ePolicy Orchestrator - MA0-100 - Current Flashcards by Brandon L

Which of the following uses a proprietary SPIPE protocol to encapsulate unsecured HTPP traffic?

A. PA Agent

B. HIPS Agent

C. DLP Agent

D. McAfee Agent

Answer: D

D. McAfee Agent

How well did you know this?

Not at all

Perfectly

Which of the following is a core architecture component of ePO?

A. Internet Explorer

B. Event Parser

C. SuperAgent

D. SQL Server

Answer: B

B. Event Parser

How well did you know this?

Not at all

Perfectly

What option can be configured in the On-Access General Policy that is not an option in the local VirusScan console?

A. Boot sectors

B. Floppy during shutdown

C. Enable on-access scanning at system startup

D. Enable on-access scanning when the policy is enforced

Answer: D

D. Enable on-access scanning when the policy is enforced

How well did you know this?

Not at all

Perfectly

Which of the following system properties does the ePO server write to the database? Select the three that apply.

A. Total disk space

B. Total physical memory

C. Last communication

D. VirusScan version

E. McAfee agent version

Answer: A, B, C

A. Total disk space

B. Total physical memory

C. Last communication

How well did you know this?

Not at all

Perfectly

To ensure that a Rogue System Detection Sensor is not installed on a managed system, what action needs to be performed?

A. Add the system to the Exception List

B. Add the system to the Blacklist

C. Add the system as Ignored

D. Add the system as Managed

Answer: B

B. Add the system to the Blacklist

How well did you know this?

Not at all

Perfectly

The ePO server uses which format to write to the database tables?

A. Extensible Configuration Checklist Description Format (XCCDF)

B. Common Events Format (CEF)

C. Security Content Automation Protocol Format (SCAP)

D. Data Access Layer (DAL)

Answer: B

B. Common Events Format (CEF)

How well did you know this?

Not at all

Perfectly

When configuring a Synchronization Type for a group within the System Tree which of the following is a valid choice? Select the three that apply.

A. Leave systems in their current system tree location only.

B. Add systems to the synchronized group and leave them in the current system tree location only

C. Add systems to the synchronized group and delete duplicate entries

D. Add systems to the synchronized group and mark duplicate entries

E. Move systems from their current system tree location to the synchronized group

Answer: A, B, D

A. Leave systems in their current system tree location only.

B. Add systems to the synchronized group and leave them in the current system tree location only

D. Add systems to the synchronized group and mark duplicate entries

How well did you know this?

Not at all

Perfectly

Which of the following are examples of default column headers on the Server Task area of the interface? Selecty the two that apply.

A. Description

B. Duration

C. Name

D. Source

E. Status

Answer: C, E

C. Name

E. Status

How well did you know this?

Not at all

Perfectly

Which options must be selected when creating a maintenance plan for the SQL Database? Select the three that apply.

A. Shrink Database

B. Check Database Integrity

C. Rebuild Index

D. Clean Up History

E. Back up Database

Answer: B, C, E

B. Check Database Integrity

C. Rebuild Index

E. Back up Database

How well did you know this?

Not at all

Perfectly

If you specify the McAfee Agent Policy to collect only minimal properties, the agent collects only which of the following? Select the the two that apply.

A. Installed software information

B. DAT file version number

C. Processor speed

D. Installation path

E. Operation system

Answer: B, D

B. DAT file version number

D. Installation path

How well did you know this?

Not at all

Perfectly

What is the default number of sensors that will be active per subnet?

A. 1

B. 2

C. 3

D. 4

Answer: B

B. 2

How well did you know this?

Not at all

Perfectly

A Subnet that has a Rogue System Detection Sensor installed is

A. active

B. inactive

C. uncovered

D. covered

Answer: D

D. covered

How well did you know this?

Not at all

Perfectly

Which of the following are valid server tasks for updating the ePO repositories ? Select the two that apply.

A. Repository pull

B. Update

C. Repository replication

D. Mirror

E. Product deployment

Answer: A, C

A. Repository pull

C. Repository replication

How well did you know this?

Not at all

Perfectly

Which of the following is used to create policy? Select the two that apply.

A. Copy

B. Duplicate

C. Clone

D. New Policy

E. Save As

Answer: B, D

B. Duplicate

D. New Policy

How well did you know this?

Not at all

Perfectly

What options are available to the administrator when creating a client task to limit the systems that receive the task?

A. Tasks can only be assigned globally

B. Tasks can only be assigned to a specific group

C. Task can be configured with defined criteria

D. Task can be enabled when the desired systems are online.

Answer: C

C. Task can be configured with defined criteria

How well did you know this?

Not at all

Perfectly

Deployment packages that are checked into the ePO server have which of the following file extension?

A. .arc

B. .rar

C. .zip

D. .jar

Answer: C

C. .zip

How well did you know this?

Not at all

Perfectly

When creating a new query, what is the function title used to limit the resulting output?

A. Result type

B. Chart

C. Filter

D. Columns

Answer: C

C. Filter

How well did you know this?

Not at all

Perfectly

Which of the following types of distributed repositories is supported by ePO?

A. HTTP

B. FTP

C.UNC

D.DHCP

E. LDAP

Answer: A, B, C

A. HTTP

B. FTP

C. UNC

How well did you know this?

Not at all

Perfectly

If a policy that is assigned to the My Organization group is deleted, what policy is assigned in its place?

A. McAfee Default

B. Parent Group

C. My Default

D. Global Root

Answer: A

A. McAfee Default

How well did you know this?

Not at all

Perfectly

When running a Run Tag Criteria server task and the box for Reset manually tagged and excluded systems box is checked, this would

A. Include both systems that match and don’t match

B. remove the tag on systems that do match the criteria.

C. add the tag on systems that don’t match the criteria

D. remove the tag on systems that don’t match the criteria

Answer: D

D. remove the tag on systems that don’t match the criteria

How well did you know this?

Not at all

Perfectly

Which of the following server services is responsible for communication with the McAfee Agent?

A. Apache

B. Tomcat

C. SQL

D. Event Parser

Answer: A

A. Apache

How well did you know this?

Not at all

Perfectly

Which of the following are valid Server Task Sub-Actions that can be selected from a result of a query? Select the three that apply.

A. Install Point Products

B. Assign Policy

C. Move Systems to another Group

D. Email File

E. Remove Point Products

Answer: B, C, D

B. Assign Policy

C. Move Systems to another Group

D. Email File

How well did you know this?

Not at all

Perfectly

Which of the following should be the primary consideration when deploying Agent Handlers?

A. Database increasing in size

B. Log files increasing in size

C. Memory and resource allocation

D. High speed and low latency connection

Answer: D

D. High speed and low latency connection

How well did you know this?

Not at all

Perfectly

When creating a permission set, which of the following users are automatically assigned? Select the two that apply.

A. Admin

B. Group Admin

C. System

D. Global Administrator

Answer: A, C

A. Admin

C. System

How well did you know this?

Not at all

Perfectly

Which of the following are used to update the master repository on a regular basis? A. Automatic Response B. Client Task C. Server Task D. Server Settings

Answer: C C. Server Task

Query results are displayed within ePO in what form? Select the two that apply. A. PDF B. Charts C. XML D. Tables E. TXT

Answer: B, D B. Charts D. Tables

What port is used to access the McAfee Agent Activity Log from a remote machine? A. 80 B. 443 C. 8081 D. 8082

Answer: C C. 8081

What default port is used for Rogue System Detection Sensors for communication to he ePO server? A. 8081 B. 8082 C. 8443 D. 8444

Answer: D D. 8444

What is used to configure the SQL server to drop the transaction logs once a checkpoint is complete? A. Full B. Simple C. Bulk-Logged D. Recovery

Answer: B B. Simple

To remove computers from ePO using the Active Synchronization task, it is required that the account has access to the A. deleted computers. B. deleted Objects container. C. Organizational Unit. D. Active Directory.

Answer: D D. Active Directory.

