF

167
Q

What information is required during an ePO clustered installation? (Choose three)
A. Virtual server IP address
B. Virtual server mac address
C. Virtual server name
D. Virtual server DNS name
E. Virtual server communications port

A

Answer: A,C,D

A. Virtual server IP address
C. Virtual server name
D. Virtual server DNS name

168
Q

The first action when creating a query using the Query Wizard is choosing a:
A. resulttype
B. charttype
C. feature group
D. filter set

A

Answer: A

A. resulttype

169
Q

When the sorting criteria overlaps two groups, the system will sort into the group dependent on:
A. Order
B. Tag
C. AgentGUID
D. MAC

A

Answer: A

A. Order

170
Q

The replication types used in updating distributed repositories are:
A. full and incremental
B. all repositories and selected repositories
C. incremental and all repositories
D. full and all repositories

A

Answer: A

A. full and incremental

171
Q

The option available for the McAfee Default Policy is?
A. Rename
B. Duplicate
C. Edit
D. Delete

A

Answer: B

B. Duplicate

172
Q

What is the Rogue System Detection policy for Sensor’s detected system cache life time in seconds?
A. 300
B. 600
C. 1800
D. 3600

A

Answer: A

A. 300

173
Q

Which of the following can be configured as Server Tasks? (Choose three)
A. Purge Event logs
B. Event Filtering
C. RollUp Data
D. Run Tag Criteria
E. Deployment Task

A

Answer: A,C,D

A. Purge Event logs
C. RollUp Data
D. Run Tag Criteria

174
Q

What additional scan item is added when the Anti-Spyware module is installed?
A. Running processes
B. Home folder
C. Registered Files
D. Recycle bin

A

Answer: C

C. Registered Files

175
Q

When importing a policy the file type is?
A. CSV
B. PDF
C. HTML
D. XML

A

Answer: D

176
Q

Which VirusScan component intercepts input/output operations called by the Operating System?
A. Common Shell
B. Access Protection
C. On-Access Scanner
D. Filter Driver

A

Answer: D

D. Filter Driver

177
Q

What component needs to be installed in the DMZ to allow external systems to receive appropriate
policies and tasks?
A. Framework
B. Agent Handler
C. Super Agent
D. Repository

A

Answer: B

B. Agent Handler

178
Q

Which of the following policy settings would enable an ePO administrator to remotely view the Agent Activity Log using a web browser? (Choose two)
A. Agent Policy option ‘Enable remote access to log’ is checked
B. ‘Accept connection only from ePO server’ option is checked
C. ‘Accept connection only from ePO server’ option is unchecked
D. Desktop default firewall policy is enabled
E. IPS default policy is enabled

A

Answer: A,C

A. Agent Policy option ‘Enable remote access to log’ is checked
C. ‘Accept connection only from ePO server’ option is unchecked

179
Q

All traffic between Agents and the Handler are signed and verified with what type of key pairs?
A. RSA
B. DSA
C. ASSC
D. 3DES

A

Answer: C

C. ASSC

180
Q

If a machine is unable to communicate with a repository using the Ping time option, what is the value assigned to that repository in the sitelist.xml file?
A. 65535
B. 73953
C. 1024
D. 8443

A

Answer: A

A. 65535

181
Q

How do Rogue System Detection Sensors detect systems on a network?
A. Port scanning and OS fingerprinting
B. Broadcast messages and DHCP responses
C. Database query and system lookup
D. Automatic Responses and system properties

A

Answer: B

B. Broadcast messages and DHCP responses

182
Q

What important property simplifies policy and task administration?
A. Hierarchy
B. Lock Policy
C. Inheritance
D. Enforcement

A

Answer: C

C. Inheritance

183
Q

In order to protect the ePO keys, which directory on the server is required to be backed up?
A. C: \Program files\mcafee\epolicy orchestrator\DB\software
B. C: \Program files\mcafee\epolicy orchestrator\DB\keystore
C. C:\Program files\mcafee\epolicy orchestrator\a pache2\conf
D. C: \Program files\mcafee\epolicy orchestrator\server\cache

A

Answer: B

B. C: \Program files\mcafee\epolicy orchestrator\DB\keystore

184
Q

A system is considered an Inactive Agent by the Rogue System Detection Server if it has not reported back within the last:
A. 20 days
B. 30 days
C. 45 days
D. 60 days

A

Answer: C

C. 45 days

185
Q

Which file pulled from the server contains the distributed repository list?
A. Sitelist.xml
B. SiteStat.xml
C. Sitemaplist.xml
D. SiteMgr.xml

