Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
HBSS 501 Exam New 2024-2025 Latest Version Best Studying Material with All Questions and 100% Correct Answers
Typology: Exams
1 / 30
Which of the following is not true about ArcSight and situational awareness? ----------- Correct Answer ---------- Correlation Monitoring Analysis Prevention
customer information. What actions should the board take next? ----------- Correct Answer ------------ require management to report on compliance An outcome of effective security governance is: ----------- Correct Answer ------------ strategic alignment. Business objectives should be evident in the security strategy by the presence of: -------- --- Correct Answer ------------ traceable connections. Business objectives should be evident in the security strategy by: ----------- Correct Answer ------------ direct traceability. Compliance with security policies and standards is the responsibility of: ----------- Correct Answer ------------ all organizational units. For an organization's information security program to be highly effective, who should have final responsibility for authorizing information system access? ----------- Correct Answer ------------ information owner From an information security manager perspective, what is the immediate benefit of clearly-defined roles and responsibilities? ----------- Correct Answer ------------ better accountability Information security policy enforcement is the responsibility of the: ----------- Correct Answer ------------ chief information security officer (CISO). Information security should be: ----------- Correct Answer ------------ a balance between technical and business requirements Retention of business records should PRIMARILY be based on: ----------- Correct Answer ------------ regulatory and legal requirements. Security technologies should be selected PRIMARILY on the basis of their: ----------- Correct Answer ------------ ability to mitigate business risks. Successful implementation of information security governance will FIRST require: -------- --- Correct Answer ------------ updated security policies. Systems thinking as it relates to information security is: ----------- Correct Answer --------- --- an understanding that the whole is greater than the sum of its parts. The FIRST step in developing an information security management program is to: ------- ---- Correct Answer ------------ clarify organizational purpose for creating the program The FIRST step to create an internal culture that focuses on information security is to: -- --------- Correct Answer ------------ gain the endorsement of executive management.
The MAIN goal of an information security strategic plan is to: ----------- Correct Answer -- ---------- protect information assets and resources. The MOST appropriate role for senior management in supporting information security is the: ----------- Correct Answer ------------ approval of policy statements and funding. The MOST basic requirement for an information security governance program is to: ----- ------ Correct Answer ------------ be aligned with the corporate business strategy. The MOST effective approach to address issues that arise between IT management, business units and security management when implementing a new security strategy is for the information security manager to: ----------- Correct Answer ------------ refer the issues to senior management along with any security recommendations. The MOST effective way to limit actual and potential impacts of e-discovery in the event of litigation is to: ----------- Correct Answer ------------ develop and enforce comprehensive retention policies. The MOST important basis for developing a business case is the: ----------- Correct Answer ------------ feasibility and value proposition The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in: ----------- Correct Answer ------------ application systems and media. The MOST important outcome of aligning information security governance with corporate governance is to: ----------- Correct Answer ------------ maximize the cost- effectiveness of controls. The PRIMARY focus of information security governance is to: ----------- Correct Answer - ----------- optimize the information security strategy to achieve business objectives. The PRIMARY objective for information security program development should be: ------- ---- Correct Answer ------------ reducing the impact of the risk in the business. The PRIMARY objective of a security steering group is to: ----------- Correct Answer ------ ------ ensure information security aligns with business goals. The security responsibility of data custodians in an organization will include: ----------- Correct Answer ------------ ensuring security measures are consistent with policy. To achieve effective strategic alignment of security initiatives, it is important that: --------- -- Correct Answer ------------ inputs be obtained and consensus achieved between the major organizational units.
