ePolicy Orchestrator - MA0-100 - Archive Flashcards
Which of the following uses a propietary SPIPE protocol to encapsulate unsecured HTPP traffic?
A. PA Agent
B. HIPS Agent
C. DLP Agent
D. McAfee Agent
D. McAfee Agent
Which of the following is a core architecture component of ePO?
A. Internet Explorer
B. Event Parser
C. SuperAgent
D. SQL Server
B. Event Parser
What option can be configured in the On-Access General Policy that is not an option in the local VirusScan console?
A. Boot sectors
B. Floppy during shutdown
C. Enable on-access scanning at system startup
D. Enable on-access scanning when the policy is enforced
D. Enable on-access scanning when the policy is enforced
Which of the following system properties does the ePO server write to the database? Select the three that apply.
A. Total disk space
B. Total physical memory
C. Last communication
D. VirusScan version
E. McAfee agent version
A. Total disk space
B. Total physical memory
C. Last communication
To ensure that a Rogue System Detection Sensor is not installed on a managed system, what action needs to be performed?
A. Add the system to the Exception List
B. Add the system to the Blacklist
C. Add the system as Ignored
D. Add the system as Managed
B. Add the system to the Blacklist
The ePO server uses which format to write to the database tables?
A. Extensible Configuration Checklist Description Format (XCCDF)
B. Common Events Format (CEF)
C. Security Content Automation Protocol Format (SCAP)
D. Data Access Layer (DAL)
B. Common Events Format (CEF)
When configuring a Synchronization Type for a group within the System Tree which of the following is a valid choice? Select the three that apply.
A. Leave systems in their current system tree location only.
B. Add systems to the synchronized group and leave them in the current system tree location only
C. Add systems to the synchronized group and delete duplicate entries
D. Add systems to the synchronized group and mark duplicate entries
E. Move systems from their current system tree location to the synchronized group
A. Leave systems in their current system tree location only.
B. Add systems to the synchronized group and leave them in the current system tree location only
D. Add systems to the synchronized group and mark duplicate entries
Which of the following are examples of default column headers on the Server Task area of the interface? Selecty the two that apply.
A. Description
B. Duration
C. Name
D. Source
E. Status
C. Name
E. Status
Which options must be selected when creating a maintenance plan for the SQL Database? Select the three that apply.
A. Shrink Database
B. Check Database Integrity
C. Rebuild Index
D. Clean Up History
E. Back up Database
B. Check Database Integrity
C. Rebuild Index
E. Back up Database
If you specify the McAfee Agent Policy to collect only minimal properties, the agent collects only which of the following? Select the the two that apply.
A. Installed software information
B. DAT file version number
C. Processor speed
D. Installation path
E. Operation system
B. DAT file version number
D. Installation path
What is the default number of sensors that will be active per subnet?
A. 1
B. 2
C. 3
D. 4
B. 2
A Subnet that has a Rogue System Detection Sensor installed is
A. active
B. inactive
C. uncovered
D. covered
D. covered
Which of the following are valid server tasks for updating the ePO repositories ? Select the two that apply.
A. Repository pull
B. Update
C. Repository replication
D. Mirror
E. Product deployment
A. Repository pull
C. Repository replication
Which of the following is used to create policy? Select the two that apply.
A. Copy
B. Duplicate
C. Clone
D. New Policy
E. Save As
B. Duplicate
D. New Policy
What options are available to the administrator when creating a client task to limit the systems that receive the task?
A. Tasks can only be assigned globally
B. Tasks can only be assigned to a specific group
C. Task can be configured with defined criteria
D. Task can be enabled when the desired systems are online.
C. Task can be configured with defined criteria
Deployment packages that are checked into the ePO server have which of the following file extension?
A. .arc
B. .rar
C. .zip
D. .jar
C. .zip
When creating a new query, what is the function title used to limit the resulting output?
A. Result type
B. Chart
C. Filter
D. Columns
C. Filter
Which of the following types of distributed repositories is supported by ePO?
A. HTTP
B. FTP
C.UNC
D.DHCP
E. LDAP
A. HTTP
B. FTP
C. UNC
If a policy that is assigned to the My Organization group is deleted, what policy is assigned in its place?
A. McAfee Default
B. Parent Group
C. My Default
D. Global Root
A. McAfee Default
When running a Run Tag Criteria server task and the box for Reset manually tagged and excluded systems box is checked, this would
A. Include both systems that match and don’t match
B. remove the tag on systems that do match the criteria.
C. add the tag on systems that don’t match the criteria
D. remove the tag on systems that don’t match the criteria
D. remove the tag on systems that don’t match the criteria
Which of the following server services is responsible for communication with the McAfee Agent?
A. Apache
B. Tomcat
C. SQL
D. Event Parser
A. Apache
Which of the following are valid Server Task Sub-Actions that can be selected from a result of a query? Select the three that apply.
A. Install Point Products
B. Assign Policy
C. Move Systems to another Group
D. Email File
E. Remove Point Products
B. Assign Policy
C. Move Systems to another Group
D. Email File
Which of the following should be the primary consideration when deploying Agent Handlers?
A. Database increasing in size
B. Log files increasing in size
C. Memory and resource allocation
D. High speed and low latency connection
D. High speed and low latency connection
When creating a permission set, which of the following users are automatically assigned? Select the two that apply.
