Question 1. What Is Mcafee Epo ?
McAfee ePolicy Orchestrator (McAfee ePO) is the maximum advanced, extensible, and scalable centralized security management software program inside the enterprise.
A unmarried console for all your safety management.
Get a unified view of your security posture with drag-and-drop dashboards that offer protection intelligence across endpoints, records, mobile and networks.
Simplify security operations with streamlined workflows for tested efficiencies.
Flexible security control options assist you to choose both a conventional premises-based or a cloud-based totally management version of McAfee ePO.
Leverage your existing 1/3-birthday celebration IT infrastructure from a single protection control console with extensible structure.
Question 2. Which Is Latest Version Of Epo ?
The cutting-edge version of McAfee merchandise
ePolicy Orchestrator Ver 5.Three.1
Virus Scan Enterprise VSE eight.8 Patch 6
McAfee Agent 5.0.1
To determine the ePO version wide variety when you are logged directly to ePO:
ePO five.X: The version range is proven on the left pane of the Menu screen.
You can also decide the version with the aid of checking the model records contained in the server.Ini report on the ePO server. You can open this document using Notepad.
The default place for the server.Ini document is as follows:
…Program FilesMcAfeeePolicy OrchestratorDB
CISSP(Certified Information Systems Security Professional) Interview Questions
Question 3. What Are The Benefits Of Epolicy Orchestrator Software ?
ePolicy Orchestrator software is an extensible management platform that permits centralized coverage control and enforcement of your safety regulations.
Using ePolicy Orchestrator software, you could carry out those community safety responsibilities:
Manage and implement network protection using coverage assignments and client duties.
Update the detection definition (DAT) documents, anti-virus engines, and different security content material required through your safety software program to make certain that your controlled structures are at ease.
Create reviews, the usage of the built-in question machine wizard, that show informative consumer-configured charts and tables containing your network protection facts.
Question four. Explain The Important Components Of Epolicy Orchestrator Software And What They Do ?
These additives make up ePolicy Orchestrator software program.
McAfee ePO server : The Center of your controlled surroundings. The server supplies protection guidelines and responsibilities, controls updates, and techniques occasions for all controlled systems.
Database : The primary garage aspect for all statistics created and used by ePolicy Orchestrator. You can choose whether to residence the database for your McAfee ePO server or on a separate machine, depending on the unique wishes of your company.
McAfee Agent : A automobile of facts and enforcement between the McAfee ePO server and every controlled gadget. The agent retrieves updates, ensures task implementation, enforces rules, and forwards occasions for each managed system. It makes use of a separate relaxed statistics channel to transfer data to the server. A McAfee Agent can also be configured as a SuperAgent.
Master repository : The critical area for all McAfee updates and signatures, dwelling at the McAfee ePO server. The grasp repository retrieves person-designated updates and signatures from McAfee or from person-described supply websites.
Distributed repositories : Local access points strategically located at some point of your environment for retailers to receive signatures, product updates, and product installations with minimum bandwidth effect. Depending on how your community is configured, you could installation SuperAgent, HTTP, FTP, or UNC percentage allotted repositories.
Remote Agent Handlers : A server that you could deploy in various network locations to assist manipulate agent communique, load balancing, and product updates. Remote Agent Handlers are produced from an Apache server and an event parser. They allow you to control the needs of big or complex community infrastructures with the aid of permitting you extra manage over agent-server verbal exchange.
Registered servers : Used to sign in other servers along with your McAfee ePO server. Registered server kinds include:
LDAP server : Used for Policy Assignment Rules and to permit computerized person account creation.
SNMP server : Used to obtain an SNMP trap. Add the SNMP server’s records in order that ePolicy Orchestrator is aware of wherein to send the lure.
Database server : Used to extend the superior reporting equipment provided with ePolicy Orchestrator software program.
Security Testing Tutorial
Question five. How The Epo Software Works ?
ePolicy Orchestrator software is designed to be extraordinarily flexible. It can be installation in lots of extraordinary methods, to satisfy your precise desires.
The software follows the classic customer-server model, in which a consumer device (system) calls into your server for commands. To facilitate this name to the server, a McAfee Agent is deployed to each machine in your network. Once an agent is deployed to a system, the device may be managed with the aid of your McAfee ePO server. Secure communique among the server and managed device is the bond that connects all of the additives of your ePolicy Orchestrator software. The parent under suggests an instance of ways your McAfee ePO server and components inter-relate in your secure network environment.
