DISA HBSS 201 Admin ePO5.1 (2016)
What is the default password for unlocking the client user interface when troubleshooting the McAfee HIPS client?
abcde12345
How do you uninstall the HIPS client for Windows from a managed system?
-Configure the IPS Options policy to disable IPS; Configure the McAfee Agent deployment task to remove the HIPS client. - Testing.
Prior to imaging the system the registry entry for the McAfee Agent; which line should be deleted?
-HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePO\Agent\EpoGUID - testing
To manually move a system from one group to another; you do which two things with the system to move it to the other group?
A. Drag and drop - testing
Which statement is true concerning the ePO console?
A. It is web based and designed completely in HTML and JavaScript. - testing
Which ePO user listed below can create and edit tags in ePO?
Administrator
If a connection is in the state table; what action will occur with future traffic for that connection?
Allow
Select the ePolicy Orchestrator component that provides the UI of the System tree; sorting of nodes; tags and policies.
Apache
Select the ePolicy Orchestrator component that caches policies to reduce database reads and speed up ASCI time.
B. Apache
The Client Task Catalog allows you to create which of the following?
B. Client task objects - testing
Each Firewall Rule provides a set of conditions that which of the following has to meet?
B. Computers - testing
Which of the following is a valid statement regarding the task of managing policies in ePO?
B. When you assign a new policy to a particular group of the Directory; then all systems under that group with inheritance intact will inherit the new policy. -testing
To verify that the IP address sorting criteria that has not been configured to overlap between different groups; you can use which of the following options?
C. Check IP Groups - testing
Which of the following is not a protection level defined in the IPS Protection Policy?
C. Log - testing
Which statement best defines Application Shielding in HIPS?
D. Applications can only hook to the processes that match the digital signature imported into HIPS. - testing
Which IPS policy determines what options are available to a client computer with a HIPS client; including; whether or not the client icon appears in the system tray; types of intrusion alerts; and password to allow access to the client user interface?
D. Client UI - testing
From this list select the format that you cannot export your query results to.
DOC - testing
What can be created to prevent interpreting a normal behavior as an attack?
Exception
Which of the following can be created to prevent interpreting a normal behavior as an attack?
Exception
What are the four main types of Permission Sets in ePO?
Executive Reviewer; Global Reviewer; Group Admin; Group Reviewer
What column is not displayed in the Audit Log?
Failure
Which executable runs the main HIPS service?
Firesvc.exe
Communications between Tomcat and the Web browser accessing the ePO console is accomplished using what traffic through which port?
HTTPS. 8005 - Testing
What are the four severity levels of signature in HIPS?
High, Medium, Low, Informational
Assume three IPS policies are applied to a node; 1 default and 2 custom. The default severity level is set to HIGH; 1 custom severity level is set to LOW and the other custom is set to MEDIUM. What is the effective severity level outcome for the applied policy?
Low Med Least Restrictive - testing
Which ePO component gathers the events from the managed systems and communicates them to the ePO server?
McAfee Agent
Which ePO core component enforces the policies on the systems?
McAfee Agent
Public Queries exist in which of the following lists?
My Groups
Which is not a type of IPS Signature?
Network Signatures
DISA HBSS 201 Admin ePO5.1 (2016 Version)
Pull Task
What ePO server task updates ePO distributed repositories from the master repository?
Pull task
How do yo uninstall the HIPS 7.0 client for Windows from a managed system?
Remove the extension from the ePO Server and initiate the McAfee Agent wakeup call.( double check answer)
Which answer lists ALL the layers of protection in the HIPS client?
Signature, behavioral and firewall protection
Which ePO repository provides all updates to the ePO Master repository?
Source
The Agent to Server Communication for the McAfee Agent is encrypted using which of the following?
TLS
What types of Tags can you create?
Tags without criteria and Criteria-based tags
In which order are HIPS Firewall rules processed to filter incoming packets?
Top to bottom
In the Client Task Catalog you can export all of your client tasks into an XML file that can be imported into another ePolicy Orchestrator Server.
True