CPO
Adjusting a Host IPS signature security level to ___________ for all clients would be equivalent to defining an Exception valid for all clients, all users, and all processes for a given signature. A. Disabled B. Information C. Low D. One
Correct Answer: A
Assuming inheritance has not been broken, where will policy assignments be taken from in the following System Tree example? My Organization Group 1 Group 2 Subgroup A A. My Organization B. Group 1 C. Subgroup A D. Group 2
Correct Answer: A
How many RSD sensors must be installed for complete coverage? A. 1 in each broadcast segment B. 2 in each broadcast segment C. 3 in each broadcast segment D. 6 in each broadcast segment
Correct Answer: A
Organize systems into logical groupings for policy management by: A. Placing them into groups and subgroups B. Alphabetizing the systems list C. Looking up each systems GUID D. Forcing them to log into the same domain
Correct Answer: A
Outline the service/s that the ePolicy Orchestrator delivers. A. Security policies and tasks, controls updates, and processes events for all managed systems. B. Allows sites to initiate outbound connections from within the Air Force network perimeter and perform required data sanitization toward aggregation of sensitive but unclassified data. C. Hosts copies of the master repository contents and help reduce update-related traffic to remote sites. D. Generates various HBSS reports for the Air Force using the Roll-Up data.
Correct Answer: A
Policies are used to: A. Configure product settings on managed systems B. Control Operating system features on managed systems C. Collect properties from managed systems D. Report threat activity on managed systems
Correct Answer: A
The command line switch used with Frminst.exe to remove the McAfee Agent is: A. /Remove=Agent B. /Remove=MA C. /Remove=All D. /Agent=Remove
Correct Answer: A
There are two types of tags that you can create, they are: A. Criteria-based tags, Automatic tags B. Group tags, System tags C. Tags without criteria, Criteria-based tags D. System tags, Tags without criteria
Correct Answer: A
To update the Master Repository from a source site, you would create a: A. Repository Pull Task B. Repository Replication Task C. Product Deployment Task D. Installation Task
Correct Answer: A
What are the groups that the subnet states are categorized into? A. Contains Rogues, Covered, and Uncovered B. Covered, Uncovered, and Exempted C. Managed, Unmanaged, and Quarantined D. Contains Rogues, Managed, and Unmanaged
Correct Answer: A
What is the default authentication method for ePO users? A. ePO authentication B. Certificate-based authentication C. Windows-based authentication D. Single Sign-On authentication
Correct Answer: A
What is the normal sequence for a fresh install of HBSS endpoint products to a system? A. McAfee Agent, McAfee Virus Scan Enterprise, Host Intrusion Prevention System, Policy Auditor, Asset Configuration Compliance Module, Data Loss Prevention Agent. B. McAfee Agent, Asset Configuration Compliance Module, Host Intrusion Prevention System, Policy Auditor, McAfee Virus Scan Enterprise, Data Loss Prevention Agent. C. McAfee Virus Scan Enterprise, Data Loss Prevention Agent, Host Intrusion Prevention System, McAfee Agent, Asset Configuration Compliance Module, Policy Auditor. D. Asset Configuration Compliance Module, Policy Auditor, McAfee Agent, McAfee Virus Scan Enterprise, Host Intrusion Prevention System, Data Loss Prevention Agent.
Correct Answer: A
What statement about permission sets is true? A. Permission sets only add permissions. B. Permission sets add and remove permissions. C. Permission sets only remove permissions. D. Permission sets are inherited from your Windows policy.