When configuring Product Deployment Client Tasks, the Enable randomization setting should be activated when managed client nodes exceed. A. 100 B. 500 C. 750 D. 1000

Answer: D D. 1000

Where in the ePO Database is ePO Agent gathered system information stored? A. epocomputerproperties B. epobranc C. epoleafnode D. epoproductproperties

Answer: A A. epocomputerproperties

What location is used to change the deafult Dashboard for new ePO Console users? A. Personal Settings B. Permission Sets C. Contacts D. Server Settings

Answer: D D. Server Settings

When configuring the Active Directory settings, exceptions can include which of the following? A. Organizational Units B. Computers C. Domain Groups D. Users

Answer: A A. Organizational Units

Which of the following is the correct order for creating a query? A. Configure Chart, choose Columns, select Result Type, apply Filter B. Select Result Type, choose Columns, configure Chart, apply Filter C. Configure Chart, select Result Type, choose Columns, apply Filter D. Select Result Type, configure Chart, choose Columns, apply Filter

Answer: D D. Select Result Type, configure Chart, choose Columns, apply Filter

Which of the following cannot be completed within the Policy Catalog? A. Edit B. Rename C. Duplicate D. Assign

Answer: D D. Assign

Which of the following can NOT be placed into a dashboard? A. Boolean pie chart B. Multi-group summary table C. Single-group summary table D. Table

Answer: D D. Table

When a policy is locked, it prevents modification of the A. policy B. assignment C. system tree D. sub groups

Answer: B B. assignment

Which of the following are valid deployment package types? Select the two that apply. A. Catalog.z B. Agent Language pack C. Extradat D. Artemis pack E. ePOMain

Answer: B, C B. Agent Language pack C. Extradat

Private queries are available to A. the creator B. GlobalAdministrators C. administrators who have permission D. Group Administrators

Answer: A A. the creator

Which of the following steps are needed for Policy Sharing? Select the three that apply. A. Register the remote ePO servers B. Share the individual policies C. Configure Server Task D. Enable Global Updating E. Share default policies

Answer: A, B, C A. Register the remote ePO servers B. Share the individual policies C. Configure Server Task

What detail property includes the local Time Zone value of a managed machine? A. VirusScan Enterprise Properties B. McAfee Agent Properties C. Host Intrusion Preventions Properties D. System information Properties

Answer: D D. System information Properties

Which of the following Lost&Found group characteristics can be modified? A. Group Name B. Sorting Criteria C. Sorting Criteria for subgroups D. Tree location

Answer: C C. Sorting Criteria for subgroups

Which component controls the scheduled tasks and communicates with the common agent? A. Task Manager B. McShield C. Framework Service D. Scan32.exe

Answer: C C. Framework Service

Which VirusScan policy configures the option Allow this system to make remote console connections to other systems? A. User interface B. On-Access Scanner C. Quarantine Manager D. Unwanted Programs

Answer: A A. User interface

When backing up an ePO server, which of the following security keys is required to restore agent server communication? A. Local Master Repository Communication B. Agent Server Secure Communication C. Legacy Agent Server Communication D. McAfee SIA Repository Communication

Answer: B B. Agent Server Secure Communication

Why would a managed system appear in the Lost & Found group? A. No matching criteria were found B. Matched sorting criteria were found C. Inactive Agent D. Rogue Agent

Answer: A A. No matching criteria were found

An RSD Sensor has been deployed from the ePO console. However, it has not reported back. Which of the following is the most likely cause? Select the three that apply. A. The sensor is unable to resolve the IP address for ePO B. The sensor is blacklisted C. Deployment of the sensor failed D. Sensor service is disabled after installation E. The sensor is an exception

Answer: A, C, D A. The sensor is unable to resolve the IP address for ePO C. Deployment of the sensor failed D. Sensor service is disabled after installation

Which of the following are example of client tasks? Select the three that apply. A. Agent Wakeup B. Product Update C. Repository pull D. Mirror Repositories E. Event Migration

Answer: A, B, D A. Agent Wakeup B. Product Update D. Mirror Repositories

Which of the following options are available from ePO Server settings? Select the three that apply. A. Ports B. Global Updating C. Event Migration D. Active Directory Synchronization E. Email Server

Answer: A, B, E A. Ports B. Global Updating E. Email Server

Which two items are modified on the Full Scan Task when installing the anti-Spyware module? Select the two that apply. A. Registry B. Cookies C. Running Process D. Recycle bin E. Memory for Rootkits

Answer: A, B A. Registry B. Cookies

What VirusScan Menu option is used to unlock the User Interface? A. Task B. Edit C. View D. Tools

Answer: D D. Tools

Which policies can be configured to record the Session settings for reporting? Select the two that apply. A. On-delivery email Scan Policies B. On-Access Default Processes Policies C. On-Access General Policies D. Quarantine Manager Policies

Answer: A, C A. On-delivery email Scan Policies C. On-Access General Policies

What function is disabled for the default ePO Summary dashboard? A. Edit B. Delete C. Make active D. Make public

Answer: D D. Make public

When opening an existing policy, the policy settings are organized across. A. interfaces B. tabs C. screens D. columns

Answer: B B. tabs

An administrator can configure a query to run a scheduled sub-action to do which of the following? A. Resort Systems B. Create Tag C. Move Systems to Another Group D. Clear Policy E. Add to Rogue Systems

Answer: A, C A. Resort Systems C. Move Systems to Another Group

Product deployment packages are checked into what repository? A. Distributed B. Master C. Fallback D. Source

Answer: B B. Master

Which of the following are ePO Server Maintenance tasks? Select the two that apply. A. Master Repository Update Failed B. Purge Repository tasks C. Update sensor deployment D. Product License Usage E. Query New Rogue Detection

Answer: C, D C. Update sensor deployment D. Product License Usage

What Artemis sensitivity level is selected to protect systems or areas that are regularly infected? A. Low B. Medium C. High D. Very High

Answer: C C. High

Which of the following services is related to Super Agents? A. Framework B. Application Server C. Event Parser D. Tomcat

Answer: A A. Framework

What utility is used to create a custom VirusScan installation package that contains updated DAT and engine files? A. Deployment task B. Manual install C. Installation Designer D. MSI installer

Answer: C C. Installation Designer

Which of the following options are available when right clicking a file and selecting Scan for threats? Select the two that apply. A. Clean B. Delete C. Continue D. Prompt for action E. Continue scanning

Answer: A, C A. Clean C. Continue

Which of the following ports need to be open on the Firewall for an Agent Handler to communicate with ePO and database server (s) inside of a network? Select the two that apply. A. Port 80 B. Port 1433 C. Port 8082 D. Port 8081 E. Port 8445

Answer: A, B A. Port 80 B. Port 1433

Which of the following are available within the Policy Catalog? Select the three that apply. A. Share B. Duplicate C. Assign D. View E. Lock

Answer: A, B, D A. Share B. Duplicate D. View

When a policy is deleted, all systems for which it is currently applied to will inherit which policy? A. McAfee Default B. Parent Group C. My Default D. Global Root

Answer: B B. Parent Group

A rogue/alien Agent is a system that A. has not reported back to ePO in the last 30 days. B. does not have a McAfee Agent installed. C. has the Agent Component disabled. D. is reporting to a different ePO Server

Answer: D D. is reporting to a different ePO Server

Which of the following is a default permission set? A. Executive Previewer B. Site Administrator C. Site Reviewer D. Group Reviewer

Answer: D D. Group Reviewer

What file contains the list of disabled event ids? A. EventFilter.cfg B. EventFilter.ini C. Evtfiltr.ini D. Server.ini

Answer: C C. Evtfiltr.ini

Which of the following Server Services is responsible for Automatic Responses? A. Event Parser B. Framework service C. Tomcat D. Apache

Answer: C C. Tomcat

Which of the following is an available default notification rule? A. Daily known category notification B. Virus detected and not removed C. Virus detected and removed D. Non-compliant computer detected

Answer: D D. Non-compliant computer detected

What Artemis sensitivity level is selected when the regular risk of exposure to malware is greater than the risk of a false positive? A. Low B. Medium C. High D. Very High

Answer: B B. Medium

Within the Server Services, which component manages events, Group management, Tag management, and Agent sorting? A. Event Parser B. Framework service C. Tomcat D. Apache

Answer: D D. Apache

What scheduling options are available when setting up a Product Deployment Task? Select the three that apply. A. Enable Randomization B. Stop the task if it runs for a specified amount of time. C. Run at every policy enforcement D. Defer scan when using battery power E. Run missed task at a specified time delay