1 Your McAfee ePO server connects to the McAfee update server to tug down the state-of-the-art security content material.
2 The ePolicy Orchestrator database shops all of the facts approximately the controlled systems to your network,consisting of:
All other applicable information the server desires to maintain your structures up-to-date.
3 McAfee Agents are deployed for your systems to facilitate:
Product deployments and updates
Reporting for your controlled structures
4 .Agent-server at ease verbal exchange (ASSC) happens at normal intervals among your systems and server. If faraway Agent Handlers are hooked up in your community, retailers talk with the server via their assigned Agent Handlers.
5 .Users log onto the ePolicy Orchestrator console to carry out protection control tasks, which include running queries to report on security fame or working with your managed software protection regulations.
6 .The McAfee replace server hosts the brand new safety content, so your ePolicy Orchestrator can pull the content at scheduled intervals.
7 .Distributed repositories positioned during your network host your safety content domestically, so marketers can acquire updates greater quick.
8.Remote Agent Handlers assist to scale your network to deal with extra retailers with a single McAfee ePO server.
Nine .Automatic Response notifications are sent to security directors to notify them that an occasion has came about.
Security Testing Interview Questions
Question 6. What Is Default Console Port Of Epo ?
Console-to-utility server conversation port 8443 ( TCP port that the ePO Application Server carrier uses to allow net browser UI access )
Question 7. What Is The Default Group Policy Of Epo ?
Until you create additional rules, all computers are assigned the McAfee Default coverage.
The McAfee Default policy is configured with settings advocated by way of McAfee to protect many environments and make certain that every one computer systems can get right of entry to vital websites and programs until you've got a threat to create a customized coverage.
You cannot rename or adjust the McAfee Default coverage. When you upload computers to your account, the McAfee Default policy is assigned to them. When you delete a policy this is assigned to at least one or more businesses, the McAfee Default coverage is assigned to those groups routinely.
The first time you create a new policy, the McAfee Default policy settings seem as a guideline. This allows you to configure simplest the settings you want to exchange while not having to configure them all.
After you create one or extra new rules, you may choose a exceptional default coverage to your account. In the future, new rules might be prepopulated with these default settings, and the new default policy is assigned to new computers (if no different policy is chosen) and groups whose coverage is deleted.
Oracle Security Interview Questions
Question eight. On Which Port Epo Communicates With Client Agent ?
Agent wake-up verbal exchange port SuperAgent repository port: 8081
(TCP port that retailers use to receive agent wake-up requests from the ePO server or Agent Handler.
TCP port that the SuperAgents configured as repositories which can be used to obtain content from the ePO server during repository replication, and to serve content to customer machines)
Question nine. What Is The Purpose Of A Superagent ?
The SuperAgent is an agent with the capacity to contact all retailers in the identical subnet because the SuperAgent, the usage of the SuperAgent wakeup name. Its use is brought about by using Global Updating being enabled on the ePolicy Orchestrator (ePO) server, and it provides a bandwidth efficient approach of sending agent wakeup calls.
If you use in a Windows environment and plan to apply agent wake-up calls to initiate Agent-server communique, don't forget converting an agent on each community broadcast phase into a SuperAgent.
SuperAgents distribute the bandwidth load of concurrent wake-up calls. Instead of sending agent wake-up calls from the server to each agent, the server sends the SuperAgent take-heed call to SuperAgents inside the selected System Tree segment. When SuperAgents acquire this Wake-up name, they ship broadcast wake-up calls to all sellers of their community broadcast segments.
The technique is:
1.Server sends a wake-up call to all SuperAgents.
2.SuperAgents broadcast a wake-up call to all sellers within the equal broadcast segment.
3.All agents (everyday agents and SuperAgents) trade records with the server.
Four.An agent with out an working SuperAgent on its broadcast section is not brought about to communicate with the server.
To installation enough SuperAgents to the appropriate locations, first determine the broadcast segments for your environment and select a device (preferably a server) in each segment to host a SuperAgent. Be conscious that agents in broadcast segments without SuperAgents do not obtain the printed take-heed call, so that they do now not call in to the server in reaction to a take-heed call.
