HIPs - MA0-102 Flashcards by Brandon L

Which of the the following policy categories are consided to be mufti-slot policies? (Select the two that apply) A. Trusted Application B. IPS rules C. Firewall Rules D. IPS Options

A. Trusted Application B. IPS rules

How well did you know this?

Not at all

Perfectly

Firewall client rules are created in Adaptive Mode using which of the following parameters? A. Per-user B. Per-process C. Per-Application D. Per-signature

B. Per-process

How well did you know this?

Not at all

Perfectly

Which of the following is the main log file for IPS? A. FireTray.log B. HipShield log C. HipMgPlugin.log D. McTrayHip.log

B. HipShield log

How well did you know this?

Not at all

Perfectly

The option to select Create Exception upon an Instrusion Event will only be available if the IPS Rules Policy has been configured with which of the following? A. Adaptive Mode B. Learn Mode C. Create Exceptions D. Allow Client Rules

D. Allow Client Rules

How well did you know this?

Not at all

Perfectly

What detail property includes the Local Time Zone value of a managed machine? A. Virus Scan Enterprise properties B. McAfee Agent properties C. Host Intrusion Prevention properties D. System Information properties

D. System Information properties

How well did you know this?

Not at all

Perfectly

Under which HIPs Policy category can IPS Engines be disabled for troubleshooting? A. IPS Options B. Firewall Rules C. Trusted Applications (All Platforms) D. Client UI (Windows)

D. Client UI (Windows)

How well did you know this?

Not at all

Perfectly

Which of the following is the HIPs executable for the HIPs Client UI? A. Fire Svc.exe B. FireTray.exe C. McAfeeFire.exe D.Mfefire.exe

C. McAfeeFire.exe

How well did you know this?

Not at all

Perfectly

Which of the following are used to create custom signatures? (Select the three that apply) A. Signature Builder B. Signature Creation Wizard C.Advanced Mode D. Standard Mode E. Expert Mode

B. Signature Creation Wizard C.Advanced Mode D. Standard Mode

How well did you know this?

Not at all

Perfectly

Which of the following is a supported browser for Host IPS and ePO (Select the two that apply) A. Internet Explorer B. Firefox C. Safari D. Chrome E. Opera

A. Internet Explorer B. Firefox

How well did you know this?

Not at all

Perfectly

Which of the following server services is responsible for communication with the McAfee agent? A. Apache B. Tomcat C. SQL D. Even Parser

A. Apache

How well did you know this?

Not at all

Perfectly

Which of the following are the listed signature severity levels within HIPs? (Select the four that apply) A. High B. Major C. Medium D. Minor E. Low F. Informational

A. High C. Medium E. Low F. Informational

How well did you know this?

Not at all

Perfectly

Which of the following items can be found under the IPS Policy tab in the HIPs Client UI? A. IPS exceptions from ePO Policy B. Locally created IPS Client Rules C. Blocked Hosts D. Firewall traffic

B. Locally created IPS Client Rules

How well did you know this?

Not at all

Perfectly

Which of the following options cannot be used to define a trusted network? A. Single Address B. Address Range C. Subnet Address D. Network Protocol

D. Network Protocol

How well did you know this?

Not at all

Perfectly

Where are Host IPS custom signatures created? A. ePO console B. Host IPS client UI C. Host IPS UI D. Firewall UI

A. ePO console

How well did you know this?

Not at all

Perfectly

Which of the following HIPs Client features, when enabled, allows the user to make decisions on allowing or denying traffic to the local host? A. Adaptive mode B. Listening mode C. Inherit mode D. Learn mode

D. Learn mode

How well did you know this?

Not at all

Perfectly

Which of the following Firewall Rule options is used to prevent undesirable traffic from accessing the network by only processing traffic that matches both the “allow rules” above the group in the Firewall rules list and the group criteria? A. Unbridged traffic B. Network quarantine C. Connection isolation D. Network seclusion

C. Connection isolation

How well did you know this?

Not at all

Perfectly

Which of the following custom signature rule types are used to prevent process termination and modification? A. Files B. Hook C. Services D. Program

D. Program

How well did you know this?