A

Answer: A

A. Sitelist.xml

186
Q

When a policy is created in the policy catalog the new policy is:
A. Assigned
B. Not assigned
C. Shared
D. Not enforced

A

Answer: B

B. Not assigned

187
Q

Which of the following is the default location for the McAfee Agent configuration files?
A. Common Framework
B. System32
C. My Documents
D. WindowsTemp

A

Answer: A

A. Common Framework

188
Q

Which command line option is used to uninstall Anti-Spyware?
A. SetupVSE.exe /REMOVE
B. Setup.exe/X
C. Scan32.exe /UninstallMAS
D. Scan32.exe /DELETE

A

Answer: C

C. Scan32.exe /UninstallMAS

e.g., \scan32.exe /UninstallMAS

See KB59996

189
Q

Which of the following options is only available on the Dashboards page?
A. Manage Dashboards
B. New Dashboard
C. Make Active
D. Make Public

A

Answer: A

A. Manage Dashboards

190
Q

Of the following, what is the proper syntax for importing computers into groups using a text file?
A. group1-system1\
B. group1system1
C. group1,system1
D. group1\system1

A

Answer: D

D. group1\system1

191
Q

Who can change the ownership of a policy? (Choose two)
A. Group Admin
B. Global administrator
C. Owner
D. System
E. Root

A

Answer: B,C

B. Global administrator
C. Owner

192
Q

In a disaster recovery situation, what must be completed to recover the ePO server? (Choose two)
A. Re-deploy VirusScan
B. Re-deploy the Agents
C. Reinstall extensions
D. Restore Agent Handlers
E. Restore the database

A

Answer: C,E

C. Reinstall extensions
E. Restore the database

193
Q

One or more permission sets can be assigned to any users who are not global administrators.
Which of the following default permission sets can be assigned to users? (Choose three)
A. Global Administrator
B. Executive Administrator
C. Group Admin
D. Group Reviewer
E. Custom Administrator

A

Answer: A,C,D

A. Global Administrator
C. Group Admin
D. Group Reviewer

194
Q

A rogue system is a machine that:

A. does not match a white list.
B. does not have the McAfee Agent installed.
C. does not have McAfee VirusScan installed.
D. does not have an Agent handler.

A

Answer: B

B. does not have the McAfee Agent installed.

195
Q

What feature provides the capability to group machines logically and, where necessary, set alternative policy and change inheritance settings?
A. AD Sync
B. System Tree
C. Policy Catalog
D. Softing Criteria

A

Answer: B

B. System Tree

196
Q

System tree synchronization can be configured according to which connectors? (Choose two)
A. Open LDAP
B. NTDomain
C. eDirectory
D. Active Directory
E. Novell

A

Answer: B,D

B. NTDomain
D. Active Directory

197
Q

Which of the following formats are available for exporting data? (Choose three)
A. DOC
B. CSV
C. XML
D. XLS
E. HTML

A

Answer: B,C,E

B. CSV
C. XML
E. HTML

198
Q

Which of the following criteria are applicable when configuring Agent Handler assignments? (Choose three)
A. Agent IP Address
B. System Tree Location
C. Agent NetBIOS Name
D. FQDN/DNS Name
E. Agent Subnet

A

Answer: A,B,E

A. Agent IP Address
B. System Tree Location
E. Agent Subnet

199
Q

System properties are directly helpful when creating which of the following? (Choose two)
A. Criteria-based tags
B. Server tasks
C. Client tasks
D. Assigned policies
E. Creating queries

A

Answer: A,E

A. Criteria-based tags
E. Creating queries

200
Q

Extensions that are installed into the ePO server are in what file format?
A. .zip
B. .nap
C. .rar
D. .jar

A

Answer: A

A. .zip

201
Q

Which of the following is a valid path for creating a SuperAgent repository?
A. C:\Program Files
B. C:\McAfee
C. C:\McAfee\software
D. C:\SuperAgent

A

Answer: C

C. C:\McAfee\software

202
Q

Which of the following servers can be designated as registered? (Choose two)
A. LDAP
B. DHCP
C. NTLM
D. SNMP
E. SMTP

A

Answer: A,D

A. LDAP
D. SNMP

203
Q

What feature can monitor battery state and full screen awareness?
A. On-Demand Scan
B. On-Access Scanner
C. Update Task
D. Access Protection

