ePolicy Orchestrator - MA0-100 - Current Flashcards
Which of the following uses a proprietary SPIPE protocol to encapsulate unsecured HTPP traffic?
A. PA Agent
B. HIPS Agent
C. DLP Agent
D. McAfee Agent
Answer: D
D. McAfee Agent
Which of the following is a core architecture component of ePO?
A. Internet Explorer
B. Event Parser
C. SuperAgent
D. SQL Server
Answer: B
B. Event Parser
What option can be configured in the On-Access General Policy that is not an option in the local VirusScan console?
A. Boot sectors
B. Floppy during shutdown
C. Enable on-access scanning at system startup
D. Enable on-access scanning when the policy is enforced
Answer: D
D. Enable on-access scanning when the policy is enforced
Which of the following system properties does the ePO server write to the database? Select the three that apply.
A. Total disk space
B. Total physical memory
C. Last communication
D. VirusScan version
E. McAfee agent version
Answer: A, B, C
A. Total disk space
B. Total physical memory
C. Last communication
To ensure that a Rogue System Detection Sensor is not installed on a managed system, what action needs to be performed?
A. Add the system to the Exception List
B. Add the system to the Blacklist
C. Add the system as Ignored
D. Add the system as Managed
Answer: B
B. Add the system to the Blacklist
The ePO server uses which format to write to the database tables?
A. Extensible Configuration Checklist Description Format (XCCDF)
B. Common Events Format (CEF)
C. Security Content Automation Protocol Format (SCAP)
D. Data Access Layer (DAL)
Answer: B
B. Common Events Format (CEF)
When configuring a Synchronization Type for a group within the System Tree which of the following is a valid choice? Select the three that apply.
A. Leave systems in their current system tree location only.
B. Add systems to the synchronized group and leave them in the current system tree location only
C. Add systems to the synchronized group and delete duplicate entries
D. Add systems to the synchronized group and mark duplicate entries
E. Move systems from their current system tree location to the synchronized group
Answer: A, B, D
A. Leave systems in their current system tree location only.
B. Add systems to the synchronized group and leave them in the current system tree location only
D. Add systems to the synchronized group and mark duplicate entries
Which of the following are examples of default column headers on the Server Task area of the interface? Selecty the two that apply.
A. Description
B. Duration
C. Name
D. Source
E. Status
Answer: C, E
C. Name
E. Status
Which options must be selected when creating a maintenance plan for the SQL Database? Select the three that apply.
A. Shrink Database
B. Check Database Integrity
C. Rebuild Index
D. Clean Up History
E. Back up Database
Answer: B, C, E
B. Check Database Integrity
C. Rebuild Index
E. Back up Database
If you specify the McAfee Agent Policy to collect only minimal properties, the agent collects only which of the following? Select the the two that apply.
A. Installed software information
B. DAT file version number
C. Processor speed
D. Installation path
E. Operation system
Answer: B, D
B. DAT file version number
D. Installation path
What is the default number of sensors that will be active per subnet?
A. 1
B. 2
C. 3
D. 4
Answer: B
B. 2
A Subnet that has a Rogue System Detection Sensor installed is
A. active
B. inactive
C. uncovered
D. covered
Answer: D
D. covered
Which of the following are valid server tasks for updating the ePO repositories ? Select the two that apply.
A. Repository pull
B. Update
C. Repository replication
D. Mirror
E. Product deployment
Answer: A, C
A. Repository pull
C. Repository replication
Which of the following is used to create policy? Select the two that apply.
A. Copy
B. Duplicate
C. Clone
D. New Policy
E. Save As
Answer: B, D
B. Duplicate
D. New Policy
What options are available to the administrator when creating a client task to limit the systems that receive the task?
A. Tasks can only be assigned globally
B. Tasks can only be assigned to a specific group
C. Task can be configured with defined criteria
D. Task can be enabled when the desired systems are online.
Answer: C
C. Task can be configured with defined criteria
Deployment packages that are checked into the ePO server have which of the following file extension?
A. .arc
B. .rar
C. .zip
D. .jar
Answer: C
C. .zip
When creating a new query, what is the function title used to limit the resulting output?
A. Result type
B. Chart
C. Filter
D. Columns
Answer: C
C. Filter
Which of the following types of distributed repositories is supported by ePO?
A. HTTP
B. FTP
C.UNC
D.DHCP
E. LDAP
Answer: A, B, C
A. HTTP
B. FTP
C. UNC
If a policy that is assigned to the My Organization group is deleted, what policy is assigned in its place?
A. McAfee Default
B. Parent Group
C. My Default
D. Global Root
Answer: A
A. McAfee Default
When running a Run Tag Criteria server task and the box for Reset manually tagged and excluded systems box is checked, this would
A. Include both systems that match and don’t match
B. remove the tag on systems that do match the criteria.
C. add the tag on systems that don’t match the criteria
D. remove the tag on systems that don’t match the criteria
Answer: D
D. remove the tag on systems that don’t match the criteria
Which of the following server services is responsible for communication with the McAfee Agent?
A. Apache
B. Tomcat
C. SQL
D. Event Parser
Answer: A
A. Apache
Which of the following are valid Server Task Sub-Actions that can be selected from a result of a query? Select the three that apply.
A. Install Point Products
B. Assign Policy
C. Move Systems to another Group
D. Email File
E. Remove Point Products
Answer: B, C, D
B. Assign Policy
C. Move Systems to another Group
D. Email File
Which of the following should be the primary consideration when deploying Agent Handlers?
A. Database increasing in size
B. Log files increasing in size
C. Memory and resource allocation
D. High speed and low latency connection
Answer: D
D. High speed and low latency connection
When creating a permission set, which of the following users are automatically assigned? Select the two that apply.
A. Admin
B. Group Admin
C. System
D. Global Administrator
Answer: A, C
A. Admin
C. System
Which of the following are used to update the master repository on a regular basis?
A. Automatic Response
B. Client Task
C. Server Task
D. Server Settings
Answer: C
C. Server Task
Query results are displayed within ePO in what form?
Select the two that apply.
A. PDF
B. Charts
C. XML
D. Tables
E. TXT
Answer: B, D
B. Charts
D. Tables
What port is used to access the McAfee Agent Activity Log from a remote machine?
A. 80
B. 443
C. 8081
D. 8082
Answer: C
C. 8081
What default port is used for Rogue System Detection
Sensors for communication to he ePO server?
A. 8081
B. 8082
C. 8443
D. 8444
Answer: D
D. 8444
What is used to configure the SQL server to drop the transaction logs once a checkpoint is complete?
A. Full
B. Simple
C. Bulk-Logged
D. Recovery
Answer: B
B. Simple
To remove computers from ePO using the Active Synchronization task, it is required that the account has access to the
A. deleted computers.
B. deleted Objects container.
C. Organizational Unit.
D. Active Directory.
Answer: D
D. Active Directory.
When configuring Product Deployment Client Tasks, the Enable randomization setting should be activated when managed client nodes exceed.
A. 100
B. 500
C. 750
D. 1000
Answer: D
D. 1000
Where in the ePO Database is ePO Agent gathered system information stored?
A. epocomputerproperties
B. epobranc
C. epoleafnode
D. epoproductproperties
Answer: A
A. epocomputerproperties
What location is used to change the deafult Dashboard for new ePO Console users?
A. Personal Settings
B. Permission Sets
C. Contacts
D. Server Settings
Answer: D
D. Server Settings
When configuring the Active Directory settings, exceptions can include which of the following?
A. Organizational Units
B. Computers
C. Domain Groups
D. Users
Answer: A
A. Organizational Units
Which of the following is the correct order for creating a query?
A. Configure Chart, choose Columns, select Result Type, apply Filter
B. Select Result Type, choose Columns, configure Chart, apply Filter
C. Configure Chart, select Result Type, choose Columns, apply Filter
D. Select Result Type, configure Chart, choose Columns, apply Filter
Answer: D
D. Select Result Type, configure Chart, choose Columns, apply Filter
Which of the following cannot be completed within the Policy Catalog?
A. Edit
B. Rename
C. Duplicate
D. Assign
Answer: D
D. Assign
Which of the following can NOT be placed into a dashboard?
A. Boolean pie chart
B. Multi-group summary table
C. Single-group summary table
D. Table
Answer: D
D. Table
When a policy is locked, it prevents modification of the
A. policy
B. assignment
C. system tree
D. sub groups
Answer: B
B. assignment
Which of the following are valid deployment package types? Select the two that apply.