A. Admin
B. Group Admin
C. System
D. Global Administrator
A. Admin
C. System
Which of the following are used to update the master repository on a regular basis?
A. Automatic Response
B. Client Task
C. Server Task
D. Server Settings
C. Server Task
Query results are displayed within ePO in what form?
Select the two that apply.
A. PDF
B. Charts
C. XML
D. Tables
E. TXT
B. Charts
D. Tables
What port is used to access the McAfee Agent Activity Log from a remote machine?
A. 80
B. 443
C. 8081
D. 8082
C. 8081
What default port is used for Rogue System Detection
Sensors for communication to he ePO server?
A.8081
B.8082
C.8443
D.8444
D.8444
What is used to configure the SQL server to drop the transaction logs once a checkpoint is complete?
A. Full
B. Simple
C. Bulk-Logged
D. Recovery
B. Simple
To remove computers from ePO using the Active Synchronization task, it is required that the account has access to the
A. deleted computers.
B. deleted Objects container.
C. Organizational Unit.
D. Active Directory.
D. Active Directory.
When configuring Product Deployment Client Tasks, the Enable randomization setting should be activated when managed client nodes exceed.
A. 100
B. 500
C. 750
D. 1000
D. 1000
Where in the ePO Database is Epo Agent gathered system information stored?
A. epocomputerproperties
B. epobranc
C. epoleafnode
D. epoproductproperties
A. epocomputerproperties
What location is used to change the deafult Dashboard for new ePO Console users?
A. Personal Settings
B. Permission Sets
C. Contacts
D. Server Settings
D. Server Settings
When configuring the Active Directory settings, exceptions can include which of the following?
A. Organizational Units
B. Computers
C. Domain Groups
D. Users
A. Organizational Units
Which of the following is the correct order for creating a query?
A. Configure Chart, choose Columns, select Result Type, apply Filter
B. Select Result Type, choose Columns, configure Chart, apply Filter
C. Configure Chart, select Result Type, choose Columns, apply Filter
D. Select Result Type, configure Chart, choose Columns, apply Filter
D. Select Result Type, configure Chart, choose Columns, apply Filter
Which of the following cannot be completed within the Policy Catalog?
A. Edit
B. Rename
C. Duplicate
D. Assign
D. Assign
Which of the following can NOT be placed into a dashboard?
A. Boolean pie chart
B. Multi-group summary table
C. Single-group summary table
D. Table
D. Table
When a policy is locked, it prevents modification of the
A. policy
B. assignment
C. system tree
D. sub groups
B. assignment
Which of the following are valid deployment package types? Select the two that apply.
A. Catalog.z
B. Agent Language pack
C. Extradat
D. Artemis pack
E. ePOMain
B. Agent Language pack
C. Extradat
Private queries are available to
A. the creator
B. GlobalAdministrators
C. administrators who have permission
D. Group Administrators
A. the creator
Which of the following steps are needed for Policy Sharing? Select the three that apply.
A. Register the remote ePO servers
B. Share the individual policies
C. Configure Server Task
D. Enable Global Updating
E. Share default policies
A. Register the remote ePO servers
B. Share the individual policies
C. Configure Server Task
What detail property includes the local Time Zone value of a managed machine?
A. VirusScan Enterprise Properties
B. McAfee Agent Properties
C. Host Intrusion Preventions Properties
D. System information Properties
D. System information Properties
Which of the following Lost&Found group characteristics can be modified?
A. Group Name
B. Sorting Criteria
C. Sorting Criteria for subgroups
D. Tree location
C. Sorting Criteria for subgroups
Which component controls the scheduled tasks and communicates with the common agent?
A. Task Manager
B. McShield
C. Framework Service
D. Scan32.exe
C. Framework Service
Which VirusScan policy configures the option Allow this system to make remote console connections to other systems?
A. User interface
B. On-Access Scanner
C. Quarantine Manager
D. Unwanted Programs
A. User interface
When backing up an ePO server, which of the following security keys is required to restore agent server communication?
A. Local Master Repository Communication
B. Agent Server Secure Communication
C. Legacy Agent Server Communication
D. McAfee SIA Repository Communication
B. Agent Server Secure Communication
Why would a managed system appear in the Lost & Found group?
A. No matching criteria were found
B. Matched sorting criteria were found
C. Inactive Agent
D. Rogue Agent
A. No matching criteria were found
An RSD Sensor has been deployed from the ePO console. However, it has not reported back. Which of the following is the most likely cause? Select the three that apply.
A. The sensor is unable to resolve the IP address for ePO
B. The sensor is blacklisted
C. Deployment of the sensor failed
D. Sensor service is dissabled after installation
E. The sensor is an exception
A. The sensor is unable to resolve the IP address for ePO
C. Deployment of the sensor failed
D. Sensor service is dissabled after installation
Which of the following are example of client tasks? Select the three that apply.
A. Agent Wakeup
B. Product Update
C. Repository pull
D. Mirror Repositories
E. Event Migration
A. Agent Wakeup
B. Product Update
D. Mirror Repositories
Which of the following options are available from ePO
Server settings? Select the three that apply.
