Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

HBSS 501 Exam New 2024-2025 Latest Version Best Studying Material with All Questions, Exams of Project Management

HBSS 501 Exam New 2024-2025 Latest Version Best Studying Material with All Questions and 100% Correct Answers

Typology: Exams

2023/2024

Available from 06/05/2024

exam-hut
exam-hut 🇺🇸

4.7

(3)

1.2K documents

1 / 30

Toggle sidebar

Related documents


Partial preview of the text

Download HBSS 501 Exam New 2024-2025 Latest Version Best Studying Material with All Questions and more Exams Project Management in PDF only on Docsity!

HBSS 501 Exam New 2024- 2025 Latest Version Best

Studying Material with All Questions and 100%

Correct Answers

Which of the following is not true about ArcSight and situational awareness? ----------- Correct Answer ---------- Correlation Monitoring Analysis Prevention

  • Prevention In order to manage an endpoint; ___________ must be installed. ----------- Correct Answer ---------- McAfee Agent McAfee HIPS McAfee VirusScan Enterprise McAfee RSD
  • McAfee Agent A newly hired information security manager notes that existing information security practices and procedures appear adhoc. Based on this observation, the next action should be to: ----------- Correct Answer ------------ review the corporate standards A regulatory authority has just introduced a new regulation pertaining to the release of quarterly financial results. The FIRST task that the security officer should perform is to: - ---------- Correct Answer ------------ identify whether current controls are adequate. A systems approach to managing information security can be a benefit PRIMARILY because it is: ----------- Correct Answer ------------ able to provide a more integrated, holistic program. An information security manager mapping a job description to types of data access is MOST likely to adhere to which of the following information security principles? ----------- Correct Answer ------------ proportionality An organization has recently developed and approved an access control policy. Which of the following will be MOST effective in communicating the access control policy to the employees? ----------- Correct Answer ------------ requiring employees to formally acknowledge receipt of the policy An organization's board of directors has learned of recent legislation requiring organizations within the industry to enact specific safeguards to protect confidential

customer information. What actions should the board take next? ----------- Correct Answer ------------ require management to report on compliance An outcome of effective security governance is: ----------- Correct Answer ------------ strategic alignment. Business objectives should be evident in the security strategy by the presence of: -------- --- Correct Answer ------------ traceable connections. Business objectives should be evident in the security strategy by: ----------- Correct Answer ------------ direct traceability. Compliance with security policies and standards is the responsibility of: ----------- Correct Answer ------------ all organizational units. For an organization's information security program to be highly effective, who should have final responsibility for authorizing information system access? ----------- Correct Answer ------------ information owner From an information security manager perspective, what is the immediate benefit of clearly-defined roles and responsibilities? ----------- Correct Answer ------------ better accountability Information security policy enforcement is the responsibility of the: ----------- Correct Answer ------------ chief information security officer (CISO). Information security should be: ----------- Correct Answer ------------ a balance between technical and business requirements Retention of business records should PRIMARILY be based on: ----------- Correct Answer ------------ regulatory and legal requirements. Security technologies should be selected PRIMARILY on the basis of their: ----------- Correct Answer ------------ ability to mitigate business risks. Successful implementation of information security governance will FIRST require: -------- --- Correct Answer ------------ updated security policies. Systems thinking as it relates to information security is: ----------- Correct Answer --------- --- an understanding that the whole is greater than the sum of its parts. The FIRST step in developing an information security management program is to: ------- ---- Correct Answer ------------ clarify organizational purpose for creating the program The FIRST step to create an internal culture that focuses on information security is to: -- --------- Correct Answer ------------ gain the endorsement of executive management.

The MAIN goal of an information security strategic plan is to: ----------- Correct Answer -- ---------- protect information assets and resources. The MOST appropriate role for senior management in supporting information security is the: ----------- Correct Answer ------------ approval of policy statements and funding. The MOST basic requirement for an information security governance program is to: ----- ------ Correct Answer ------------ be aligned with the corporate business strategy. The MOST effective approach to address issues that arise between IT management, business units and security management when implementing a new security strategy is for the information security manager to: ----------- Correct Answer ------------ refer the issues to senior management along with any security recommendations. The MOST effective way to limit actual and potential impacts of e-discovery in the event of litigation is to: ----------- Correct Answer ------------ develop and enforce comprehensive retention policies. The MOST important basis for developing a business case is the: ----------- Correct Answer ------------ feasibility and value proposition The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in: ----------- Correct Answer ------------ application systems and media. The MOST important outcome of aligning information security governance with corporate governance is to: ----------- Correct Answer ------------ maximize the cost- effectiveness of controls. The PRIMARY focus of information security governance is to: ----------- Correct Answer - ----------- optimize the information security strategy to achieve business objectives. The PRIMARY objective for information security program development should be: ------- ---- Correct Answer ------------ reducing the impact of the risk in the business. The PRIMARY objective of a security steering group is to: ----------- Correct Answer ------ ------ ensure information security aligns with business goals. The security responsibility of data custodians in an organization will include: ----------- Correct Answer ------------ ensuring security measures are consistent with policy. To achieve effective strategic alignment of security initiatives, it is important that: --------- -- Correct Answer ------------ inputs be obtained and consensus achieved between the major organizational units.