A. Catalog.z
B. Agent Language pack
C. Extradat
D. Artemis pack
E. ePOMain
Answer: B, C
B. Agent Language pack
C. Extradat
Private queries are available to
A. the creator
B. GlobalAdministrators
C. administrators who have permission
D. Group Administrators
Answer: A
A. the creator
Which of the following steps are needed for Policy Sharing? Select the three that apply.
A. Register the remote ePO servers
B. Share the individual policies
C. Configure Server Task
D. Enable Global Updating
E. Share default policies
Answer: A, B, C
A. Register the remote ePO servers
B. Share the individual policies
C. Configure Server Task
What detail property includes the local Time Zone value of a managed machine?
A. VirusScan Enterprise Properties
B. McAfee Agent Properties
C. Host Intrusion Preventions Properties
D. System information Properties
Answer: D
D. System information Properties
Which of the following Lost&Found group characteristics can be modified?
A. Group Name
B. Sorting Criteria
C. Sorting Criteria for subgroups
D. Tree location
Answer: C
C. Sorting Criteria for subgroups
Which component controls the scheduled tasks and communicates with the common agent?
A. Task Manager
B. McShield
C. Framework Service
D. Scan32.exe
Answer: C
C. Framework Service
Which VirusScan policy configures the option Allow this system to make remote console connections to other systems?
A. User interface
B. On-Access Scanner
C. Quarantine Manager
D. Unwanted Programs
Answer: A
A. User interface
When backing up an ePO server, which of the following security keys is required to restore agent server communication?
A. Local Master Repository Communication
B. Agent Server Secure Communication
C. Legacy Agent Server Communication
D. McAfee SIA Repository Communication
Answer: B
B. Agent Server Secure Communication
Why would a managed system appear in the Lost & Found group?
A. No matching criteria were found
B. Matched sorting criteria were found
C. Inactive Agent
D. Rogue Agent
Answer: A
A. No matching criteria were found
An RSD Sensor has been deployed from the ePO console. However, it has not reported back. Which of the following is the most likely cause? Select the three that apply.
A. The sensor is unable to resolve the IP address for ePO
B. The sensor is blacklisted
C. Deployment of the sensor failed
D. Sensor service is disabled after installation
E. The sensor is an exception
Answer: A, C, D
A. The sensor is unable to resolve the IP address for ePO
C. Deployment of the sensor failed
D. Sensor service is disabled after installation
Which of the following are example of client tasks? Select the three that apply.
A. Agent Wakeup
B. Product Update
C. Repository pull
D. Mirror Repositories
E. Event Migration
Answer: A, B, D
A. Agent Wakeup
B. Product Update
D. Mirror Repositories
Which of the following options are available from ePO Server settings? Select the three that apply.
A. Ports
B. Global Updating
C. Event Migration
D. Active Directory Synchronization
E. Email Server
Answer: A, B, E
A. Ports
B. Global Updating
E. Email Server
Which two items are modified on the Full Scan Task when installing the anti-Spyware module? Select the two that apply.
A. Registry
B. Cookies
C. Running Process
D. Recycle bin
E. Memory for Rootkits
Answer: A, B
A. Registry
B. Cookies
What VirusScan Menu option is used to unlock the User Interface?
A. Task
B. Edit
C. View
D. Tools
Answer: D
D. Tools
Which policies can be configured to record the Session settings for reporting? Select the two that apply.
A. On-delivery email Scan Policies
B. On-Access Default Processes Policies
C. On-Access General Policies
D. Quarantine Manager Policies
Answer: A, C
A. On-delivery email Scan Policies
C. On-Access General Policies
What function is disabled for the default ePO Summary dashboard?
A. Edit
B. Delete
C. Make active
D. Make public
Answer: D
D. Make public
When opening an existing policy, the policy settings are organized across.
A. interfaces
B. tabs
C. screens
D. columns
Answer: B
B. tabs
An administrator can configure a query to run a scheduled sub-action to do which of the following?
A. Resort Systems
B. Create Tag
C. Move Systems to Another Group
D. Clear Policy
E. Add to Rogue Systems
Answer: A, C
A. Resort Systems
C. Move Systems to Another Group
Product deployment packages are checked into what repository?
A. Distributed
B. Master
C. Fallback
D. Source
Answer: B
B. Master
Which of the following are ePO Server Maintenance
tasks? Select the two that apply.
A. Master Repository Update Failed
B. Purge Repository tasks
C. Update sensor deployment
D. Product License Usage
E. Query New Rogue Detection
Answer: C, D
C. Update sensor deployment
D. Product License Usage
What Artemis sensitivity level is selected to protect systems or areas that are regularly infected?
A. Low
B. Medium
C. High
D. Very High
Answer: C
C. High
Which of the following services is related to Super Agents?
A. Framework
B. Application Server
C. Event Parser
D. Tomcat
Answer: A
A. Framework
What utility is used to create a custom VirusScan installation package that contains updated DAT and engine files?
A. Deployment task
B. Manual install
C. Installation Designer
D. MSI installer
Answer: C
C. Installation Designer
Which of the following options are available when right clicking a file and selecting Scan for threats? Select the two that apply.
A. Clean
B. Delete
C. Continue
D. Prompt for action
E. Continue scanning
Answer: A, C
A. Clean
C. Continue
Which of the following ports need to be open on the Firewall for an Agent Handler to communicate with ePO and database server (s) inside of a network? Select the two that apply.
A. Port 80
B. Port 1433
C. Port 8082
D. Port 8081
E. Port 8445
Answer: A, B
A. Port 80
B. Port 1433
Which of the following are available within the Policy Catalog? Select the three that apply.
A. Share
B. Duplicate
C. Assign
D. View
E. Lock
Answer: A, B, D
A. Share
B. Duplicate
D. View
When a policy is deleted, all systems for which it is currently applied to will inherit which policy?
A. McAfee Default
B. Parent Group
C. My Default
D. Global Root
Answer: B
B. Parent Group
A rogue/alien Agent is a system that
A. has not reported back to ePO in the last 30 days.
B. does not have a McAfee Agent installed.
C. has the Agent Component disabled.
D. is reporting to a different ePO Server
Answer: D
D. is reporting to a different ePO Server
Which of the following is a default permission set?
A. Executive Previewer
B. Site Administrator
C. Site Reviewer
D. Group Reviewer
Answer: D
D. Group Reviewer
What file contains the list of disabled event ids?
A. EventFilter.cfg
B. EventFilter.ini
C. Evtfiltr.ini
D. Server.ini
Answer: C
C. Evtfiltr.ini
Which of the following Server Services is responsible for Automatic Responses?
A. Event Parser
B. Framework service
C. Tomcat
D. Apache
Answer: C
C. Tomcat
Which of the following is an available default notification rule?
A. Daily known category notification
B. Virus detected and not removed
C. Virus detected and removed
D. Non-compliant computer detected
Answer: D
D. Non-compliant computer detected
What Artemis sensitivity level is selected when the regular risk of exposure to malware is greater than the risk of a false positive?
A. Low
B. Medium
C. High
D. Very High
Answer: B
B. Medium
Within the Server Services, which component manages events, Group management, Tag management, and Agent sorting?
A. Event Parser
B. Framework service
C. Tomcat
D. Apache
Answer: D
D. Apache
What scheduling options are available when setting up a Product Deployment Task? Select the three that apply.
A. Enable Randomization
B. Stop the task if it runs for a specified amount of time.
C. Run at every policy enforcement
D. Defer scan when using battery power
E. Run missed task at a specified time delay
Answer: A, B, E
A. Enable Randomization
B. Stop the task if it runs for a specified amount of time.
E. Run missed task at a specified time delay
What protocol is used for secure communication between the McAfee Agent and server?
A. IPSEC
B. SPIPE
C. SFTP
D. HTTP
Answer: B
B. SPIPE
Policy catalogue pages are added to the ePO server by what function?
A. Adding a package to the Master Repository
B. Installing an extension to ePO server
C. Registering a new server configuration
D. Executing the appropriate pacakagecheckin.exe for that point product
Answer: B
B. Installing an extension to ePO server
An ePO server needs to have a dedicated SQL
Server when managing more than
A. 1,000 nodes.
B. 5,000 nodes
C. 10,000 nodes.
D. 20,000 nodes
Answer: B
B. 5,000 nodes
When an on-demand scan starts, the feature takes
CPU and IO samples over the first
A. 20 seconds
B. 30 seconds
C. 40 seconds
D. 50 seconds
Answer: B
B. 30 seconds
When managing tags what is NOT available in the System Tree?