A. Ports
B. Global Updating
C. Event Migration
D. Active Directory Synchronization
E. Email Server
A. Ports
B. Global Updating
E. Email Server
Which two items are modified on the Full Scan Task when installing the anti-Spyware module? Select the two that apply.
A. Registry
B. Cookies
C. Running Process
D. Recycle bin
E. Memory for Rootkits
A. Registry
B. Cookies
What VirusScan Menu option is used to unlock the user Interface?
A. Task
B. Edit
C. View
D. Tools
D. Tools
Which policies can be configured to record the Session settings for reporting? Select the two that apply.
A. On-delivery email Scan Policies
B. On-Access Default Processes Policies
C. On-Access General Policies
D. Quarantine Manager Policies
A. On-delivery email Scan Policies
C. On-Access General Policies
What function is disabled for the default ePO Summary dashboard?
A. Edit
B. Delete
C. Make active
D. Make public
D. Make public
When opening an existing policy, the policy settings are organized across.
A. interfaces
B. tabs
C. screens
D. columns
B. tabs
An administrator can configure a query to run a scheduled sub-action to do which of the following?
A. Resort Systems
B. Create Tag
C. Move Systems to Another Group
D. Clear Policy
E. Add to Rogue Systems
A. Resort Systems
C. Move Systems to Another Group
Producted deployment packages are checked into what repository?
A. Distributed
B. Master
C. Fallback
D. Source
B. Master
Which of the following are ePO Server Maintenance
tasks? Select the two that apply.
A. Master Repository Update Failed
B. Purge Repository tasks
C. Update sensor deployment
D. Product License Usage
E. Query New Rogue Detection
C. Update sensor deployment
D. Product License Usage
What Artemis sensitivity level is selected to protect systems or areas that are regularly infected?
A. Low
B. Medium
C. High
D. Very High
C. High
Which of the following services is related to Super Agents?
A. Framework
B. Application Server
C. Event Parser
D. Tomcat
A. Framework
What utility is used to create a custom VirusScan installation package that contains updated DAT and engine files?
A. Deployment task
B. Manual install
C. Installation Designer
D. MSI installer
C. Installation Designer
Which of the following options are available when right clicking a file and selecting Scan for threats? Select the two that apply.
A. Clean
B. Delete
C. Continue
D. Prompt for action
E. Continue scanning
A. Clean
C. Continue
Which of the following ports need to be open on the Firewall for an Agent Handler to communicate with ePO and database server (s) inside of a network? Select the two that apply.
A. Port 80
B. Port 1433
C. Port 8082
D. Port 8081
E. Port 8445
A. Port 80
B. Port 1433
Which of the following are available within the Policy Catalog? Select the three that apply.
A. Share
B. Duplicate
C. Assign
D. View
E. Lock
A. Share
B. Duplicate
D. View
When a policy is deleted all systems for which it is currently applied to will inherit which policy?
A. McAfee Default
B. Parent Group
C. My Default
D. Global Root
B. Parent Group
An rogue/alien Agent is a system that
A. has not reported back to ePO in the last 30 days.
B. does not have a McAfee Agent installed.
C. has the Agent Component disabled.
D. is reporting to a different ePO Server
D. is reporting to a different ePO Server
Which of the following is a default permission set?
A. Executive Previewer
B. Site Administrator
C. Site Reviewer
D. Group Reviewer
D. Group Reviewer
What file contains the list of disabled event ids?
A. EventFilter.cfg
B. EventFilter.ini
C. Evtfiltr.ini
D. Server.ini
C. Evtfiltr.ini
Which of the following Server Services is responsible for Automatic Responses?
A. Event Parser
B. Framework service
C. Tomcat
D. Apache
C. Tomcat
Which of the following is an available default notification rule?
A. Daily known category notification
B. Virus detected and not removed
C. Virus detected and removed
D. Non-complaint computer detected
D. Non-complaint computer detected
What Artemis sensitivity level is selected when the regular risk of exposure to malware is greater than the risk of a false positive?
A. Low
B. Medium
C. High
D. Very High
B. Medium
Within the Server Services, which component manages events, Group management, Tag management, and Agent sorting?
A. Event Parser
B. Framework service
C. Tomcat
D. Apache
D. Apache
What scheduling options are available when setting up a Product Deployment Task? Select the three that apply.
A. Enable Randomization
B. Stop the task if it runs for a specified amount of time.
C. Run at every policy enforcement
D. Defer scan when using battery power
E. Run missed task at a specified time delay
A. Enable Randomization
B. Stop the task if it runs for a specified amount of time.
E. Run missed task at a specified time delay
What protocol is used for secure communication between the McAgee Agent and server?
A. IPSEC
B. SPIPE
C. SFTP
D. HTTP
B. SPIPE
Policy catalogue pages are added to the ePO server by what function?
A. Adding a package to the Master Repository
B. Installing an extension to ePO server
C. Registering a new server configuration
D. Executing the appropriate pacakagecheckin.exe for that point product
B. Installing an extension to ePO server
An ePO server needs to have a dedicated SQL
Server when managing more than
A. 1,000 nodes.
B. 5,000 nodes
C. 10,000 nodes.
D. 20,000 nodes
B. 5,000 nodes
When an on-demand scan starts, the feature takes
CPU and IO samples over the first
A. 20 seconds
B. 30 seconds
C. 40 seconds
D. 50 seconds
B. 30 seconds
When managing tags what is NOT available in the System Tree?
