McAfee MOVE Agentless Practice Exam: Questions and Answers, Exams of Technology

A practice exam for the mcafee move agentless solution, covering key concepts and configurations. It includes multiple-choice questions with detailed explanations, focusing on the architecture, deployment, and management of move antivirus in virtualized environments. The exam tests knowledge of components like epolicy orchestrator (epo), security virtual machine (svm), and nsx manager, as well as essential tasks such as policy assignment, scanning, and integration with vmware. It is designed to help administrators prepare for real-world scenarios and improve their understanding of agentless security in virtual infrastructures. The practice exam covers topics such as nsx security group configuration, communication protocols, and the role of threat intelligence exchange (tie).

Typology: Exams

2025/2026

Available from 12/14/2025

shilpi-jain-1
shilpi-jain-1 🇮🇳

4.2

(5)

29K documents

1 / 114

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
McAfee MOVE Agentless Practice Exam
**Question 1. Which component in the McAfee MOVE Agentless architecture is
responsible for performing the actual virus scans on virtual machines?**
A) ePolicy Orchestrator (ePO)
B) Security Virtual Machine (SVM)
C) NSX Manager
D) vCenter Server
Answer: B
Explanation: The SVM, also called the Offload Scan Server, hosts the scanning
engine and processes files from the virtual machines.
**Question 2. What is the primary advantage of deploying MOVE AntiVirus in an
agentless mode compared to traditional agentbased deployment?**
A) Ability to scan physical servers only
B) Reduced CPU and memory usage on guest VMs
C) Eliminates the need for ePO
D) Requires no network connectivity
Answer: B
Explanation: Agentless scanning offloads scanning work to the SVM, freeing
resources on the guest operating systems.
**Question 3. Which VMware product must be registered with ePO to enable
agentless scanning?**
A) vRealize Operations
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download McAfee MOVE Agentless Practice Exam: Questions and Answers and more Exams Technology in PDF only on Docsity!

Question 1. Which component in the McAfee MOVE Agentless architecture is responsible for performing the actual virus scans on virtual machines? A) ePolicy Orchestrator (ePO) B) Security Virtual Machine (SVM) C) NSX Manager D) vCenter Server Answer: B Explanation: The SVM, also called the Offload Scan Server, hosts the scanning engine and processes files from the virtual machines. Question 2. What is the primary advantage of deploying MOVE AntiVirus in an agentless mode compared to traditional agent‑based deployment? A) Ability to scan physical servers only B) Reduced CPU and memory usage on guest VMs C) Eliminates the need for ePO D) Requires no network connectivity Answer: B Explanation: Agentless scanning offloads scanning work to the SVM, freeing resources on the guest operating systems. Question 3. Which VMware product must be registered with ePO to enable agentless scanning? A) vRealize Operations

B) NSX Manager C) vSphere Replication D) vSAN Answer: B Explanation: NSX Manager provides the API (vShield Endpoint) that allows ePO to forward file streams to the SVM for scanning. Question 4. In the MOVE Agentless deployment, which protocol is primarily used for communication between the SVM and the NSX Manager? A) FTP B) HTTP/HTTPS (REST API) C) SMB D) NFS Answer: B Explanation: The vShield Endpoint API uses RESTful HTTPS calls to exchange file data for scanning. Question 5. Which ePO task is used to push the MOVE AntiVirus extensions to the ePO Software Catalog? A) System Tree → Add Systems B) Software → Extensions → Check‑in Extensions C) Policy → Create Policy

Explanation: All ePO‑to‑SVM communications are performed over HTTPS (TCP 443). Question 8. When creating an NSX Security Group for MOVE protection, which attribute is most commonly used to include virtual machines? A) VM name pattern B) Guest OS version C) vCenter folder location D) MAC address range Answer: A Explanation: NSX allows grouping VMs based on name patterns, simplifying policy application for MOVE. Question 9. What is the purpose of the “On‑Access Scan (OAS) Policy Export” from ePO to NSX? A) To replicate ePO policies to physical servers B) To deliver scan configuration settings to the SVM for real‑time scanning C) To generate a PDF report for auditors D) To disable scanning on specific VM clusters Answer: B Explanation: The OAS policy export contains the rules that the SVM applies when scanning files streamed from the VM.