Answer: A, B, E A. Enable Randomization B. Stop the task if it runs for a specified amount of time. E. Run missed task at a specified time delay

What protocol is used for secure communication between the McAfee Agent and server? A. IPSEC B. SPIPE C. SFTP D. HTTP

Answer: B B. SPIPE

Policy catalogue pages are added to the ePO server by what function? A. Adding a package to the Master Repository B. Installing an extension to ePO server C. Registering a new server configuration D. Executing the appropriate pacakagecheckin.exe for that point product

Answer: B B. Installing an extension to ePO server

An ePO server needs to have a dedicated SQL Server when managing more than A. 1,000 nodes. B. 5,000 nodes C. 10,000 nodes. D. 20,000 nodes

Answer: B B. 5,000 nodes

When an on-demand scan starts, the feature takes CPU and IO samples over the first A. 20 seconds B. 30 seconds C. 40 seconds D. 50 seconds

Answer: B B. 30 seconds

When managing tags what is NOT available in the System Tree? A. Clear Tag B. Exclude Tag C. Apply Tag D. New Tag

Answer: D D. New Tag

When performing the On-Demand scan, what System utilization settings are affected? A. Cookie B. Registry C. Encrypted files D. Targeted files

Answer: D D. Targeted files

Which of the following are methods that can be used to access System Information? Select the two that apply. A. Open the computer property query under reports B. Click a computer in the system tree C. Select computer properties under system actions D. Open a query and then click a computer in the report

Answer: B, D B. Click a computer in the system tree D. Open a query and then click a computer in the report

Which of the following is a supported browser on Windows for ePO? Select the three that apply? A. Internet Explorer B. Firefox C. Safari D. Chrome E. Opera

Answer: A, B, D A. Internet Explorer B. Firefox D. Chrome Comment: If the exam asks for two, then it may be referring to an older release. If so, then select A and B **_Notes from KB51569 as of 4/9/2017 :_** *Browser/ePO 5.1/ePO 5.3/ePO 5.9* Safari 6.0 and later (on Mac OS X)/Yes/Yes/Yes Chrome 17 and later/Yes/Yes/Yes Edge/No\*\*/No\*\*/Yes (\*\* as of 11/16/2016 KB85265 states ePolicy Orchestrator does not currently support the Microsoft Edge browser that will ship with Windows 10. Support for this browser is planned for a future release.) Internet Explorer 9.0 and later/Yes/Yes/Yes Mozilla Firefox 10.0 and later/Yes/Yes/Yes

After a query has been completed, additional actions can be taken on the A. lower right hand corner of page B. lower left hand corner of page C. upper right hand corner of page D. upper left hand corner of page

Answer: B B. lower left hand corner of page

Which of the following methods can be used to add systems to groups within the system tree? Select the three that apply. A. Login scripts B. Importing AD Containers C. Import using a text file D. Importing AD systems E. Rogue system detections

Answer: B, C, D B. Importing AD Containers C. Import using a text file D. Importing AD systems

Which areas of the console allow the resetting of inheritance? Select the three that apply. A. Assigned B. Policy Catalog C. Group Details D. Systems E. Client Tasks

Answer: A, B, E A. Assigned B. Policy Catalog E. Client Tasks

Which of the following command line options for the cmdagent.exe will check for new policies and enforces them immediately upon receipt? A. /N B. /P C. /C D. /E

Answer: C C. /C

When creating a Run Query Server Task, which sub-actions can be selected to allow the system to automatically act upon the results of a query? Select the three that apply. A. Apply tag B. Delete system C. Create group D. Export to file E. Send snmp trap

Answer: A, B, D A. Apply tag B. Delete system D. Export to file

Agent Handlers are used to: A. replace distributed repositories B. ensure agents receive policies, tasks, and product updates. C. fix a broken network segment D. identify Rogue Systems on the network

Answer: B B. ensure agents receive policies, tasks, and product updates.

What is the only Dashboard that is active by default? A. RSD Summary B. Executive Dashboard C. HIP Dashboard D. ePO Summary

Answer: D D. ePO Summary

When a group has four sorting criteria assigned, the system will be placed into the group when it meets how many of the conditions? A. One B. Two C. Three D. Four

Answer: A A. One

What is the maximum amount of time in seconds that can be configured for ping timeout in the McAfee Agent Policy? A. 15 B. 30 C. 60 D. 90

Answer: C C. 60

Which settings are preserved when installing VirusScan on a computer that had a previous version installed? Select three that Apply. A. Help files B. Scanning Engine C. Detection definition file D. Log file names and locations E. Registry Keys containing product versions

Answer: B, C, D B. Scanning Engine C. Detection definition file D. Log file names and locations

Which file found in the \Program Files\McAfee\ePolicy Orchestrator\Server\conf directory needs to be modified to change the default ePO Console session timeout. A. server.xml B. web.xml C. tomcat-users.xml D. context.xml

Answer: B B. web.xml

How many managed machines are required before it is recommended to use a dedicated ePO server? A. 50 B. 500 C. 5000 D. 50000

Answer: C C. 5000

Framework Service is responsible for which of the following functions? Select the two that apply A. Schedule Server Tasks B. Enforce Policies C. Collect and Send system Properties D. Scan for threats and vulnerabilities E. Policy throttling

Answer: B, C B. Enforce Policies C. Collect and Send system Properties

McAfee ePO server listens on Port 8443 for connection to the administrative console. The Apache service port listens is on which of the following default ports? A. 80, 8081 B. 8081, 8443 C. 80, 443 D. 8444, 1433

Answer: C C. 80, 443

When computers check into the System Tree, subgroups are considered for matching criteria according to A. criteria B. tag C. sorting order D. IP filtering

Answer: C C. sorting order

What tag options are available in the system tree?

Answer: * Clear tag * Exclude * Apply tag

What two users are automatically added to newly created permission sets?

Answer: * Admin * System

When a subgroup's policy is deleted, which policy will it inherit?

Answer: * Parent Group

What actions are available from the Policy Catalog? (Actions column on the far right)

Answer: * Rename * Duplicate * Delete * Export * Share * View

What options exist when creating a Product Deployment Client Task? (Row headers on the column on the left)

Answer: * Type of Deployment (continues or fixed) * Select Software * Select Systems * Select Start Time

Name the 5 client tasks categories for McAfee Agent.

Answer: * McAfee Agent Statistics * McAfee Agent Wakeup * Mirror Repositories * Product Deployment * Product Update

What 2 options are available in the popup after right clicking a file & selecting "Scan for threats"?

Answer: * Clean and continue

In what VSE policies is the ability to set log file sites?

Answer: * Access Protection * BOF * On-Access General * On-Delivery Email Scans

Name 2 policies that can be configured to record Session settings for reporting?

Answer: * On-Delivery Email Scan * On-Access General Policies

Where are the server logs installed?

Answer: * Install directory org * \DB\logs * \Server\logs Notes: According to McAfee KB81641 ePO is comprised of three server-side services and a Microsoft SQL database, each of which serves a different purpose: The Application Server service (or Tomcat) is responsible for displaying the ePO console GUI. The Event Parser service takes events uploaded from clients in the environment and parses them into the SQL database. The Server service (or Apache) processes and receives all Agent-to-Server communication in the environment. The following are the primary log locations for these services: Application Server service (Tomcat): orion.log or orion\_servername.log located in: ...\\server\logs\ Event Parser service: eventparser.log or eventparser\_servername.log located in: ...\\db\logs\ ``` Server service (Apache): server.log or server\_servername.log located in: ...\\db\logs\ ```

What are the 7 default server tasks column headings?

Answer: * Name * Status * Type * Schedule * Next Run * Last Run * Actions

What are 3 settings that are preserved when upgrading VSE?

Answer: * Scan Engine * Detection definitions files (DAT) * Log file names & locations

What is the order for creating a query?

Answer: * Select results type * Configure chart * Choose columns * Apply filter

What detail property includes the Local Time Zone value of a managed machine? A. Virus Scan Enterprise properties B. McAfee Agent properties C. Host Intrusion Prevention properties D. System Information properties

Answer: D D. System Information properties

What 3 options are available when scheduling a product deployment task to run daily? (last box at the bottom of the page)

Answer: * Enable Randomization * Stop the task if it runs for specified time * Run missed task at specified time delay

What McAfee Agent Policy allows configuration for enabling remote access to the Agent - (computer) XML log file?