What is the MOST important item to be included in an information security policy? ------- ---- Correct Answer ------------ the key objectives of the security program What is the PRIMARY role of the information security manager in the process of information classification within an organization? ----------- Correct Answer ------------ defining and ratifying the classification structure of information assets When implementing effective security governance within the requirements of the company's security strategy, which of the following is the MOST important factor to consider? ----------- Correct Answer ------------ preserving the confidentiality of sensitive data When security policies are strictly enforced, the initial impact is that: ----------- Correct Answer ------------ the total cost of security is increased. Which of the following are seldom changed (=rarely changed) in response to technological changes? ----------- Correct Answer ------------ policies Which of the following BEST protects confidentiality of information? ----------- Correct Answer ------------ least privilege Which of the following BEST supports continuous improvement of the risk management process? ----------- Correct Answer ------------ adoption of a maturity model Which of the following is a benefit of information security governance? ----------- Correct Answer ------------ reduction of the potential for civil or legal liability Which of the following is a key area of the ISO 27001 framework? ----------- Correct Answer ------------ business continuity management Which of the following is characteristic of centralized information security management? ----------- Correct Answer ------------ better adherence to policies Which of the following is MOST likely to be discretionary? (=optional, flexible, unrestricted) ----------- Correct Answer ------------ guidelines Which of the following is MOST likely to be responsible for establishing the security requirements over an application? ----------- Correct Answer ------------ data owner Which of the following is PRIMARILY related to the emergence of governance, risk and compliance (GRC)? ----------- Correct Answer ------------ the integration of assurance- related activities Which of the following is the MOST important consideration when developing an information security strategy? ----------- Correct Answer ------------ effectiveness of risk mitigation

Which of the following is the MOST important factor on which to rely to successfully assign cross-organizational responsibility to integrate an information security program? - ---------- Correct Answer ------------ the roles of different job functions Which of the following is the MOST important objective of an information security strategy review? ----------- Correct Answer ------------ ensuring that information security strategy is aligned with organizational goals Which of the following should drive the risk analysis for an organization? ----------- Correct Answer ------------ security manager Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization? ----------- Correct Answer -------- ---- the data center manager has final signoff on all security projects. Which of the following will have the GREATEST impact on a financial enterprise with offices in various countries and involved in trans border flow of information? ----------- Correct Answer ------------ evolving data protection regulations Which of the following would be the MOST important goal of an information security governance program? ----------- Correct Answer ------------ ensuring trust in data Which one of the following groups has final responsibility for the effectiveness of security controls? ----------- Correct Answer ------------ the organization's senior management Which person or group should have final approval of an organization's information security policies? ----------- Correct Answer ------------ senior management While implementing information security governance an organization should FIRST: ----- ------ Correct Answer ------------ define the security strategy. Who should be responsible for enforcing access rights to application data? ----------- Correct Answer ------------ security administrators A dashboard is a collection of __________ shown together in the same location. --------- -- Correct Answer ---------- Monitors Reports Charts Lists

  • Reports Which VSE label shows the friendly name of a VSE event? ----------- Correct Answer ---- ------ Threat Name

Signature Name (Host IPS) Param Value Threat Type

  • Threat Name Which feature does HIPS and VSE both have in common but is disabled on one when both are installed on the same endpoint? ----------- Correct Answer ---------- Application Blocking Access Protection Trusted Applications Buffer Overflow Protection
  • Buffer Overflow Protection Which query filter label helps group similar data for VSE? ----------- Correct Answer ------ ---- Threat Name Threat Type Threat Severity Detecting Product ID Threat Type As an Analyst; your duty includes reviewing all the data collected by the ePO server. ---- ------- Correct Answer ---------- True False True Which of the following is a valid query output? ----------- Correct Answer ---------- HTML XML ZIP All of the above All of the above __________ queries are created specifically to gather HBSS related compliance data. -- --------- Correct Answer ---------- Extended Reporting Enhanced Reporting Quick Find Compliance Compliance Which of the following VSE events should get the highest priority? ----------- Correct Answer ---------- Scan Time Out

Virus detected and cleaned File password protected Virus detected and not cleaned Virus detected and not cleaned In which query builder menu do you select the data source; i.e. Managed Systems or Threat Events? ----------- Correct Answer ---------- Result Type Chart Type Columns Filters Columns You can import a query that was created on a different ePO server. ----------- Correct Answer ---------- True False True CND Services include Prepare; Protect and _________ ----------- Correct Answer ---------