Not at all

Perfectly

Which of the following items can be found under the IPS Policy tab of the HIPS Policy tab of the HIPS Client UI? A. IPS exceptions from ePO Policy B. Locally created IPS Client Rules C. Blocked Hosts D. Firewall Traffic

B. Locally created IPS Client Rules

How well did you know this?

Not at all

Perfectly

The time period between the moment a vulnerability is identified and a patch is released is commonly referred to as the _________window. A. Vulnerability B. Time to patch C. Protection D. Threat remediation

B. Time to patch

How well did you know this?

Not at all

Perfectly

Which of the following is the default location for the McAfee Agent configuration files? A. Common Framework B. System 32 C. My Documents D. Windows Temp

A. Common Framework

How well did you know this?

Not at all

Perfectly

Which of the following is the main log file for Firewall? A. FireTray.log B. FireSvc.log C. HipMgtPlugin.log D. McTrayHip.log

B. FireSvc.log

How well did you know this?

Not at all

Perfectly

The McAfee Framework Service is responsible for which of the following functions? (Select the two that apply) A. Schedule Server Tasks B. Enforce Poilicies C. Collect and Send System Properties D. Scan for Threats and Vulnerabilities E. Policy Throtting

B. Enforce Policies C. Collect and Send System Properties

How well did you know this?

Not at all

Perfectly

Which utility is used to help automate upgrades and maintenance tasks with third-party software that has been tasked with deploying HIPs on client computers? A. ClieniControl.exe B. fwinfo.exe C. McAfee Installation Designer D. Extension Manager

A. ClieniControl.exe

How well did you know this?

Not at all

Perfectly

Why is it recommended to change the agent-to-server and console-to-server communication ports from their default values during installation? A. These ports are commonly subjected to malicious exploitation. B. The default values are in the common domain C. The defaults ports may already be in use inside of the network D. To avoid technical issues with port allocation

A. These ports are commonly subjected to malicious exploitation.

How well did you know this?

Not at all

Perfectly

Which of the following ClientControl utility command line argumentrs force the Firewall component to allow all traffic? A. tfwPassthru B. /fwinfo C. /execinto D. /defConfig

A. tfwPassthru

In which order are HIPs Firewall rules processed to filler incoming packets? A. Top to bottom B. Bottom to top C. Most severre rules first D. Least severe rules first

A. Top to bottom

Which of the following is the HIPs executable for the McAfee Validation Trust Protection service? A. FireSvc.exe B. FireTray.exe C. FrameworkService.exe D. Mfevlps.exe

D. Mfevlps.exe

Which of the following statements best defines the Application Protection (Shielding and Enveloping) feature? A. Applications, system registry and services are locked down against malicious activity. B. Applications are not permitted to access data, registry and services outside of their application envelope C. Applications are prevented from communicating with any undefined network services D. Applications can only hook into processes that match a specific digital signature

A. Applications, system registry and services are locked down against malicious activity.

What McAfee propietary protocol is used for secure communication between the McAfee Agent and server? A. IPSEC B. SPIPE C. SSL D. HTTP

B. SPIPE

Which of the following methods utilize HIPs events? (Select the three that apply) A. Exception creation B. Health checking C. Reporting D. Alerting E. Updating

A. Exception creation C. Reporting D. Alerting

Which component controls the schedules tasks and communicated with the commont agent1 A. Task Manager B.. McShield C. Framework Service D. Scan32exe

C. Framework Service

Which of the following is the HIPs policy the allows a generated listing of applications that are known to be safe and are allowed to perform any normal operation A. Trusted Applications Policy B. Local Applications Policy C. Safe Applications Policy D. Host Application

A. Trusted Applications Policy

Which of the following HIPS features provides the ability to reuse common policy components, particularly Firewall groups and rules? A. Policy Catalog B. Host IPS Catalog C. Policy Assingment rules D. Policy Inheritance