A. Clear Tag
B. Exclude Tag
C. Apply Tag
D. New Tag
Answer: D
D. New Tag
When performing the On-Demand scan, what System utilization settings are affected?
A. Cookie
B. Registry
C. Encrypted files
D. Targeted files
Answer: D
D. Targeted files
Which of the following are methods that can be used to access System Information? Select the two that apply.
A. Open the computer property query under reports
B. Click a computer in the system tree
C. Select computer properties under system actions
D. Open a query and then click a computer in the report
Answer: B, D
B. Click a computer in the system tree
D. Open a query and then click a computer in the report
Which of the following is a supported browser on Windows for ePO?
Select the three that apply?
A. Internet Explorer
B. Firefox
C. Safari
D. Chrome
E. Opera
Answer: A, B, D
A. Internet Explorer
B. Firefox
D. Chrome
Comment:
If the exam asks for two, then it may be referring to an older release. If so, then select A and B
Notes from KB51569 as of 4/9/2017 :
Browser/ePO 5.1/ePO 5.3/ePO 5.9
Safari 6.0 and later (on Mac OS X)/Yes/Yes/Yes
Chrome 17 and later/Yes/Yes/Yes
Edge/No**/No**/Yes (** as of 11/16/2016 KB85265 states ePolicy Orchestrator does not currently support the Microsoft Edge browser that will ship with Windows 10. Support for this browser is planned for a future release.)
Internet Explorer 9.0 and later/Yes/Yes/Yes
Mozilla Firefox 10.0 and later/Yes/Yes/Yes
After a query has been completed, additional actions can be taken on the
A. lower right hand corner of page
B. lower left hand corner of page
C. upper right hand corner of page
D. upper left hand corner of page
Answer: B
B. lower left hand corner of page
Which of the following methods can be used to add systems to groups within the system tree? Select the three that apply.
A. Login scripts
B. Importing AD Containers
C. Import using a text file
D. Importing AD systems
E. Rogue system detections
Answer: B, C, D
B. Importing AD Containers
C. Import using a text file
D. Importing AD systems
Which areas of the console allow the resetting of inheritance? Select the three that apply.
A. Assigned
B. Policy Catalog
C. Group Details
D. Systems
E. Client Tasks
Answer: A, B, E
A. Assigned
B. Policy Catalog
E. Client Tasks
Which of the following command line options for the cmdagent.exe will check for new policies and enforces them immediately upon receipt?
A. /N
B. /P
C. /C
D. /E
Answer: C
C. /C
When creating a Run Query Server Task, which sub-actions can be selected to allow the system to automatically act upon the results of a query? Select the three that apply.
A. Apply tag
B. Delete system
C. Create group
D. Export to file
E. Send snmp trap
Answer: A, B, D
A. Apply tag
B. Delete system
D. Export to file
Agent Handlers are used to:
A. replace distributed repositories
B. ensure agents receive policies, tasks, and product updates.
C. fix a broken network segment
D. identify Rogue Systems on the network
Answer: B
B. ensure agents receive policies, tasks, and product updates.
What is the only Dashboard that is active by default?
A. RSD Summary
B. Executive Dashboard
C. HIP Dashboard
D. ePO Summary
Answer: D
D. ePO Summary
When a group has four sorting criteria assigned, the system will be placed into the group when it meets how many of the conditions?
A. One
B. Two
C. Three
D. Four
Answer: A
A. One
What is the maximum amount of time in seconds that can be configured for ping timeout in the McAfee Agent Policy?
A. 15
B. 30
C. 60
D. 90
Answer: C
C. 60
Which settings are preserved when installing VirusScan on a computer that had a previous version installed? Select three that Apply.
A. Help files
B. Scanning Engine
C. Detection definition file
D. Log file names and locations
E. Registry Keys containing product versions
Answer: B, C, D
B. Scanning Engine
C. Detection definition file
D. Log file names and locations
Which file found in the \Program Files\McAfee\ePolicy Orchestrator\Server\conf directory needs to be modified to change the default ePO Console session timeout.
A. server.xml
B. web.xml
C. tomcat-users.xml
D. context.xml
Answer: B
B. web.xml
How many managed machines are required before it is recommended to use a dedicated ePO server?
A. 50
B. 500
C. 5000
D. 50000
Answer: C
C. 5000
Framework Service is responsible for which of the following functions? Select the two that apply
A. Schedule Server Tasks
B. Enforce Policies
C. Collect and Send system Properties
D. Scan for threats and vulnerabilities
E. Policy throttling
Answer: B, C
B. Enforce Policies
C. Collect and Send system Properties
McAfee ePO server listens on Port 8443 for connection to the administrative console. The Apache service port listens is on which of the following default ports?
A. 80, 8081
B. 8081, 8443
C. 80, 443
D. 8444, 1433
Answer: C
C. 80, 443
When computers check into the System Tree, subgroups are considered for matching criteria according to
A. criteria
B. tag
C. sorting order
D. IP filtering
Answer: C
C. sorting order
What tag options are available in the system tree?
Answer:
- Clear tag
- Exclude
- Apply tag
What two users are automatically added to newly created permission sets?
Answer:
- Admin
- System
When a subgroup’s policy is deleted, which policy will it inherit?
Answer:
- Parent Group
What actions are available from the Policy Catalog?
(Actions column on the far right)
Answer:
- Rename
- Duplicate
- Delete
- Export
- Share
- View
What options exist when creating a Product Deployment Client Task? (Row headers on the column on the left)
Answer:
- Type of Deployment (continues or fixed)
- Select Software
- Select Systems
- Select Start Time
Name the 5 client tasks categories for McAfee Agent.
Answer:
- McAfee Agent Statistics
- McAfee Agent Wakeup
- Mirror Repositories
- Product Deployment
- Product Update
What 2 options are available in the popup after right clicking a file & selecting “Scan for threats”?
Answer:
- Clean and continue
In what VSE policies is the ability to set log file sites?
Answer:
- Access Protection
- BOF
- On-Access General
- On-Delivery Email Scans
Name 2 policies that can be configured to record Session settings for reporting?
Answer:
- On-Delivery Email Scan
- On-Access General Policies
Where are the server logs installed?
Answer:
- Install directory org
- \DB\logs
- \Server\logs
Notes:
According to McAfee KB81641
ePO is comprised of three server-side services and a Microsoft SQL database, each of which serves a different purpose:
The Application Server service (or Tomcat) is responsible for displaying the ePO console GUI.
The Event Parser service takes events uploaded from clients in the environment and parses them into the SQL database.
The Server service (or Apache) processes and receives all Agent-to-Server communication in the environment.
The following are the primary log locations for these services:
Application Server service (Tomcat): orion.log or orion_servername.log located in:
…\server\logs\
Event Parser service: eventparser.log or eventparser_servername.log located in:
…\db\logs\
Server service (Apache): server.log or server\_servername.log located in: ...\\db\logs\
What are the 7 default server tasks column headings?
Answer:
- Name
- Status
- Type
- Schedule
- Next Run
- Last Run
- Actions
What are 3 settings that are preserved when upgrading VSE?
Answer:
- Scan Engine
- Detection definitions files (DAT)
- Log file names & locations
What is the order for creating a query?
Answer:
- Select results type
- Configure chart
- Choose columns
- Apply filter
What detail property includes the Local Time Zone value of a managed machine?
A. Virus Scan Enterprise properties
B. McAfee Agent properties
C. Host Intrusion Prevention properties
D. System Information properties
Answer: D
D. System Information properties
What 3 options are available when scheduling a product deployment task to run daily?
(last box at the bottom of the page)
Answer:
- Enable Randomization
- Stop the task if it runs for specified time
- Run missed task at specified time delay
What McAfee Agent Policy allows configuration for enabling remote access to the Agent - (computer) XML log file?
Answer:
- It is the logging tab in the general policy
Where do you set the default dashboards for users?
Answer:
- Server Settings
Name 3 reasons why a RSD Sensor hasn’t reported back after deployment.
Answer:
- Unable to resolve IP address
- Deployment failed
- Sensor service is disabled after installed
Where can you enable system tree sorting?
Answer:
- Server settings
What are the 2 sync types in a system tree?
Answer:
- NT Domain
- Active Directory
McAfee Agent push install to client machines relies on access to the ______ share
Answer:
Admin$
What are the two types of replication for distributed repositories?