A

Answer: A

A. On-Demand Scan

204
Q

What is required to run ePO in a high availability environment on two or more servers?
A. Local SQL Server
B. Microsoft Cluster Server (MSCS)
C. Veritas Cluster Server (VCS)
D. Agent handler

A

Answer: B

B. Microsoft Cluster Server (MSCS)

205
Q

How are policy settings grouped within products?
A. Product
B. Category
C. Assignment
D. Name

A

Answer: B

B. Category

206
Q

What feature gathers Managed System and Compliance Information from remote ePO servers and allows reports to be run against the data?
A. Rolled-up Managed Systems
B. Multi-Server Roll-up Reporting
C. Rolled-up Compliance history
D. Multi-Server Summary Reporting

A

Answer: B

B. Multi-Server Roll-up Reporting

207
Q

What is the name of ePO’s reporting wizard?
A. Crystal Reports
B. ePO Queries
C. System Report
D. Query Builder

A

Answer: D

D. Query Builder

208
Q

Which VirusScan components can be configured for the Artemis Heuristics detection? (Choose two)
A. On-Delivery Email Scanner
B. Access Protection
C. On-Access Scanner
D. Unwanted Programs Policy
E. Buffer Overflow Protection

A

Answer: A,C

A. On-Delivery Email Scanner
C. On-Access Scanner

See KB70130 “How to enable Global Threat Intelligence Technology in various products”

209
Q

An ePO administrator is trying to update the Sitelist.xml file for an existing McAfee Agent to point to a different ePO server. Which command should be used?

A. Frminst.exe /install=agent /siteinfo=”C:\Sitelist.xml”
B. Frminst.exe /install=agent /forceinstall /siteinfo=”C:\Sitelist.xml”
C. Frminst.exe /install=updater /siteinfo=”C:\Sitelist.xml”
D. Frminst.exe /install=agent /SITELIST=”c:\Sitelist.xml”

A

Answer: A

A. Frminst.exe /install=agent /siteinfo=”C:\Sitelist.xml”

210
Q

What task can be configured to copy the contents of one distributed repository into another distributed repository which is outside of the normal replication process?
A. Update Task
B. Mirror Task
C. On-Demand Scan Task
D. AutoUpdate Task

A

Answer: B

B. Mirror Task

211
Q

Which of the following options are required to share policies between ePO servers? (Choose three)
A. Designate the policy
B. Register the server
C. Duplicate the policy
D. Assign the policy
E. Schedule a server task

A

Answer: A,B,E

A. Designate the policy
B. Register the server
E. Schedule a server task

212
Q

All Dashboards, other than the default, are owned by what user?
A. Executive Admin
B. Group Admin
C. Executive Reviewer
D. Global Administrator

A

Answer: D

D. Global Administrator

213
Q

What component is composed of the following high-level scanners; AntiVirus Scanner, Buffer Overflow protection, On-Access Scanner, and Access Protection?
A. McShield.exe
B. Mcconsol.exe
C. Common Shell
D. Filter Driver

A

Answer: A

A. McShield.exe

214
Q

Which of the following is a file system filter driver?
A. Mfeapfk.sys
B. Mfeavfk.sys
C. Mfebopk.sys
D. Mfehidk.sys

A

Answer: B

B. Mfeavfk.sys

215
Q

Which of the following are valid permissions for query functions? (Choose two)
A. Use private queries
B. No permissions
C. Create and edit personal queries
D. Edit private queries
E. Make public queries private

A

Answer: B,C

B. No permissions
C. Create and edit personal queries

216
Q

What is the maximum number of days that can be set in the VirusScan option “Number of days to keep back-up data in the quarantine directory”?
A. 30
B. 90
C. 365
D. 999

A

Answer: D

D. 999

217
Q

What files are automatically downloaded from the McAfee source repositories with a pull task? (Choose two)
A. Service Packs
B. Patches
C. DATs
D. Product Updates
E. Potential Unwanted Programs

A

Answer: C,E

C. DATs
E. Potential Unwanted Programs

218
Q

Which ePO service manages Agent communication?

A. Event Parser

B. Framework service

C. Tomcat

D. Apache

A

D. Apache

219
Q

A registered LDAP server is used with which of the following authentication types?

A. SQL authentication

B. Windows authentication

C. Certificate based authentication

D. ePO authentication

A

B. Windows authentication

220
Q

Which of the following is true regarding Disaster Recovery?