A. Clear Tag
B. Exclude Tag
C. Apply Tag
D. New Tag
D. New Tag
When performing the On-Demand scan, what System utilization settings are affected?
A. Cookie
B. Registry
C. Encrypted files
D. Targeted files
D. Targeted files
Which of the following are methods that can be used to access System Information? Select the two that apply.
A. Open the computer property query under reports
B. Click a computer in the system tree
C. Select computer properties under system actions
D. Open a query then click a computer in the report
B. Click a computer in the system tree
D. Open a query then click a computer in the report
Which of the following is a supported browser for ePO?
Select the three that apply?
A. Internet Explorer
B. Firefox
C. Safari
D. Chrome
E. Opera
A. Internet Explorer
B. Firefox
D. Chrome
Comment:
If the exam asks for two, then it may be referring to an older release. If so, then select A and B
Internet Explorer greater than IE7
After a query has been completed, additional actions can be taken on the
A. lower right hand corner of page
B. lower left hand corner of page
C. upper right hand corner of page
D. upper left hand corner of page
B. lower left hand corner of page
Which of the following methods can be used to add systems to groups within the system tree? Select the three that apply.
A. Login scripts
B. Importing AD Containers
C. Import using a text file
D. Importing AD systems
E. Rogue system detections
B. Importing AD Containers
C. Import using a text file
D. Importing AD systems
Which areas of the console allow the resetting of inheritance? Select the three that apply.
A. Assigned
B. Policy Catalog
C. Group Details
D. Systems
E. Client Tasks
A. Assigned
B. Importing AD Containers
E. Client Tasks
Which of the following command line options for the cmdagent.exe will check for new policies and enforces them immediately upon receipt?
A. /N
B. /P
C. /C
D. /E
C. /C
When creating a Run Query Server Task, which sub-actions can be selected to allow the system to automatically act upon the results of a query? Select the three that apply.
A. Apply tag
B. Delete system
C. Create group
D. Export to file
E. Send snmp trap
A. Apply tag
B. Delete system
D. Export to file
Agent Handlers are used to:
A. replace distributed repositories
B. ensure agents receive policies, tasks, and product updates.
C. fix a broken network segment
D. identify Rogue Systems on the network
B. ensure agents receive policies, tasks, and product updates.
What is the only Dashboard that is active by default?
A. RSD Summary
B. Executive Dashboard
C. HIP Dashboard
D. ePO Summary
D. ePO Summary
When a group has four sorting criterions assigned, the system will be placed into the group when it meets how many of the conditions?
A. One
B. Two
C. Three
D. Four
A. One
What is the maximun amount of time in seconds that can be configured for ping timeout in the McAfee Agent Policy?
A. 15
B. 30
C. 60
D. 90
C. 60
Which settings are preserved when installing VirusScan on a computer that had a previous version installed? Select three that Apply.
A. Help files
B. Scanning Engine
C. Detection definition file
D. Log file names and locations
E. Registry Keys containing product versions
B. Scanning Engine
C. Detection definition file
D. Log file names and locations
Which file found in the \Program Files\McAfee\ePolicy Orchestrator \Server\conf directory needs to be modified to change the default ePO Console session timeout.
A. server.xml
B. web.xml
C. tomcat-users.xml
D. context.xml
B. web.xml
How many managed machines are required before it is recommended to use a dedicated ePO server?
A. 50
B. 500
C. 5000
D. 50000
C. 5000
Framework Service is responsible for which of the following functions? Select the two that apply
A. Schedule Server Tasks
B. Enforce Policies
C. Collect and Send system Properties
D. Scan for threats and vulnerabilities
E. Policy throtting
B. Enforce Policies
C. Collect and Send system Properties
McAfee ePO server listens on Port 8443 for connection to the administrative console. The Apache sevice port listens is on which of the following default ports?
A. 80, 8081
B. 8081, 8443
C. 80, 443
D. 8444, 1433
C. 80, 443
When computers check into the System Treee, subgroups are considered for matching criteria according to
A. criteria
B. tag
C. sorting order
D. IP filtering
C. sorting order
What tag options are available in the system tree?
- Clear tag
- Exclude
- Apply tag
What 2 users are automatically added to newly created permission sets?
- Admin
- System
When a subgroup’s policy is deleted, which policy will it inherit?
- Parent Group
What actions are available from the Policy Catalog?
(Actions column on the far right)
- Rename
- Duplicate
- Delete
- Export
- Share
- View
What options exist when creating a Product Deployment Client Task? (Row headers on the column on the left)
- Type of Deployment (continues or fixed)
- Select Software
- Select Systems
- Select Start Time
Name the 5 client tasks categories for McAfee Agent.
- McAfee Agent Statistics
- McAfee Agent Wakeup
- Mirror Repositories
- Product Deployment
- Product Update
What 2 options are available in the popup after right clicking
a file & selecting “Scan for threats?
- Clean and continue
In what VSE policies is the ability to set log file sites?
- Access Protection
- BOF
- On-Access General
- On-Delivery Email Scans
Name 2 policies that can be configured to record Session settings for reporting?
