Automating and Optimizing the ePO Workflow Flashcards

1
Q

How can you address the problem of systems having the same GUID?

A

Enable the preconfigured “Duplicate Agent GUID - Clear error count” and “Duplicate Agent GUID - Remove systems that potentially use the same GUID” server tasks

These tasks will clear the error count and remove any systems with the same GUID, and assign the systems a new GUID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the concern regarding events in a large environment?

A

In large environments, many events are reported to the ePO server, potentially leading to rapid growth of the database.

The database size directly impacts the performance of the ePO server, so it is important to maintain a clean database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How should you determine how long to retain event information when configuring a purge task?

A

Based on corporate data retention policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the recommended retention rates in the product guide?

A
Audit Log - Purge after 6 months
Client Events - Purge after 6 months
Server Task Log - Purge after 6 months
Threat Events - Purge every day
SiteAdvisor Enterprise Events - Purge after 10 days
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Why are SAE events only retained for 10 days (as per product guide recommendation?)

A

They aren’t included in the normal events table, and collect all URLs visited by managed systems, leading to a large amount of data being saved in environments with more than 10,000 systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When should you schedule your purge events server task?

A

During non-business hours

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are some reasons that it may be preferable to purge client events by query

A

This method can be helpful in a situation in which there is an excessive amount of a specific event in the database in a short time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why is it a good idea to configure a regular, automatic content pull for your ePO server?

A

This keeps your protection signatures up to date for McAfee products.

Pulling the latest DAT and content files keeps your protection signatures up to date for McAfee products like VirusScan Enterprise and HIPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the primary steps for configuring an automatic content pull and replication

A
  1. Pull content from McAfee into your Master Repository. which is always the ePO server
  2. Replicate that content to your distributed repositories. This ensures that multiple copies of the content are available and remain synchronized. This also allows clients to update their content from their nearest repository
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When are DAT files typically released?

A

3PM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How many times a day should you schedule your pull task, and at what times?

A

They should be scheduled at least once daily, but preferably 2 - 3 times in case something goes awry with one of the pull tasks.

They should be scheduled after 3PM, as that’s when DATs are usually released. If they’re scheduled earlier, then there will be no new content to pull

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the two event numbers that are considered best practice to filter out?

A

1051 and 1059
1051 - Unable to scan password-protected file
1059 - Scanned timed out

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What percentage of the database can the “best practice” events make up of the total events stored in your database?

A

80%

How well did you know this?
1
Not at all
2
3
4
5
Perfectly