Answer: * It is the logging tab in the general policy

Where do you set the default dashboards for users?

Answer: * Server Settings

Name 3 reasons why a RSD Sensor hasn't reported back after deployment.

Answer: * Unable to resolve IP address * Deployment failed * Sensor service is disabled after installed

Where can you enable system tree sorting?

Answer: * Server settings

What are the 2 sync types in a system tree?

Answer: * NT Domain * Active Directory

McAfee Agent push install to client machines relies on access to the ______ share

Answer: Admin$

What are the two types of replication for distributed repositories?

Answer: * Full * Incremental

Name the VSE policies

Answer: * Access protection * Alert * Buffer Overflow Protection * General Options * On-Access Default Processes * On-Access General * On-Acess High-Risk Processes * On-Acess Low-Risk Processes * On Delivery Email Scan * Quarantine Manager * Unwanted Programs

What is the max timeout, in seconds, to ping an Agent?

Answer: 60 seconds

When configuring AD settings, exceptions can include \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_.

Answer: Organizational Units

Name both valid server tasks for updating ePO Repositories

Answer: * Repository Pull * Repository Replication

What does the following default port do? 8443

Answer: **8443** - Console-to-application server communication port. Tomcat (application server) --- Console UI TCP port that the ePO Application Server service uses to allow web browser UI access. NOTE: See KB66797

What does the following default port do? 8444

Answer: **8444** - Client-to-server authenticated communication port TCP Port that the Agent Handler uses to communicate with the ePO server to get required information (such as LDAP servers). NOTE: See KB66797

When creating a VSE Memory Scan what locations do you Scan?

Answer: * Memory for rootkits * Running Processes

What locations do you scan when creating a VSE On-Demand Scan?

* Memory for rootkit * Running Processes * All local drives * Registry

Name the purge tasks and the frequency the tasks run.

Answer: * Audit logs - 6 months * Client Events - 6 months * Server Tasks - Threat events, 1 day * SAE Events - 10 days

What is the Default Dashboard that provides text-based search field?

Answer: * Quick system search

When creating a VSE Active User Scan, what locations do you scan?

Answer: * User Profile * Temp * Registry * Registered Files * Windows folder

When using CmdAgent.exe from the Command line, what do the following options do? /h /l

Answer: /h - List all the switches with their description /l - Set the location of the log file See KB article KB52707

When using CmdAgent.exe from the Command line, what do the following options do? /c /s /i

Answer: /c - Check for new policies. The agent contacts the ePO server for new or updated policies; then enforces them immediately upon receipt. /s - Display the Agent Monitor /i - Display McAfee Agent information See KB article KB52707

What are the 3 types of synchronization available in the system tree (for LDAP)

Answer: 1. Leave systems in their current location only 2. Add systems to the sync group and leave them in the current location 3. Move system tree from their current System Tree location to synchronized group

What are the first 5 sub-actions for a "Run Query" server task? (hint: A-D)

Answer: A-D * Apply Tag * Assign Policy * Clear Tag * Delete Systems * Deploy McAfee Agent E-M * Email File * Exclude Tag * Export to file * Generate Compliance event * Move Systems R-W * Resort systems * Run client task now * Run External cmd * Set User properties * Transfer systems * Wakeup Agents

Tomcat is responsible for Automatic Responses. A. True B. False

Answer: A. True

What does the Apache server handle do in ePO?

Answer: Manages Events, Group management, Tag management and Agent sorting. AKA Agent Handler Reference: KB81641 - The Server service (or Apache) processes and receives all Agent-to-Server communication in the environment

Which VSE menu option is used to unlock the user interface?

Answer: * Tools

Name the three places/ways to reset inheritance.

Answer: * Assigned Policies * Policy Catalog * Client Tasks

What file is used to restore repository list during re-installation?

Answer: * SiteMGR.xml

What is the name of the ePO query and reporting system?

Answer: * Query Building Wizard

What are the four tabs of the query builder?

Answer: * All * Private Groups * Shared Groups * Public Groups

What file in the /.../server/conf directory needs to be modified to change the default timeout?

Answer: * Web.xml

Name these default ports. * 389 * 636 * 445

Answer: * 389 - LDAP Server Port * 636 - SSL LDAP * 445 - SMB Windows Domain Controller

Name these default ports: * 8081 * 8082

Answer: * 8081 - Agent Wake Up * 8082 - Agent Broadcast - Superagents use this

What are the order of events for an ePO fresh install?

Answer: 1. Create 2nd admin 2. Registered Servers 3. Server settings 4. System Tree 5. Software Manager 6. Client Tasks 7. Master Repo 8. Server Tasks 9. Contacts 10. Automatic response 11. Deploy agents

Name these default ports. * 1433 * 1434

Answer: * 1433 SQL TCP * 1434 SQL UDP

What are the 3 default permission sets other than Executive Reviewer?

Answer: * Global Reviewer * Group Admin * Group Reviewer

When using CmdAgent.exe from the command line, what do the following options do? * /p? * /e?

Answer: * /p - Collect and send properties * /e - Enforce policies locally

Where are install logs located?

Answer: % temp%\McAfeelogs

How are products broken down?

Answer: By categories

How are the policies broken down?

Answer: By tabs

What file contains the list of disabled event ids?

Answer: Evtfilter.ini

Name two valid deployment types (packages)

Answer: * Agent language pack * ExtraDAT pack

What is the only available dashboard in a bare ePO install?

Answer: * ePO Summary

Where is Agent gathered system information stored in the SQL database?

Answer: * EPOComputerProperties

What is the ePO standard log level?

Answer: 7

The framework service is responsible for which two functions?

Answer: * Enforce policies * Collect and send system properties

What is the ePO Debug log level?

Answer: 8

What options exist when scheduling a client task? (Row headers on left side)

Answer: * Tasks to Schedule * Task Actions * Created at * Lock task inheritance * Tags * Schedule type * Effective period * Start time * Task runs according to * Options

When creating a custom dashboard and specifying the "Size:", what is the minimum and maximum layout that can be defined? A. 1x2, 6x4 B. 1x2, 5x5 C. 1x2, 5x4 D. 2x3,6x4

Answer: A A. 1x2, 6x4

Criteria-based tags can be created using: A. Task settings B. System Properties C. Product Properties D. Policy settings

Answer: B B. System Properties

What option should be selected in the SQL maintenance plan rebuild index? A. Reorganize the pages with the default amount of free space B. Change free space per page percentage to: C. Sort results in tempdb D. Keep index online while reindexing

Answer: B B. Change free space per page percentage to:

Which of the following needs to be enabled to successfully deploy an Agent from the ePO server? (Choose three) A. Framework service B. Remote Registry service C. File and Printer Sharing D. Admin$share E. C$share

Answer: B, C, D B. Remote Registry service C. File and Printer Sharing D. Admin$share

Under the Access Protection policy which of the following is a User-defined Rule? A. Registry Blocking B. Prevent FTP communication C. Prevent McAfee Services from being stopped D. Block read and write access to all shares

Answer: A A. Registry Blocking

Which of the following is the best formula to use to calculate the size of the database? A. Installed database size + (number of clients x client system size) + (number of events generated x event size) B. Installed database size + (number of clients I client system size) + (number of events generated I event size) C. Installed database size I (number of clients - client system size) + (number of events generated - event size) D. Installed database size x (number of clients + client system size) + (number of events generated x event size)

Answer: A A. Installed database size + (number of clients x client system size) + (number of events generated x event size)

If it takes 90 seconds to accomplish an on-demand scan with the CPU utilization set at 90%, if the CPU utilization is set for 30% how many seconds will it take? A. 180 B. 270 C. 360 D. 450

Answer: B B. 270

Which of the following are result types in the query builder used by Multi-Server Rollup Querying? (Choose three) A. Rolled-up Threat Events B. Rolled-up RSD Detections C. Rolled-up Managed Systems D. Rolled-up Applied Policies E. Rolled-up Audit Log

Answer: A,C,D A. Rolled-up Threat Events C. Rolled-up Managed Systems D. Rolled-up Applied Policies