  • Attack Remediate Respond Diagnose
  • Respond What action should be taken if an event is found to be a false positive? ----------- Correct Answer ---------- Ignore It Start the tuning process Call the helpdesk Open a ticket with DISA
  • Start the tuning process Which product is responsible for collecting endpoint properties and policy enforcement? ----------- Correct Answer ---------- McAfee VirusScan McAfee HIPS McAfee Agent ACCM
  • McAfee Agent What is the correct order for prioritizing events? ----------- Correct Answer ---------- Severity; Action Taken; Volume

Action Taken; Severity; Volume Volume; Severity; Action Taken Severity; Volume; Action Taken

  • Severity; Action Taken; Volume An admin creates ___________ to manage the software installed on the endpoint. ------- ---- Correct Answer ---------- Rules Policies Groups Client tasks
  • Policies Which HIPS label shows the friendly name of a HIPS event? ----------- Correct Answer -- -------- Threat Name Signature Name (Host IPS) Param value Product name
  • Signature Name (Host IPS) In which of the following is process improvement and recommendations made? ----------- Correct Answer ---------- Prepare Detect; Triage; Respond Detect Respond Respond Which label identifies the managed product by friendly name? ----------- Correct Answer ---------- Detecting Prod ID Detecting Software Name Detecting Product Name Threat Type _________ are premade benchmarks that can be imported into ePO to be used with Policy Auditor. ----------- Correct Answer ---------- SCAP PA Rules FCDD OPAV
  • SCAP A trusted network may be defined by all of the following except: ----------- Correct Answer ------------ D. Network Protocol

Agent Handlers consist primarily of what two services? ----------- Correct Answer ---------- -- C. Apache and Event Parser Also referred to as a Deployment Task, the type of client task that installs products from the master repository to client workstations is: ----------- Correct Answer ------------ C. Product deployment task An agent will download installation packages or DATS from a specific repository based on : ----------- Correct Answer ------------ C. McAfee Agent Policy An ENS software bundle is available frim the ePO software manager. From this list which package is not included in the bundle. ----------- Correct Answer ------------ B. Migration Both the repository Pull Task and the Repository Replication task are: ----------- Correct Answer ------------ B. Server tasks Deployment packages are non-installable product files that must be manually placed in the repository. ----------- Correct Answer ------------ B. False Extensions are files that contain components and information needed to manage a product. ----------- Correct Answer ------------ A. True How do you add an icon to the Navigation Bar of the EPO console? ----------- Correct Answer ------------ A. Drag and drop the desired item from the cascaded menu to the navigation bar How many sensors must be installed for complete coverage (rogue detection) ----------- Correct Answer ------------ A. 1 in each broadcast subnet Match the HIPS client processes component to the function field ----------- Correct Answer ------------ FireSvc.exe =main hips service FireTray.exe = firewall learn mode ----------- Correct Answer ------------ Mfevipts.exe = Mcafee validated trusted and protected process ----------- Correct Answer


One of the principle considerations when planning your system tree is ________________ _____________________, beacuse this directly affects those who maintain the systems and their ability to view and use ePO features. ----------- Correct Answer ------------ B. Administrator Access Only the dashboard creator can modify/delete a private query ----------- Correct Answer - ----------- A. True

Organize systems into logical groupings for policy mangement by: ----------- Correct Answer ------------ A. By placing them into groups and subgroups Rogue systems are: ----------- Correct Answer ------------ D. All of the above, Systems that have not communicated within configured time limits Systems that are not managed by a McAfee agent ----------- Correct Answer ------------ Systems with a McAfee agent but not in the Epo database ----------- Correct Answer -----


Tags are like labels that can be applied to: select all that apply: ----------- Correct Answer ------------ C. Systems The command line switch used from FrmInst.exe to remove the McAfee Agent is: -------- --- Correct Answer ------------ A./Remove=Agent The criteria used for criteria-based tags is tsaken from: ----------- Correct Answer ---------- -- C. System properties, collected by Mcafee Agent The master repository is always: ----------- Correct Answer ------------ B. The ePO Server (Spipe) Repository The maximum number of fallback repositories allowed is: ----------- Correct Answer ------- ----- D: 1 The McAfee default dashboards are read-only. ----------- Correct Answer ------------ A. True The top level object in the ePO systemTree is: ----------- Correct Answer ------------ B. My organization There are two types of tags that you can create, they are: ----------- Correct Answer ------ ------ C. Tags without criteria, Criteria based tags To update the Master Repositoryfrom a source site, you would create a: ----------- Correct Answer ------------ A. Repository pull task What are the three visibility options you have for dashboards? ----------- Correct Answer ------------ Public, private, and share What is the default authentication method for ePO users? ----------- Correct Answer ------ ------ A. ePO authentication

