System Tree and Tags Flashcards

1
Q

What is the System Tree?

A

A hierarchical structure that organizes the systems in your network into groups and subgroups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the ways to add systems to your System Tree?

A
  • Manually add systems to an existing group
  • Import systems from a text file
  • Synchronize with your AD
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the methods to organize your System Tree?

A
  • Manual organization from the console(drag and drop)
  • Automatic synchronization with your Active Directory or NT domain server
  • Criteria-based sorting, used criteria applied to systems manually or automatically
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does the System Tree control?

A
  • How policies for different products are inherited
  • How your client tasks are inherited
  • What groups your systems go into
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

If you are creating your system tree for the first time, what are the primary options available for organizing your systems dynamically?

A
  • Using AD Synchronization

- Dynamically sorting systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some of the different criteria that may influence the way your System Tree is structured?

A
  • Administrator access (Access requirements of users who must manage the systems)
  • Topological borders (NT domains or AD containers)
  • Geographic borders(configuring policies differently for remote regions that use slower WAN or VPN connections)
  • Political borders (Who accesses and manages the segments of the system tree affects how it’s structured)
  • Functional borders (certain roles of the network may require special policies, such as a business group that runs specific software that requires special security policies)
  • Subnets and IP addresses ranges
  • Operating Systems/Software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the purposes of grouping systems?

A
  • Allows you to put systems with similar characteristics in the same place
  • Administrators or users can create and use them with the appropriate permissions
  • Allows for the management of policies and client tasks for similar systems in one place, rather than having to manage them on each individual system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is in the default system tree structure on a fresh install?>

A
  • My Organization - The root of the system tree, can’t be renamed or deleted
  • My Group - default group added during the Getting Started initial software installation
  • Lost and Found - Catch all subgroup for any systems that have not been or could not be added to other groups in your system tree.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the characteristics of the top level lost and found group?

A
  • Can’t be deleted
  • can’t be renamed
  • sorting criteria can’t be changed
  • always appears last(doesn’t adhere to alphabetization)
  • User must be granted permissions to the lost and found group to see its contents
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What happens when a system is placed in the top level lost and found group?

A

It is placed in a subgroup of the lost and found group named for its domain. If no such group exists, one is created

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How does inheritance work in the system tree?

A

Child groups in the system tree inherit the policies/client task assignments that are set at their parent groups.

Inheritance can be broken by applying a new policy at any location of the system tree

Inheritance can also be locked at any level to prevent systems below it from breaking inheritance for whatever reason

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the factors that you should use to determine how to structure your system tree?

A

Policy Assignment - Do you have many custom product policies to assign to group based on chassis or function? Do certain business units require their own custom product policy?

Network Topology - Do you have sensitive WANs in your organization that a content update might easily saturate?(if you only have major locations, this isn’t a concern for your environment)

Client task assignment - When you create a client task, such as an on-demand scan, do you need to do it a group level, like a business unit, or system type, like a web server

Content distribution - do you have an agent policy that specifies that certain groups must get their content from a specific repository

Operational controls - Do you need specific rights delegated to your ePO administrators that allow them to administer specific locations in the tree

Queries - Do you need many options when filtering your queries to return results from a specific group in the system tree

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What should you do prior to creating your system tree?

A

Create a few sample System Tree models and look at the pros and cons of each design to determine the most advantageous model for your environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are a few of the most commonly used System Tree designs?

A

Geographic Location -> Chassis - > Function
Network Location -> Chassis -> Function
Geographic Location -> Business Unit -> Function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are some of the possible building blocks for groups in your system tree?

A
Geographic Location
Network Location
Business Unit
Subbusiness unit
Function of the system (web, SQL, app server)
Chassis (server, workstation, laptop)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What can synchronizing with your Active Directory structure contribute to your System Tree?

A

You can:
-Import both the AD subcontainers and the systems within them into your System Tree, and maintain them by performing regular synchronizations

  • Import systems from the AD container and its subcontainers as a flat list, ignoring the structure of the AD
  • Control what to do with potential duplicate systems
  • Tag newly imported or updated systems
  • Use the system description, which is imported from AD with the systems
17
Q

What steps should you take to integrate your AD systems structure with your system tree?

A
  1. Configure the synchronizations settings on each group that is a mapping point in the System Tree. At the same location, configure whether to:
    - Deploy agents to discovered systems
    - Delete systems from the System Tree when they are deleted from Active Directory
    - Allow or disallow duplicate entries of systems that exist elsewhere in the System Tree
  2. Use the Synchronize Now action to import Active Directory systems (and possibly structure) into the System Tree according to the synchronization settings
  3. Use an NT Domain/Active Directory synchronization server task to regularly synchronize the systems (and possibly the Active Directory structure) with the System Tree according to the synchronization settings
18
Q

What are the two types of Active Directory synchronization?

