Firewall

Question 1

Give a high level overview of Firewall

Answer 1

protects systems, network resources, and applications from external and internal attacks.

Firewall scans all incoming and outgoing traffic and compares it to its list of firewall rules, which is a set of
criteria with associated actions. If a packet matches all criteria in a rule, the firewall acts according to the rule,
blocking or allowing the packet through the firewall.

Question 2

What features make up the “Protect” section of Firewall?

Answer 2

Rules, Rule Groups, Stateful Packet Filtering and inspection, Reputation Based Control

Question 3

What features make up the “Detect” section of Firewall?

Answer 3

Dashboards and Monitors, Queries and Reports, Alerts, Log Traffic

Question 4

What features make up the “Correct” section of Firewall?

Answer 4

What features make up the “Correct” section of Firewall?

Question 5

Give a High Level Explanation of Firewall “Rules”

Answer 5

A way to define the criteria Firewall uses to determine whether to block or allow incoming and outgoing traffic.

Question 6

Give a High Level Explanation of Firewall “Rule Groups”

Answer 6

Organize firewall rules for easy management, enabling you to apply rules manually or on a schedule, and to only process traffic based on connection type.

Question 7

Give a High Level Explanation of “Stateful packet filtering and inspection”

Answer 7

Track network connection state and characteristics in a state table, allowing only packets that match a known open connection.

Question 8

Give a High Level Explanation of Firewall “Reputation-based control”

Answer 8

Block untrusted executables, or all traffic from an untrusted network, based on reputation

Question 9

Give a High Level Explanation of Adaptive mode

Answer 9

Create rules automatically on the client system to allow legitimate activity.
Once created, analyze client rules to decide which to convert to server-mandated policies.

Question 10

Give a High Level Explanation of “Defined Networks”

Answer 10

Define trusted networks to allow traffic from networks that your organization considers safe

Question 11

Give a High Level Explanation of “Firewall Catalog”

Answer 11

Define rules and groups to add to multiple policies, or networks and applications to add to firewall rules

Question 12

How does Firewall work?

Answer 12

It scans all incoming and outgoing traffic at the packet level and compares packets to the configured firewall rules to determine whether to allow or block the traffic

1 The administrator configures firewall rules in McAfee ePO and enforces the policy to the client system.

2 The user performs a task that initiates network activity and generates traffic.

3 Firewall scans all incoming and outgoing traffic and compares packets to configured rules. If the traffic
matches a rule, Firewall blocks or allows it, based on the rule criteria.

4 Firewall logs the details, then generates and sends an event to McAfee ePO.

Question 13

How do firewall rules work?

Answer 13

-Determine how to handle network traffic
-Each rule provides a set of conditions that traffic must meet, and an action to allow or block traffic
-When firewall finds traffic that matches a rule’s conditions, it performs the associated action

Question 14

How does the order of firewall rules affect the way they’re used?

Answer 14

Firewall uses precedence to apply rules:

1 Firewall applies the rule at the top of the firewall rules list. If the traffic meets this rule’s conditions, Firewall allows or blocks the traffic. It doesn’t try to apply any other rules in the list.

2 If the traffic doesn’t meet the first rule’s conditions, Firewall continues to the next rule in the list until it finds
a rule that the traffic matches.

3 If no rule matches, the firewall automatically blocks the traffic

Question 15

What happens if all of the configured Firewall rules are applied and none match the sample?

Answer 15

It’s automatically blocked

Question 16

What happens if all of the configured Firewall rules are applied and none match the sample, and adaptive mode is active?

Answer 16

an Allow rule is created for the traffic

Question 17

What happens if intercepted traffic matches more than one rule in the list?

Answer 17

Firewall applies only the first matching rule in the list

Question 18

What is the best practice in regards to rule order?

Answer 18

The more specific rules should be placed at the top of the list, and the more general rules at the bottom, which ensures that Firewall filters traffic appropriately

Question 19

How do firewall rule groups work?

Answer 19

Firewall rule groups organize firewall rules for easy management. They do not affect the way Firewall handles rules; the software processes rules from top to bottom

Question 20

Does FIrewall prioritize the settings of a rule group first in processing, or the settings for the individual rules it contains?

Answer 20

It processes the settings for the group first.

Question 21

If a conflict exists between the settings of a firewall group, and the rules it contains, what happens?

Answer 21

The group settings take precedence

Question 22

What are Timed Groups?

Answer 22

Timed groups are Firewall rule groups that are active for a set time.

For example, a timed group can be enabled to allow a client system to connect to a public network and establish a VPN connection

Groups can be activated either: on a specified schedule, or manually by selecting options from the McAfee system tray icon

Question 23

What are Connection Isolation Groups?

Question 24

What are the predefined firewall rule groups in ePO

Question 25

What are the predefined firewall rule groups on the client?

Question 26

What are the parameters for allowed connections that can be included after enabling location status and naming the location in a location aware group?

Question 27

How does the connection isolation setting work?

Question 28

What is stateful packet filtering?

Question 29

What is the state table?

Question 30

What is stateful packet inspection?

Question 31

How does stateful packet filtering work?

Question 32

What do entries in a state table base their definitions of connections on?

Question 33

If firewall rule sets change, what happens in the state table?

Question 34

If an adapter obtains a new IP address, what happens in the state table?

Question 35

What happens in the state table when a process ends?

Question 36

How does stateful packet inspection work??

Question 37

How is UDP protocol handled by Firewall?

Question 38

How is ICMPv4/v6 protocol handled by Firewall?

Question 39

How is TCP protocol handled by Firewall?

Question 40

How is DNS Protocol handled by Firewall?

Question 41

How is DHCP Protocol handled by Firewall?

Question 42

How do Trusted Networks work

Question 43

How do Trusted Executables and Applications work?

Question 44

What is the firewall catalog?

Question 45

What is the Link Layer?

Question 46

What is the Network Layer?

Question 47

What is TCP

Question 48

What is UDP

Question 49

What is ICMP

Question 50

How does Firewall handle common unsupported protocols?

Question 51

How does McAfee GTI work with Firewall

Question 52

What are the reputation levels used with GTI & FireWall?

Question 53

Does McAfee GTI introduce latency? How much?

Question 54

If Firewall can’t reach the McAfee GTI servers, does traffic stop?

Question 55

How does tuning work?

Question 56

According to the product guide, for at least how long should you leave Firewall in adaptive mode?