What is the MOST important item to be included in an information security policy? ------- ---- Correct Answer ------------ the key objectives of the security program What is the PRIMARY role of the information security manager in the process of information classification within an organization? ----------- Correct Answer ------------ defining and ratifying the classification structure of information assets When implementing effective security governance within the requirements of the company's security strategy, which of the following is the MOST important factor to consider? ----------- Correct Answer ------------ preserving the confidentiality of sensitive data When security policies are strictly enforced, the initial impact is that: ----------- Correct Answer ------------ the total cost of security is increased. Which of the following are seldom changed (=rarely changed) in response to technological changes? ----------- Correct Answer ------------ policies Which of the following BEST protects confidentiality of information? ----------- Correct Answer ------------ least privilege Which of the following BEST supports continuous improvement of the risk management process? ----------- Correct Answer ------------ adoption of a maturity model Which of the following is a benefit of information security governance? ----------- Correct Answer ------------ reduction of the potential for civil or legal liability Which of the following is a key area of the ISO 27001 framework? ----------- Correct Answer ------------ business continuity management Which of the following is characteristic of centralized information security management? ----------- Correct Answer ------------ better adherence to policies Which of the following is MOST likely to be discretionary? (=optional, flexible, unrestricted) ----------- Correct Answer ------------ guidelines Which of the following is MOST likely to be responsible for establishing the security requirements over an application? ----------- Correct Answer ------------ data owner Which of the following is PRIMARILY related to the emergence of governance, risk and compliance (GRC)? ----------- Correct Answer ------------ the integration of assurance- related activities Which of the following is the MOST important consideration when developing an information security strategy? ----------- Correct Answer ------------ effectiveness of risk mitigation
Which of the following is the MOST important factor on which to rely to successfully assign cross-organizational responsibility to integrate an information security program? - ---------- Correct Answer ------------ the roles of different job functions Which of the following is the MOST important objective of an information security strategy review? ----------- Correct Answer ------------ ensuring that information security strategy is aligned with organizational goals Which of the following should drive the risk analysis for an organization? ----------- Correct Answer ------------ security manager Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization? ----------- Correct Answer -------- ---- the data center manager has final signoff on all security projects. Which of the following will have the GREATEST impact on a financial enterprise with offices in various countries and involved in trans border flow of information? ----------- Correct Answer ------------ evolving data protection regulations Which of the following would be the MOST important goal of an information security governance program? ----------- Correct Answer ------------ ensuring trust in data Which one of the following groups has final responsibility for the effectiveness of security controls? ----------- Correct Answer ------------ the organization's senior management Which person or group should have final approval of an organization's information security policies? ----------- Correct Answer ------------ senior management While implementing information security governance an organization should FIRST: ----- ------ Correct Answer ------------ define the security strategy. Who should be responsible for enforcing access rights to application data? ----------- Correct Answer ------------ security administrators A dashboard is a collection of __________ shown together in the same location. --------- -- Correct Answer ---------- Monitors Reports Charts Lists
Signature Name (Host IPS) Param Value Threat Type
Virus detected and cleaned File password protected Virus detected and not cleaned Virus detected and not cleaned In which query builder menu do you select the data source; i.e. Managed Systems or Threat Events? ----------- Correct Answer ---------- Result Type Chart Type Columns Filters Columns You can import a query that was created on a different ePO server. ----------- Correct Answer ---------- True False True CND Services include Prepare; Protect and _________ ----------- Correct Answer ---------
Action Taken; Severity; Volume Volume; Severity; Action Taken Severity; Volume; Action Taken
