14.14-24

Question 1

What is created so group admins can have
all permissions required to administer their individual assets while preventing access to
the rest of the ship’s network.

Answer 1

Permission Sets

Question 2

When an administrator deploys with the embarkable

unit, allow them to administer their own assets by?

Answer 2

Creating a group admin account.

Question 3

What should you do before embarkables deploy onboard?

Answer 3

Work with group admins to remove agents before connecting to your network.

Question 4

What directory contains policies that have been

consolidated for a given module?

Answer 4

Comprehensive

Question 5

What two HIP policies are called multiple instance or

“stackable” policies, because multiple policy instances can be assigned to a single node.

Answer 5

IPS Rules and Trusted Applications,

Question 6

When policies are changed in the ePO console, the changes take effect on the managed
systems when?

Answer 6

The next agent-server communication interval (ASCI).
30 minutes for smaller networks
60 minutes for larger networks

Question 7

Admins can assign policies in what 3 ways.

Answer 7

1. Site or Group Level
2. Single System
3. Node with multiple policies

Question 8

What prevents admins with appropriate permissions at the same level of the System Tree from
inadvertently replacing a policy

Answer 8

Assignment Locking

Question 9

PA functions as what because it evaluates systems against standards developed by government and private industry such as DISA’s Security Technical
Implementation Guides (STIG) and Microsoft Best Practices Guides?

Answer 9

Independent Auditor

Question 10

Audits consist of the what 2 components:

Answer 10

1. A benchmark or selected profile within a benchmark

2. An audit frequency or how often data should be gathered

Question 11

What are documents that contain rules for describing the desired state of a system? What format is it? Essentially making them what?

Answer 11

Benchmarks
.xccdf
Files dictating what checks to run.

Question 12

What appear in monitors and queries and
include additional information about the state of a system that is helpful to security officers
and network administrators when fixing issues

Answer 12

Findings

Question 13

Audits are benchmarks are supplied from where?

Answer 13

McAfee
Can be imported from third-party sources
Created by you using Benchmark Editor

Question 14

What monitors any specified file for changes but only maintains version changes to text files.
Admin can also: define which files should be tracked. Specify the frequency for detecting file changes

Answer 14

File Integrity Monitor

Has ability to retain up to 6 text file versions.

Question 15

HIPS software requires these 6 components be installed and running to provide and
manage protection.

Answer 15

1. ePO server and repository
2. McAfee Agent
3. HIP server components
4. HIP Agent
5. HIP content updates
6. Policies on the server

Question 16

Log settings for Firewall and IPS Logging include(4):

Answer 16

1. Debug
2. Information
3. Warning
4. Error

Question 17

What is a list of applications that should be considered

“trusted” and thus should cause no event to be generated.

Answer 17

Trusted Applications Policy

Question 18

What contains a list of network addresses and subnets that can be tagged as trusted. “Trusted,” means that that address, or address range, can potentially be
ignored by Network IPS and/or the Firewall, without having to created individual exceptions or
rules.

Answer 18

Trusted Networks Policy

Question 19

What tab displays exceptions

relevant to the client and provides summary and detailed information for each rule.

Answer 19

IPS Policy Tab

Question 20

What tab is used to monitor a list of blocked hosts (IP addresses) that is automatically created when NIPS protection is enabled.

Answer 20

Blocked Host Tab

Question 21

What is used to permanently delete contents of the log?

Answer 21

Clear

Question 22

What needs to be enabled for an alert to automatically appear when HIPS detects a potential attack.

Answer 22

IPS Protection

Display Pop-up Alert Option

Question 23

What provides timelines and settings for tuning your network to avoid false positives?

Answer 23

FRAGO 13

Question 24

What are the 2 types of tuning?

Answer 24

Manual and Automatic

Question 25

McAfee HIP’s automatic tuning method. Allows events to go through, then the logged event gets sent to the ePO server during ASCI.

Answer 25

Adaptive Mode

Question 26

What sends a message asking whether to allow or deny an event?

Answer 26

Learn mode

Question 27

What is a pattern that corresponds to a known threat.

Answer 27

Signature

Question 28

What is the process of comparing definitions of what activity is considered normal against observed events to identify significant deviations.

Answer 28

Anomaly-based detection

Question 29

How are the firewall policy rules grouped and why?

Answer 29

By Program of Record(POR) for quick enable or disable.

Question 30

Why does the DC2 server not respond to wake-up calls.

Answer 30

ISA Firewall Rules

Question 31

What only applies when connecting to a network with

particular parameters

Answer 31

A Location-aware firewall rules group

Question 32

What prevents undesirable traffic from accessing a network

Answer 32

Connection Isolation

Question 33

What is a layer of defense solution that inspects user’s actions regarding sensitive content in
their work environment.

Answer 33

DLP

Question 34

DLP Management Tools require what

controls.

Answer 34

Net Framework 3.5

ActiveX

Question 35

DLP Agent generated events are sent to where?

Answer 35

ePO Event Parser

Question 36

Managed — Device classes that can be used in device definitions.

Answer 36

Managed

Question 37

Device classes not used by the device definitions, but whose status the system administrator can change to Managed, as needed.

Answer 37

Unmanaged

Question 38

Device classes that cannot be used by the device definitions because they can affect the managed computer, system health, and efficiency.

Answer 38

Unmanageable
includes devices such as battery devices, computer, display adapters, fixed disk
drives, monitors, processors, storage volumes, and system devices

Question 39

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR

Answer 39

Registry Key String

Question 40

Minor fixes to the core operating system

Answer 40

Updates

Question 41

Complete system-wide snapshot version increase of all software within HBSS.

Answer 41

Upgrade