Question 10. Which component on the SVM provides Linux threat prevention capabilities? A) McAfee VirusScan Enterprise for Linux (VSEL) B) McAfee Endpoint Security for Linux Threat Prevention (ESLT) C) McAfee Threat Intelligence Exchange (TIE) D) McAfee Advanced Threat Defense (ATD) Answer: B Explanation: ESLT runs on the SVM to protect Linux guests in an agentless environment. Question 11. In MOVE Agentless, what does the “Targeted On‑Demand Scan (ODS)” feature allow administrators to do? A) Scan only the SVM’s local storage B) Initiate a scan of a specific virtual machine or VM folder from ePO C) Perform a network‑wide scan of all physical hosts D) Disable scanning for a period of time Answer: B Explanation: Targeted ODS sends a scan request for selected VMs, reducing unnecessary load. Question 12. Which ePO console area is used to assign MOVE policies to the SVM? A) System Tree → Policies → Assign Policies

D) Targeted On‑Demand Scan (T‑ODS) Answer: C Explanation: MOVE Agentless does not perform a traditional full‑disk scan; it relies on OAS and ODS. Question 15. How does McAfee Global Threat Intelligence (GTI) improve MOVE scanning performance? A) By disabling all signatures and using only heuristics B) By providing cloud‑based reputation data that reduces local signature lookups C) By increasing the scanning engine’s CPU priority on the SVM D) By caching all scanned files locally on each VM Answer: B Explanation: GTI supplies real‑time reputation information, allowing the engine to skip deep scans for known good files. Question 16. When configuring path exclusions for MOVE Agentless, where should the exclusions be defined? A) Directly on each virtual machine’s OS B) In the ePO “On‑Access Scan Policy” assigned to the SVM C) In the NSX Manager security group settings D) In the vCenter Server Advanced Settings Answer: B

Explanation: Exclusions are part of the OAS policy that the SVM receives from ePO. Question 17. Which ePO feature provides a pre‑defined query to list all detections generated by MOVE Agentless? A) System Tree → Queries → Detection List B) Reporting → Predefined Queries → MOVE Agentless Detections C) Policy → Queries → Scan Results D) Dashboard → Quick Search → Detections Answer: B Explanation: The predefined query “MOVE Agentless Detections” pulls detection data from the SVM. Question 18. What does the “MOVE AntiVirus – Compute Licensing Information” server task do? A) Generates a PDF of all installed licenses B. Retrieves the number of scanned VMs and the associated license usage from the SVM C. Activates a trial license on the ePO server D. Sends licensing data to VMware vCenter for compliance reporting Answer: B Explanation: This task queries the SVM to report license consumption based on scanned virtual machines.

A) The SVM pulls policies from ePO every 5 minutes automatically. B. Policies are pushed from ePO to the SVM only when a manual “Refresh Policies” task is executed. C. The SVM requests policies from ePO only after a VM is powered on. D. Policies are synchronized via a bidirectional push/pull mechanism every 60 seconds. Answer: A Explanation: The SVM periodically polls ePO for the latest policies, typically every 5 minutes. Question 22. Which VMware version is required at minimum for MOVE Agentless to function? A) vSphere 5. B) vSphere 5. C) vSphere 6. D) vSphere 6. Answer: C Explanation: MOVE Agentless support starts with vSphere 6.0 and later. Question 23. When configuring the SVM deployment package, which of the following is a mandatory field? A) SVM hostname B) vCenter IP address

C) NSX Manager port number D) SVM MAC address Answer: B Explanation: The deployment package must include the vCenter IP so the SVM can register with it. Question 24. Which ePO console view shows the health status of each deployed SVM? A) System Tree → Servers → SVM Health B) Dashboard → Server Health → Security Virtual Machines C) Reporting → Server Status → MOVE SVMs D) Policy → Server Tasks → SVM Overview Answer: B Explanation: The Dashboard’s Server Health widget provides real‑time status of SVMs. Question 25. What is the default location of the quarantine folder on the SVM? A) /opt/mcafee/move/quarantine B) C:\ProgramData\McAfee\Quarantine C) /var/quarantine/move D) /opt/mcafee/quarantine

Explanation: The SVM receives policies from ePO and enforces them on any VM that NSX forwards for scanning. Question 28. What is the impact of enabling “Deep Scan” in the On‑Access Scan policy for MOVE Agentless? A) It disables all cloud‑based reputation checks. B) It forces the SVM to decompress archives and scan embedded files. C) It reduces scan time by skipping large files. D) It only scans executable files. Answer: B Explanation: Deep Scan instructs the engine to unpack containers (e.g., ZIP, ISO) and scan their contents. Question 29. Which ePO feature allows administrators to automate the deployment of the SVM across multiple clusters? A) Server Tasks → Deploy Security Virtual Machine B) Policy → Auto‑Deploy → SVM Wizard C) System Tree → Bulk Add → SVM D) Reporting → Automated Deployment Report Answer: A Explanation: The “Deploy Security Virtual Machine” server task can be scheduled to install SVMs on selected clusters.