Correct Answer: A
Which System Component offers the same functionalities as an ePO server in terms of handling agent communication, product deployment, contents updates, and data reporting channel but without the admin user interface (UI). A. Agent Handler B. ePolicy Orchestrator C. SQL Database D. Super Agent Distribution Repository
Correct Answer: A
Which component enforces policies and forwards events for managed systems? A. McAfee Agent B. Registered Server C. Rogue Sensor D. Tomcat Service
Correct Answer: A
Which of these is NOT a permission reserved exclusively to the Administrator? A. Use public dashboards; create and edit personal dashboards B. Create, edit, or delete source and fallback repositories. C. Change server settings D. Add and delete ePO user accounts
Correct Answer: A
Which service does Client Endpoint Protection provide to ensure the defense of the Air Force Network? A. Detect rogue systems operating on the AFNET. B. Configure and maintain policies for perimeter equipment across the AOR. C. Update the Domain Controller DNS query database. D. Routes and filters traffic based on pre-set tables.
Correct Answer: A
You can schedule a query to be run periodically by creating a: A. Run Query Server Task B. Run Query Client Task C. Run Query Reporting Task D. System Search Server Task
Correct Answer: A
__________ serve/s as filter criteria for controlling devices, providing the advantage of using portable devices while maintaining the organization policy for sensitive information. A. Device Definitions B. Device Rules C. Whitelisted Applications D. Host Intrusion Prevention
Correct Answer: A
Identify which of the McAfee services safeguards sensitive enterprise information by deploying policies which are made up of classification rules, tagging rules, protection rules, device rules, and user and group assignments. A. Host Intrusion Prevention System B. Data Loss Prevention C. Rogue Sensor Detection D. ePolicy Orchestrator
Correct Answer: B
Policies are assigned to groups in the System Tree on the __________ tab. A. Systems B. Assign Policies C. Client Tasks D. Group Details
Correct Answer: B
Select the HTTP repository Tier-1 administrators use when managing HBSS updates? A. SQL Server B. Master Repository (MR) C. Proxy Server D. Super Agent Distributed Repository (SADR)
Correct Answer: B
The Master Repository is always: A. The Fallback Repository B. The ePO server (SPIPE) Repository C. A Super-Agent Repository D. The Source Repository
Correct Answer: B
The ePO and SQL servers are only capable of SSL communication with database server when what is configured and installed? A. Firewall rule B. DoD certificate C. DLP exemption D. RSD Sensor
Correct Answer: B
The top-level object in the ePO System Tree is: A. My Enterprise B. My Organization C. My ePO D. Whatever you name it
Correct Answer: B
What must a Client Endpoint Protection Operator do to minimize disruption to clients when a services are being stopped or started on a cluster node? A. A message is sent out to the affected location regarding a vulnerability window so interruptions are less likely to occur. B. Relocate the applications that are currently owned by the node to another node. C. When a cluster service is starting or stopped, the applications automatically fail-over to a node that is currently operating normally. D. Relocate the affected cluster services to the staging server while the nodes are being stopped or started.
Correct Answer: B
When a rogue system with a static IP address plugs into the network, the Rogue System Sensor receives a broadcast from the rogue device and sends a __________ to the McAfee ePolicy Orchestrator. A. DoD Certificate B. Connection Event C. MAC Address D. TCP/UDP Port
Correct Answer: B
Which Data Loss Prevention (DLP) device rule is recommended to be used for blocking USB devices? A. Plug and Play Device Rule B. Removable Storage Device Rule C. Removable Storage File Access Rule
Correct Answer: B
Which of the System Components in the HBSS system delivers security policies and tasks, controls updates, and processes events for all managed systems. A. Agent Handler B. ePolicy Orchestrator C. SQL Database D. Super Agent Distribution Repository
Correct Answer: B
Which server is not utilized by Client Endpoint Protection? A. ePolicy Orchestrator Server (ePO) B. Nessus Scanner C. Super Agent Distributed Repository Server D. SQL Server
Correct Answer: B