Agent Handlers consist primarily of what two services? ----------- Correct Answer ---------- -- C. Apache and Event Parser Also referred to as a Deployment Task, the type of client task that installs products from the master repository to client workstations is: ----------- Correct Answer ------------ C. Product deployment task An agent will download installation packages or DATS from a specific repository based on : ----------- Correct Answer ------------ C. McAfee Agent Policy An ENS software bundle is available frim the ePO software manager. From this list which package is not included in the bundle. ----------- Correct Answer ------------ B. Migration Both the repository Pull Task and the Repository Replication task are: ----------- Correct Answer ------------ B. Server tasks Deployment packages are non-installable product files that must be manually placed in the repository. ----------- Correct Answer ------------ B. False Extensions are files that contain components and information needed to manage a product. ----------- Correct Answer ------------ A. True How do you add an icon to the Navigation Bar of the EPO console? ----------- Correct Answer ------------ A. Drag and drop the desired item from the cascaded menu to the navigation bar How many sensors must be installed for complete coverage (rogue detection) ----------- Correct Answer ------------ A. 1 in each broadcast subnet Match the HIPS client processes component to the function field ----------- Correct Answer ------------ FireSvc.exe =main hips service FireTray.exe = firewall learn mode ----------- Correct Answer ------------ Mfevipts.exe = Mcafee validated trusted and protected process ----------- Correct Answer
One of the principle considerations when planning your system tree is ________________ _____________________, beacuse this directly affects those who maintain the systems and their ability to view and use ePO features. ----------- Correct Answer ------------ B. Administrator Access Only the dashboard creator can modify/delete a private query ----------- Correct Answer - ----------- A. True
Organize systems into logical groupings for policy mangement by: ----------- Correct Answer ------------ A. By placing them into groups and subgroups Rogue systems are: ----------- Correct Answer ------------ D. All of the above, Systems that have not communicated within configured time limits Systems that are not managed by a McAfee agent ----------- Correct Answer ------------ Systems with a McAfee agent but not in the Epo database ----------- Correct Answer -----
Tags are like labels that can be applied to: select all that apply: ----------- Correct Answer ------------ C. Systems The command line switch used from FrmInst.exe to remove the McAfee Agent is: -------- --- Correct Answer ------------ A./Remove=Agent The criteria used for criteria-based tags is tsaken from: ----------- Correct Answer ---------- -- C. System properties, collected by Mcafee Agent The master repository is always: ----------- Correct Answer ------------ B. The ePO Server (Spipe) Repository The maximum number of fallback repositories allowed is: ----------- Correct Answer ------- ----- D: 1 The McAfee default dashboards are read-only. ----------- Correct Answer ------------ A. True The top level object in the ePO systemTree is: ----------- Correct Answer ------------ B. My organization There are two types of tags that you can create, they are: ----------- Correct Answer ------ ------ C. Tags without criteria, Criteria based tags To update the Master Repositoryfrom a source site, you would create a: ----------- Correct Answer ------------ A. Repository pull task What are the three visibility options you have for dashboards? ----------- Correct Answer ------------ Public, private, and share What is the default authentication method for ePO users? ----------- Correct Answer ------ ------ A. ePO authentication
What is the deployment system component, the actual software that is deployed and is checked into the ePolicy OrchestratorMaster Repository? ----------- Correct Answer ------ ------ A. Packages When can permission sets be assigned? Select all that apply ----------- Correct Answer -- ---------- A. When new point products are installed B. When a new user account is created. ----------- Correct Answer ------------ C. When a new permission set is created ----------- Correct Answer ------------ D. To any user existing user account ----------- Correct Answer ------------ Which compnent enforces policies and forwards events for managed systems? ----------- Correct Answer ------------ A. McAfee Agent Which ENS module acts as a filter between computer and netowrk or internet? ----------- Correct Answer ------------ A Firewall Which ENS module provides features formerly found in VSE? ----------- Correct Answer - ----------- B. Threat Protection Which of the following are functions of the MacAfee Agent on the client workstation? Choose two ----------- Correct Answer ------------ A. Provides secure communication between products and ePO C. Gathers events from managed systems and communcates them to the ePO database. ----------- Correct Answer ------------ Which of the following cane be used to automatically populate and ePO system tree? Select all that apply. ----------- Correct Answer ------------ A. Text file import into a flat list. B. Synchronization with Active Directory containers ----------- Correct Answer ------------ C. Synchronization with NT Domain ----------- Correct Answer ------------ D. Synchronization with Other LDAP based directory ----------- Correct Answer ------------ Which of the following is a good reason to install an agent handler? ----------- Correct Answer ------------ B. Communicate woth agents in a DMZ behind a NAT device C. Logically expand ePO infrastructure ----------- Correct Answer ------------ Which of the following permission sets provides access only to core ePO functionality: -- --------- Correct Answer ------------ C. Group Admin