A

Systems only

Systems and structure

19
Q

What options can you configure with your Active Directory synchronization?

A
  • Whether to automatically deploy agents to systems new to ePO (might not want to configure on initial synchronization if you are importing many systems and have limited bandwidth)
  • Whether to delete systems from ePO (and remove their agents) when they are deleted from Active Directory
  • Prevent adding systems to the group if they exist elsewhere in the System Tree, ensuring that you don’t have duplicate systems if you manually move or sort the system to another location
  • Exclude certain Active Directory containers from the synchronization, ignoring them during synchronization
20
Q

T/F: Like Active Directory Synchronization, NT domain synchronization syncs System Descriptions as well as System Names

A

False, NT domain synchronization only syncs the system names, the system description is not synchronized

21
Q

T/F: Systems must match all criteria of a group’s sorting criteria to be placed into the group

A

False, they need to only match one Criterion

22
Q

How does criteria based sorting in the system tree function?

A

Define either IP address information or Tags as sorting criteria for Subgroups. Systems must match at least one criterion of a group in order to be sorted into it

23
Q

Where can you enable or disable System Tree Sorting?

A

You can configure System Tree Sorting both on individual systems and in the System Tree Sorting server setting.

The Server Setting controls the automated STS process, giving you the option to disable it, allow it to happen once (on the next ASC), or make it happen on every future ASC. So, if it is enabled, then ePO will attempt to dynamically sort each system(assuming they have System Tree Sorting enabled on an individual basis)

The System Tree Sorting on each individual system controls whether or not each individual system can be dynamically sorted. This applies to both the manual “Sort Now” feature, and the automated sorting that’s configured in the server setting

24
Q

What is the purpose of configuring the group sorting order?

A

When multiple subgroups have matching criteria, the sorting order can control which group the system is matched against first, providing granular control over where your systems end up

25
Q

How should a text file that you intend to use to populate your system tree be formatted?

A
  • Each system goes on its own line
  • If a name doesn’t have a backslash following it, it is considered to be a system. If it does, it is a group
Ex:
GroupA\system1
GroupA\system2
GroupA\GroupB\system3
GroupC\GroupD
26
Q

What is an example of a utility you could use to generate a text file with a complete list of systems in a large network?

A

NETDOM.EXE

27
Q

Scenario: There are 5 top level groups, 4 with established sorting criteria, and one without. The group without has 4 subgroups that all have some sort of sorting criteria.

A System is to be dynamically sorted. It doesn’t match the sorting criteria of any of the top level groups. But, it matches the criteria of one of the subgroups of the top level group with no criteria.

Where does it end up?

A

In the sub group of the group with no criteria that the system matches

28
Q

What is the workflow for the Transfer Systems feature

A
  1. Export security keys from old server
  2. Import the security keys in the new server
  3. Register the new ePO server to the old server
  4. Transfer your current systems to the new ePO server
  5. Confirm that you can view the systems in the new server’s System Tree
  6. Confirm that the systems no longer appear in the old server’s system tree
29
Q

If you are importing a large container into your system tree, it’s a good idea to configure automatic deployment of the McAfee Agent to the new systems?

A

No because this could degrade network performance. Import the container, then deploy the McAfee Agent to groups of systems at a time, rather than all at once

30
Q

If you do decide to utilize NT Domain/AD sync to populate your system tree, how can you ensure that your System Tree will reflect the changes that occur within your NT Domain/AD?

A

Configure a recurring NT Domain/AD sync server task to keep your System Tree current with any changes to your AD containers

31
Q

What is the purpose of tags?

A

Tags serve as identifiers for systems

32
Q

What can you do with tags in ePO?

A

Tags can:
-act as the sorting criteria for System Tree groups

  • act as a selection criteria for Client Tasks Assignments
  • act as an assignment criteria for Policy Assignment Rules
  • act as a filter attribute for Queries
  • used as a criteria to select systems in a Server Task
33
Q

What does excluding a tag from a system do?

A

Makes it so that a system cannot have a specific tag applied by a tag criteria evaluation (Note: Does not prevent manual tagging)

34
Q

What is a tag criteria?

A

A set of attributes that are matched against systems in the environment. Systems that possess these attributes will have the tag dynamically applied to them whenever a run tag criteria action is taken.

35
Q

What does the ‘resetting manually tagged and excluded systems’ option do?

A

Removes the tag from systems that don’t match the criteria, and applies the tag to systems that match the criteria but were excluded from receiving the tag