Answer:
- Full
- Incremental
Name the VSE policies
Answer:
- Access protection
- Alert
- Buffer Overflow Protection
- General Options
- On-Access Default Processes
- On-Access General
- On-Acess High-Risk Processes
- On-Acess Low-Risk Processes
- On Delivery Email Scan
- Quarantine Manager
- Unwanted Programs
What is the max timeout, in seconds, to ping an Agent?
Answer:
60 seconds
When configuring AD settings, exceptions can include ____________________.
Answer:
Organizational Units
Name both valid server tasks for updating ePO Repositories
Answer:
- Repository Pull
- Repository Replication
What does the following default port do?
8443
Answer:
8443 - Console-to-application server communication port.
Tomcat (application server) — Console UI
TCP port that the ePO Application Server service uses to allow web browser UI access.
NOTE: See KB66797
What does the following default port do?
8444
Answer:
8444 - Client-to-server authenticated communication port
TCP Port that the Agent Handler uses to communicate with the ePO server to get required information (such as LDAP servers).
NOTE: See KB66797
When creating a VSE Memory Scan what locations do you Scan?
Answer:
- Memory for rootkits
- Running Processes
What locations do you scan when creating a VSE On-Demand Scan?
- Memory for rootkit
- Running Processes
- All local drives
- Registry
Name the purge tasks and the frequency the tasks run.
Answer:
- Audit logs - 6 months
- Client Events - 6 months
- Server Tasks - Threat events, 1 day
- SAE Events - 10 days
What is the Default Dashboard that provides text-based search field?
Answer:
- Quick system search
When creating a VSE Active User Scan, what locations do you scan?
Answer:
- User Profile
- Temp
- Registry
- Registered Files
- Windows folder
When using CmdAgent.exe from the Command line, what do the following options do?
/h
/l
Answer:
/h - List all the switches with their description
/l - Set the location of the log file
See KB article KB52707
When using CmdAgent.exe from the Command line, what do the following options do?
/c
/s
/i
Answer:
/c - Check for new policies. The agent contacts the ePO server for new or updated policies; then enforces them immediately upon receipt.
/s - Display the Agent Monitor
/i - Display McAfee Agent information
See KB article KB52707
What are the 3 types of synchronization available in the system tree (for LDAP)
Answer:
- Leave systems in their current location only
- Add systems to the sync group and leave them in the current location
- Move system tree from their current System Tree location to synchronized group
What are the first 5 sub-actions for a “Run Query” server task? (hint: A-D)
Answer:
A-D
- Apply Tag
- Assign Policy
- Clear Tag
- Delete Systems
- Deploy McAfee Agent
E-M
- Email File
- Exclude Tag
- Export to file
- Generate Compliance event
- Move Systems
R-W
- Resort systems
- Run client task now
- Run External cmd
- Set User properties
- Transfer systems
- Wakeup Agents
Tomcat is responsible for Automatic Responses.
A. True
B. False
Answer:
A. True
What does the Apache server handle do in ePO?
Answer:
Manages Events, Group management, Tag management and Agent sorting.
AKA Agent Handler
Reference: KB81641 - The Server service (or Apache) processes and receives all Agent-to-Server communication in the environment
Which VSE menu option is used to unlock the user interface?
Answer:
- Tools
Name the three places/ways to reset inheritance.
Answer:
- Assigned Policies
- Policy Catalog
- Client Tasks
What file is used to restore repository list during re-installation?
Answer:
- SiteMGR.xml
What is the name of the ePO query and reporting system?
Answer:
- Query Building Wizard
What are the four tabs of the query builder?
Answer:
- All
- Private Groups
- Shared Groups
- Public Groups
What file in the /…/server/conf directory needs to be modified to change the default timeout?
Answer:
- Web.xml
Name these default ports.
- 389
- 636
- 445
Answer:
- 389 - LDAP Server Port
- 636 - SSL LDAP
- 445 - SMB Windows Domain Controller
Name these default ports:
- 8081
- 8082
Answer:
- 8081 - Agent Wake Up
- 8082 - Agent Broadcast - Superagents use this
What are the order of events for an ePO fresh install?
Answer:
- Create 2nd admin
- Registered Servers
- Server settings
- System Tree
- Software Manager
- Client Tasks
- Master Repo
- Server Tasks
- Contacts
- Automatic response
- Deploy agents
Name these default ports.
- 1433
- 1434
Answer:
- 1433 SQL TCP
- 1434 SQL UDP
What are the 3 default permission sets other than Executive Reviewer?
Answer:
- Global Reviewer
- Group Admin
- Group Reviewer
When using CmdAgent.exe from the command line, what do the following options do?
- /p?
- /e?
Answer:
- /p - Collect and send properties
- /e - Enforce policies locally
Where are install logs located?
Answer:
% temp%\McAfeelogs
How are products broken down?
Answer:
By categories
How are the policies broken down?
Answer:
By tabs
What file contains the list of disabled event ids?
Answer:
Evtfilter.ini
Name two valid deployment types (packages)
Answer:
- Agent language pack
- ExtraDAT pack
What is the only available dashboard in a bare ePO install?
Answer:
- ePO Summary
Where is Agent gathered system information stored in the SQL database?
Answer:
- EPOComputerProperties
What is the ePO standard log level?
Answer:
7
The framework service is responsible for which two functions?
Answer:
- Enforce policies
- Collect and send system properties
What is the ePO Debug log level?
Answer:
8
What options exist when scheduling a client task?
(Row headers on left side)
Answer:
- Tasks to Schedule
- Task Actions
- Created at
- Lock task inheritance
- Tags
- Schedule type
- Effective period
- Start time
- Task runs according to
- Options
When creating a custom dashboard and specifying the “Size:”, what is the minimum and maximum layout that can be defined?
A. 1x2, 6x4
B. 1x2, 5x5
C. 1x2, 5x4
D. 2x3,6x4
Answer: A
A. 1x2, 6x4
Criteria-based tags can be created using:
A. Task settings
B. System Properties
C. Product Properties
D. Policy settings
Answer: B
B. System Properties
What option should be selected in the SQL maintenance plan rebuild index?
A. Reorganize the pages with the default amount of free space
B. Change free space per page percentage to:
C. Sort results in tempdb
D. Keep index online while reindexing
Answer: B
B. Change free space per page percentage to:
Which of the following needs to be enabled to successfully deploy an Agent from the ePO server?
(Choose three)
A. Framework service
B. Remote Registry service
C. File and Printer Sharing
D. Admin$share
E. C$share
Answer: B, C, D
B. Remote Registry service
C. File and Printer Sharing
D. Admin$share
Under the Access Protection policy which of the following is a User-defined Rule?
A. Registry Blocking
B. Prevent FTP communication
C. Prevent McAfee Services from being stopped
D. Block read and write access to all shares
Answer: A
A. Registry Blocking
Which of the following is the best formula to use to calculate the size of the database?
A. Installed database size + (number of clients x client system size) + (number of events generated x event size)
B. Installed database size + (number of clients I client system size) + (number of events generated I event size)
C. Installed database size I (number of clients - client system size) + (number of events generated
- event size)
D. Installed database size x (number of clients + client system size) + (number of events generated x event size)
Answer: A
A. Installed database size + (number of clients x client system size) + (number of events generated x event size)
If it takes 90 seconds to accomplish an on-demand scan with the CPU utilization set at 90%, if the CPU utilization is set for 30% how many seconds will it take?
A. 180
B. 270
C. 360
D. 450
Answer: B
B. 270
Which of the following are result types in the query builder used by Multi-Server Rollup Querying?
(Choose three)
A. Rolled-up Threat Events
B. Rolled-up RSD Detections
C. Rolled-up Managed Systems
D. Rolled-up Applied Policies
E. Rolled-up Audit Log
Answer: A,C,D
A. Rolled-up Threat Events
C. Rolled-up Managed Systems
D. Rolled-up Applied Policies
Into which of the following formats can query results be exported? (Choose two)
A. CSV
B. TXT
C. PDF
D. DOC
E. SQL
Answer: A,C
A. CSV
C. PDF
What information is required during an ePO clustered installation? (Choose three)
A. Virtual server IP address
B. Virtual server mac address
C. Virtual server name
D. Virtual server DNS name
E. Virtual server communications port
Answer: A,C,D
A. Virtual server IP address
C. Virtual server name
D. Virtual server DNS name
The first action when creating a query using the Query Wizard is choosing a:
A. resulttype
B. charttype
C. feature group
D. filter set
Answer: A
A. resulttype
When the sorting criteria overlaps two groups, the system will sort into the group dependent on:
A. Order
B. Tag
C. AgentGUID
D. MAC
Answer: A
A. Order
The replication types used in updating distributed repositories are:
A. full and incremental
B. all repositories and selected repositories
C. incremental and all repositories
D. full and all repositories
Answer: A
A. full and incremental
The option available for the McAfee Default Policy is?