Which of these are valid repository roles in ePO? (Select all that apply) ----------- Correct Answer ------------ A. Source B. master ----------- Correct Answer ------------ C. Distributed ----------- Correct Answer ------------ D. Fallback ----------- Correct Answer ------------ Which of these groups of text, if placed in a text file and imported, would result in a system being imported in to the system tree? ----------- Correct Answer ------------ B. Region1\subregion\machine1 (no slashes at end) Which of these is not a permission reserved exclusively to the administrator? ----------- Correct Answer ------------ Use public dashboards; create and edit personal dashboards Which service generates the Java-based web console that ePO uses? ----------- Correct Answer ------------ A. Tomcat Which statements describe advantages provided by centralized security managment with EPO? Choose all that apply. ----------- Correct Answer ------------ A. Automated responses th threat events B. Manage only one policy framework ----------- Correct Answer ------------ C. Consolidate minitoring and reporting ----------- Correct Answer ------------ D. Easy to discover non-compliant systems. ----------- Correct Answer ------------ You can have more than one tag for each system ----------- Correct Answer ------------ True You cannot apply more than one tag to any given system: ----------- Correct Answer ------ ------ False Assume three IPS policies are applied to a node; 1 default and 2 custom. The default severity level is set to HIGH; 1 custom severity level is set to LOW and the other custom is set to MEDIUM. What is the effective severity level outcome for the applied policy? --- -------- Correct Answer ------------ Low Med ----------- Correct Answer ------------ High- Wrong ----------- Correct Answer ------------ Least Restrictive ----------- Correct Answer ------------
DISA HBSS 201 Admin ePO5.1 (2014 Version) ----------- Correct Answer ------------ Pull Task Each Firewall Rule provides a set of conditions that which of the following has to meet? ----------- Correct Answer ------------ A. Users B. Computers ----------- Correct Answer ------------ C. Traffic ----------- Correct Answer ------------ D. Protocols- Wrong ----------- Correct Answer ------------ From this list select the format that you cannot export your query results to. ----------- Correct Answer ------------ A. CSV B. DOC ----------- Correct Answer ------------ C. XML- Wrong ----------- Correct Answer ------------ D. HTML ----------- Correct Answer ------------ E. PDF ----------- Correct Answer ------------ Dunno? ----------- Correct Answer ------------ How do yo uninstall the HIPS 7.0 client for Windows from a managed system? ----------- Correct Answer ------------ Remove the extension from the ePO Server and initiate the McAfee Agent wakeup call.( double check answer) How do you uninstall the HIPS client for Windows from a managed system? ----------- Correct Answer ------------ - Configure the IPS Options policy to disable IPS; Configure the McAfee Agent deployment task to remove the HIPS client.
In the Client Task Catalog you can export all of your client tasks into an XML file that can be imported into another ePolicy Orchestrator Server. ----------- Correct Answer ------ ------ True In which order are HIPS Firewall rules processed to filter incoming packets? ----------- Correct Answer ------------ Top to bottom Prior to imaging the system the registry entry for the McAfee Agent; which line should be deleted? ----------- Correct Answer ------------ - HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePO\Agent\EpoGUID
C. TLS- Correct ----------- Correct Answer ------------ D. HTTP ----------- Correct Answer ------------ The Client Task Catalog allows you to create which of the following? ----------- Correct Answer ------------ A. Server task objects B. Client task objects ----------- Correct Answer ------------ C. Client task rules- Wrong ----------- Correct Answer ------------ D. Client task profiles ----------- Correct Answer ------------ To manually move a system from one group to another; you do which two things with the system to move it to the other group? ----------- Correct Answer ------------ A. Drag and drop B. Copy and paste ----------- Correct Answer ------------ C. Right click and move- Wrong ----------- Correct Answer ------------ D. Left click and move ----------- Correct Answer ------------ To verify that the IP address sorting criteria that has not been configured to overlap between different groups; you can use which of the following options? ----------- Correct Answer ------------ A. Combined IP Integrity B. Check IP Integrity ----------- Correct Answer ------------ C. Check IP Groups ----------- Correct Answer ------------ D. Display IP Sorting- Wrong ----------- Correct Answer ------------ What are the four main types of Permission Sets in ePO? ----------- Correct Answer ------ ------ Executive Reviewer; Global Reviewer; Group Admin; Group Reviewer What are the four severity levels of signature in HIPS? ----------- Correct Answer ---------- -- High, Medium, Low, Informational What can be created to prevent interpreting a normal behavior as an attack? ----------- Correct Answer ------------ Exception What column is not displayed in the Audit Log? ----------- Correct Answer ------------ Failure