What is the deployment system component, the actual software that is deployed and is checked into the ePolicy OrchestratorMaster Repository? ----------- Correct Answer ------ ------ A. Packages When can permission sets be assigned? Select all that apply ----------- Correct Answer -- ---------- A. When new point products are installed B. When a new user account is created. ----------- Correct Answer ------------ C. When a new permission set is created ----------- Correct Answer ------------ D. To any user existing user account ----------- Correct Answer ------------ Which compnent enforces policies and forwards events for managed systems? ----------- Correct Answer ------------ A. McAfee Agent Which ENS module acts as a filter between computer and netowrk or internet? ----------- Correct Answer ------------ A Firewall Which ENS module provides features formerly found in VSE? ----------- Correct Answer - ----------- B. Threat Protection Which of the following are functions of the MacAfee Agent on the client workstation? Choose two ----------- Correct Answer ------------ A. Provides secure communication between products and ePO C. Gathers events from managed systems and communcates them to the ePO database. ----------- Correct Answer ------------ Which of the following cane be used to automatically populate and ePO system tree? Select all that apply. ----------- Correct Answer ------------ A. Text file import into a flat list. B. Synchronization with Active Directory containers ----------- Correct Answer ------------ C. Synchronization with NT Domain ----------- Correct Answer ------------ D. Synchronization with Other LDAP based directory ----------- Correct Answer ------------ Which of the following is a good reason to install an agent handler? ----------- Correct Answer ------------ B. Communicate woth agents in a DMZ behind a NAT device C. Logically expand ePO infrastructure ----------- Correct Answer ------------ Which of the following permission sets provides access only to core ePO functionality: -- --------- Correct Answer ------------ C. Group Admin

Which of these are valid repository roles in ePO? (Select all that apply) ----------- Correct Answer ------------ A. Source B. master ----------- Correct Answer ------------ C. Distributed ----------- Correct Answer ------------ D. Fallback ----------- Correct Answer ------------ Which of these groups of text, if placed in a text file and imported, would result in a system being imported in to the system tree? ----------- Correct Answer ------------ B. Region1\subregion\machine1 (no slashes at end) Which of these is not a permission reserved exclusively to the administrator? ----------- Correct Answer ------------ Use public dashboards; create and edit personal dashboards Which service generates the Java-based web console that ePO uses? ----------- Correct Answer ------------ A. Tomcat Which statements describe advantages provided by centralized security managment with EPO? Choose all that apply. ----------- Correct Answer ------------ A. Automated responses th threat events B. Manage only one policy framework ----------- Correct Answer ------------ C. Consolidate minitoring and reporting ----------- Correct Answer ------------ D. Easy to discover non-compliant systems. ----------- Correct Answer ------------ You can have more than one tag for each system ----------- Correct Answer ------------ True You cannot apply more than one tag to any given system: ----------- Correct Answer ------ ------ False Assume three IPS policies are applied to a node; 1 default and 2 custom. The default severity level is set to HIGH; 1 custom severity level is set to LOW and the other custom is set to MEDIUM. What is the effective severity level outcome for the applied policy? --- -------- Correct Answer ------------ Low Med ----------- Correct Answer ------------ High- Wrong ----------- Correct Answer ------------ Least Restrictive ----------- Correct Answer ------------

DISA HBSS 201 Admin ePO5.1 (2014 Version) ----------- Correct Answer ------------ Pull Task Each Firewall Rule provides a set of conditions that which of the following has to meet? ----------- Correct Answer ------------ A. Users B. Computers ----------- Correct Answer ------------ C. Traffic ----------- Correct Answer ------------ D. Protocols- Wrong ----------- Correct Answer ------------ From this list select the format that you cannot export your query results to. ----------- Correct Answer ------------ A. CSV B. DOC ----------- Correct Answer ------------ C. XML- Wrong ----------- Correct Answer ------------ D. HTML ----------- Correct Answer ------------ E. PDF ----------- Correct Answer ------------ Dunno? ----------- Correct Answer ------------ How do yo uninstall the HIPS 7.0 client for Windows from a managed system? ----------- Correct Answer ------------ Remove the extension from the ePO Server and initiate the McAfee Agent wakeup call.( double check answer) How do you uninstall the HIPS client for Windows from a managed system? ----------- Correct Answer ------------ - Configure the IPS Options policy to disable IPS; Configure the McAfee Agent deployment task to remove the HIPS client.

  • Remove the HIPS client package from the ePO Master repository and initiate the McAfee Agent wakeup call. ----------- Correct Answer ------------
  • Configure the McAfee Agent Update task to uninstall the HIPS client and initiate the McAfee Agent wakeup call. ----------- Correct Answer ------------
  • Remove the Extension from the ePO server and initiate the McAfee Agent wakeup call. ----------- Correct Answer ------------ If a connection is in the state table; what action will occur with future traffic for that connection? ----------- Correct Answer ------------ Allow

In the Client Task Catalog you can export all of your client tasks into an XML file that can be imported into another ePolicy Orchestrator Server. ----------- Correct Answer ------ ------ True In which order are HIPS Firewall rules processed to filter incoming packets? ----------- Correct Answer ------------ Top to bottom Prior to imaging the system the registry entry for the McAfee Agent; which line should be deleted? ----------- Correct Answer ------------ - HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePO\Agent\EpoGUID

  • HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePO\Agent\CMA GUID --- -------- Correct Answer ------------
  • HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePO\Agent\Agent SID ---- ------- Correct Answer ------------
  • HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePO\Agent\AgentGUID --- -------- Correct Answer ------------ Public Queries exist in which of the following lists? ----------- Correct Answer ------------ A. Public Groups B. Shared Groups ----------- Correct Answer ------------ C. My Groups- Correct ----------- Correct Answer ------------ D. Query Groups- Wrong ----------- Correct Answer ------------ Select the ePolicy Orchestrator component that caches policies to reduce database reads and speed up ASCI time. ----------- Correct Answer ------------ A. Tomcat- Wrong b. Apache B. Apache ----------- Correct Answer ------------ C. Event Parser ----------- Correct Answer ------------ D. McAfee Agent ----------- Correct Answer ------------ Select the ePolicy Orchestrator component that provides the UI of the System tree; sorting of nodes; tags and policies. ----------- Correct Answer ------------ Apache The Agent to Server Communication for the McAfee Agent is encrypted using which of the following? ----------- Correct Answer ------------ A. IPSEC- Wrong B. SPIPE ----------- Correct Answer ------------

C. TLS- Correct ----------- Correct Answer ------------ D. HTTP ----------- Correct Answer ------------ The Client Task Catalog allows you to create which of the following? ----------- Correct Answer ------------ A. Server task objects B. Client task objects ----------- Correct Answer ------------ C. Client task rules- Wrong ----------- Correct Answer ------------ D. Client task profiles ----------- Correct Answer ------------ To manually move a system from one group to another; you do which two things with the system to move it to the other group? ----------- Correct Answer ------------ A. Drag and drop B. Copy and paste ----------- Correct Answer ------------ C. Right click and move- Wrong ----------- Correct Answer ------------ D. Left click and move ----------- Correct Answer ------------ To verify that the IP address sorting criteria that has not been configured to overlap between different groups; you can use which of the following options? ----------- Correct Answer ------------ A. Combined IP Integrity B. Check IP Integrity ----------- Correct Answer ------------ C. Check IP Groups ----------- Correct Answer ------------ D. Display IP Sorting- Wrong ----------- Correct Answer ------------ What are the four main types of Permission Sets in ePO? ----------- Correct Answer ------ ------ Executive Reviewer; Global Reviewer; Group Admin; Group Reviewer What are the four severity levels of signature in HIPS? ----------- Correct Answer ---------- -- High, Medium, Low, Informational What can be created to prevent interpreting a normal behavior as an attack? ----------- Correct Answer ------------ Exception What column is not displayed in the Audit Log? ----------- Correct Answer ------------ Failure

What ePO server task updates ePO distributed repositories from the master repository? ----------- Correct Answer ------------ Pull task What is the default password for unlocking the client user interface when troubleshooting the McAfee HIPS client? ----------- Correct Answer ------------ abcde What types of Tags can you create? ----------- Correct Answer ------------ Tags without criteria and Criteria-based tags Which answer lists ALL the layers of protection in the HIPS client? ----------- Correct Answer ------------ Signature, behavioral and firewall protection Which ePO component gathers the events from the managed systems and communicates them to the ePO server? ----------- Correct Answer ------------ McAfee Agent Which ePO core component enforces the policies on the systems? ----------- Correct Answer ------------ McAfee Agent Which ePO repository provides all updates to the ePO Master repository? ----------- Correct Answer ------------ Source Which ePO user listed below can create and edit tags in ePO? ----------- Correct Answer ------------ Administrator Which executable runs the main HIPS service? ----------- Correct Answer ------------ Firesvc.exe Which IPS policy determines what options are available to a client computer with a HIPS client; including; whether or not the client icon appears in the system tray; types of intrusion alerts; and password to allow access to the client user interface? ----------- Correct Answer ------------ A. Server UI B. Policy Settings- Wrong ----------- Correct Answer ------------ C. Client GUI ----------- Correct Answer ------------ D. Client UI ----------- Correct Answer ------------ Which is not a type of IPS Signature? ----------- Correct Answer ------------ Host Signatures Custom Host Signatures- Wrong ----------- Correct Answer ------------ Network Signatures ----------- Correct Answer ------------