Agent and SuperAgent wake-up calls use the same secure channels. Ensure that:
The agent wake-up communication port (8081 with the aid of default) isn't blocked.
The agent broadcast verbal exchange port (8082 by means of default) is not blocked.
Java security Interview Questions
Question 10. What Is Mcafee Agent Handler ?
Agent handlers are the thing of ePolicy Orchestrator that handles communications between agent and server.
Multiple faraway handlers let you address scalability and topology issues in your community, and in a few cases the usage of a couple of agent handlers can limit or reduce the wide variety of ePO servers to your environment. They can offer fault tolerant and load-balanced communique with a huge variety of marketers including geographically distributed dealers.
Question eleven. How Agent Handlers Work ?
Agent handlers distribute network traffic generated through agent-to-server verbal exchange by using assigning controlled structures or businesses of systems to document to a selected agent handler. Once assigned, a managed gadget plays everyday ASCIs to its agent handler in place of the main ePO server. The handler provides up to date web site lists, guidelines, and policy project rules simply because the ePO server does. The handler also caches the contents of the grasp repository, so that dealers can pull product replace packages, DATs, and different necessary data.
Code Access Security (CAS) Interview Questions
Question 12. Define Considerations For Scalability ?
How you manipulate your scalability relies upon on whether you operate multiple McAfee ePO servers, multiple far off Agent Handlers, or each.With ePolicy Orchestrator software, you may scale your network vertically or horizontally.
Vertical scalability: Adding and upgrading to larger, faster hardware to manipulate large and large deployments. Scaling your McAfee ePO server infrastructure vertically is performed with the aid of upgrading your server hardware, and the use of multiple McAfee ePO servers for the duration of your network, each with its very own database.
Horizontal scalability : Accomplished by way of increasing the deployment length that a unmarried McAfee ePO server can manage. Scaling your server horizontally is completed through installing more than one faraway Agent Handlers, every reporting to a single database.
CISSP(Certified Information Systems Security Professional) Interview Questions
Question thirteen. When To Use Multiple Mcafee Epo Servers ?
Depending on the dimensions and make-up of your corporation, the use of multiple McAfee ePO servers might be required.
Some eventualities in that you might need to use a couple of servers consist of:
You want to hold separate databases for awesome devices within your enterprise.
You require separate IT infrastructures, administrative businesses, or check environments.
Your business enterprise is shipped over a big geographic vicinity, and uses a community connection with notably low bandwidth such as a WAN, VPN, or other slower connections generally determined among faraway websites.
Using a couple of servers on your network requires which you preserve a separate database for each server.
You can roll up statistics from each server to your important McAfee ePO server and database.
Question 14. When To Use Multiple Remote Agent Handlers ?
Multiple remote Agent Handlers assist you control large deployments with out including additional McAfee ePO servers to your environment.
The Agent Handler is the factor of your server liable for coping with agent requests. Each McAfee ePO server set up consists of an Agent Handler by means of default. Some scenarios in that you may need to apply a couple of remote Agent Handlers consist of:
You need to allow retailers to pick out among more than one physical gadgets, to be able to maintain to call in and obtain policy, undertaking, and product updates; although the utility server is unavailable, and you don’t need to cluster your McAfee ePO server.
Your current ePolicy Orchestrator infrastructure wishes to be improved to address more dealers, more merchandise, or a higher load due to extra frequent agent-server conversation durations (ASCI).
You want to use your McAfee ePO server to manipulate disconnected network segments, inclusive of systems that use Network Address Translation (NAT) or in an external network.
Multiple Agent Handlers can offer added scalability and lowered complexity in coping with big deployments. However, because Agent Handlers require a very rapid community connection, there are some eventualities in which you need to now not use them, together with:
To update distributed repositories. Distributed repositories are nearby record shares supposed to maintain agent communication visitors nearby. While Agent Handlers do have repository functionality built in, they require steady conversation along with your ePolicy Orchestrator database, and consequently consume a significantly larger quantity of bandwidth.
To improve repository replication across a WAN connection. The regular communique back in your database required by way of repository replication can saturate the WAN connection.
To connect a disconnected community segment wherein there's limited or abnormal connectivity to the ePolicy Orchestrator database.
Question 15. What Is Dlp ?
Data loss prevention (DLP) is a strategy for ensuring that quit users do now not ship sensitive or important records outside the corporate community. The term is likewise used to describe software program products that help a network administrator manage what facts end customers can transfer.