Who is responsible for Host Base Security System updates on the AFNET? A. AFNET Response Center B. Air Force Computer Emergency Response Team C. Defense Information Systems Agency D. Integrated Networks Operation Security Center
Correct Answer: B
You can use a group's sorting criteria to sort systems by: A. NetBIOS name and IP Address B. IP Address and Tags C. Tags and Group Name D. Group Name and NetBIOS name
Correct Answer: B
Also referred to as a Deployment Task, the type of Client Task that installs products from the Master Repository to client workstations is: A. Repository Pull Task B. Repository Replication Task C. Product Deployment Task D. Installation Task
Correct Answer: C
An agent will download installation packages or DATs from a specific repository based on: A. Distributed Repository settings B. Replication settings C. McAfee Agent Policy D. System settings
Correct Answer: C
Identify the root directory name of the ePO system tree? A. / B. /root C. My Organization D. Dashboard
Correct Answer: C
If you want to share a query from one server to another, you: A. Automatically email the results B. Select the Share link on the Query page C. Export the query and then import to the other server D. You cannot share queries between servers
Correct Answer: C
Making a Personal query Public is done by: A. Selecting the Query and choosing Actions > Make Public B. Choosing the Make Public button on the Queries page C. Moving the query to a public group
Correct Answer: C
Tags are like labels that can be applied to: A. Groups, Sites, and Systems B. Groups, Subgroups, and Systems C. Systems D. Groups
Correct Answer: C
The AF Client Endpoint Protection architecture has __________ installed and dedicated to each ePO server that is not designated as a Staging Server. A. 1 Master Staging Repository B. 6 Active Directories (Domain Forest) C. 3 Agent Handlers D. 2 Super Agent Distributed Repositorie
Correct Answer: C
The Crew Commander has requested the DAT version and the Date of last communication of the systems. What could the CPO operator utilize in order to accomplish this task? A. Check the DLP Whitelist B. Create a new firewall rule C. Create a custom query D. None if the above
Correct Answer: C
The criteria used for Criteria-based Tags are taken from: A. User-defined data B. Tag catalog information C. System properties information D. Group Details data
Correct Answer: C
What Host IPS policy category sets the protective reaction for signature? A. IPS Options B. IPS Rules C. IPS Protection D. IPS Enforcement
Correct Answer: C
What action can you take from the ePO console to force update and enforcement of new policies on client machines, before the next scheduled ASCI? A. Update Now command B. Will happen automatically when policy is assigned C. Agent Wake Up Call D. Reboot the ePO server
Correct Answer: C
What is the Master Repository (MR)? A. A server that delivers security policies and tasks, controls updates, and processes events for all managed systems. B. A system used as a local distributed repository. C. A central location for all McAfee updates and signatures. D. An HBSS Data Pool allowing sites to initiate outbound connections from within the Air Force network perimeter and perform required data sanitization toward aggregation of sensitive but unclassified data.
Correct Answer: C
What provides information to the ePolicy Orchestrator if a detected system is unknown to allow you to take remediation steps, which include alerting administrators and automatically deploying an agent to the system? A. Data Loss Prevention B. Host Intrusion Prevention C. Rogue Sensor Detection D. Virus Scan Enterprise
Correct Answer: C
In Overall system status, what are the four categories that the Systems' states are broken down into? A. Contains Rogues, Exceptions, Inactive, and Uncovered B. Exceptions, Covered, Uncovered, and Quarantined C. Managed, Unmanaged, Inactive, and Quarantined D. Exceptions, Inactive, Managed, and Rogue
Correct Answer: D
Policy objects for Rogue System Detection are stored A. In the RSD Catalog B. In the Detections Catalog C. In the Tags Catalog D. In the Policy Catalog
Correct Answer: D
Rogue systems are: A. Systems that have not communicated within configured time limits B. Systems that are not managed by a McAfee Agent C. Systems that have a McAfee Agent, but are not listed in the ePO database D. All of the above
Correct Answer: D
What reports detected unmanaged systems? A. HIPS Sensor B. AH Sensor C. CPU Sensor D. RSD Sensor
Correct Answer: D
Which of the following formats can a Report Log NOT be exported to? A. PDF B. XML C. HTML D. CSV E. DOC
Correct Answer: E