DISA HBSS 201 Admin ePO5.1 (2014 Version)
What is the default password for unlocking the client user interface when troubleshooting the McAfee HIPS client?
abcde12345
How do you uninstall the HIPS client for Windows from a managed system?
-Configure the IPS Options policy to disable IPS; Configure the McAfee Agent deployment task to remove the HIPS client. -Remove the HIPS client package from the ePO Master repository and initiate the McAfee Agent wakeup call. -Configure the McAfee Agent Update task to uninstall the HIPS client and initiate the McAfee Agent wakeup call. -Remove the Extension from the ePO server and initiate the McAfee Agent wakeup call.
Prior to imaging the system the registry entry for the McAfee Agent; which line should be deleted?
-HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePO\Agent\EpoGUID -HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePO\Agent\CMA GUID -HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePO\Agent\Agent SID -HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePO\Agent\AgentGUID
Which statement best defines Application Shielding in HIPS?
A. Applications; system registry and services are locked down against malicious activity. B. Applications are not permitted to access data; registry and services outside their own application envelope.- Wrong C. Applications are prevented from communicating with any network services that are not defined by the administrator. D. Applications can only hook to the processes that match the digital signature imported into HIPS.
From this list select the format that you cannot export your query results to.
A. CSV B. DOC C. XML- Wrong D. HTML E. PDF Dunno?
To verify that the IP address sorting criteria that has not been configured to overlap between different groups; you can use which of the following options?
A. Combined IP Integrity B. Check IP Integrity C. Check IP Groups D. Display IP Sorting- Wrong
To manually move a system from one group to another; you do which two things with the system to move it to the other group?
A. Drag and drop B. Copy and paste C. Right click and move- Wrong D. Left click and move
The Agent to Server Communication for the McAfee Agent is encrypted using which of the following?
A. IPSEC- Wrong B. SPIPE C. TLS- Correct D. HTTP
Which of the following is not a protection level defined in the IPS Protection Policy?
A. Ignore- Wrong B. Allow C. Log D. Prevent
Which statement is true concerning the ePO console?
A. It is web based and designed completely in HTML and JavaScript. B. It is a stand alone application and uses Java code. C. It utilizes the Microsoft Management Console MMC.- Wrong D. It provides remote consoles that can be installed on UNIX platforms.
Public Queries exist in which of the following lists?
A. Public Groups B. Shared Groups C. My Groups- Correct D. Query Groups- Wrong
Which IPS policy determines what options are available to a client computer with a HIPS client; including; whether or not the client icon appears in the system tray; types of intrusion alerts; and password to allow access to the client user interface?
A. Server UI B. Policy Settings- Wrong C. Client GUI D. Client UI
The Client Task Catalog allows you to create which of the following?
A. Server task objects B. Client task objects C. Client task rules- Wrong D. Client task profiles
Which of the following is a valid statement regarding the task of managing policies in ePO?
A. The only way to apply an existing policy to a node in the ePO tree is through inheritance. B. When you assign a new policy to a particular group of the Directory; then all systems under that group with inheritance intact will inherit the new policy. C. Policies that have been duplicated can only be applied to the Directory level in the ePO console. D. Policies cannot be exported or imported from one ePO server to another ePO server.- Wrong
Select the ePolicy Orchestrator component that caches policies to reduce database reads and speed up ASCI time.
A. Tomcat- Wrong B. Apache C. Event Parser D. McAfee Agent
Each Firewall Rule provides a set of conditions that which of the following has to meet?
A. Users B. Computers C. Traffic D. Protocols- Wrong
Which ePO user listed below can create and edit tags in ePO?
Administrator
If a connection is in the state table; what action will occur with future traffic for that connection?
Allow
Select the ePolicy Orchestrator component that provides the UI of the System tree; sorting of nodes; tags and policies.
Apache
What can be created to prevent interpreting a normal behavior as an attack?
Exception
Which of the following can be created to prevent interpreting a normal behavior as an attack?
Exception
What are the four main types of Permission Sets in ePO?
Executive Reviewer; Global Reviewer; Group Admin; Group Reviewer
What column is not displayed in the Audit Log?
Failure
Which executable runs the main HIPS service?
Firesvc.exe
What are the four severity levels of signature in HIPS?
High, Medium, Low, Informational
Which is not a type of IPS Signature?
Host Signatures Custom Host Signatures- Wrong Network Signatures Global Signatures
Assume three IPS policies are applied to a node; 1 default and 2 custom. The default severity level is set to HIGH; 1 custom severity level is set to LOW and the other custom is set to MEDIUM. What is the effective severity level outcome for the applied policy?
Low Med High- Wrong Least Restrictive
Which ePO component gathers the events from the managed systems and communicates them to the ePO server?
McAfee Agent
Which ePO core component enforces the policies on the systems?
McAfee Agent
DISA HBSS 201 Admin ePO5.1 (2014 Version)
Pull Task
What ePO server task updates ePO distributed repositories from the master repository?
Pull task
How do yo uninstall the HIPS 7.0 client for Windows from a managed system?
Remove the extension from the ePO Server and initiate the McAfee Agent wakeup call.( double check answer)
Which answer lists ALL the layers of protection in the HIPS client?
Signature, behavioral and firewall protection
Which ePO repository provides all updates to the ePO Master repository?
Source
What types of Tags can you create?
Tags without criteria and Criteria-based tags
In which order are HIPS Firewall rules processed to filter incoming packets?
Top to bottom
In the Client Task Catalog you can export all of your client tasks into an XML file that can be imported into another ePolicy Orchestrator Server.
True