What ePO server task updates ePO distributed repositories from the master repository? ----------- Correct Answer ------------ Pull task What is the default password for unlocking the client user interface when troubleshooting the McAfee HIPS client? ----------- Correct Answer ------------ abcde What types of Tags can you create? ----------- Correct Answer ------------ Tags without criteria and Criteria-based tags Which answer lists ALL the layers of protection in the HIPS client? ----------- Correct Answer ------------ Signature, behavioral and firewall protection Which ePO component gathers the events from the managed systems and communicates them to the ePO server? ----------- Correct Answer ------------ McAfee Agent Which ePO core component enforces the policies on the systems? ----------- Correct Answer ------------ McAfee Agent Which ePO repository provides all updates to the ePO Master repository? ----------- Correct Answer ------------ Source Which ePO user listed below can create and edit tags in ePO? ----------- Correct Answer ------------ Administrator Which executable runs the main HIPS service? ----------- Correct Answer ------------ Firesvc.exe Which IPS policy determines what options are available to a client computer with a HIPS client; including; whether or not the client icon appears in the system tray; types of intrusion alerts; and password to allow access to the client user interface? ----------- Correct Answer ------------ A. Server UI B. Policy Settings- Wrong ----------- Correct Answer ------------ C. Client GUI ----------- Correct Answer ------------ D. Client UI ----------- Correct Answer ------------ Which is not a type of IPS Signature? ----------- Correct Answer ------------ Host Signatures Custom Host Signatures- Wrong ----------- Correct Answer ------------ Network Signatures ----------- Correct Answer ------------
Global Signatures ----------- Correct Answer ------------ Which of the following can be created to prevent interpreting a normal behavior as an attack? ----------- Correct Answer ------------ Exception Which of the following is a valid statement regarding the task of managing policies in ePO? ----------- Correct Answer ------------ A. The only way to apply an existing policy to a node in the ePO tree is through inheritance. B. When you assign a new policy to a particular group of the Directory; then all systems under that group with inheritance intact will inherit the new policy. ----------- Correct Answer ------------ C. Policies that have been duplicated can only be applied to the Directory level in the ePO console. ----------- Correct Answer ------------ D. Policies cannot be exported or imported from one ePO server to another ePO server.- Wrong ----------- Correct Answer ------------ Which of the following is not a protection level defined in the IPS Protection Policy? ------ ----- Correct Answer ------------ A. Ignore- Wrong B. Allow ----------- Correct Answer ------------ C. Log ----------- Correct Answer ------------ D. Prevent ----------- Correct Answer ------------ Which statement best defines Application Shielding in HIPS? ----------- Correct Answer -- ---------- A. Applications; system registry and services are locked down against malicious activity. B. Applications are not permitted to access data; registry and services outside their own application envelope.- Wrong ----------- Correct Answer ------------ C. Applications are prevented from communicating with any network services that are not defined by the administrator. ----------- Correct Answer ------------ D. Applications can only hook to the processes that match the digital signature imported into HIPS. ----------- Correct Answer ------------ Which statement is true concerning the ePO console? ----------- Correct Answer -----------
D. It provides remote consoles that can be installed on UNIX platforms.A DLP/DCM GUID is which of the following? ----------- Correct Answer ------------ 1. Unique Device Identifier An agent handler installation includes only which of the following? ----------- Correct Answer ------------ 2. Apache and Event Parser Before you run the SC Initial Scan to create whitelist you must run which SC action listed below? ----------- Correct Answer ------------ Enable client task Device Control policies are configured using which of the following? ----------- Correct Answer ------------ B:DLP Policy Manager (correct) DLP/DCM Plug and Play devices can be identified by which of the following? ----------- Correct Answer ------------ B:Device classes How does the Rogue System Sensor find rogue machines on the network? ----------- Correct Answer ------------ N: The sensor listens passively to layer 2 broadcasts. How many Policy Auditor Audit Score categories are there? ----------- Correct Answer --- --------- 4 How many sensors must be installed for complete coverage? ----------- Correct Answer - ----------- 2. 