A. Rename
B. Duplicate
C. Edit
D. Delete
Answer: B
B. Duplicate
What is the Rogue System Detection policy for Sensor’s detected system cache life time in seconds?
A. 300
B. 600
C. 1800
D. 3600
Answer: A
A. 300
Which of the following can be configured as Server Tasks? (Choose three)
A. Purge Event logs
B. Event Filtering
C. RollUp Data
D. Run Tag Criteria
E. Deployment Task
Answer: A, C, D
A. Purge Event logs
C. RollUp Data
D. Run Tag Criteria
What additional scan item is added when the Anti-Spyware module is installed?
A. Running processes
B. Home folder
C. Registered Files
D. Recycle bin
Answer: C
C. Registered Files
When importing a policy the file type is?
A. CSV
B. PDF
C. HTML
D. XML
Answer: D
Which VirusScan component intercepts input/output operations called by the Operating System?
A. Common Shell
B. Access Protection
C. On-Access Scanner
D. Filter Driver
Answer: D
D. Filter Driver
What component needs to be installed in the DMZ to allow external systems to receive appropriate
policies and tasks?
A. Framework
B. Agent Handler
C. Super Agent
D. Repository
Answer: B
B. Agent Handler
Which of the following policy settings would enable an ePO administrator to remotely view the Agent Activity Log using a web browser? (Choose two)
A. Agent Policy option ‘Enable remote access to log’ is checked
B. ‘Accept connection only from ePO server’ option is checked
C. ‘Accept connection only from ePO server’ option is unchecked
D. Desktop default firewall policy is enabled
E. IPS default policy is enabled
Answer: A, C
A. Agent Policy option ‘Enable remote access to log’ is checked
C. ‘Accept connection only from ePO server’ option is unchecked
If a machine is unable to communicate with a repository using the Ping time option, what is the value assigned to that repository in the sitelist.xml file?
A. 65535
B. 73953
C. 1024
D. 8443
Answer: A
A. 65535
All traffic between Agents and the Handler are signed and verified with what type of key pairs?
A. RSA
B. DSA
C. ASSC
D. 3DES
Answer: C
C. ASSC
How do Rogue System Detection Sensors detect systems on a network?
A. Port scanning and OS fingerprinting
B. Broadcast messages and DHCP responses
C. Database query and system lookup
D. Automatic Responses and system properties
Answer: B
B. Broadcast messages and DHCP responses
What important property simplifies policy and task administration?
A. Hierarchy
B. Lock Policy
C. Inheritance
D. Enforcement
Answer: C
C. Inheritance
In order to protect the ePO keys, which directory on the server is required to be backed up?
A. C: \Program files\mcafee\epolicy orchestrator\DB\software
B. C: \Program files\mcafee\epolicy orchestrator\DB\keystore
C. C:\Program files\mcafee\epolicy orchestrator\a pache2\conf
D. C: \Program files\mcafee\epolicy orchestrator\server\cache
Answer: B
B. C: \Program files\mcafee\epolicy orchestrator\DB\keystore
A system is considered an Inactive Agent by the Rogue System Detection Server if it has not reported back within the last:
A. 20 days
B. 30 days
C. 45 days
D. 60 days
Answer: C
C. 45 days
Which file pulled from the server contains the distributed repository list?
A. Sitelist.xml
B. SiteStat.xml
C. Sitemaplist.xml
D. SiteMgr.xml
Answer: A
A. Sitelist.xml
When a policy is created in the policy catalog the new policy is:
A. Assigned
B. Not assigned
C. Shared
D. Not enforced
Answer: B
B. Not assigned
Which of the following is the default location for the McAfee Agent configuration files?
A. Common Framework
B. System32
C. My Documents
D. WindowsTemp
Answer: A
A. Common Framework
Which command line option is used to uninstall Anti-Spyware?
A. SetupVSE.exe /REMOVE
B. Setup.exe/X
C. Scan32.exe /UninstallMAS
D. Scan32.exe /DELETE
Answer: C
C. Scan32.exe /UninstallMAS
e.g., \scan32.exe /UninstallMAS
See KB59996
Which of the following options is only available on the Dashboards page?
A. Manage Dashboards
B. New Dashboard
C. Make Active
D. Make Public
Answer: A
A. Manage Dashboards
Of the following, what is the proper syntax for importing computers into groups using a text file?
A. group1-system1\
B. group1system1
C. group1,system1
D. group1\system1
Answer: D
D. group1\system1
Who can change the ownership of a policy? (Choose two)
A. Group Admin
B. Global administrator
C. Owner
D. System
E. Root
Answer: B,C
B. Global administrator
C. Owner
In a disaster recovery situation, what must be completed to recover the ePO server? (Choose two)
A. Re-deploy VirusScan
B. Re-deploy the Agents
C. Reinstall extensions
D. Restore Agent Handlers
E. Restore the database
Answer: C, E
C. Reinstall extensions
E. Restore the database
One or more permission sets can be assigned to any users who are not global administrators.
Which of the following default permission sets can be assigned to users? (Choose three)
A. Global Administrator
B. Executive Administrator
C. Group Admin
D. Group Reviewer
E. Custom Administrator
Answer: A, C, D
A. Global Administrator
C. Group Admin
D. Group Reviewer
A rogue system is a machine that:
A. does not match a white list.
B. does not have the McAfee Agent installed.
C. does not have McAfee VirusScan installed.
D. does not have an Agent handler.
Answer: B
B. does not have the McAfee Agent installed.
What feature provides the capability to group machines logically and, where necessary, set alternative policy and change inheritance settings?
A. AD Sync
B. System Tree
C. Policy Catalog
D. Softing Criteria
Answer: B
B. System Tree
System tree synchronization can be configured according to which connectors? (Choose two)
A. Open LDAP
B. NT Domain
C. eDirectory
D. Active Directory
E. Novell
Answer: B, D
B. NT Domain
D. Active Directory
Which of the following formats are available for exporting data? (Choose three)
A. DOC
B. CSV
C. XML
D. XLS
E. HTML
Answer: B, C, E
B. CSV
C. XML
E. HTML
Which of the following criteria are applicable when configuring Agent Handler assignments? (Choose three)
A. Agent IP Address
B. System Tree Location
C. Agent NetBIOS Name
D. FQDN/DNS Name
E. Agent Subnet
Answer: A, B, E
A. Agent IP Address
B. System Tree Location
E. Agent Subnet
System properties are directly helpful when creating which of the following? (Choose two)
A. Criteria-based tags
B. Server tasks
C. Client tasks
D. Assigned policies
E. Creating queries
Answer: A, E
A. Criteria-based tags
E. Creating queries
Extensions that are installed into the ePO server are in what file format?
A. .zip
B. .nap
C. .rar
D. .jar
Answer: A
A. .zip
Which of the following is a valid path for creating a SuperAgent repository?
A. C:\Program Files
B. C:\McAfee
C. C:\McAfee\software
D. C:\SuperAgent
Answer: C
C. C:\McAfee\software
Which of the following servers can be designated as registered? (Choose two)
A. LDAP
B. DHCP
C. NTLM
D. SNMP
E. SMTP
Answer: A, D
A. LDAP
D. SNMP
What feature can monitor battery state and full screen awareness?
A. On-Demand Scan
B. On-Access Scanner
C. Update Task
D. Access Protection
Answer: A
A. On-Demand Scan
What is required to run ePO in a high availability environment on two or more servers?
A. Local SQL Server
B. Microsoft Cluster Server (MSCS)
C. Veritas Cluster Server (VCS)
D. Agent handler
Answer: B
B. Microsoft Cluster Server (MSCS)
How are policy settings grouped within products?
A. Product
B. Category
C. Assignment
D. Name
Answer: B
B. Category
What feature gathers Managed System and Compliance Information from remote ePO servers and allows reports to be run against the data?
A. Rolled-up Managed Systems
B. Multi-Server Roll-up Reporting
C. Rolled-up Compliance history
D. Multi-Server Summary Reporting
Answer: B
B. Multi-Server Roll-up Reporting
What is the name of ePO’s reporting wizard?