- On-Delivery Email Scan
- On-Access General Policies
Where are the server logs installed?
- Install directy org
- \DB\logs
- \Server\logs
- Apache\logs
What are the 7 default server tasks column headings?
- Name
- Status
- Type
- Schedule
- Next Run
- Last Run
- Actions
What are 3 settings that are preserved when upgrading VSE?
- Scan Engine
- Detection definitions files (DAT)
- Log file names & locations
What is the order for creating a query?
- Select results type
- Configure chart
- Choose columns
- Apply filter
What detail property includes the local time zone value of 9 managed machine?
- System information properties
What 3 options are available when scheduling a product deployment task to run daily?
(last box at the bottom of the page)
- Enable Randomization
- Stop the task if it runs for specified time
- Run missed task @ specified time delay
What McAfee Agent Policy allows configuration for enabling remote access to the Agent - (computer) XML log file.
- Logging
Where do you set the default dashboards for users?
- Server Settings
Name 3 reasons why a RSD Sensor hasn’t reported back after deployment.
- Unable to resolve IP address
- Deployment failed
- Sensor service is disabled after installed
Where can you enable system tree sorting?
- Server settings
What are the 2 synch types in a system tree?
- NT Domain
- Active Directory
McAfeee Agent push install relies on acess to the share to client machines.
Admin$
What are the 2 types of replication for distributed repositories?
Full, Incremental
Name the VSE policies
- Access protection
- Alert
- Buffer Overflow Protection
- General Options
- On-Access Default Processes
- On-Acess General
- On-Acess High-Risk Processes
- On-Acess Low -Risk Processes
- On Delivery Email Scan
- Quarantin Manager
- Unwanted Programs
What is the max timeout, in seconds, to ping in Agent?
60 seconds
When configuring AD settings, exceptions can include
Organizational Units
Name both valid server tasks for updating ePO Repositories
Repository Pull
Repository Replication
What do the following default ports do?
8443
8444
8443 - Console to application server comm Tomcat (application server) — Console UI
8444 - Client to server authenticated comm
When creating a VSE Memory Scan ,what locations do you Scan?
Memory for rootkits
Running Processes
What locations do you scan when creating a VSE On-Demand Scan?
Memory for rootkit
Running Processes
All local drives
Registry
Name the purge tasks and the frequency the tasks run.
Audit logs - 6 months
Client Events - 6 months
Server Tasks - Threat events, 1 day
SAE Events - 10 days
What is the Default Dashboard that provides text-based search field?
Quick system search
When creating a VSE Active User Scan, what locations do you scan?
User Profile
Temp
Registry
Registered Files
Windows folder
When using CmdAgent.exe from the Command line, what do the following options do?
/h
/l
/h- list all switches withe descriptions help
/l - set location of log file
When using CmdAgent.exe from the Command line, what do the following options do?
/c
/s
/i
/c - Check for new policies
/s - Display agent monitor
/i - Display agent information
Name 2 properties collected by agenty on minimum properties
Agent GUID
DAT Version
Engine Version
Hotfix Patch Version
Install Path
Language
Product Version
Plugin Version
What are the 3 types of synchronization available in the system tree (for LDAP)
- Leave systems in thier current location only
- Add systems to the sync group and leave them
in the current location
- Move system tree from their current System Tree location
to synchronized group
What are the first 5 sub-actions, start with letters A-D,
for a “Run Query” server task?
A-D
- Apply Tag
- Assign Policy
- Clear Tag
- Delete Systems
- Deploy McAfee Agent
E-M
- Email File
- Exclude Tag
- Export to file
- Generate Compliance event
- Move Systems
R-W
- Resort sytems
- Run client task now
- Run External cmd
- Set User properties
- Transfer systems
- Wakeup Agents
T/F Tomcat is responsible for Automatic Responses
True
What does the Apache server handle in ePO?
Manages events, group Management, Tag management and agent sorting . AKA Agent Handler
Which VSE menu option is used to unlock the user
interface?
Tools
Name the 3 places/ways to reset inheritance.
Assigned Policies
Policy Catalog
Client Tasks
What file is used to restore repository list during re-installation
SiteMGR.xml
What is the name of the ePO query and reporting system?
Query Building Wizard
What are the 4 tabs of the query builder?
All, Private Groups, Shared Groups, Public Groups
What file in the /…/server/conf directory needs to be modified to change the default timeout?
Web.xml
Name these default ports.
- 389
- 636
- 445
389 - LDAP Server Port
636 - SSL LDAP
445 - SMB Windows Domain Controller
Name these default ports:
- 8081
- 8082
8081 - Agent Wake Up
8082 - Agent Broadcast - Superagents use this
What are the order of events for ePO fresh install?
- Creat 2nd admin
- Registered Servers
- Server settings
- System Tree
- Software Manager
- Client Tasks
- Master Repo
- Server Tasks
- Contacts
- Automatic response
- Deploy agents
Name these default ports.
- 1433
- 1434
- 1433 SQL TCP
- 1434 SQL UDP
What are the 3 default permission sets other than
Executive Reviewer?
Global Reviewer
Group Admin
Group Reviewer
When using CmdAgent.exe from the command line, what do the following options do?
- /p?
- /e?