B. Host IPS Catlog

Which of the following extensions is required to enable IPS within HIPs? A, Host IPS Trust Validation B. Host IPS Content C. Host IPS Advanced D.Host IPS License

D.Host IPS License

Which of the following methods are used for Application Blocking? (Select the two that apply) A. Application Hooking B. Application Creation C. Application Usage D. Application Testing E. Application Signature

A. Application Hooking B. Application Creation

Which of the following databases are not support in HIPs? A. MS SQL 2005 B.. MS SQL 2008 C. MS SQL 2008 R2 D.. MS SQL 2000

D.. MS SQL 2000

Which of the following is the supported executable that is used to install HIPs for Windows? A. McAfeeHIP\_ Install.msi B. McAfeeHIP\_ClientSetup.exe C. McAfeeHIP\_ClientSetup.msi D. McAfeeHIP\_Install.exe

B. McAfeeHIP\_ClientSetup.exe

Which of the following HIPs client services are used for Firewall Learn Mode? A. FireSvc.exe B. FireTray.exe C. McAfeeFire.exe D.MfeFire.exe

C. McAfeeFire.exe

With statefull filtering, a slate table is considered a match when which of the follwoing conditions of the packet are matched. A. Protocol, Local Address, Local Port B .Protocol, Local Address, Remote Address C. Protocol, Local Address, Local Port, Remote Address D. Protocol, Local Address, Local Port, Remote Address,Remote Port

D. Protocol, Local Address, Local Port, Remote Address,Remote Port

In which of the following files are all triggered Automatic Response actions logged? A. Response log B. Server Task top C. Threat Event log D. Notification log

B. Server Task top

Which of the following security level adjustments to "all clients" would be the equivalent to defining and exception valid for all clients, users and processes under a specific signature? A. Disabled B. Information C. Low D. One

A. Disabled

Which of the following McAfee Agent files are used to report the results of script commands used during updates and deployment? A. McScript.log B. Agent\_{SYSTEM NAME}.log C. Sitelist.xml D.Site.StatList.xml

A. McScript.log

What is the update frequency for Host Intrusion Prevention signature content? A. monthly B. bi-weely C. daily D. yearly

A. monthly

Which of the following steps should be performed first when troubleshooting issues with custom signatures? A. Use the Process Monitor and Process Explorer tools B. Review violations in the HipShield.log file C. Simplify violations in the HipShield.log file D. Disable the HIPS component

C. Simplify violations in the HipShield.log file

Which of the following is the installation directory for HIPs non-Windows platforms? A, /opt/McAfee/hip B, /opt/McAfee/bin/hip C. /etc/bin/McAfee/hip D. /var/root/McAfee/hip

A. /opt/McAfee/hip

In order to tighten a system's intrusion prevention when using Host IPS, when should Adaptive Mode be disabled? A. Adaptive Mode should never be disabled B. Adaptive Mode should be disabled after the tuning period is over C. Adaptive Mode should be disabled during the tuning period D. Adaptive Mode should be disabled before the pilot period has begun

B. Adaptive Mode should be disabled after the tuning period is over

Which of ther following platforms does Host IPS not support? A. Windows B. Solaris C. :Linux D. AIX

D. AIX

Which of the following HIPs Policy categories are used to instruct the client system how to react when signatures of a specific severity are triggered? A. IPS Options (All Platforms) B. IPS Protection (All Platforms) C. IPS Rules (All Platforms) D. IPS Reactions (All Platforms)

B. IPS Protection (All Platforms)

Which port is used to access tyhe McAfee Agent Activity Log from a remote machine? A. 80 B. 443 C. 8081 D. 8082

C. 8081

Stateful firewalls utilize which of the following in order to keep track of the state of network connections travelling across them? A. connection cache B. product directory C. protocol inspector D. state table

D. state table

Stateful packet filtering occurs at which level of the Transport Layer? A. Layer 7 and lower B. Layer 6 and lower C. Layer 5 and lower D. Layer 4 and lower

D. Layer 4 and lower

Which of the following is not an available criteria for a Location Aware Group? A, DNS Server B. DHCP Server C. Default Gateway D. MAC Address