A. Crystal Reports
B. ePO Queries
C. System Report
D. Query Builder
Answer: D
D. Query Builder
Which VirusScan components can be configured for the Artemis Heuristics detection? (Choose two)
A. On-Delivery Email Scanner
B. Access Protection
C. On-Access Scanner
D. Unwanted Programs Policy
E. Buffer Overflow Protection
Answer: A, C
A. On-Delivery Email Scanner
C. On-Access Scanner
See KB70130 “How to enable Global Threat Intelligence Technology in various products”
An ePO administrator is trying to update the Sitelist.xml file for an existing McAfee Agent to point to a different ePO server. Which command should be used?
A. Frminst.exe /install=agent /siteinfo=”C:\Sitelist.xml”
B. Frminst.exe /install=agent /forceinstall /siteinfo=”C:\Sitelist.xml”
C. Frminst.exe /install=updater /siteinfo=”C:\Sitelist.xml”
D. Frminst.exe /install=agent /SITELIST=”c:\Sitelist.xml”
Answer: A
A. Frminst.exe /install=agent /siteinfo=”C:\Sitelist.xml”
What task can be configured to copy the contents of one distributed repository into another distributed repository which is outside of the normal replication process?
A. Update Task
B. Mirror Task
C. On-Demand Scan Task
D. AutoUpdate Task
Answer: B
B. Mirror Task
Which of the following options are required to share policies between ePO servers? (Choose three)
A. Designate the policy
B. Register the server
C. Duplicate the policy
D. Assign the policy
E. Schedule a server task
Answer: A, B, E
A. Designate the policy
B. Register the server
E. Schedule a server task
All Dashboards, other than the default, are owned by what user?
A. Executive Admin
B. Group Admin
C. Executive Reviewer
D. Global Administrator
Answer: D
D. Global Administrator
What component is composed of the following high-level scanners; AntiVirus Scanner, Buffer Overflow protection, On-Access Scanner, and Access Protection?
A. McShield.exe
B. Mcconsol.exe
C. Common Shell
D. Filter Driver
Answer: A
A. McShield.exe
Which of the following is a file system filter driver?
A. Mfeapfk.sys
B. Mfeavfk.sys
C. Mfebopk.sys
D. Mfehidk.sys
Answer: B
B. Mfeavfk.sys
Which of the following are valid permissions for query functions? (Choose two)
A. Use private queries
B. No permissions
C. Create and edit personal queries
D. Edit private queries
E. Make public queries private
Answer: B, C
B. No permissions
C. Create and edit personal queries
What is the maximum number of days that can be set in the VirusScan option “Number of days to keep back-up data in the quarantine directory”?
A. 30
B. 90
C. 365
D. 999
Answer: D
D. 999
What files are automatically downloaded from the McAfee source repositories with a pull task? (Choose two)
A. Service Packs
B. Patches
C. DATs
D. Product Updates
E. Potential Unwanted Programs
Answer: C, E
C. DATs
E. Potential Unwanted Programs
Which ePO service manages Agent communication?
A. Event Parser
B. Framework service
C. Tomcat
D. Apache
Answer: D
D. Apache
A registered LDAP server is used with which of the following authentication types?
A. SQL authentication
B. Windows authentication
C. Certificate based authentication
D. ePO authentication
Answer: B
B. Windows authentication
Which of the following is true regarding Disaster Recovery?
A. Database administrator rights are required to change the Keystore encryption passphrase.
B. The Keystore encryption passphrase is used to encrypt and decrypt the sensitive information stored in the server.
C. Disaster Recovery is enabled by default for all database types.
D. The previous passphrase is required to change the Keystore encryption passphrase.
Answer: B
B. The Keystore encryption passphrase is used to encrypt and decrypt the sensitive information stored in the server.
Assignment locking prevents:
A. Changes to the policy at the parent.
B. Changes to client tasks.
C. Changes to inheritance.
D. Changes by users.
Answer: C
C. Changes to inheritance.
What task can be configured to copy the contents of one distributed repository into another?
A. Synchronize Shared Task
B. Update Master Repository Task
C. Repository Replication Task
D. Repository Pull Task
Answer: C
C. Repository Replication Task
Policies can be imported into ePO using which file type?
A. CSV
B. PDF
C. HTML
D. XML
Answer: D
D. XML
If a policy assigned to the “My Organization” group is deleted, what policy is assigned in its place?
A. McAfee Default
B. Parent Group
C. My Default
D. Global Group
Answer: A
A. McAfee Default
How can an ePolicy Orchestrator administrator manage assets in a network broadcast segment that cannot communicate directly with the ePolicy Orchestrator server?
A. Enable peer-to-peer communication
B. Convert the agents to super agents
C. Utilize and Agent Deployment URL
D. Configure an agent relay server
Answer: D
D. Configure an agent relay server
What is the purpose of installing the McAfee Agent in VDI mode?
A. VDI mode is used to avoid duplicate GUIDs in virtual environments with non-persistent virtual machines
B. VDI mode prevents the inadvertent installation of point products that are not compatible with virtual clients
C. VDI mode is used to store administrative credentials so that the Agent can be reinstalled if the virtual machine is reprovisioned
D VDI mode is used to provide virtual machines on the same cluster as a source to pull updates in order to save bandwidth
Answer: A
A. VDI mode is used to avoid duplicate GUIDs in virtual environments with non-persistent virtual machines
What important System Tree property simplifies policy and task administration?
A. Hierarchy
B. Lock Policy
C. Inheritance
D. Enforcement
C. Inheritance
When configuring Active Directory synchronization, exceptions can be created for which of the following?
A. Organizational Units
B. Security Groups
C. Domain Groups
D. Users
A. Organizational Units
When a group has four sorting criteria assigned, the system will be placed into the group when it meets how many of the conditions?
A. One
B. Two
C. Three
D. Four
A. One
What ports can you modify after installation? (Select two)
A. Agent-server communication
B. Agent-server communication secure port
C. Agent wake-up communication port
D. Agent broadcast communication port
Answer: C, D
C. Agent wake-up communication port
D. Agent broadcast communication port
See “About HTTP port options” in the ePO Installation Guide
The ports used by ePolicy Orchestrator software are predefined, and populated by default. Most port designations can be changed only during the installation process.
An ePO Agent Handler must have a high availability and high bandwidth connection to the __________________.
Answer:
- ePO database
Exam Hint:
- Know the different log names
- Where the logs are located and
- What log contains what information
Answers:
Orion – Contains McAfee Foundation Services platform details and all extensions loaded by default. Located at : [InstallDir] \Server\logs
Server – Contains details related to these McAfee ePO server services:
- Agent-server communications
- McAfee ePO Server Agent Handler
Located at : [InstallDir]\DB \Logs
Audit –
The ePO Audit Log contains many EE policy added/deleted/changed/saved log entries similar to the following for policies that are not configured by the ePO administrator
Name the three branches in the ePO Master Repository.
Answer:
- Current
- Previous
- Evaluation
From the McAfee Community:
Current - All the Packages you want to deploy to your Client Machines are in this branch and, by default, McAfee Agents take updates from this Branch.
Previous - This is the branch where you generally keep your old version of McAfee Products or old DAT. Whenever there is a new McAfee Product Version released you check-in the package into the Current Branch of the Master Repository, and move the existing one into the Previous branch, so that you have the old version of the McAfee Product as well. There is no hard and fast rule to move the old version of McAfee Product to the Previous branch, and you can delete it as well. But some ePO admins want to have the old versions as well, so they move it to Previous branch.
Evaluation - This branch is generally used for Testing Purpose. Suppose in your environment, you don’t want to push an update to the production machines unless you test it and monitor the behavior of the new McAfee Product or updates before testing it. Then you can check-in the McAfee Product or updates into this branch, change the McAfee Agent policy for the test machine to get the updates from Evaluation Branch instead of Default Current branch, let the updates be pushed to Test Machines, and then monitor it. Once satisfied, change the branch of the Product or update to Current branch, so that it can be pushed to all the machines in the Production Environment.
What is the default secure port that the Apache service listens on?
Answer:
- 443
Which query results are actionable?
A. Bar and Graph results
B. Table results
C. Pie Graphs
D. All results
Answer: D
D. All results
Making a Personal query Public is done by:
A. Selecting the Query and choosing Actions > Make Public
B. Choosing the Make Public button on the Queries page.
C. Moving the query to a public group.
Answer: C
C. Moving the query to a public group.
You can schedule a query to run periodically by creating a:
A. Run Query Server Task
B. Run Query Client Task
C. Run Query Reporting Task
D. System Search Server Task
Answer: A
A. Run Query Server Task
Which of the following report header and footer elements are customizable?