/ p - Collect and send properties
/ e - Enforce policies locally
Where are install logs?
% temp%\McAfeelogs
How are products broken down?
By categories
How are the policies broken down?
By tabs
What file contains the list of disabled event ids
Evtfilter.ini
Name 2 valid deployment types (packages)
Agent language pack
ExtraDAT pack
What is the only available dashboard in a bare ePO install?
ePO Summary
When is SQL database is Agent gathered system information stored?
ePO Computer properties
What is the ePO standard log level?
7
Name two functions framework service is responsible for.
Enforce policies
Collect and send system properties
What is the ePO Debug log level?
8
What options exist when scheduling a client task?
(Row headers on left side)
- Scheduling status
- Schedule type
- Effective Period
- Start Time
- Task runs according to
- Options
When creating a custom dashboard and specifying the “Size:”, what is the minimum and maximum layout
that can be defined?
A. 1x2,6x4
B. 1x2, 5x5
C. 1x2, 5x4
D. 2x3,6x4
A. 1x2,6x4
Criteria-based tags can be created using:
A. Task settings.
B. System Properties.
C. Product Properties.
D. Policy settings.
B. System Properties.
What option should be selected in the SQL maintenance plan rebuild index?
A. Reorganize the pages with the default amount of free space
B. Change free space per page percentage to
C. Sort results in tempdb
D. Keep index online while reindexing
Answer: B
Which of the following needs to be enabled to successfully deploy an Agent from the ePO server?
(Choose three)
A. Framework service
B. Remote Registry service
C. File and Printer Sharing
D. Admin$share
E. C$share
Answer: B, C, D
Under the Access Protection policy which of the following is a User-defined Rule?
A. Registry Blocking
B. Prevent FTP communication
C. Prevent McAfee Services from being stopped
D. Block read and write access to all shares
Answer: A
Q102
Under the Access Protection policy which of the following is a User-defined Rule?
A. Registry Blocking
B. Prevent FTP communication
C. Prevent McAfee Services from being stopped
D. Block read and write access to all shares
Answer: A
Which of the following is the best formula to use to calculate the size of the database?
A. Installed database size + (number of clients x client system size) ¡Â (number of events generated x
event size)
B. Installed database size + (number of clients I client system size) + (number of events generated I event
size)
C. Installed database size I (number of clients - client system size) + (number of events generated
- event size)
D. Installed database size x (number of client + client system size) + (number of events generated ¡ª
event size)
Answer: A
If it takes 90 seconds to accomplish an on-demand scan with the CPU utilization set at 90%, if the CPU
utilization is set for 30% it will take how many seconds?
A. 180
B. 270
C. 360
D. 450
Answer: B
Which of the following are result types in the query builder used by Multi-Server Rollup Querying?
(Choose three)
A. Rolled-up Threat Events
B. Rolled-up RSD Detections
C. Rolled-up Managed Systems
D. Rolled-up Applied Policies
E. Rolled-up Audit Log
Answer: A,C,D
Which of the following formats can query results be exported into? (Choose two)
A. CSV
B. TXT
C. PDF
D. DOC
E. SQL
Answer: A,C
What information is required during an ePO clustered installation? (Choose three)
A. Virtual server IP address
B. Virtual server mac address
C. Virtual server name
D. Virtual server DNS name
E. Virtual server communications port
Answer: A,C,D
The first action when creating a query using the Query Wizard is choosing a:
A. resulttype
B. charttype
C. feature group
D. filter set
Answer: A
When the sorting criteria overlaps two groups, the system will sort into the group dependent on:
A. Order
B. Tag
C. AgentGUID
D. MAC
Answer: A
The replication types used in updating distributed repositories are:
A. full and incremental
B. all repositories and selected repositories
C. incremental and all repositories
D. full and all repositories
Answer: A
The option available for the McAfee Default Policy is?
A. Rename
B. Duplicate
C. Edit
D. Delete
Answer: B
What is the Rogue System Detection policy for Sensor’s detected system cache life time in seconds?
A. 300
B. 600
C. 1800
D. 3600
Answer: A
Which of the following can be configured as Server Tasks? (Choose three)
A. Purge Event logs
B. Event Filtering
C. RollUp Data
D. Run Tag Criteria
E. Deployment Task
Answer: A,C,D
What additional scan item is added when the Anti-Spyware module is installed?
A. Running processes
B. Home folder
C. Registered Files
D. Recycle bin
Answer: C
When importing a policy the file type is?
A. CSV
B. PDF
C. HTML
D. XML
Answer: D
Which VirusScan component intercepts input/output operations called by the Operating System?
A. Common Shell
B. Access Protection
C. On-Access Scanner
D. Filter Driver
Answer: D
What component needs to be installed in the DMZ to allow external systems to receive appropriate
policies and tasks?
A. Framework
B. Agent Handle
C. Super Agent
D. Repository
Answer: B
Which of the following policy settings would enable an ePO administrator from remotely viewing the Agent
Activity Log using a web browser? (Choose two)
A. Agent Policy optionEnable remote access to log'is checked
B. Accept connection only from ePO server’option is checked
C. `Accept connection only from ePO server’option is unchecked
D. Desktop default firewall policy is enabled
E. IPS default policy is enabled
Answer: A,C
All traffic between Agents and the Handler are signed and verified with what type of key pairs?
