




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A practice exam for the mcafee move agentless solution, covering key concepts and configurations. It includes multiple-choice questions with detailed explanations, focusing on the architecture, deployment, and management of move antivirus in virtualized environments. The exam tests knowledge of components like epolicy orchestrator (epo), security virtual machine (svm), and nsx manager, as well as essential tasks such as policy assignment, scanning, and integration with vmware. It is designed to help administrators prepare for real-world scenarios and improve their understanding of agentless security in virtual infrastructures. The practice exam covers topics such as nsx security group configuration, communication protocols, and the role of threat intelligence exchange (tie).
Typology: Exams
1 / 114
This page cannot be seen from the preview
Don't miss anything!





























































































Question 1. Which component in the McAfee MOVE Agentless architecture is responsible for performing the actual virus scans on virtual machines? A) ePolicy Orchestrator (ePO) B) Security Virtual Machine (SVM) C) NSX Manager D) vCenter Server Answer: B Explanation: The SVM, also called the Offload Scan Server, hosts the scanning engine and processes files from the virtual machines. Question 2. What is the primary advantage of deploying MOVE AntiVirus in an agentless mode compared to traditional agent‑based deployment? A) Ability to scan physical servers only B) Reduced CPU and memory usage on guest VMs C) Eliminates the need for ePO D) Requires no network connectivity Answer: B Explanation: Agentless scanning offloads scanning work to the SVM, freeing resources on the guest operating systems. Question 3. Which VMware product must be registered with ePO to enable agentless scanning? A) vRealize Operations
B) NSX Manager C) vSphere Replication D) vSAN Answer: B Explanation: NSX Manager provides the API (vShield Endpoint) that allows ePO to forward file streams to the SVM for scanning. Question 4. In the MOVE Agentless deployment, which protocol is primarily used for communication between the SVM and the NSX Manager? A) FTP B) HTTP/HTTPS (REST API) C) SMB D) NFS Answer: B Explanation: The vShield Endpoint API uses RESTful HTTPS calls to exchange file data for scanning. Question 5. Which ePO task is used to push the MOVE AntiVirus extensions to the ePO Software Catalog? A) System Tree → Add Systems B) Software → Extensions → Check‑in Extensions C) Policy → Create Policy
Explanation: All ePO‑to‑SVM communications are performed over HTTPS (TCP 443). Question 8. When creating an NSX Security Group for MOVE protection, which attribute is most commonly used to include virtual machines? A) VM name pattern B) Guest OS version C) vCenter folder location D) MAC address range Answer: A Explanation: NSX allows grouping VMs based on name patterns, simplifying policy application for MOVE. Question 9. What is the purpose of the “On‑Access Scan (OAS) Policy Export” from ePO to NSX? A) To replicate ePO policies to physical servers B) To deliver scan configuration settings to the SVM for real‑time scanning C) To generate a PDF report for auditors D) To disable scanning on specific VM clusters Answer: B Explanation: The OAS policy export contains the rules that the SVM applies when scanning files streamed from the VM.