A. Logo
B. Date/Time
C. Page Number
D. User Name
E. Custom Text
F. All of the above
Answer: F
F. All of the above
Which ePO component resides on the ePO server and stores all managed software, including updates and signatures?
A. Database
B. Distributed Repository
C. Master Repository
D. McAfee Agent
Answer: C
C. Master Repository
You plan to install the SQL Server that is included with the ePO software. What Microsoft software must be acquired and installed manually before beginning the ePO installation?
A. Microsoft Visual C++ 2005 Redistributable Package (x86)
B.. Microsoft Visual C++ 2008 Redistributable Package (x86)
C. Microsoft SQL Server Data Engine 7.0
D. Microsoft.NET Framework 3.0 or higher
Answer: D
D. Microsoft.NET Framework 3.0 or higher
Horizontal scalability is typically recommended for managing large, multi-ePO server deployments.
A. True
B. False
Answer: B
B. False
You anticipate your ePO deployment will manage more than 75,000 managed nodes. What is the recommended RAID configuration for the operating system partition?
A. RAID 1
B. RAID 2
C. RAID 3
D. RAID 10
Answer: A
A. RAID 1
A dedicated server is recommended, if managing more than 250 systems.
A. True
B. False
Answer: A
A. True
If SQL Server is installed on the same server as ePO, then ePO dynamically assigns a local SQL port; however, the port for the remote SQL server remains 1433.
A. True
B. False
Answer: A
A. True
The account used to install ePO must have the ability to create a new database, set permissions on tables and stored procedures, and create SQL jobs. Which of the following are valid roles?
A. bulkadin
B. dbdcreator
C. Securityadmin
D. sysadmin
Answer: B
B. dbdcreator
D. sysadmin
An ePO product license key is required to install ePO software.
A. True
B. False
Answer: B
B. False
You can install an evaluation copy of ePO. The evaluation period expires after 90 days.
When can permission sets be assigned? Select all that apply.
A. When a new user account is created
B. When a new permission set is created
C. To any existing user account
D. Only by the Group Admin
Answer: A, B, C
A. When a new user account is created
B. When a new permission set is created
C. To any existing user account
By default, administrators have all permissions to all products and features.
A. True
B. False
Answer: A
A. True
What is the default authentication method for ePO users?
A. ePO authentication
B. Certificate-based authentication
C. Windows-based authentication
Answer: A
A. ePO authentication
You have added a group to the System Tree: Virginia. My organization is the parent.
Given these factors, where will the Lost&Found group be placed in the System Tree?
A. Before the Virginia group
B. After the Virginia group
Answer: B
B. After the Virginia group
You can rename My Organization, as required.
A. True
B. False
Answer: B
B. False
You can use a group’s sorting criteria to sort systems by:
A. NetBIOS name and IP address
B. IP address and tags
C. Tags and group name
D. Group name and NetBIOS name
Answer: B
B. IP address and tags
You can prevent all systems from being sorted into groups, regardless of their sorting criteria or status, by disabling System Tree sorting in:
A. Server Settings
B. Group Details
C. Sorting Criteria
D. Group Policy
Answer: A
A. Server Settings
Exam hint: What is the main reason for having three different branches (evaluation, previous, current) in the Master Repository?
Answer:
Having three branches gives the administrator more flexibility in applying updates and new products.
The SQL Server database must reside on the same server as the ePO Software.
A. True
B. False
Answer: B
B. False
Communication security: Which of the following is not a part of the McAfee agent enabled devices communication security procedures to an ePO server?
A. Encapsulation in proprietary protocol
B. GUID verification
C. TLS encryption
D. Digital signature
Answer: B
B. GUID verification
Port security: Why do we not use the default ports (80, 8443, 1433…)?
A. Every hacker knows they’re the default ports
B. They are fundamentally weaker since they include no security protocols
C. They do not work for ePO applications
D. They are one-way ports, and do not allow data transfer from server to agent
Answer: A
A. Every hacker knows they’re the default ports
ePO Installation protocols:
Which installation mode must be set at the start of installation, and from which cannot be switched without a reimplementation?
A. Express
B. Custom install
C. Cluster
D. FIPS mode
Answer: D
D. FIPS mode
Permission sets:
Which of the following is true?
A. You can export single permissions into a .zip file
B. You can only export permission sets into a .zip file
C. You can export single permission sets into an .xml file
D. You can only export permission sets into an .xml file
Answer: D
D. You can only export permission sets into an .xml file
Managing users with AD:
How does ePO use the Active Directory when building the system tree?
A. Defaults to organizing by workstation and laptops
B. Assigns user roles to all members in the current Active Directory
C. Determines what group an individual is in, and allows you to determine their permissions based on their system tree location
D. Uses the LDAP server as a backup for the Active Directory
Answer: C
C. Determines what group an individual is in, and allows you to determine their permissions based on their system tree location
System tree:
When a device with a McAfee Agent reports into ePO, and ePO can’t figure out where it goes in the system tree, where is it put?
A. A subgroup of the domain name that the device is on, inside the lost & found directory
B. In the parent directory of the lost & found
C. In its own subgroup under My Organization -> McAfee
D. It is rejected by ePO and logged as a failed access attempt
Answer: A
A. A subgroup of the domain name that the device is on, inside the lost & found directory
Tag Catalog:
What is the purpose of tagging?
A. Finding a single system in a long list of systems
B. Giving unique names to systems
C. Organizing systems in an intuitive and custom way to allow for easier access to similar groups of systems
D. Sharing system information with other ePO servers
Answer: C
C. Organizing systems in an intuitive and custom way to allow for easier access to similar groups of systems
System Tree Configuration:
Which of the following is not a recommended guideline for system tree configuration?
A. Sort systems once on next agent-server communication
B. Sort systems on each agent-server communication
C. Enable system tree sorting
D. Disable system tree sorting
Answer: C
C. Enable system tree sorting
McAfee Agent Installation:
Which of the following refers to an installation task, as opposed to a deployment task?
A. SolidCore application control added to an end node
B. McAfee Agent first installation onto a machine
C. McAfee Change Control added to a machine
D. VirusScan Enterprise added to an end node
Answer: C
C. McAfee Agent first installation onto a machine
Customizing tabs:
Which tab allows for custom ordering of properties by the user?
A. The threat events tab
B. The products tab
C. The system properties tab
D. The McAfee Agent tab
Answer: C
C. The system properties tab
Planning client tasks:
Where should you create a daily update task in the System Tree to ensure inheritance throughout the tree?
A. The lowest level of the System Tree
B. The Lost & Found directory
C. The My Organization/highest level of the System Tree
D. Under any and all custom branches
Answer: C.
C. The My Organization/highest level of the System Tree
Policy configuration general tab:
Which of the following are true? (Select all that apply)
A. Super agent wake-up calls will wake up regular agents
B. Agent wake-up calls will only wake regular agents
C. Policy enforcement is done locally at every policy enforcement interval
D. It is considered best practice to keep the ASCI at the default of 60 minutes
Answers: B, C
B. Agent wake-up calls will only wake regular agents
C. Policy enforcement is done locally at every policy enforcement interval
Product deployment:
How can your system become backed up with stacked tasks?
A. Enabling auto-update on too large of a network
B. Running product deployment on a short policy enforcement cycle
C. Postponing deployment for more than 2 days
D. Using “Run immediately” tasks
Answer: B
B. Running product deployment on a short policy enforcement cycle
LazyCaching:
Where is the content actually cached when performing LazyCaching?
A. ePO master repository
B. Requesting device or endpoint
C. SuperAgent
D. Rogue System
Answer: C
C. SuperAgent
Repository pull tasks:
What are the primary steps for creating an automatic content pull and replication?
A. Push content to McAfee from master repository, replicate that content to your distributed repositories
B. Pull content from McAfee to master repository, remove that content from your distributed repositories
C. Pull content from McAfee to master repository, replicate that content to your distributed repositories
D. Pull DAT files from Super Agents, replicate that content to your ePO server
Answer: B
B. Pull content from McAfee to master repository, replicate that content to your distributed repositories
Default dashboards:
Which of the following operations can you not run on a default dashboard?