Question 30. In the context of MOVE Agentless, what does “vShield Endpoint API” refer to? A) An API that provides storage replication for SVMs. B) The interface that allows NSX to forward file streams to an external scanner. C) A tool for managing VMware snapshots. D) A logging service for vCenter events. Answer: B Explanation: vShield Endpoint (now part of NSX) enables file redirection to the SVM for scanning. Question 31. Which of the following is true about the licensing model for MOVE Agentless? A) Licenses are based on the number of physical CPUs on the SVM. B) Licenses are consumed per scanned virtual machine. C) Licenses are unlimited for any number of VMs after a single purchase. D) Licenses are tied to the vCenter server’s UUID. Answer: B Explanation: MOVE Agentless licenses are counted per virtual machine that is scanned. Question 32. Which step must be performed before registering the NSX Manager with ePO? A) Install the NSX Data Center plugin on the SVM.

D) To assign user roles for accessing the SVM console. Answer: B Explanation: This policy holds the configuration needed for the SVM to communicate with vCenter and ePO. Question 35. Which of the following best describes the flow of a file scan in an agentless environment? A) File is copied to the SVM, scanned, and the result is sent back to the VM via NSX. B. File is streamed over the vShield Endpoint API to the SVM, scanned, and the decision is returned instantly. C. File is scanned locally on the VM and then reported to ePO. D. File is sent to a cloud service for scanning, bypassing the SVM. Answer: B Explanation: Agentless scanning streams the file to the SVM for immediate analysis, without storing a full copy. Question 36. When configuring a “Quarantine Folder” for MOVE Agentless, which security consideration is most important? A) The folder must be on a separate physical disk. B) Only the SVM’s service account should have write access. C) The folder should be encrypted with BitLocker. D) The folder must be located on a shared NFS mount.

Answer: B Explanation: Limiting access to the SVM service account prevents unauthorized manipulation of quarantined files. Question 37. Which ePO console component provides a visual representation of the number of detections per virtual machine? A) System Tree → Nodes → Detection Count B) Dashboard → MOVE AntiVirus Widget C) Reporting → Detection Trend Report D) Policy → Assignment Overview Answer: B Explanation: The MOVE AntiVirus widget on the Dashboard shows detections broken down by VM. Question 38. Which of the following is a recommended practice when creating path exclusions for MOVE Agentless? A) Exclude entire network shares to improve performance. B) Exclude only known safe application directories after verifying they never contain malware. C) Exclude all temporary folders system‑wide. D) Exclude the SVM’s own installation directory. Answer: B

Question 41. In the MOVE Agentless architecture, which component maintains the list of licensed virtual machines? A) ePO Licensing Server B) NSX Manager License Module C) SVM License Daemon D) vCenter License Tracker Answer: A Explanation: ePO tracks license consumption and reports the number of VMs covered by the MOVE license. Question 42. Which of the following is a prerequisite for deploying the SVM on a VMware cluster? A) The cluster must have at least one GPU. B) The cluster must have the “VMware Tools” package installed on all VMs. C) The cluster must have the “VMware vSphere Distributed Switch” enabled. D) The cluster must have the “VMware vCenter Server” version 6.0 or later. Answer: D Explanation: MOVE Agentless requires vCenter 6.0+ to support the necessary APIs. Question 43. What is the default scan engine version used by the MOVE SVM at initial deployment?

A) 6.5.

B) 7.0.

C) 8.5.

D) 9.0.

Answer: C Explanation: At the time of the current release, the SVM ships with engine version 8.5.0. Question 44. Which ePO task can be used to verify that the SVM is properly communicating with NSX Manager? A) Test NSX Connectivity B) Verify SVM‑NSX Integration C) Run “Check NSX Status” server task D) Ping NSX from the SVM console Answer: C Explanation: The “Check NSX Status” server task validates the API connection between the SVM and NSX. Question 45. Which of the following is a correct statement about “On‑Demand Scan” (ODS) in an agentless environment? A) ODS can only be scheduled during VM power‑off periods. B) ODS is initiated by the SVM, not by ePO.