A. RSA
B. DSA
C. ASSC
D. 3DES
Answer: C
Answer: C
If a machine is unable to communicate with a repository using the Ping time option, what is the value
assigned to that repository in the sitelist.xml file?
A. 65535
B. 73953
C. 1024
D. 8443
Answer: A
How does Rogue System Detection Sensors detect systems on a network?
A. Port scanning and OS fingerprinting
B. Broadcast messages and DHCP responses
C. Database query and system lookup
D. Automatic Responses and system properties
Answer: B
What important property simplifies policy and task administration?
A. Hierarchy
B. Lock Policy
C. Inheritance
D. Enforcement
Answer: C
Answer: C
In order to protect the ePO keys, which directory on the server is required to be backed up?
A. C: \Program files\mcafee\epolicy orchestrator\DB\software
B. C: \Program files\mcafee\epolicy orchestrator\DB\keystore
C. C:\Program files\mcafee\epolicy orchestrator\a pache2\conf
D. C: \Program files\mcafee\epolicy orchestrator\server\cache
Answer: B
A system is considered an Inactive Agent by the Rogue System Detection Server if it has not reported
back within the last:
A. 20 days
B. 30 days
C. 45 days
D. 60 days
Answer: C
Which file pulled from the server contains the distributed repository list?
A. Sitelist.xml
B. SiteStat.xml
C. Sitemaplist.xml
D. SiteMgr.xml
Answer: A
When a policy is created in the policy catalog the new policy is:
A. Assigned
B. Not assigned
C. Shared
D. Not enforced
Answer: B
Answer: B
Which of the following is the default location for the McAfee Agent configuration files?
A. Common Framework
B. System 32
C. My Documents
D. WindowsTemp
Answer: A
Which command line option is used to uninstall Anti-Spyware?
A. SetupVSE.exe /REMOVE
B. Setup.exe/X
C. Scan32.exe /UninstallMAS
D. Scan32.exe /DELETE
Answer: C
Which of the following options is only available on the Dashboards page?
A. Manage Dashboards
B. New Dashboard
C. Make Active
D. Make Public
Answer: A
Of the following, what is the proper syntax for importing computers into groups using a text file?
A. group1-system1\
B. group1system1
C. group1,system1
D. group1\system1
Answer: D
Who can change the ownership of a policy? (Choose two)
A. Group Admin
B. Global administrator
C. Owner
D. System
E. Root
Answer: B,C
In a disaster recovery situation, what must be completed to recover the ePO server? (Choose two)
A. Re-deploy VirusScan
B. Re-deploy the Agents
C. Reinstall extensions
D. Restore Agent Handlers
E. Restore the database
Answer: C,E
One or more permission sets can be assigned to any users who are not global administrators.
Which of the following default permission sets can be assigned to users? (Choose three)
A. Global Administrator
B. Executive Administrator
C. Group Admin
D. Group Reviewer
E. Custom Administrator
Answer: A,C,D
A rogue system is a machine that:
A. does not match a white list.
B. does not have the McAfee Agent installed.
C. does not have McAfee VirusScan installed.
D. does not have an Agent handler.
Answer: B
What feature provides the capability to group machines logically and, where necessary, set alternative
policy and change inheritance settings?
A. AD Sync
B. System Tree
C. Policy Catalog
D. Softing Criteria
Answer: B
System tree synchronization can be configured according to which connectors? (Choose two)
A. Open LDAP
B. NTDomain
C. eDirectory
D. Active Directory
E. Novell
Answer: B,D
Which of the following formats are available for exporting data? (Choose three)
A. DOC
B. CSV
C. XML
D. XLS
E. HTML
Answer: B,C,E
Which of the following criteria are applicable when configuring Agent Handler assignments? (Choose
three)
A. Agent IP Address
B. System Tree Location
C. Agent NetBIOS Name
D. FQDN/DNS Name
E. Agent Subnet
Answer: A,B,E
System properties are directly helpful for when creating which of the following? (Choose two)
A. Criteria-based tags
B. Server tasks
C. Client tasks
D. Assigned policies
E. Creating queries
Answer: A,E
Extensions that are installed into the ePO server are in what file format?
A. .zip
B. .nap
C. .rar
D. .jar
Answer: A
Which of the following is a valid path for creating a SuperAgent repository?
A. C:\Program Files
B. C:\McAfee
C. C:\McAfee\software
D. C:\SuperAgent
Answer: C
Which of the following servers can be designated as registered? (Choose two)
A. LDAP
B. DHCP
C. NTLM
D. SNMP
E. SMTP
Answer: A,D
What feature can monitor battery state and full screen awareness?
A. On-Demand Scan
B. On-Access Scanner
C. Update Task
D. Access Protection
Answer: A
What is required to run ePO in a high availability environment on two or more servers?
A. Local SQL Server
B. Microsoft Cluster Server (MSCS)
C. Veritas Cluster Server (VCS)
D. Agent handler
Answer: B
How are policy settings grouped within products?
A. Product
B. Category
C. Assignment
D. Name
Answer: B
What feature gathers Managed System and Compliance Information from remote ePO servers and allows
reports to be run against the data?