Check Point Certified Security Administrator (CCSA) Interview Questions
Question 16. What Is Endpoint Encryption For Pc ?
Endpoint Encryption for PC (EEPC) is a laptop protection device that prevents facts saved on a tough pressure from being examine or utilized by an unauthorized individual. With EEPC, customers are compelled to discover themselves to the safety system whilst the pc is started out.
This is achieved by way of requiring up to 3 authentication techniques:
Token (Loaded on a floppy disk or any ISO 7816 clever card)
If the individual having access to the pc fails to go into the proper statistics, EEPC prevents access to the computer in addition to the encrypted facts stored within. To advantage get right of entry to to an EEPC covered PC while using a clever card, customers have to insert their card into the reader when the EEPC authentication display screen is displayed, then type their password and optional consumer ID. After the clever card verifies the password and EEPC has established that the best token is used, the user is then granted access to the laptop.
Question 17. Is The Event Parser Service Running ?
On the server facet, ePO consists of three separate services:
The ePO Server carrier, answerable for the direct dealing with of Agent-to-Server verbal exchange;
The Event Parser carrier, answerable for the insertion of latest consumer-generated events into the ePO database;
The ePO Server Application Server carrier, in which all logic takes area and which additionally lets in you to manipulate ePO.
Under sure circumstances, specially whilst there's a trouble with the database, it's miles possible the Event Parser carrier stops working. This prevents new events from being delivered to the database, basically leaving you blind. Check whether or not the Event Parser service is walking and correct any problems if this isn't the case.
Application Security Interview Questions
Question 18. Explain Tag And Tags Functionality In Mcafee Epo ?
Tags allow customers to create labels that can be applied to systems manually or mechanically, based totally at the criteria assigned to the tag.
Similar to IP sorting standards, you can use tags for automated sorting into organizations. Tags are used to identify systems with comparable characteristics. If you arrange a number of your businesses by way of such traits, you may create and assign tags based on such criteria and use those tags as institution sorting standards to make sure these systems are robotically placed within the right groups.
You can do the subsequent with tags:
Apply one or extra tags to 1 or more structures.
Apply tags manually.
Apply tags mechanically, based totally on consumer-defined criteria, when the agent calls in.
Exclude structures from tag utility.
Run queries to institution structures with positive tags, then take direct movements on the ensuing listing of systems.
Base System Tree sorting criteria on tags to region systems into the ideal System Tree groups routinely.
Types of tags
There are two forms of tags:
Tags without standards : These tags can be carried out simplest to chose systems inside the System Tree (manually) and structures indexed in the results of a query (manually or on a scheduled basis).
Criteria-based totally tags : These tags are implemented to all non-excluded systems at each agent-server verbal exchange. Such tags use standards based on any houses sent by means of agent. They can also be carried out to all non-excluded systems on-demand.
Security Testing Interview Questions
Question 19. How Agent-server Communication Works ?
McAfee Agent communicates with the McAfee ePO server periodically to ship events and, make sure all settings are updated.
These communications are called agent-server conversation. During every agent-server communication, McAfee Agent collects its current machine residences, in addition to events that have no longer but been sent, and sends them to the server. The server sends new or modified policies and obligations to McAfee Agent, and the repository list if it has changed because the last agent-server verbal exchange. McAfee Agent enforces the new guidelines locally on the managed system and applies any challenge or repository modifications.
The McAfee ePO server uses an enterprise-preferred Transport Layer Security (TLS) community protocol for comfortable network transmissions.
When the McAfee Agent is first mounted, it calls in to the server inside few seconds. Thereafter, the McAfee Agent calls in on every occasion one of the following happens:
The agent-server communique c programming language (ASCII) elapses.
McAfee Agent wake-up calls are sent from the McAfee ePO server or Agent Handlers.
A scheduled wake-up undertaking runs at the customer systems.
Communication is initiated manually from the managed gadget (the usage of Agent Status reveal or command line).
McAfee Agent wake-up calls sent from the McAfee ePO server.
Question 20. How Often The Mcafee Agent Calls Into The Mcafee Epo Server ?
The Agent-to-Server Communication Interval (ASCII) default putting is 60 mins means that McAfee Agent contacts the McAfee ePO server once every hour.
Spring Security Interview Questions