1 in each broadcast segment In the DLP Agent Configuration for Notifications; to append the name of the file/device/etc. - Add which of the following? ----------- Correct Answer ------------ B:%s In the File Integrity Monitor of Policy Auditor you can retain up to how many versions including the baseline version of the file? ----------- Correct Answer ------------ 6 It is possible to install the DLP Agent onto Linux machines. ----------- Correct Answer ---- -------- FALSE It is possible to install the Solidcore client onto Linux machines. ----------- Correct Answer ------------ TRUE It is required to restart the client computer after the DLP agent has been installed. -------- --- Correct Answer ------------ 2. TRUE Select a valid DLP/DCM Device Class status from the options below ----------- Correct Answer ------------ 1. Configured
Select a valid Policy Auditor Built In Permission Set from the options below: ----------- Correct Answer ------------ PA Admin Select the valid Solidcore default permission set. ----------- Correct Answer ------------ Solidcore Reviewer The DLP/DCM Agent main agent logic executable is which of the following? ----------- Correct Answer ------------ A.FCAG.exe The Fetch inventory contains information about which binary and script files present on the system? ----------- Correct Answer ------------ Executable The first step in creating an audit is to: ----------- Correct Answer ------------ Activate a benchmark The Policy Auditor Agent is only supported on Windows platforms. ----------- Correct Answer ------------ 2. FALSE The Publisher tab in the Application Control allows you to manage the various certificates that are used to do what to binaries? ----------- Correct Answer ------------ Extract The Rogue System Sensor determines if a machine is a rogue system ----------- Correct Answer ------------ 2.fALSE - right The users that can install programs and run executables on a solidified system are: ----- ------ Correct Answer ------------ Trusted Users To collect the list of executable files and their details from the client system you run which SC task listed below? ----------- Correct Answer ------------ Pull Inventory To create a file archive with system information and Solidcore Agent plugin log files you use which SC task listed below? ----------- Correct Answer ------------ Collect Debug Info To edit a Benchmark it is required to access which of the following in ePO? ----------- Correct Answer ------------ Benchmark Catalog To use a selected Benchmark in an audit it is required to do which of the following to the Benchmark? ----------- Correct Answer ------------ 1. Activate What component of HBSS provides administrators with the ability to block the use of removable storage devices? ----------- Correct Answer ------------ DLP
When the Solidcore enforcement is Enabled you can authorize approved changes to the client by using which SC task listed below? ----------- Correct Answer ------------ Begin Update Mode When using a McAfee Agent Deployment task; it is required to create an agent override key to remove the Host DLP/DCM Agent. ----------- Correct Answer ------------ 2. FALSE - right When you switch to the Observe mode from the Disabled mode; the endpoints need to be restarted. ----------- Correct Answer ------------ TRUE Which of the following drivers is the only driver that is mandatory when using the DLP/DCM and is also responsible to evaluate the device blocking rules? ----------- Correct Answer ------------ 1. File Device Which of the following monitors the Host DLP/DCM Agent; and restarts it if it stops running for any reason? ----------- Correct Answer ------------ fcagswd.exe Within an Agent Handler group; if the handler with the highest priority is unavailable; the agent will fall back to the handler with the next highest priority ----------- Correct Answer - ----------- 2. FALSE ----------- Correct Answer ------------ ----------- Correct Answer ---------- ----------- Correct Answer ---------- What is HBSS ----------- Correct Answer ---------- - host based security system on the individual workstation or the host
systems structure ----------- Correct Answer ---------- - By default, the system tree comes built in with the "My Organization" group
Inheritance ----------- Correct Answer ---------- Groups that require special policies will have to break inheritance. Design and layout of System Tree should facilitate these exceptions McAfee Agent ----------- Correct Answer ---------- offers no protection. Its job is to provide a secure communication channel to the ePO and manages all of the other modules that will be installed on the client machine (VSE, HIPS, etc.). SuperAgent ----------- Correct Answer ---------- SuperAgent are agents that are designated to act as a source of content updates to other agents in the same network An example remote site using a WAN McAfee Agent ----------- Correct Answer ---------- - install all of your point products and upgrade based on the client task
Using the System Tray Icon ----------- Correct Answer ---------- information includes the Agent Version, DAT Date/Version, ePO Server name/IP, Products Version, and the Hostname. Tagging ----------- Correct Answer ---------- dynamic management tool