D. MAC Address

In order to locally install HIPs over a previously intalled version, which of the following must be disabled? A. Firewall B. McAfee Agent Policy Enforcementg C. VSE On-Access Scanner D. IPS Protection

A. Firewall

Which of the folliowing tasks provide signature updated to HIPs clients? A. McAfee Agent Update B. Host IPS Content Server C. Distributed Repository D. Repository Pull

A. McAfee Agent Update

Where is Firewall traffic displayed within the HIPs Client UI? A. Activity Log lab B. Application Protection List tab C. Blocked Hosts tab D. Firewall Policy tab

A. Activity Log lab

Which of the following is the command-line troubleshooting tool used for HiPs non-Windows platforms? A. fwinfo B. hipts C. s99hip D. clientcontrol

B. hipts

Which of the following is the HIPs executable that provides the McAfee Firewall Core Service? A. FireSVc.exe B. FireTray.exe C. McAfeeFirej.exe D. Mfefire.exe

D. Mfefire.exe

Before removing the Host IPS client, it is recommended to set the IPS Options Policy to which of the following configurations? A. On B. Off C. Adaptive D. Learn

B. Off

IPS exceptions are created in Adaptive Mode using which of the following parameters? A. IPS exceptions are created on a per-user, per-process basis B. IPS exceptions are created on a per-user, signature basis C. PS exceptions are created on a per-user, per process, per signature basis D. PS exceptions are created on a per-user, per process, per-application basis.

C. PS exceptions are created on a per-user, per process, per signature basis

Which of the following HIPs Policy categories are used to set reaction for signature seventy levels? A. IPS Options B. IPS Rules C. IPS Protection D. IPS Enforcement

C. IPS Protection

Which of the following HIPs Policy categories are used to set the protection reaction level for HOST IPS signature seventy levels? A. IPS Options B. IPS Rules C. IPS Protection D. IPS Enforcement

C. IPS Protection

The Connection Isolation option is available for which of the following? A. New Rule B. New Group C. Firewall Options D. Startup Protection

B. New Group

Under which policy category is the Application Protection List managed? A. Firewall Rules B. IPS Rules C. IPS Options D. Client UI

A. Firewall Rules

Which of the following is the HIPS executable that provides Host Intrusion Prevention service? A. FireSvc.exe B. FireTray.exe C. McAfeeFire.exe D. Mfefire.exe

A. FireSvc.exe

When are MPs client rule exceptions delivered to the ePO Server? A. During agent-to-server communication B. Custom Host C. Network D. Custom Network E.. Digital

A. During agent-to-server communication B. Custom Host C. Network

Which of the following types of signatures can be contained within an IPS Rules Policy? (Select the three that apply) A. Host B. Custom Host C. Network D. Custom Network E. Digital

A. Host B. Custom Host C. Network

Which of the following are the accepted methods of creating exceptions? (Select the two that apply? A. Evasion tool B. ClientException utility C. Manually D. Adaptive Mode E. Learn Mode

C. Manually D. Adaptive Mode

When creating a User Defined signatgure, Rule Definitions can be based on which of the following critieria? A. Windows and UNIX Files and Directories B. Windows Registry Keys C. Windows Registry Hive D. Windows Services E. Windows and UNIX ports

A. Windows and UNIX Files and Directories B. Windows Registry Keys D. Windows Services

When applying a patch or service pack to systems on the network, what is the recommended HIPs protection policy that is used for enforcement? A. Adaptive Mode B. Warning C. Basic Protection D. Enhanced Protection

B. Warning

Which of the following are examples of client tasks? A. Agent Wakeup B. Product Update C. Repository Pull D. Mirror Repositories E. Event Migration

A. Agent Wakeup B. Product Update D. Mirror Repositories

Which of the following protection is available for HIPs non-Windows clients? A. Malware Detection B. Firewall C. IPS D. Application Blocking

C. IPS

Which of the following operating systems does HIPs for Windows not support? A. Windows XPSP 3 32-bit B. Windows XPSP 3 64-bit C. Windows 7 64-bit D. Windows 2008 64-bit