A. Duplicate
B. Delete
C. Modify
D. Create
Answer: B
B. Delete
Query Builder:
Which of the following is not a step in the query-building process?
A. Choose feature group/result type
B. Eliminate irrelevant charts
C. Select table columns or drill-down
D. Apply filters
Answer: B
B. Eliminate irrelevant charts
Server utilities:
Select which purging options can be automated by a server.
A. Purging old records based on a timer
B. Purging based on the results of a query
C. Purging users and accounts
D. Purging existing server schedules
Answers: A, B
A. Purging old records based on a timer
B. Purging based on the results of a query
Automatic response page:
Why are default rules disabled in the automatic response page by default?
A. To prevent hackers from using these rules as vulnerabilities
B. Because ePO wants to require the user to create new rules to enable
C. Because disabling rules saves resources
D. Because the default rules require additional configuration
Answer: D
D. Because the default rules require additional configuration
Disaster recovery:
Which of the following disaster recovery methods is the most expensive with respect to hardware, and most complicated with respect to networking?
A. Re-installing a failed ePO server from a snapshot
B. Re-installing an operating system on a clustered server
C. Keeping cold/hot spares on one physical site
D. Keeping cold/hot spares on a separate physical site
Answer: D
D. Keeping cold/hot spares on a separate physical site
VirusScan Enterprise:
What is Artemis, in the context of the VirusScan Console?
A. A piece of malware that has been detected in an environment
B. The enhanced heuristic detection component of McAfee SecurityCenter’s virus protection module
C. A setup utility to install VirusScan
D. The .dat that was current when a product was released or reposted
Answer: B
B. The enhanced heuristic detection component of McAfee SecurityCenter’s virus protection module
Configuring system utilization best practices:
Which level of the following system utilizations is recommended for the on-demand scan when scanning systems with little user activity, such as servers?
A. Normal
B. Below normal
C. Low
D. None
Answer: A
A. Normal
What are unmanaged system?
A. Devices that are not online
B. Devices that cannot complete server tasks
C. Devices in the database without a McAfee agent
D. Devices without ePO installed on them
Answer: C
C. Devices in the database without a McAfee agent
Planning an ePolicy Orchestrator Deployment
What are some of the requirements of running ePO (choose all that apply)?
A .64-bit OS for the ePO server
B. ePO must be run on a physical server, not a VM
C. The ePO must be accessible from a static IP address
D. A supported web browser (Firefox, Chrome, Internet Explorer, or Safari)
Answers: A, C, D
A. 64-bit OS for the ePO server
C. The ePO must be accessible from a static IP address
D. A supported web browser (Firefox, Chrome, Internet Explorer, or Safari)
Installing ePolicy Orchestrator Software
What is the default port assignment for agent-server communication?
A. 8088
B. 8082
C. 8443
D. 80
Answer: D
D. 80
Managing Permission Sets and Users
A user with Global Review permissions:
A. Can view permissions to the entire tree, but does not have access to settings
B. Has undetermined access to managed products and systems
C. View-only access to core functionality, and can review events and policies
D. View all settings and the entire tree
Answer: D
D. View all settings and the entire tree
Creating and Populating the System Tree
What is the best practice for deploying McAfee agents in ePO?
A. Deploy all agents at once during a workday
B. Deploy all agents in the middle of the night when employees are at home
C. Deploy the agents manually, one at a time
D. Stagger the rollout so that there is not a spike in network traffic
Answer: D
D. Stagger the rollout so that there is not a spike in network traffic
Tags can be useful in ePO for:
A. Automatic placement in System Tree groups
B. System identification
C. Inclusion of selected system information in reports
D. All of the above
Answer: D
D. All of the above
System Tree Sorting
When using tags, a test sort is useful for:
A. Showing you where a system would be placed after your sorting criteria is applied
B. Applying tags to selected systems
C. Checking for duplicate systems
D. Seeing which systems are managed and which are not
Answer: A
A. Showing you where a system would be placed after your sorting criteria is applied
McAfee Agent
What is the purpose of a SuperAgent (choose all that apply)?
A. Create an agent that all other managed systems will communicate with
B. Minimize network traffic between locations
C. Offload communications from the ePO server
D. Provide an additional layer of security to the managed systems
Answers: A, B, C
A. Create an agent that all other managed systems will communicate with
B. Minimize network traffic between locations
C. Offload communications from the ePO server
System Information
The Systems tab can be customized to show which of the following (choose all that apply):
A. Presets – display either this group only or this group and its subgroups
B. The System Tree
C. Custom criteria from the Available Properties list
D. A dashboard of the systems that ePO manages
Answers: A, C
A. Presets – display either this group only or this group and its subgroups
C. Custom criteria from the Available Properties list
Client Tasks
Which of the following is not a possible use for an ePO client task?
A. Product deployment
B. Product upgrades and updates
C. Deploying server tasks
D. None of the above
Answer: C
C. Deploying server tasks
Managing Policies
What is the default policy enforcement interval in ePO?
A. 12 hours
B. 30 minutes
C. 60 minutes
D. 24 hours
Answer: C
C. 60 minutes
Deploying Software for Managed Systems
What are some of the differences between product deployment projects and client deployment tasks (choose all that apply)?
A. Product deployment projects allow you to configure fixed or continuous deployments
B. Client deployment tasks allow you to schedule deployment, while product deployment projects do not.
C. Product deployment projects allow you to view a historical snapshot of the number of systems receiving a deployment, while client deployment tasks do not.
D. Client deployment tasks do not allow you to act on or manage client task objects and tasks created with ePO, but product deployment projects do.
Answers: A, C
A. Product deployment projects allow you to configure fixed or continuous deployments
C. Product deployment projects allow you to view a historical snapshot of the number of systems receiving a deployment, while client deployment tasks do not.
Repositories
Which of the following is NOT a characteristic of an ePO repository?
A. They can house security software packages, extensions, data files, and updates
B. They can distribute software to ePO-managed systems manually or automatically
C. They can ensure that systems are protected from malware
D. They can ensure that systems remain current
Answers: C, D
C.They can ensure that systems are protected from malware
D. They can ensure that systems remain current
Product and Server Maintenance with Repositories
ePolicy Orchestrator allows users to pull and install updates automatically. How often should users plan to have ePO check for updates?
A. Daily—DAT files are released daily, and a system is not fully protected without the latest DAT and Engine files
B. Weekly—Updating daily can cause network spikes
C. Monthly—DAT files are only pushed by McAfee at the beginning of each month
D. Users should not have auto-updates configured
Answer: A
A. Daily—DAT files are released daily, and a system is not fully protected without the latest DAT and Engine files
Managing Dashboards and Monitors
Dashboards in ePO are useful for:
A. An at-a-glance view of user-customizable information relevant to ePO
B. Quickly launching server or client tasks
C. Quickly deploying McAfee agentsNone
of the above
Answer: A
A. An at-a-glance view of user-customizable information relevant to ePO
Working with Queries
Which of the following is a correct difference between a query and a report?
A. A query allows offline access for later viewing
B. A report combines queries and other elements
C. A report includes default queries
D. A report provides answers to questions in the form of charts and tables by directly interacting with the ePO server
Answer: B
B. A report combines queries and other elements
What are the three types of events that can trigger automatic responses in ePO (choose all that apply)?
A. Client events
B. Threat Events
C. Compliance Events
D. Server Events
Answers: A, B, D
A. Client events
B. Threat Events
D. Server Events
Which of the following processes can be automated with a SQL Server maintenance plan?
A. Backup
B. Deploying agents
C. Removing agents
D. All of the above
Answer: A
A. Backup
Which of the following are some best practices of disaster recovery (choose all that apply)
A. Regularly take ePO Disaster Recovery Snapshots
B. Ensure your keys are backed up
C. If backing up to a separate restore server, ensure that its configuration closely resembles the previous configurations
D. All of the above
Answer: D
D. All of the above
Which of the following is NOT a feature of VirusScan Enterprise?
A. Blocks multiple threats
B. Lessens damage from outbreaks
C. Stops malware in real time
D. Protects against threats that target Adobe applications
Answer: D
D. Protects against threats that target Adobe applications
VirusScan Enterprise’s Buffer Overflow Protection checks for a vulnerability involving:
A. Attackers’ ability to overflow memory buffers and executing code
B. Attackers’ ability to insert malicious code into memory buffers without overflowing the buffer
C. Any type of vulnerability on a 64-bit system
D. All of the above
Answer: A
A. Attackers’ ability to overflow memory buffers and executing code