Global Signatures ----------- Correct Answer ------------ Which of the following can be created to prevent interpreting a normal behavior as an attack? ----------- Correct Answer ------------ Exception Which of the following is a valid statement regarding the task of managing policies in ePO? ----------- Correct Answer ------------ A. The only way to apply an existing policy to a node in the ePO tree is through inheritance. B. When you assign a new policy to a particular group of the Directory; then all systems under that group with inheritance intact will inherit the new policy. ----------- Correct Answer ------------ C. Policies that have been duplicated can only be applied to the Directory level in the ePO console. ----------- Correct Answer ------------ D. Policies cannot be exported or imported from one ePO server to another ePO server.- Wrong ----------- Correct Answer ------------ Which of the following is not a protection level defined in the IPS Protection Policy? ------ ----- Correct Answer ------------ A. Ignore- Wrong B. Allow ----------- Correct Answer ------------ C. Log ----------- Correct Answer ------------ D. Prevent ----------- Correct Answer ------------ Which statement best defines Application Shielding in HIPS? ----------- Correct Answer -- ---------- A. Applications; system registry and services are locked down against malicious activity. B. Applications are not permitted to access data; registry and services outside their own application envelope.- Wrong ----------- Correct Answer ------------ C. Applications are prevented from communicating with any network services that are not defined by the administrator. ----------- Correct Answer ------------ D. Applications can only hook to the processes that match the digital signature imported into HIPS. ----------- Correct Answer ------------ Which statement is true concerning the ePO console? ----------- Correct Answer -----------

  • A. It is web based and designed completely in HTML and JavaScript. B. It is a stand alone application and uses Java code. ----------- Correct Answer ------------

C. It utilizes the Microsoft Management Console MMC.- Wrong ----------- Correct Answer

D. It provides remote consoles that can be installed on UNIX platforms.A DLP/DCM GUID is which of the following? ----------- Correct Answer ------------ 1. Unique Device Identifier An agent handler installation includes only which of the following? ----------- Correct Answer ------------ 2. Apache and Event Parser Before you run the SC Initial Scan to create whitelist you must run which SC action listed below? ----------- Correct Answer ------------ Enable client task Device Control policies are configured using which of the following? ----------- Correct Answer ------------ B:DLP Policy Manager (correct) DLP/DCM Plug and Play devices can be identified by which of the following? ----------- Correct Answer ------------ B:Device classes How does the Rogue System Sensor find rogue machines on the network? ----------- Correct Answer ------------ N: The sensor listens passively to layer 2 broadcasts. How many Policy Auditor Audit Score categories are there? ----------- Correct Answer --- --------- 4 How many sensors must be installed for complete coverage? ----------- Correct Answer - ----------- 2. 1 in each broadcast segment In the DLP Agent Configuration for Notifications; to append the name of the file/device/etc. - Add which of the following? ----------- Correct Answer ------------ B:%s In the File Integrity Monitor of Policy Auditor you can retain up to how many versions including the baseline version of the file? ----------- Correct Answer ------------ 6 It is possible to install the DLP Agent onto Linux machines. ----------- Correct Answer ---- -------- FALSE It is possible to install the Solidcore client onto Linux machines. ----------- Correct Answer ------------ TRUE It is required to restart the client computer after the DLP agent has been installed. -------- --- Correct Answer ------------ 2. TRUE Select a valid DLP/DCM Device Class status from the options below ----------- Correct Answer ------------ 1. Configured

Select a valid Policy Auditor Built In Permission Set from the options below: ----------- Correct Answer ------------ PA Admin Select the valid Solidcore default permission set. ----------- Correct Answer ------------ Solidcore Reviewer The DLP/DCM Agent main agent logic executable is which of the following? ----------- Correct Answer ------------ A.FCAG.exe The Fetch inventory contains information about which binary and script files present on the system? ----------- Correct Answer ------------ Executable The first step in creating an audit is to: ----------- Correct Answer ------------ Activate a benchmark The Policy Auditor Agent is only supported on Windows platforms. ----------- Correct Answer ------------ 2. FALSE The Publisher tab in the Application Control allows you to manage the various certificates that are used to do what to binaries? ----------- Correct Answer ------------ Extract The Rogue System Sensor determines if a machine is a rogue system ----------- Correct Answer ------------ 2.fALSE - right The users that can install programs and run executables on a solidified system are: ----- ------ Correct Answer ------------ Trusted Users To collect the list of executable files and their details from the client system you run which SC task listed below? ----------- Correct Answer ------------ Pull Inventory To create a file archive with system information and Solidcore Agent plugin log files you use which SC task listed below? ----------- Correct Answer ------------ Collect Debug Info To edit a Benchmark it is required to access which of the following in ePO? ----------- Correct Answer ------------ Benchmark Catalog To use a selected Benchmark in an audit it is required to do which of the following to the Benchmark? ----------- Correct Answer ------------ 1. Activate What component of HBSS provides administrators with the ability to block the use of removable storage devices? ----------- Correct Answer ------------ DLP

