What is ePO

Question 1

What is McAfee ePO?

The central ______ ________ for all _______product installations, updates and other content.

Answer 1

software repository

McAfee

Question 2

How does McAfee ePO work?

_______ security software and ePO work to stop ________ attacks on the system and alert users when an ______ occurs.

Answer 2

McAfee
Malware
attack

Question 3

What is the ePO server?
the ePo server hosts the ___ _________, provides centralized management, delivers_________ policies and controls the updates, and processes events for ____________ _________.

Answer 3

ePO software
security
managed systems

Question 4

What is an Agent Handler in the DMZ (Demilitarized Zone)?

Supports specific _____ connections to _______ ________ installed in the DMZ allowing user to connect through _____.

Answer 4

port
Agent Handlers
firewall

Question 5

What is a DMZ (Demilitarized Zone)?
A perimeter network that protects and adds an extra layer of security to an organizations internal _______-_______ _________ from _________ traffic. For example, having a web server accessible to the public, but not allowing them to be able to access the private organization network.

Answer 5

local-area network

untrusted

Question 6

What are Distributed Repository Connections?
Various connections to resources stored on ______________ ____________ in the network (____,______,____). EX. Web console connection: Using default port 8443, it has an HTTP connection between the ePO server and web browser.

Answer 6

distributed repositories

HTTP, FTP, UDP

Question 7

What is an automatic response?
______ w/ in your environment send events to the _______ and if these events match configured response rules associated w/ the affected system’s group and each parent group above it, designated actions are taken, per the rules configurations.

Answer 7

Systems

server

Question 8

What is the Microsoft Database SQL Server Database?

This DB stores all _____ created and used by ______. Can be stored on the machine or separate machine.

Answer 8

data

ePO

Question 9

What is a McAfee Agent?

_____ ___ component for secure communication between ____ and managed products.

Answer 9

Client Side

ePO

Question 10

What is an Agent-Server Secure Communications Interval (ASSCI)?
Communications that occur at regular intervals between your ______ and _______.
Ex. Agents communicate through their assigned Agent Handlers w/ the server

Answer 10

systems

server

Question 11

What is the ePO Web Based Console?

Once ePO is installed on _____, console is available.

Answer 11

server
Client Machine > Browser
Can run queries

Question 12

What is the web update server?

The Web update server hosts the latest security content so that your ______ server can pull ______ @ ______ ______ .

Answer 12

ePO
content
Scheduled intervals

Question 13

What are Distributed Repositories?

A way to distribute _________ to _________ _________ to minimize network traffic across ______connections.

Answer 13

packages
managed systems
slow

Question 14

What do Agent Handlers do?

Reduce the workload off of the ______ by off-loading ______ __________and ______ ______ connectivity duties.

Answer 14

server
event processing
McAfee Agent

Question 15

What are Tomcat services?
Tomcat provides front end of console’s user interface for management tasks such as ______ ____ __________, user management, policy management, dashboards, etc.
Notification system and supports interactions between ______ and ePO through ____ (software files in zipped format and installed on ePO server).

Answer 15

System Tree organization
endpoints
extensions

Question 16

What are security keys?

Security keys _______, ____________ and _________ communications and content w/ in ePO env.

Relies on 3 security key pairs
Authenticate _______-_______ communication
Verify the contents of ______ repositories
Verify the contents of _______ repositories

Each key pair has:
A secret key that signs messages or packages at the ______and
A public key that verifies the messages or packages at the ______

Answer 16

verify
authenticate
encrypt

Agent‑server
local
remote

source
target

Question 17

What are Agent-Server secure communication (ASSC) keys?

ASSC keys authenticate _______-_______ communication.
The ________ sends its public key to the ePO server the first time they communicate.
From then on, the ePO server uses the Agent’s public key to verify messages signed with the Agent’s ______ key.
The server uses its own secret key to sign messages to the _______.
The Agent uses the server’s _______ key to verify the Agent’s message.
Only one key pair can be designated as the ________ key.

Answer 17

Agent-Server
Agent
secret 
Agent 
public 
master

Question 18

What do Local Main Repositoy key pairs do?

Local Main Repository key pairs verify contents of ______ repositories.
Local Main (ePO) Repository secret key signs the ________ _________ before it is checked into the _______.
The repository public key verifies package contents.
The agent retrieves available new content each time the client update task runs.
This key pair is _______ to each server.

Can use same key pair in a multi-server env.

Answer 18

local
software package
repository
unique

Question 19

What do Remote Repository key pairs do?

Verify contents of ______ repositories.
The agent ______ key verifies content retrieved from the remote repository.
The _______ key of the trusted source signs content when posting content to its remote repository.
Trusted sources include:
McAfee download site
McAfee SIA (Security Industry Authority) repository
Note: If the secret key is deleted, you cannot perform a pull, even if you import a key from another server. Before you overwrite or delete this key, make sure you back it up in a secure location.

Answer 19

remote
public
secret

Question 20

1. What modes does the McAfee Agent operate in?

2. What if I have not previously managed McAfee products on my network?

Answer 20

1. Managed and unmanaged.

2. Updater mode

Question 21

What is a persistent connection in ePO?

Answer 21

it is known as the keep alive connection

keeps the connection to the ePO server active and reduces bandwidth.

Question 22

What are sensor services in ePO?

Answer 22

track system events and take actions on client systems.

Question 23

What is P2P (Peer to Peer communication)?

Answer 23

retrieve updates and install products, Mcafee agent communicates w/ ePO.
Downloads updates from the peer agents in same subnet reducing bandwidth.

Question 24

What are the different types of servers in ePO?

Answer 24

Syslog
AD
SNMP
LDAP
SMTP

Question 25

What does a Syslog server do?

Answer 25

Provides a way for network devices to send event messages to a separate login server.

Question 26

What does an AD server do?

Answer 26

The AD server is responsible for the central software repository for all McAfee product installations, updates, and other content.

Question 27

What does an LDAP server do?
Registering this type of server allows you to use ______ ___________ rules to dynamically enable assigned permission sets and to enable Active Directory (AD) User Login; Active Directory servers are an example of LDAP servers that can be used to _________ and import systems from an AD server to the ePO _______ ______.

Answer 27

Policy Assignment
synchronize
System Tree

Question 28

What does an SNMP server do?

Answer 28

Registering this type of server allows ePO to know where to send the trap to so it can receive the trap info

Question 29

What does the McAfee Agent do?

Answer 29

Retrieves updates, ensures task implementation, enforces policies and forwards events to managed systems.
Automatically checked into Main(master) repository.

Question 30

What are user sensors?

Answer 30

User sensors: Detects logged-on users on client system using OS API’s and apply user based policy.

Question 31

What are network sensors?
Network Sensors: Detects _______ _________ status using OS network API’s and determines if the agent functionality such as pulling updates from the repository or communicating to ePO should be performed.

Answer 31

network connectivity

Question 32

What is the best practice in terms of Agent Handlers and the network segment?

Answer 32

Best practice to have Agent Handlers on same network segment as ePO DB.