Question 10. Which component on the SVM provides Linux threat prevention capabilities? A) McAfee VirusScan Enterprise for Linux (VSEL) B) McAfee Endpoint Security for Linux Threat Prevention (ESLT) C) McAfee Threat Intelligence Exchange (TIE) D) McAfee Advanced Threat Defense (ATD) Answer: B Explanation: ESLT runs on the SVM to protect Linux guests in an agentless environment. Question 11. In MOVE Agentless, what does the “Targeted On‑Demand Scan (ODS)” feature allow administrators to do? A) Scan only the SVM’s local storage B) Initiate a scan of a specific virtual machine or VM folder from ePO C) Perform a network‑wide scan of all physical hosts D) Disable scanning for a period of time Answer: B Explanation: Targeted ODS sends a scan request for selected VMs, reducing unnecessary load. Question 12. Which ePO console area is used to assign MOVE policies to the SVM? A) System Tree → Policies → Assign Policies
D) Targeted On‑Demand Scan (T‑ODS) Answer: C Explanation: MOVE Agentless does not perform a traditional full‑disk scan; it relies on OAS and ODS. Question 15. How does McAfee Global Threat Intelligence (GTI) improve MOVE scanning performance? A) By disabling all signatures and using only heuristics B) By providing cloud‑based reputation data that reduces local signature lookups C) By increasing the scanning engine’s CPU priority on the SVM D) By caching all scanned files locally on each VM Answer: B Explanation: GTI supplies real‑time reputation information, allowing the engine to skip deep scans for known good files. Question 16. When configuring path exclusions for MOVE Agentless, where should the exclusions be defined? A) Directly on each virtual machine’s OS B) In the ePO “On‑Access Scan Policy” assigned to the SVM C) In the NSX Manager security group settings D) In the vCenter Server Advanced Settings Answer: B
Explanation: Exclusions are part of the OAS policy that the SVM receives from ePO. Question 17. Which ePO feature provides a pre‑defined query to list all detections generated by MOVE Agentless? A) System Tree → Queries → Detection List B) Reporting → Predefined Queries → MOVE Agentless Detections C) Policy → Queries → Scan Results D) Dashboard → Quick Search → Detections Answer: B Explanation: The predefined query “MOVE Agentless Detections” pulls detection data from the SVM. Question 18. What does the “MOVE AntiVirus – Compute Licensing Information” server task do? A) Generates a PDF of all installed licenses B. Retrieves the number of scanned VMs and the associated license usage from the SVM C. Activates a trial license on the ePO server D. Sends licensing data to VMware vCenter for compliance reporting Answer: B Explanation: This task queries the SVM to report license consumption based on scanned virtual machines.
A) The SVM pulls policies from ePO every 5 minutes automatically. B. Policies are pushed from ePO to the SVM only when a manual “Refresh Policies” task is executed. C. The SVM requests policies from ePO only after a VM is powered on. D. Policies are synchronized via a bidirectional push/pull mechanism every 60 seconds. Answer: A Explanation: The SVM periodically polls ePO for the latest policies, typically every 5 minutes. Question 22. Which VMware version is required at minimum for MOVE Agentless to function? A) vSphere 5. B) vSphere 5. C) vSphere 6. D) vSphere 6. Answer: C Explanation: MOVE Agentless support starts with vSphere 6.0 and later. Question 23. When configuring the SVM deployment package, which of the following is a mandatory field? A) SVM hostname B) vCenter IP address
C) NSX Manager port number D) SVM MAC address Answer: B Explanation: The deployment package must include the vCenter IP so the SVM can register with it. Question 24. Which ePO console view shows the health status of each deployed SVM? A) System Tree → Servers → SVM Health B) Dashboard → Server Health → Security Virtual Machines C) Reporting → Server Status → MOVE SVMs D) Policy → Server Tasks → SVM Overview Answer: B Explanation: The Dashboard’s Server Health widget provides real‑time status of SVMs. Question 25. What is the default location of the quarantine folder on the SVM? A) /opt/mcafee/move/quarantine B) C:\ProgramData\McAfee\Quarantine C) /var/quarantine/move D) /opt/mcafee/quarantine
Explanation: The SVM receives policies from ePO and enforces them on any VM that NSX forwards for scanning. Question 28. What is the impact of enabling “Deep Scan” in the On‑Access Scan policy for MOVE Agentless? A) It disables all cloud‑based reputation checks. B) It forces the SVM to decompress archives and scan embedded files. C) It reduces scan time by skipping large files. D) It only scans executable files. Answer: B Explanation: Deep Scan instructs the engine to unpack containers (e.g., ZIP, ISO) and scan their contents. Question 29. Which ePO feature allows administrators to automate the deployment of the SVM across multiple clusters? A) Server Tasks → Deploy Security Virtual Machine B) Policy → Auto‑Deploy → SVM Wizard C) System Tree → Bulk Add → SVM D) Reporting → Automated Deployment Report Answer: A Explanation: The “Deploy Security Virtual Machine” server task can be scheduled to install SVMs on selected clusters.