B. Windows XPSP 3 64-bit

Which of the following options can prevent policy enforcements locally on the client? A. Open HIPS UI B. Un-lock HIPSUI C. Open VSE Console D. Un-lock VSE Console

B. Un-lock HIPSUI

Which of the following statements about Adaptive Mode are correct? A. Adaptive Mode triggers IPS events B. Adaptive Mode blocks all activity C. Adaptive Mode blocks all activity except malicious exploits D. Adaptive Mode triggers IPS alerts

C. Adaptive Mode blocks all activity except malicious exploits

Which of the following files is appended under each managed with disabled event information? A. EvtFiltr.ini B. Agent\_Event.xml C. EvtForward.ini D. AgentEvent.log

A. EvtFiltr.ini

Which preconfigured server task is used to clean up all the adaptive mode rules and catalog entries in the database? A Host IPS 8.0 Catalog Maintenance Task B Duplicate Agent GUID - clear error count C Roll Up Data (Local ePO Server) D Host IPS 8.0 Adaptive - clear error count

A Host IPS 8.0 Catalog Maintenance Task

Which task provides signature updates to HIPs clients? A McAfee Agent Update B Host IPS Content Server C Distributed Repository D Repository Pull

A McAfee Agent Update

What is the name of the log in which the ClientControl.exe Utility records its activities? A CC.log B ClientUtility.log C Client.log D ClientControl.log

D ClientControl.log

MaxFwLogSize registry key controls the size of: A FireSvc.log B Shield.db C FireEpo.log D Except.db

A FireSvc.log

The Connection Isolation option is available for which of the following? A Firewall Rule B Firewall Group C Firewall Options D Firewall Catalogs

B Firewall Group

Which of the following is the command-line troubleshooting tool used for HIPS non-Windows platforms? A fwinfo B hipts C s99hip D clientcontrol

B hipts

Which of the following can be configured on the Client UI policy for non-Windows clients? A Icon display settings B Password for administrative access C Intrusion event reactions D Policy inheritance

B Password for administrative access

The Trusted Networks preconfigured default policies: A Includes a list of network addresses automatically. B Can be viewed, edited and exported by the Global Administrator. C Can be applied to Windows and Linux systems. D Includes local subnets automatically.

D Includes local subnets automatically.

Which signature type can be contained within an IPS Rules Policy? A Host B Digital C Custom Digital D Custom Network

A Host

Host IPS Firewall rules are found in the: A Host IPS Firewall Rules Catalog. B Host IPS Firewall Catalog. C Host IPS Rules Catalog. D Host IPS Catalog.

D Host IPS Catalog.

Where is HIPS installed on linux and solaris machines?

a.*Opt/McAfee/hip is the path that contains the client, policy rules, troubleshooting tool, HIPS and Agent shared object modules, log directories. Source: HIPS 8.0 PG, p. 99(Linux), p. 96(Solaris)*

What is this command for: /etc/rc2.d/S99hip status?

*a. This command checks that the Solaris client is running. Source: HIPS 8.0 PG, p. 96*

* What is this command for: /sbin/rc2.d/S99hip stop?

*a.Run this command to stop the HIPS client after setting IPS options to OFF and applying the policy to the client. Source: HIPS 8.0 PG, p. 96*

Where are the installation history files kept in Linux?

*a. /opt/McAfee/etc/hip-install.log. Source: HIPS 8.0 PG, p 99.*

There are 2 server tasks for HIPS, What are they? What do they do?

1. *Host IPS 8.0 Catalog Maintenance Task. Cleans up all the adaptive mode rules and catalog entries in the database. No configuration needed. Source ePO Menu | Automation | Server Tasks, Edit* 2. *Host IPS 8.0 Property Translator. Tranlates client rule properties and populates appropriate database tables with this data. No configuration needed. Source ePO Menu | Automation | Server Tasks, Edit*

Where are the HIPShield.log and HIPClient.log files found in linux?

a. McAfee/hip/log.Source HIPS 8.0 PG, p.99