Into which of the following formats can query results be exported? (Choose two) A. CSV B. TXT C. PDF D. DOC E. SQL

Answer: A,C A. CSV C. PDF

What information is required during an ePO clustered installation? (Choose three) A. Virtual server IP address B. Virtual server mac address C. Virtual server name D. Virtual server DNS name E. Virtual server communications port

Answer: A,C,D A. Virtual server IP address C. Virtual server name D. Virtual server DNS name

The first action when creating a query using the Query Wizard is choosing a: A. resulttype B. charttype C. feature group D. filter set

Answer: A A. resulttype

When the sorting criteria overlaps two groups, the system will sort into the group dependent on: A. Order B. Tag C. AgentGUID D. MAC

Answer: A A. Order

The replication types used in updating distributed repositories are: A. full and incremental B. all repositories and selected repositories C. incremental and all repositories D. full and all repositories

Answer: A A. full and incremental

The option available for the McAfee Default Policy is? A. Rename B. Duplicate C. Edit D. Delete

Answer: B B. Duplicate

What is the Rogue System Detection policy for Sensor's detected system cache life time in seconds? A. 300 B. 600 C. 1800 D. 3600

Answer: A A. 300

Which of the following can be configured as Server Tasks? (Choose three) A. Purge Event logs B. Event Filtering C. RollUp Data D. Run Tag Criteria E. Deployment Task

Answer: A, C, D A. Purge Event logs C. RollUp Data D. Run Tag Criteria

What additional scan item is added when the Anti-Spyware module is installed? A. Running processes B. Home folder C. Registered Files D. Recycle bin

Answer: C C. Registered Files

When importing a policy the file type is? A. CSV B. PDF C. HTML D. XML

Answer: D

Which VirusScan component intercepts input/output operations called by the Operating System? A. Common Shell B. Access Protection C. On-Access Scanner D. Filter Driver

Answer: D D. Filter Driver

What component needs to be installed in the DMZ to allow external systems to receive appropriate policies and tasks? A. Framework B. Agent Handler C. Super Agent D. Repository

Answer: B B. Agent Handler

Which of the following policy settings would enable an ePO administrator to remotely view the Agent Activity Log using a web browser? (Choose two) A. Agent Policy option 'Enable remote access to log' is checked B. 'Accept connection only from ePO server' option is checked C. 'Accept connection only from ePO server' option is unchecked D. Desktop default firewall policy is enabled E. IPS default policy is enabled

Answer: A, C A. Agent Policy option 'Enable remote access to log' is checked C. 'Accept connection only from ePO server' option is unchecked

If a machine is unable to communicate with a repository using the Ping time option, what is the value assigned to that repository in the sitelist.xml file? A. 65535 B. 73953 C. 1024 D. 8443

Answer: A A. 65535

All traffic between Agents and the Handler are signed and verified with what type of key pairs? A. RSA B. DSA C. ASSC D. 3DES

Answer: C C. ASSC

How do Rogue System Detection Sensors detect systems on a network? A. Port scanning and OS fingerprinting B. Broadcast messages and DHCP responses C. Database query and system lookup D. Automatic Responses and system properties

Answer: B B. Broadcast messages and DHCP responses

What important property simplifies policy and task administration? A. Hierarchy B. Lock Policy C. Inheritance D. Enforcement

Answer: C C. Inheritance

In order to protect the ePO keys, which directory on the server is required to be backed up? A. C: \Program files\mcafee\epolicy orchestrator\DB\software B. C: \Program files\mcafee\epolicy orchestrator\DB\keystore C. C:\Program files\mcafee\epolicy orchestrator\a pache2\conf D. C: \Program files\mcafee\epolicy orchestrator\server\cache

Answer: B B. C: \Program files\mcafee\epolicy orchestrator\DB\keystore

A system is considered an Inactive Agent by the Rogue System Detection Server if it has not reported back within the last: A. 20 days B. 30 days C. 45 days D. 60 days

Answer: C C. 45 days

Which file pulled from the server contains the distributed repository list? A. Sitelist.xml B. SiteStat.xml C. Sitemaplist.xml D. SiteMgr.xml

Answer: A A. Sitelist.xml

When a policy is created in the policy catalog the new policy is: A. Assigned B. Not assigned C. Shared D. Not enforced

Answer: B B. Not assigned

Which of the following is the default location for the McAfee Agent configuration files? A. Common Framework B. System32 C. My Documents D. WindowsTemp

Answer: A A. Common Framework

Which command line option is used to uninstall Anti-Spyware? A. SetupVSE.exe /REMOVE B. Setup.exe/X C. Scan32.exe /UninstallMAS D. Scan32.exe /DELETE

Answer: C C. Scan32.exe /UninstallMAS e.g., \scan32.exe /UninstallMAS See KB59996

Which of the following options is only available on the Dashboards page? A. Manage Dashboards B. New Dashboard C. Make Active D. Make Public

Answer: A A. Manage Dashboards

Of the following, what is the proper syntax for importing computers into groups using a text file? A. group1-system1\ B. group1system1 C. group1,system1 D. group1\system1

Answer: D D. group1\system1

Who can change the ownership of a policy? (Choose two) A. Group Admin B. Global administrator C. Owner D. System E. Root

Answer: B,C B. Global administrator C. Owner

In a disaster recovery situation, what must be completed to recover the ePO server? (Choose two) A. Re-deploy VirusScan B. Re-deploy the Agents C. Reinstall extensions D. Restore Agent Handlers E. Restore the database

Answer: C, E C. Reinstall extensions E. Restore the database

One or more permission sets can be assigned to any users who are not global administrators. Which of the following default permission sets can be assigned to users? (Choose three) A. Global Administrator B. Executive Administrator C. Group Admin D. Group Reviewer E. Custom Administrator

Answer: A, C, D A. Global Administrator C. Group Admin D. Group Reviewer

A rogue system is a machine that: A. does not match a white list. B. does not have the McAfee Agent installed. C. does not have McAfee VirusScan installed. D. does not have an Agent handler.

Answer: B B. does not have the McAfee Agent installed.

What feature provides the capability to group machines logically and, where necessary, set alternative policy and change inheritance settings? A. AD Sync B. System Tree C. Policy Catalog D. Softing Criteria

Answer: B B. System Tree

System tree synchronization can be configured according to which connectors? (Choose two) A. Open LDAP B. NT Domain C. eDirectory D. Active Directory E. Novell

Answer: B, D B. NT Domain D. Active Directory

Which of the following formats are available for exporting data? (Choose three) A. DOC B. CSV C. XML D. XLS E. HTML

Answer: B, C, E B. CSV C. XML E. HTML

Which of the following criteria are applicable when configuring Agent Handler assignments? (Choose three) A. Agent IP Address B. System Tree Location C. Agent NetBIOS Name D. FQDN/DNS Name E. Agent Subnet

Answer: A, B, E A. Agent IP Address B. System Tree Location E. Agent Subnet

System properties are directly helpful when creating which of the following? (Choose two) A. Criteria-based tags B. Server tasks C. Client tasks D. Assigned policies E. Creating queries

Answer: A, E A. Criteria-based tags E. Creating queries

Extensions that are installed into the ePO server are in what file format? A. .zip B. .nap C. .rar D. .jar

Answer: A A. .zip

Which of the following is a valid path for creating a SuperAgent repository? A. C:\Program Files B. C:\McAfee C. C:\McAfee\software D. C:\SuperAgent

Answer: C C. C:\McAfee\software

Which of the following servers can be designated as registered? (Choose two) A. LDAP B. DHCP C. NTLM D. SNMP E. SMTP

Answer: A, D A. LDAP D. SNMP

What feature can monitor battery state and full screen awareness? A. On-Demand Scan B. On-Access Scanner C. Update Task D. Access Protection

Answer: A A. On-Demand Scan

What is required to run ePO in a high availability environment on two or more servers? A. Local SQL Server B. Microsoft Cluster Server (MSCS) C. Veritas Cluster Server (VCS) D. Agent handler

Answer: B B. Microsoft Cluster Server (MSCS)

How are policy settings grouped within products? A. Product B. Category C. Assignment D. Name