Question 30. In the context of MOVE Agentless, what does “vShield Endpoint API” refer to? A) An API that provides storage replication for SVMs. B) The interface that allows NSX to forward file streams to an external scanner. C) A tool for managing VMware snapshots. D) A logging service for vCenter events. Answer: B Explanation: vShield Endpoint (now part of NSX) enables file redirection to the SVM for scanning. Question 31. Which of the following is true about the licensing model for MOVE Agentless? A) Licenses are based on the number of physical CPUs on the SVM. B) Licenses are consumed per scanned virtual machine. C) Licenses are unlimited for any number of VMs after a single purchase. D) Licenses are tied to the vCenter server’s UUID. Answer: B Explanation: MOVE Agentless licenses are counted per virtual machine that is scanned. Question 32. Which step must be performed before registering the NSX Manager with ePO? A) Install the NSX Data Center plugin on the SVM.
D) To assign user roles for accessing the SVM console. Answer: B Explanation: This policy holds the configuration needed for the SVM to communicate with vCenter and ePO. Question 35. Which of the following best describes the flow of a file scan in an agentless environment? A) File is copied to the SVM, scanned, and the result is sent back to the VM via NSX. B. File is streamed over the vShield Endpoint API to the SVM, scanned, and the decision is returned instantly. C. File is scanned locally on the VM and then reported to ePO. D. File is sent to a cloud service for scanning, bypassing the SVM. Answer: B Explanation: Agentless scanning streams the file to the SVM for immediate analysis, without storing a full copy. Question 36. When configuring a “Quarantine Folder” for MOVE Agentless, which security consideration is most important? A) The folder must be on a separate physical disk. B) Only the SVM’s service account should have write access. C) The folder should be encrypted with BitLocker. D) The folder must be located on a shared NFS mount.
Answer: B Explanation: Limiting access to the SVM service account prevents unauthorized manipulation of quarantined files. Question 37. Which ePO console component provides a visual representation of the number of detections per virtual machine? A) System Tree → Nodes → Detection Count B) Dashboard → MOVE AntiVirus Widget C) Reporting → Detection Trend Report D) Policy → Assignment Overview Answer: B Explanation: The MOVE AntiVirus widget on the Dashboard shows detections broken down by VM. Question 38. Which of the following is a recommended practice when creating path exclusions for MOVE Agentless? A) Exclude entire network shares to improve performance. B) Exclude only known safe application directories after verifying they never contain malware. C) Exclude all temporary folders system‑wide. D) Exclude the SVM’s own installation directory. Answer: B
Question 41. In the MOVE Agentless architecture, which component maintains the list of licensed virtual machines? A) ePO Licensing Server B) NSX Manager License Module C) SVM License Daemon D) vCenter License Tracker Answer: A Explanation: ePO tracks license consumption and reports the number of VMs covered by the MOVE license. Question 42. Which of the following is a prerequisite for deploying the SVM on a VMware cluster? A) The cluster must have at least one GPU. B) The cluster must have the “VMware Tools” package installed on all VMs. C) The cluster must have the “VMware vSphere Distributed Switch” enabled. D) The cluster must have the “VMware vCenter Server” version 6.0 or later. Answer: D Explanation: MOVE Agentless requires vCenter 6.0+ to support the necessary APIs. Question 43. What is the default scan engine version used by the MOVE SVM at initial deployment?
Answer: C Explanation: At the time of the current release, the SVM ships with engine version 8.5.0. Question 44. Which ePO task can be used to verify that the SVM is properly communicating with NSX Manager? A) Test NSX Connectivity B) Verify SVM‑NSX Integration C) Run “Check NSX Status” server task D) Ping NSX from the SVM console Answer: C Explanation: The “Check NSX Status” server task validates the API connection between the SVM and NSX. Question 45. Which of the following is a correct statement about “On‑Demand Scan” (ODS) in an agentless environment? A) ODS can only be scheduled during VM power‑off periods. B) ODS is initiated by the SVM, not by ePO.