A. Database administrator rights are required to change the Keystore encryption passphrase.

B. The Keystore encryption passphrase is used to encrypt and decrypt the sensitive information stored in the server.

C. Disaster Recovery is enabled by default for all database types.

D. The previous passphrase is required to change the Keystore encryption passphrase.

A

B. The Keystore encryption passphrase is used to encrypt and decrypt the sensitive information stored in the server.

221
Q

Assignment locking prevents:

A. Changes to the policy at the parent.

B. Changes to client tasks.

C. Changes to inheritance.

D. Changes by users.

A

C. Changes to inheritance.

222
Q

What task can be configured to copy the contents of one distributed repository into another?

A. Firewall Rule

B. Firewall Group

C. Firewall Options

D. Firewall Catalogs

A

B. Firewall Group

223
Q

Policies can be imported into ePO using which file type?

A. CSV

B. PDF

C. HTML

D. XML

A

D. XML

224
Q

If a policy assigned to the “My Organization” group is deleted, what policy is assigned in its place?

A. McAfee Default

B. Parent Group

C. My Default

D. Global Group

A

A. McAfee Default

225
Q

How can an ePolicy Orchestrator administrator manage assets in a network broadcast segment that cannot communicate directly with the ePolicy Orchestrator server?

A. Enable peer-to-peer communication

B. Convert the agents to super agents

C. Utilize and Agent Deployment URL

D. Configure an agent relay server

A

D. Configure an agent relay server

226
Q

What is the purpose of installing the McAfee Agent in VDI mode?

A. VDI mode is used to avoid duplicate GUIDs in virtual environments with non-persistent virtual machines

B. VDI mode prevents the inadvertent installation of point products that are not compatible with virtual clients

C. VDI mode is used to store administrative credentials so that the Agent can be reinstalled if the virtual machine is reprovisioned

D VDI mode is used to provide virtual machines on the same cluster as a source to pull updates in order to save bandwidth

A

A. VDI mode is used to avoid duplicate GUIDs in virtual environments with non-persistent virtual machines

227
Q

What important System Tree property simplifies policy and task administration?

A. Hierarchy

B. Lock Policy

C. Inheritance

D. Enforcement

A

C. Inheritance

228
Q

When configuring Active Directory synchronization, exceptions can be created for which of the following?

A. Organizational Units

B. Security Groups

C. Domain Groups

D. Users

A

A. Organizational Units

229
Q

When a group has four sorting criteria assigned, the system will be placed into the group when it meets how many of the conditions?

A. One

B. Two

C. Three

D. Four

A

A. One

230
Q

What ports can you modify after installation? (Select two)

A. Agent-server communication
B. Agent-server communication secure port
C. Agent wake-up communication port
D. Agent broadcast communication port

A

C. Agent wake-up communication port
D. Agent broadcast communication port

See “About HTTP port options” in the ePO Installation Guide

The ports used by ePolicy Orchestrator software are predefined, and populated by default. Most port designations can be changed only during the installation process.

231
Q

An ePO Agent Handler must have a high availability and high bandwidth connection to the __________________.

A
  • ePO database
232
Q

Exam Hint:

  • Know the different log names
  • Where the logs are located and
  • What log contains what information
A

Orion –

Contains McAfee Foundation Services platform details and all extensions loaded by default. Located at : [InstallDir] \Server\logs

Server –

Contains details related to these McAfee ePO server services:

  • Agent-server communications
  • McAfee ePO Server Agent Handler

Located at : [InstallDir]\DB \Logs

Audit –

The ePO Audit Log contains many EE policy added/deleted/changed/saved log entries similar to the following for policies that are not configured by the ePO administrator

233
Q

Name the three branches in the ePO Master Repository.

A
  1. Current
  2. Previous
  3. Evaluation

From the McAfee Community:

Current - All the Packages you want to deploy to your Client Machines are in this branch and, by default, McAfee Agents take updates from this Branch.

Previous - This is the branch where you generally keep your old version of McAfee Products or old DAT. Whenever there is a new McAfee Product Version released you check-in the package into the Current Branch of the Master Repository, and move the existing one into the Previous branch, so that you have the old version of the McAfee Product as well. There is no hard and fast rule to move the old version of McAfee Product to the Previous branch, and you can delete it as well. But some ePO admins want to have the old versions as well, so they move it to Previous branch.