Answer: B B. Category

What feature gathers Managed System and Compliance Information from remote ePO servers and allows reports to be run against the data? A. Rolled-up Managed Systems B. Multi-Server Roll-up Reporting C. Rolled-up Compliance history D. Multi-Server Summary Reporting

Answer: B B. Multi-Server Roll-up Reporting

What is the name of ePO's reporting wizard? A. Crystal Reports B. ePO Queries C. System Report D. Query Builder

Answer: D D. Query Builder

Which VirusScan components can be configured for the Artemis Heuristics detection? (Choose two) A. On-Delivery Email Scanner B. Access Protection C. On-Access Scanner D. Unwanted Programs Policy E. Buffer Overflow Protection

Answer: A, C A. On-Delivery Email Scanner C. On-Access Scanner See KB70130 "How to enable Global Threat Intelligence Technology in various products"

An ePO administrator is trying to update the Sitelist.xml file for an existing McAfee Agent to point to a different ePO server. Which command should be used? A. Frminst.exe /install=agent /siteinfo="C:\Sitelist.xml" B. Frminst.exe /install=agent /forceinstall /siteinfo="C:\Sitelist.xml" C. Frminst.exe /install=updater /siteinfo="C:\Sitelist.xml" D. Frminst.exe /install=agent /SITELIST="c:\Sitelist.xml"

Answer: A A. Frminst.exe /install=agent /siteinfo="C:\Sitelist.xml"

What task can be configured to copy the contents of one distributed repository into another distributed repository which is outside of the normal replication process? A. Update Task B. Mirror Task C. On-Demand Scan Task D. AutoUpdate Task

Answer: B B. Mirror Task

Which of the following options are required to share policies between ePO servers? (Choose three) A. Designate the policy B. Register the server C. Duplicate the policy D. Assign the policy E. Schedule a server task

Answer: A, B, E A. Designate the policy B. Register the server E. Schedule a server task

All Dashboards, other than the default, are owned by what user? A. Executive Admin B. Group Admin C. Executive Reviewer D. Global Administrator

Answer: D D. Global Administrator

What component is composed of the following high-level scanners; AntiVirus Scanner, Buffer Overflow protection, On-Access Scanner, and Access Protection? A. McShield.exe B. Mcconsol.exe C. Common Shell D. Filter Driver

Answer: A A. McShield.exe

Which of the following is a file system filter driver? A. Mfeapfk.sys B. Mfeavfk.sys C. Mfebopk.sys D. Mfehidk.sys

Answer: B B. Mfeavfk.sys

Which of the following are valid permissions for query functions? (Choose two) A. Use private queries B. No permissions C. Create and edit personal queries D. Edit private queries E. Make public queries private

Answer: B, C B. No permissions C. Create and edit personal queries

What is the maximum number of days that can be set in the VirusScan option "Number of days to keep back-up data in the quarantine directory"? A. 30 B. 90 C. 365 D. 999

Answer: D D. 999

What files are automatically downloaded from the McAfee source repositories with a pull task? (Choose two) A. Service Packs B. Patches C. DATs D. Product Updates E. Potential Unwanted Programs

Answer: C, E C. DATs E. Potential Unwanted Programs

Which ePO service manages Agent communication? A. Event Parser B. Framework service C. Tomcat D. Apache

Answer: D D. Apache

A registered LDAP server is used with which of the following authentication types? A. SQL authentication B. Windows authentication C. Certificate based authentication D. ePO authentication

Answer: B B. Windows authentication

Which of the following is true regarding Disaster Recovery? A. Database administrator rights are required to change the Keystore encryption passphrase. B. The Keystore encryption passphrase is used to encrypt and decrypt the sensitive information stored in the server. C. Disaster Recovery is enabled by default for all database types. D. The previous passphrase is required to change the Keystore encryption passphrase.

Answer: B B. The Keystore encryption passphrase is used to encrypt and decrypt the sensitive information stored in the server.

Assignment locking prevents: A. Changes to the policy at the parent. B. Changes to client tasks. C. Changes to inheritance. D. Changes by users.

Answer: C C. Changes to inheritance.

What task can be configured to copy the contents of one distributed repository into another? A. Synchronize Shared Task B. Update Master Repository Task C. Repository Replication Task D. Repository Pull Task

Answer: C C. Repository Replication Task

Policies can be imported into ePO using which file type? A. CSV B. PDF C. HTML D. XML

Answer: D D. XML

If a policy assigned to the “My Organization” group is deleted, what policy is assigned in its place? A. McAfee Default B. Parent Group C. My Default D. Global Group

Answer: A A. McAfee Default

How can an ePolicy Orchestrator administrator manage assets in a network broadcast segment that cannot communicate directly with the ePolicy Orchestrator server? A. Enable peer-to-peer communication B. Convert the agents to super agents C. Utilize and Agent Deployment URL D. Configure an agent relay server

Answer: D D. Configure an agent relay server

What is the purpose of installing the McAfee Agent in VDI mode? A. VDI mode is used to avoid duplicate GUIDs in virtual environments with non-persistent virtual machines B. VDI mode prevents the inadvertent installation of point products that are not compatible with virtual clients C. VDI mode is used to store administrative credentials so that the Agent can be reinstalled if the virtual machine is reprovisioned D VDI mode is used to provide virtual machines on the same cluster as a source to pull updates in order to save bandwidth

Answer: A A. VDI mode is used to avoid duplicate GUIDs in virtual environments with non-persistent virtual machines

What important System Tree property simplifies policy and task administration? A. Hierarchy B. Lock Policy C. Inheritance D. Enforcement

C. Inheritance

When configuring Active Directory synchronization, exceptions can be created for which of the following? A. Organizational Units B. Security Groups C. Domain Groups D. Users

A. Organizational Units

When a group has four sorting criteria assigned, the system will be placed into the group when it meets how many of the conditions? A. One B. Two C. Three D. Four

A. One

What ports can you modify after installation? (Select two) A. Agent-server communication B. Agent-server communication secure port C. Agent wake-up communication port D. Agent broadcast communication port

Answer: C, D C. Agent wake-up communication port D. Agent broadcast communication port See "About HTTP port options" in the ePO Installation Guide The ports used by ePolicy Orchestrator software are predefined, and populated by default. Most port designations can be changed only during the installation process.

An ePO Agent Handler must have a high availability and high bandwidth connection to the \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_.

Answer: * ePO database

Exam Hint: * Know the different log names * Where the logs are located and * What log contains what information

Answers: **Orion –** Contains McAfee Foundation Services platform details and all extensions loaded by default. Located at : [InstallDir] \Server\logs **Server –** Contains details related to these McAfee ePO server services: * Agent-server communications * McAfee ePO Server Agent Handler Located at : [InstallDir]\DB \Logs **Audit –** The ePO Audit Log contains many EE policy added/deleted/changed/saved log entries similar to the following for policies that are not configured by the ePO administrator

Name the three branches in the ePO Master Repository.

Answer: 1. Current 2. Previous 3. Evaluation From the McAfee Community: Current - All the Packages you want to deploy to your Client Machines are in this branch and, by default, McAfee Agents take updates from this Branch. Previous - This is the branch where you generally keep your old version of McAfee Products or old DAT. Whenever there is a new McAfee Product Version released you check-in the package into the Current Branch of the Master Repository, and move the existing one into the Previous branch, so that you have the old version of the McAfee Product as well. There is no hard and fast rule to move the old version of McAfee Product to the Previous branch, and you can delete it as well. But some ePO admins want to have the old versions as well, so they move it to Previous branch. Evaluation - This branch is generally used for Testing Purpose. Suppose in your environment, you don't want to push an update to the production machines unless you test it and monitor the behavior of the new McAfee Product or updates before testing it. Then you can check-in the McAfee Product or updates into this branch, change the McAfee Agent policy for the test machine to get the updates from Evaluation Branch instead of Default Current branch, let the updates be pushed to Test Machines, and then monitor it. Once satisfied, change the branch of the Product or update to Current branch, so that it can be pushed to all the machines in the Production Environment.

What is the default secure port that the Apache service listens on?

Answer: * 443

Which query results are actionable? A. Bar and Graph results B. Table results C. Pie Graphs D. All results

Answer: D D. All results

Making a Personal query Public is done by: A. Selecting the Query and choosing Actions \> Make Public B. Choosing the Make Public button on the Queries page. C. Moving the query to a public group.