When the Solidcore enforcement is Enabled you can authorize approved changes to the client by using which SC task listed below? ----------- Correct Answer ------------ Begin Update Mode When using a McAfee Agent Deployment task; it is required to create an agent override key to remove the Host DLP/DCM Agent. ----------- Correct Answer ------------ 2. FALSE - right When you switch to the Observe mode from the Disabled mode; the endpoints need to be restarted. ----------- Correct Answer ------------ TRUE Which of the following drivers is the only driver that is mandatory when using the DLP/DCM and is also responsible to evaluate the device blocking rules? ----------- Correct Answer ------------ 1. File Device Which of the following monitors the Host DLP/DCM Agent; and restarts it if it stops running for any reason? ----------- Correct Answer ------------ fcagswd.exe Within an Agent Handler group; if the handler with the highest priority is unavailable; the agent will fall back to the handler with the next highest priority ----------- Correct Answer - ----------- 2. FALSE ----------- Correct Answer ------------ ----------- Correct Answer ---------- ----------- Correct Answer ---------- What is HBSS ----------- Correct Answer ---------- - host based security system on the individual workstation or the host

  • (COTS)
  • monitor, detect, and counter against known cyber threats. - address known traffic exploits What is HBSS on ----------- Correct Answer ---------- Cyber Tasking Order (CTO) 07 12, US Cyber Command (USCYBERCOM) mandates that HBSS be installed on every DoD system. Why do we use HBSS ----------- Correct Answer ---------- allows us to centralize the administration of security tools. With this centralized administration we can control and monitor our different modules (VSE, HIPS, DLP, and any other module that is installed on the host. Who can you call for HBSS assistance ----------- Correct Answer ---------- DISA HBSS Components ----------- Correct Answer ---------- - ePolicy Orchestrator Server
  • the McAfee Agent
  • the distributed repositories
  • registered server The ePO server ----------- Correct Answer ---------- - application server that manages the suit of product
  • contains the SQL database that stores logs, events, and policies
  • contains the master repository which stores all products as well as software that is deployable to the clients The McAfee Agent ----------- Correct Answer ---------- installed on the clients and allows the ePO server to enforce polices on the client machine Distributed repositories ----------- Correct Answer ---------- servers contain software packages for remote clients. These repositories are known as SADRs and are similar to that of a WSUS Registered servers ----------- Correct Answer ---------- additional servers on your network that you register with your ePO server to provide additional data such as LDAP, SNMP, and other ePO servers. How HBSS components work together ----------- Correct Answer ---------- Through the ePO's web interface create the policies & tell each product how they will behave, then stored on the local ePO server, agent on the client machine will pull the latest policy from the ePO server, enforce the last policy as long as agent is running Port 80 ----------- Correct Answer ---------- - Agent to Server communication (TCP
  • Inbound TCP. The ePO server listens for requests from McAfee Agents Port 443 ----------- Correct Answer ---------- - Agent to Server secure communication (TLS)
  • Inbound TCP. The ePO server listens for TLS (SSL)-encrypted requests from McAfee Agents Port 591 ----------- Correct Answer ---------- - Agent Wakeup Call
  • Outbound TCP. For when the ePO server or an Agent Handler sends a Wakeup Call to a managed machine. Port 8005 ----------- Correct Answer ---------- - Agent Handler Communication
  • Inbound TCP. ePO Agent Handlers connect to this port during installation and updates Port 8007 ----------- Correct Answer ---------- - Console-to-application (HTTPS
  • Inbound TCP. Port used to connect to the ePO web interface using HTTPS Port 8443 ----------- Correct Answer ---------- - Rogue system detection sensor (HTTPS)
  • Inbound TCP. The ePO server listens for Rogue System Detection events. Also used by Agent Handlers to get information from the ePO (like LDAP servers). Port 8082 ----------- Correct Answer ---------- - UDP Broadcast communication port
  • Inbound UDP. Agents listen for UDP broadcasts from SuperAgents it is possible to lose access to the database if these ports are not open on the ePO server's host firewall ----------- Correct Answer ---------- - Always apply firewall rules to the ePO server carefully. the prerequisites for the ePO server installation are ----------- Correct Answer ---------- - Processors: At least one (two or more for production)
  • Memory:Atleast8 B (16GB+ for production)
  • Hard Disks:Follow the DISA build from image guide DISA builds, the default username and password is... ----------- Correct Answer ---------- "napoleon/Charming2!". After installing the patches, you will need to? ----------- Correct Answer ---------- - set the IP address,
  • the system date and time,
  • the DNS suffix,
  • and rename the machine. Once the rename script has successfully completed, login into the ePO web interface using DISA's default credentials ----------- Correct Answer ---------- "admin/Charming1!". Per DISA's guidelines, the ePO server should NOT.. ----------- Correct Answer ---------- - be added to a domain!
  • to prevent a compromised domain from breaking your main security solution.
  • DNS suffix (1xxmeu.usmc.mil) simply allows name resolution with the DNS server. Within the ePO web interface, your main area of operation ----------- Correct Answer ---------- - System Tree
  • It is the primary interface for managing policies and tasks on your systems System Tree ----------- Correct Answer ---------- - contains all of the systems that the ePO manages
  • a server, workstation, laptop with an agent installed Under My Organization" group ----------- Correct Answer ---------- - you can create subgroups. These subgroups are used to group managed systems
  • they can be renamed, deleted, or moved using drag and drop bc created by you

systems structure ----------- Correct Answer ---------- - By default, the system tree comes built in with the "My Organization" group