Evaluation - This branch is generally used for Testing Purpose. Suppose in your environment, you don’t want to push an update to the production machines unless you test it and monitor the behavior of the new McAfee Product or updates before testing it. Then you can check-in the McAfee Product or updates into this branch, change the McAfee Agent policy for the test machine to get the updates from Evaluation Branch instead of Default Current branch, let the updates be pushed to Test Machines, and then monitor it. Once satisfied, change the branch of the Product or update to Current branch, so that it can be pushed to all the machines in the Production Environment.

234
Q

What is the default secure port that the Apache service listens on?

A
  • 443
235
Q

Which query results are actionable?

A. Bar and Graph results

B. Table results

C. Pie Graphs

D. All results

A

D. All results

236
Q

Making a Personal query Public is done by:

A. Selecting the Query and choosing Actions > Make Public

B. Choosing the Make Public button on the Queries page.

C. Moving the query to a public group.

A

C. Moving the query to a public group.

237
Q

You can schedule a query to run periodically by creating a:

A. Run Query Server Task

B. Run Query Client Task

C. Run Query Reporting Task

D. System Search Server Task

A

A. Run Query Server Task

238
Q

Which of the following report header and footer elements are customizable?

A. Logo

B. Date/Time

C. Page Number

D. User Name

E. Custom Text

F. All of the above

A

F. All of the above

239
Q

Which ePO component resides on the ePO server and stores all managed software, including updates and signatures?

A. Database

B. Distributed Repository

C. Master Repository

D. McAfee Agent

A

C. Master Repository

240
Q

You plan to install the SQL Server that is included with the ePO software. What Microsoft software must be acquired and installed manually before beginning the ePO installation?

A. Microsoft Visual C++ 2005 Redistributable Package (x86)

B.. Microsoft Visual C++ 2008 Redistributable Package (x86)

C. Microsoft SQL Server Data Engine 7.0

D. Microsoft.NET Framework 3.0 or higher

A

D. Microsoft.NET Framework 3.0 or higher

241
Q

Horizontal scalability is typically recommended for managing large, multi-ePO server deployments.

A. True

B. False

A

B. False

242
Q

You anticipate your ePO deployment will manage more than 75,000 managed nodes. What is the recommended RAID configuration for the operating system partition?

A. RAID 1

B. RAID 2

C. RAID 3

D. RAID 10

A

A. RAID 1

243
Q

A dedicated server is recommended, if managing more than 250 systems.

A. True

B. False

A

A. True

244
Q

If SQL Server is installed on the same server as ePO, then ePO dynamically assigns a local SQL port; however, the port for the remote SQL server remains 1433.

A. True

B. False

A

A. True

245
Q

The account used to install ePO must have the ability to create a new database, set permissions on tables and stored procedures, and create SQL jobs. Which of the following are valid roles?

A. bulkadin

B. dbdcreator

C. Securityadmin

D. sysadmin

A

B. dbdcreator

D. sysadmin

246
Q

An ePO product license key is required to install ePO software.

A. True

B. False

A

B. False

You can install an evaluation copy of ePO. The evaluation period expires after 90 days.

247
Q

When can permission sets be assigned? Select all that apply.

A. When a new user account is created

B. When a new permission set is created

C. To any existing user account

D. Only by the Group Admin

A

A. When a new user account is created

B. When a new permission set is created

C. To any existing user account

248
Q

By default, administrators have all permissions to all products and features.

A. True

B. False

A

A. True

249
Q

What is the default authentication method for ePO users?

A. ePO authentication

B. Certificate-based authentication

C. Windows-based authentication

A

A. ePO authentication

250
Q

You have added a group to the System Tree: Virginia. My organization is the parent.

Given these factors, where will the Lost&Found group be placed in the System Tree?

A. Before the Virginia group

B. After the Virginia group

A

B. After the Virginia group

251
Q

You can rename My Organization, as required.

A. True

B. False

A

B. False

252
Q

You can use a group’s sorting criteria to sort systems by:

A. NetBIOS name and IP address

B. IP address and tags

C. Tags and group name

D. Group name and NetBIOS name

A

B. IP address and tags

253
Q

You can prevent all systems from being sorted into groups, regardless of their sorting criteria or status, by disabling System Tree sorting in:

A. Server Settings

B. Group Details

C. Sorting Criteria

D. Group Policy

A

A. Server Settings

254
Q

Exam hint: What is the main reason for having three different branches (evaluation, previous, current) in the Master Repository?

A

Having three branches gives the administrator more flexibility in applying updates and new products.

255
Q

The SQL Server database must reside on the same server as the ePO Software.

A. True

B. False

A

B. False

256
Q
A
257
Q
A