Answer: C C. Moving the query to a public group.

You can schedule a query to run periodically by creating a: A. Run Query Server Task B. Run Query Client Task C. Run Query Reporting Task D. System Search Server Task

Answer: A A. Run Query Server Task

Which of the following report header and footer elements are customizable? A. Logo B. Date/Time C. Page Number D. User Name E. Custom Text F. All of the above

Answer: F F. All of the above

Which ePO component resides on the ePO server and stores all managed software, including updates and signatures? A. Database B. Distributed Repository C. Master Repository D. McAfee Agent

Answer: C C. Master Repository

You plan to install the SQL Server that is included with the ePO software. What Microsoft software must be acquired and installed manually before beginning the ePO installation? A. Microsoft Visual C++ 2005 Redistributable Package (x86) B.. Microsoft Visual C++ 2008 Redistributable Package (x86) C. Microsoft SQL Server Data Engine 7.0 D. Microsoft.NET Framework 3.0 or higher

Answer: D D. Microsoft.NET Framework 3.0 or higher

Horizontal scalability is typically recommended for managing large, multi-ePO server deployments. A. True B. False

Answer: B B. False

You anticipate your ePO deployment will manage more than 75,000 managed nodes. What is the recommended RAID configuration for the operating system partition? A. RAID 1 B. RAID 2 C. RAID 3 D. RAID 10

Answer: A A. RAID 1

A dedicated server is recommended, if managing more than 250 systems. A. True B. False

Answer: A A. True

If SQL Server is installed on the same server as ePO, then ePO dynamically assigns a local SQL port; however, the port for the remote SQL server remains 1433. A. True B. False

Answer: A A. True

The account used to install ePO must have the ability to create a new database, set permissions on tables and stored procedures, and create SQL jobs. Which of the following are valid roles? A. bulkadin B. dbdcreator C. Securityadmin D. sysadmin

Answer: B B. dbdcreator D. sysadmin

An ePO product license key is required to install ePO software. A. True B. False

Answer: B B. False You can install an evaluation copy of ePO. The evaluation period expires after 90 days.

When can permission sets be assigned? Select all that apply. A. When a new user account is created B. When a new permission set is created C. To any existing user account D. Only by the Group Admin

Answer: A, B, C A. When a new user account is created B. When a new permission set is created C. To any existing user account

By default, administrators have all permissions to all products and features. A. True B. False

Answer: A A. True

What is the default authentication method for ePO users? A. ePO authentication B. Certificate-based authentication C. Windows-based authentication

Answer: A A. ePO authentication

You have added a group to the System Tree: Virginia. My organization is the parent. Given these factors, where will the Lost&Found group be placed in the System Tree? A. Before the Virginia group B. After the Virginia group

Answer: B B. After the Virginia group

You can rename My Organization, as required. A. True B. False

Answer: B B. False

You can use a group's sorting criteria to sort systems by: A. NetBIOS name and IP address B. IP address and tags C. Tags and group name D. Group name and NetBIOS name

Answer: B B. IP address and tags

You can prevent all systems from being sorted into groups, regardless of their sorting criteria or status, by disabling System Tree sorting in: A. Server Settings B. Group Details C. Sorting Criteria D. Group Policy

Answer: A A. Server Settings

Exam hint: What is the main reason for having three different branches (evaluation, previous, current) in the Master Repository?

Answer: Having three branches gives the administrator more flexibility in applying updates and new products.

The SQL Server database must reside on the same server as the ePO Software. A. True B. False

Answer: B B. False

_Communication security:_ Which of the following is **not** a part of the McAfee agent enabled devices communication security procedures to an ePO server? A. Encapsulation in proprietary protocol B. GUID verification C. TLS encryption D. Digital signature

Answer: B B. GUID verification

_Port security:_ Why do we not use the default ports (80, 8443, 1433…)? A. Every hacker knows they’re the default ports B. They are fundamentally weaker since they include no security protocols C. They do not work for ePO applications D. They are one-way ports, and do not allow data transfer from server to agent

Answer: A A. Every hacker knows they’re the default ports

ePO Installation protocols: Which installation mode must be set at the start of installation, and from which cannot be switched without a reimplementation? A. Express B. Custom install C. Cluster D. FIPS mode

Answer: D D. FIPS mode

_Permission sets_: Which of the following is true? A. You can export single permissions into a .zip file B. You can only export permission sets into a .zip file C. You can export single permission sets into an .xml file D. You can only export permission sets into an .xml file

Answer: D D. You can only export permission sets into an .xml file

_Managing users with AD_: How does ePO use the Active Directory when building the system tree? A. Defaults to organizing by workstation and laptops B. Assigns user roles to all members in the current Active Directory C. Determines what group an individual is in, and allows you to determine their permissions based on their system tree location D. Uses the LDAP server as a backup for the Active Directory

Answer: C C. Determines what group an individual is in, and allows you to determine their permissions based on their system tree location

_System tree:_ When a device with a McAfee Agent reports into ePO, and ePO can’t figure out where it goes in the system tree, where is it put? A. A subgroup of the domain name that the device is on, inside the lost & found directory B. In the parent directory of the lost & found C. In its own subgroup under My Organization -\> McAfee D. It is rejected by ePO and logged as a failed access attempt

Answer: A A. A subgroup of the domain name that the device is on, inside the lost & found directory

_Tag Catalog_: What is the purpose of tagging? A. Finding a single system in a long list of systems B. Giving unique names to systems C. Organizing systems in an intuitive and custom way to allow for easier access to similar groups of systems D. Sharing system information with other ePO servers

Answer: C C. Organizing systems in an intuitive and custom way to allow for easier access to similar groups of systems

_System Tree Configuration_: Which of the following is not a recommended guideline for system tree configuration? A. Sort systems once on next agent-server communication B. Sort systems on each agent-server communication C. Enable system tree sorting D. Disable system tree sorting

Answer: C C. Enable system tree sorting

_McAfee Agent Installation_: Which of the following refers to an installation task, as opposed to a deployment task? A. SolidCore application control added to an end node B. McAfee Agent first installation onto a machine C. McAfee Change Control added to a machine D. VirusScan Enterprise added to an end node

Answer: C C. McAfee Agent first installation onto a machine

_Customizing tabs_: Which tab allows for custom ordering of properties by the user? A. The threat events tab B. The products tab C. The system properties tab D. The McAfee Agent tab

Answer: C C. The system properties tab

_Planning client tasks_: Where should you create a daily update task in the System Tree to ensure inheritance throughout the tree? A. The lowest level of the System Tree B. The Lost & Found directory C. The My Organization/highest level of the System Tree D. Under any and all custom branches

Answer: C. C. The My Organization/highest level of the System Tree

_Policy configuration general tab_: Which of the following are true? (Select all that apply) A. Super agent wake-up calls will wake up regular agents B. Agent wake-up calls will only wake regular agents C. Policy enforcement is done locally at every policy enforcement interval D. It is considered best practice to keep the ASCI at the default of 60 minutes

Answers: B, C B. Agent wake-up calls will only wake regular agents C. Policy enforcement is done locally at every policy enforcement interval

_Product deployment_: How can your system become backed up with stacked tasks? A. Enabling auto-update on too large of a network B. Running product deployment on a short policy enforcement cycle C. Postponing deployment for more than 2 days D. Using “Run immediately” tasks

Answer: B B. Running product deployment on a short policy enforcement cycle

_LazyCaching_: Where is the content actually cached when performing LazyCaching? A. ePO master repository B. Requesting device or endpoint C. SuperAgent D. Rogue System

Answer: C C. SuperAgent

_Repository pull tasks_: What are the primary steps for creating an automatic content pull and replication? A. Push content to McAfee from master repository, replicate that content to your distributed repositories B. Pull content from McAfee to master repository, remove that content from your distributed repositories C. Pull content from McAfee to master repository, replicate that content to your distributed repositories D. Pull DAT files from Super Agents, replicate that content to your ePO server

Answer: B B. Pull content from McAfee to master repository, replicate that content to your distributed repositories

_Default dashboards_: Which of the following operations can you not run on a default dashboard? A. Duplicate B. Delete C. Modify D. Create