A. Rolled-up Managed Systems
B. Multi-Server Roll-up Reporting
C. Rolled-up Compliance history
D. Multi-Server Summary Reporting
Answer: B
What is the name of ePO’s reporting wizard?
A. Crystal Reports
B. ePO Queries
C. System Report
D. Query Builder
Answer: D
Which VirusScan components can be configured for the Artemis Heuristics detection? (Choose two)
A. On-Delivery Email Scanner
B. Access Protection
C. On-Access Scanner
D. Unwanted Programs Policy
E. Buffer Overflow Protection
Answer: A,C
An ePO administrator is trying to update the Sitelist.xml file for an existing McAfee Agent to point to a
different ePO server. Which command should be used?
A. Frminst.exe /install=agent /siteinfo=”C:\Sitelist.xml”
B. Frminst.exe /install=agent /forceinstall /siteinfo=”C:\Sitelist.xml”
C. Frminst.exe /install=updater /siteinfo=”C:\Sitelist.xml”
D. Frminst.exe /install=agent /SITELIST=”c:\Sitelist.xml”
Answer: A
What task can be configured to copy the contents of one distributed repository into another distributed
repository which is outside of the normal replication process?
A. Update Task
B. Mirror Task
C. On-Demand Scan Task
D. AutoUpdate Task
Answer: B
Which of the following options are required to share policies between ePO servers? (Choose three)
A. Designate the policy
B. Register the server
C. Duplicate the policy
D. Assign the policy
E. Schedule a server task
Answer: A,B,E
All Dashboards, other than the default, are owned by what user?
A. Executive Admin
B. Group Admin
C. Executive Reviewer
D. Global Administrator
Answer: D
What component is composed of the following high-level scanners; AntiVirus Scanner, Buffer Overflow
protection, On -Access Scanner, and Access Protection?
A. McShielcj.exe
B. Mcconsol,exe
C. Common Shell
D. Filter Driver
Answer: A
Which of the following is a file system filter driver?
A. Mfeapfk.sys
B. Mfeavfk.sys
C. Mfebopk.sys
D. Mfehidk.sys
Answer: B
Which of the following are valid permissions for query functions? (Choose two)
A. Use private queries
B. No permissions
C. Create and edit personal queries
D. Edit private queries
E. Make public queries private
Answer: B,C
What is the maximum number of days that can be set in the VirusScan option “Number of days to keep
back-up data in the quarantine directory”?
A. 30
B. 90
C. 365
D. 999
Answer: D
What files are automatically downloaded from the McAfee source repositories with a pull task? (Choose
two)
A. Service Packs
B. Patches
C. DATs
D. Product Updates
E. Potential Unwanted Programs
Answer: C,E
Which ePO service manages Agent communication?
A Event Parser
B Framework service
C Tomcat
D Apache
D Apache
A registered LDAP server is used with which of the following authentication types?
A SQL authentication
B Windows authentication
C Certificate based authentication
D ePO authentication
B Windows authentication
Which of the following is true regarding Disaster Recovery?
A Database administrator rights are required to change the Keystore encryption passphrase.
B The Keystore encryption passphrase is used to encrypt and decrypt the sensitive information stored in the server.
C Disaster Recovery is enabled by default for all database types.
D The previous passphrase is required to change the Keystore encryption passphrase.
B The Keystore encryption passphrase is used to encrypt and decrypt the sensitive information stored in the server.
Assignment locking prevents:
A Changes to the policy at the parent.
B Changes to client tasks.
C Changes to inheritance.
D Changes by users.
C Changes to inheritance.
What task can be configured to copy the contents of one distributed repository into another?
A Firewall Rule
B Firewall Group
C Firewall Options
D Firewall Catalogs
B Firewall Group
Policies can be imported into ePO using which file type?
A CSV
B PDF
C HTML
D XML
D XML
If a policy assigned to the “My Organization” group is deleted, what policy is assigned it its place?
A McAfee Default
B Parent Group
C My Default
D Global Group
A McAfee Default
How can an ePolicy Orchestrator administrator manage assets in a network broadcast segment that cannot communicate
directly with the ePolicy Orchestrator server?
A Enable peer-to-peer communication
B Convert the agents to super agents
C Utilize and Agent Deployment URL
D Configure an agent relay server
D Configure an agent relay server
What is the purpose of installing the McAfee Agent in VDI mode?
A VDI mode is used to avoid duplicate GUIDs in virtual environments with non-persistent virtual machines
B VDI mode prevents the inadvertent installation of point products that are not compatible with virtual clients
C VDI mode is used to store administrative credentials so that the Agent can be reinstalled if the virtual machine is
reprovisioned
D VDI mode is used to provide virtual machines on the same cluster as a source to pull updates in order to save bandwidth
A VDI mode is used to avoid duplicate GUIDs in virtual environments with non-persistent virtual machines
What important System Tree property simplifies policy and task administration?
A Hierarchy
B Lock Policy
C Inheritance
D Enforcement
C Inheritance
When configuring Active Directory synchronization, exceptions can be created for which of the following?
A Organizational Units
B Security Groups
C Domain Groups
D Users
A Organizational Units
When a group has four sorting criteria assigned, the system will be placed into the group when it meets how many of the conditions
A One
B Two
C Three
D Four
A One