  • built in, you cannot move, delete, or rename this group, or change the sorting criteria Lost & Found Group ----------- Correct Answer ---------- stores any system whose location cannot be determined. Since it is a built in group you cannot rename, delete, move, or change its sorting criteria
  • appear last in the list, permission based System Tree Tabs ----------- Correct Answer ---------- - Systems tab
  • Assigned Policies Tab
  • Assigned Client Tasks Tab
  • Group Details Tab
  • Agent Deployment Tab System Tree Creation ----------- Correct Answer ---------- three ways to create:
  • manually by clicking the "New Subgroup
  • Active Directory Synchronizationregister an LDAP server
  • import your system tree structure from a text file.save you time When creating a text file ----------- Correct Answer ---------- use a backslash to separate group names and system names System Tree Design Considerations ----------- Correct Answer ---------- - Administrator access
  • System Type or Role
  • Policy and Task Management
  • Sorting Method
  • Inheritance Administrator access ----------- Correct Answer ---------- when designing system tree layout consider if your subgroups will be administered by other commands or sections System Type or Role ----------- Correct Answer ---------- Are the servers or workstations that should be set aside from general or population, domain controllers, admin workstations, intel etc. Policy and task management ----------- Correct Answer ---------- Grouping by types of systems and their roles makes for more logical application of Policy and Task Assignments. Sorting Method ----------- Correct Answer ---------- Some groups may need to be moved up or down to make automatic sorting easier to apply

Inheritance ----------- Correct Answer ---------- Groups that require special policies will have to break inheritance. Design and layout of System Tree should facilitate these exceptions McAfee Agent ----------- Correct Answer ---------- offers no protection. Its job is to provide a secure communication channel to the ePO and manages all of the other modules that will be installed on the client machine (VSE, HIPS, etc.). SuperAgent ----------- Correct Answer ---------- SuperAgent are agents that are designated to act as a source of content updates to other agents in the same network An example remote site using a WAN McAfee Agent ----------- Correct Answer ---------- - install all of your point products and upgrade based on the client task

  • also listen to the ePO server for any new policies and product updates
  • gathers events (intrusions, scan results, etc.) from the products and pushes them to the ePO server for analysis. ASCI ----------- Correct Answer ---------- Agent to Server Communication Interval Agent to server communication interval (ASCI). ----------- Correct Answer ---------- - The communication between the agent and the ePO server
  • How often the agent checks in with the ePO is 60 minutes ASCI is encrypted using? ----------- Correct Answer ---------- Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
  • All encryption is 128-bit strength and, except for Mac OS X, is FIPS 140-2 compliant. multiple ways to initiate the agent-server communication ----------- Correct Answer -------- -- - hen the ASCI default time lapses
  • when the agent initiates a communication upon startup
  • when the ePO initiates an agent wake-up call
  • manually initiate communication from the client Communication After Agent Installation ----------- Correct Answer ---------- The first thing that happens after the agent is installed on the client is that it initiates a communication to the ePO ten minutes of startup Wake-up calls ----------- Correct Answer ---------- A wake-up call is when the ePO forces the managed machine to initiate an ASCI outside of its normal interval There are two ways to issue a wake-up ----------- Correct Answer ---------- - directly from the server
  • on a schedule(bandwidth restrictions)

Using the System Tray Icon ----------- Correct Answer ---------- information includes the Agent Version, DAT Date/Version, ePO Server name/IP, Products Version, and the Hostname. Tagging ----------- Correct Answer ---------- dynamic management tool

  • Tags are labels applied to one or more systems automatically (based on criteria) or manually There are two types of tags ----------- Correct Answer ---------- - tags without criteria
  • criteria-based tags Tags without criteria ----------- Correct Answer ---------- manually applied to the system in the system tree Criteria-based tag ----------- Correct Answer ---------- automatically applied to the system based on certain criteria such as the type of O/S type or part of the system name System tree sorting ----------- Correct Answer ---------- biggest action that you can use, ego can automatically sort your systems into the correct subgroup based on the tag it has. After you have created a tag.... ----------- Correct Answer ---------- You must run the tag criteria Systems have 2 settings... ----------- Correct Answer ---------- - Enable
  • Disabled Sorting order ----------- Correct Answer ---------- - When it comes to sorting the system is placed in the first group with matching criteria
  • If the server cannot sort it is placed in lost&found In the EPO there are 2 tasks.... ----------- Correct Answer ---------- - Client Tasks
  • Server Tasks Client Tasks ----------- Correct Answer ---------- Actions for the client, allow to create and schedule tasks on managed systems.
  • product deployment, installing VSE, DLP, upgrade and agent, running a scheduled virus scan Server Task ----------- Correct Answer ---------- Actions that only run on the EPO on a schedule, help automate the repetitive server tasks.
  • Updating the master repository, threat and client events purge, removing inactive machines