Answer: B B. Delete

_Query Builder_: Which of the following is not a step in the query-building process? A. Choose feature group/result type B. Eliminate irrelevant charts C. Select table columns or drill-down D. Apply filters

Answer: B B. Eliminate irrelevant charts

_Server utilities_: Select which purging options can be automated by a server. A. Purging old records based on a timer B. Purging based on the results of a query C. Purging users and accounts D. Purging existing server schedules

Answers: A, B A. Purging old records based on a timer B. Purging based on the results of a query

_Automatic response page_: Why are default rules disabled in the automatic response page by default? A. To prevent hackers from using these rules as vulnerabilities B. Because ePO wants to require the user to create new rules to enable C. Because disabling rules saves resources D. Because the default rules require additional configuration

Answer: D D. Because the default rules require additional configuration

_Disaster recovery_: Which of the following disaster recovery methods is the most expensive with respect to hardware, and most complicated with respect to networking? A. Re-installing a failed ePO server from a snapshot B. Re-installing an operating system on a clustered server C. Keeping cold/hot spares on one physical site D. Keeping cold/hot spares on a separate physical site

Answer: D D. Keeping cold/hot spares on a separate physical site

_VirusScan Enterprise:_ What is Artemis, in the context of the VirusScan Console? A. A piece of malware that has been detected in an environment B. The enhanced heuristic detection component of McAfee SecurityCenter's virus protection module C. A setup utility to install VirusScan D. The .dat that was current when a product was released or reposted

Answer: B B. The enhanced heuristic detection component of McAfee SecurityCenter's virus protection module

_Configuring system utilization best practices:_ Which level of the following system utilizations is recommended for the on-demand scan when scanning systems with little user activity, such as servers? A. Normal B. Below normal C. Low D. None

Answer: A A. Normal

What are unmanaged system? A. Devices that are not online B. Devices that cannot complete server tasks C. Devices in the database without a McAfee agent D. Devices without ePO installed on them

Answer: C C. Devices in the database without a McAfee agent

_Planning an ePolicy Orchestrator Deployment_ What are some of the requirements of running ePO (choose all that apply)? A .64-bit OS for the ePO server B. ePO must be run on a physical server, not a VM C. The ePO must be accessible from a static IP address D. A supported web browser (Firefox, Chrome, Internet Explorer, or Safari)

Answers: A, C, D A. 64-bit OS for the ePO server C. The ePO must be accessible from a static IP address D. A supported web browser (Firefox, Chrome, Internet Explorer, or Safari)

_Installing ePolicy Orchestrator Software_ What is the default port assignment for agent-server communication? A. 8088 B. 8082 C. 8443 D. 80

Answer: D D. 80

Managing Permission Sets and Users A user with Global Review permissions: A. Can view permissions to the entire tree, but does not have access to settings B. Has undetermined access to managed products and systems C. View-only access to core functionality, and can review events and policies D. View all settings and the entire tree

Answer: D D. View all settings and the entire tree

_Creating and Populating the System Tree_ What is the best practice for deploying McAfee agents in ePO? A. Deploy all agents at once during a workday B. Deploy all agents in the middle of the night when employees are at home C. Deploy the agents manually, one at a time D. Stagger the rollout so that there is not a spike in network traffic

Answer: D D. Stagger the rollout so that there is not a spike in network traffic

Tags can be useful in ePO for: A. Automatic placement in System Tree groups B. System identification C. Inclusion of selected system information in reports D. All of the above

Answer: D D. All of the above

_System Tree Sorting_ When using tags, a test sort is useful for: A. Showing you where a system would be placed after your sorting criteria is applied B. Applying tags to selected systems C. Checking for duplicate systems D. Seeing which systems are managed and which are not

Answer: A A. Showing you where a system would be placed after your sorting criteria is applied

_McAfee Agent_ What is the purpose of a SuperAgent (choose all that apply)? A. Create an agent that all other managed systems will communicate with B. Minimize network traffic between locations C. Offload communications from the ePO server D. Provide an additional layer of security to the managed systems

Answers: A, B, C A. Create an agent that all other managed systems will communicate with B. Minimize network traffic between locations C. Offload communications from the ePO server

_System Information_ The Systems tab can be customized to show which of the following (choose all that apply): A. Presets – display either this group only or this group and its subgroups B. The System Tree C. Custom criteria from the Available Properties list D. A dashboard of the systems that ePO manages

Answers: A, C A. Presets – display either this group only or this group and its subgroups C. Custom criteria from the Available Properties list

_Client Tasks_ Which of the following is not a possible use for an ePO client task? A. Product deployment B. Product upgrades and updates C. Deploying server tasks D. None of the above

Answer: C C. Deploying server tasks

_Managing Policies_ What is the default policy enforcement interval in ePO? A. 12 hours B. 30 minutes C. 60 minutes D. 24 hours

Answer: C C. 60 minutes

_Deploying Software for Managed Systems_ What are some of the differences between product deployment projects and client deployment tasks (choose all that apply)? A. Product deployment projects allow you to configure fixed or continuous deployments B. Client deployment tasks allow you to schedule deployment, while product deployment projects do not. C. Product deployment projects allow you to view a historical snapshot of the number of systems receiving a deployment, while client deployment tasks do not. D. Client deployment tasks do not allow you to act on or manage client task objects and tasks created with ePO, but product deployment projects do.

Answers: A, C A. Product deployment projects allow you to configure fixed or continuous deployments C. Product deployment projects allow you to view a historical snapshot of the number of systems receiving a deployment, while client deployment tasks do not.

_Repositories_ Which of the following is NOT a characteristic of an ePO repository? A. They can house security software packages, extensions, data files, and updates B. They can distribute software to ePO-managed systems manually or automatically C. They can ensure that systems are protected from malware D. They can ensure that systems remain current

Answers: C, D C.They can ensure that systems are protected from malware D. They can ensure that systems remain current

_Product and Server Maintenance with Repositories_ ePolicy Orchestrator allows users to pull and install updates automatically. How often should users plan to have ePO check for updates? A. Daily—DAT files are released daily, and a system is not fully protected without the latest DAT and Engine files B. Weekly—Updating daily can cause network spikes C. Monthly—DAT files are only pushed by McAfee at the beginning of each month D. Users should not have auto-updates configured

Answer: A A. Daily—DAT files are released daily, and a system is not fully protected without the latest DAT and Engine files

_Managing Dashboards and Monitors_ Dashboards in ePO are useful for: A. An at-a-glance view of user-customizable information relevant to ePO B. Quickly launching server or client tasks C. Quickly deploying McAfee agentsNone of the above

Answer: A A. An at-a-glance view of user-customizable information relevant to ePO

_Working with Queries_ Which of the following is a correct difference between a query and a report? A. A query allows offline access for later viewing B. A report combines queries and other elements C. A report includes default queries D. A report provides answers to questions in the form of charts and tables by directly interacting with the ePO server

Answer: B B. A report combines queries and other elements

What are the three types of events that can trigger automatic responses in ePO (choose all that apply)? A. Client events B. Threat Events C. Compliance Events D. Server Events

Answers: A, B, D A. Client events B. Threat Events D. Server Events

Which of the following processes can be automated with a SQL Server maintenance plan? A. Backup B. Deploying agents C. Removing agents D. All of the above

Answer: A A. Backup

Which of the following are some best practices of disaster recovery (choose all that apply) A. Regularly take ePO Disaster Recovery Snapshots B. Ensure your keys are backed up C. If backing up to a separate restore server, ensure that its configuration closely resembles the previous configurations D. All of the above

Answer: D D. All of the above

Which of the following is NOT a feature of VirusScan Enterprise? A. Blocks multiple threats B. Lessens damage from outbreaks C. Stops malware in real time D. Protects against threats that target Adobe applications

Answer: D D. Protects against threats that target Adobe applications

VirusScan Enterprise’s Buffer Overflow Protection checks for a vulnerability involving: A. Attackers’ ability to overflow memory buffers and executing code B. Attackers’ ability to insert malicious code into memory buffers without overflowing the buffer C. Any type of vulnerability on a 64-bit system D. All of the above

Answer: A A. Attackers’ ability to overflow memory buffers and executing code