HIPs - MA0-102 Flashcards
Which of the the following policy categories are consided to be mufti-slot policies? (Select the two that apply) A. Trusted Application B. IPS rules C. Firewall Rules D. IPS Options
A. Trusted Application B. IPS rules
Firewall client rules are created in Adaptive Mode using which of the following parameters? A. Per-user B. Per-process C. Per-Application D. Per-signature
B. Per-process
Which of the following is the main log file for IPS? A. FireTray.log B. HipShield log C. HipMgPlugin.log D. McTrayHip.log
B. HipShield log
The option to select Create Exception upon an Instrusion Event will only be available if the IPS Rules Policy has been configured with which of the following? A. Adaptive Mode B. Learn Mode C. Create Exceptions D. Allow Client Rules
D. Allow Client Rules
What detail property includes the Local Time Zone value of a managed machine? A. Virus Scan Enterprise properties B. McAfee Agent properties C. Host Intrusion Prevention properties D. System Information properties
D. System Information properties
Under which HIPs Policy category can IPS Engines be disabled for troubleshooting? A. IPS Options B. Firewall Rules C. Trusted Applications (All Platforms) D. Client UI (Windows)
D. Client UI (Windows)
Which of the following is the HIPs executable for the HIPs Client UI? A. Fire Svc.exe B. FireTray.exe C. McAfeeFire.exe D.Mfefire.exe
C. McAfeeFire.exe
Which of the following are used to create custom signatures? (Select the three that apply) A. Signature Builder B. Signature Creation Wizard C.Advanced Mode D. Standard Mode E. Expert Mode
B. Signature Creation Wizard C.Advanced Mode D. Standard Mode
Which of the following is a supported browser for Host IPS and ePO (Select the two that apply) A. Internet Explorer B. Firefox C. Safari D. Chrome E. Opera
A. Internet Explorer B. Firefox
Which of the following server services is responsible for communication with the McAfee agent? A. Apache B. Tomcat C. SQL D. Even Parser
A. Apache
Which of the following are the listed signature severity levels within HIPs? (Select the four that apply) A. High B. Major C. Medium D. Minor E. Low F. Informational
A. High C. Medium E. Low F. Informational
Which of the following items can be found under the IPS Policy tab in the HIPs Client UI? A. IPS exceptions from ePO Policy B. Locally created IPS Client Rules C. Blocked Hosts D. Firewall traffic
B. Locally created IPS Client Rules
Which of the following options cannot be used to define a trusted network? A. Single Address B. Address Range C. Subnet Address D. Network Protocol
D. Network Protocol
Where are Host IPS custom signatures created? A. ePO console B. Host IPS client UI C. Host IPS UI D. Firewall UI
A. ePO console
Which of the following HIPs Client features, when enabled, allows the user to make decisions on allowing or denying traffic to the local host? A. Adaptive mode B. Listening mode C. Inherit mode D. Learn mode
D. Learn mode
Which of the following Firewall Rule options is used to prevent undesirable traffic from accessing the network by only processing traffic that matches both the “allow rules” above the group in the Firewall rules list and the group criteria? A. Unbridged traffic B. Network quarantine C. Connection isolation D. Network seclusion
C. Connection isolation
Which of the following custom signature rule types are used to prevent process termination and modification? A. Files B. Hook C. Services D. Program
D. Program
Which of the following items can be found under the IPS Policy tab of the HIPS Policy tab of the HIPS Client UI? A. IPS exceptions from ePO Policy B. Locally created IPS Client Rules C. Blocked Hosts D. Firewall Traffic
B. Locally created IPS Client Rules
The time period between the moment a vulnerability is identified and a patch is released is commonly referred to as the _________window. A. Vulnerability B. Time to patch C. Protection D. Threat remediation
B. Time to patch
Which of the following is the default location for the McAfee Agent configuration files? A. Common Framework B. System 32 C. My Documents D. Windows Temp
A. Common Framework
Which of the following is the main log file for Firewall? A. FireTray.log B. FireSvc.log C. HipMgtPlugin.log D. McTrayHip.log
B. FireSvc.log
The McAfee Framework Service is responsible for which of the following functions? (Select the two that apply) A. Schedule Server Tasks B. Enforce Poilicies C. Collect and Send System Properties D. Scan for Threats and Vulnerabilities E. Policy Throtting
B. Enforce Policies C. Collect and Send System Properties
Which utility is used to help automate upgrades and maintenance tasks with third-party software that has been tasked with deploying HIPs on client computers? A. ClieniControl.exe B. fwinfo.exe C. McAfee Installation Designer D. Extension Manager
A. ClieniControl.exe
Why is it recommended to change the agent-to-server and console-to-server communication ports from their default values during installation? A. These ports are commonly subjected to malicious exploitation. B. The default values are in the common domain C. The defaults ports may already be in use inside of the network D. To avoid technical issues with port allocation
A. These ports are commonly subjected to malicious exploitation.
Which of the following ClientControl utility command line argumentrs force the Firewall component to allow all traffic? A. tfwPassthru B. /fwinfo C. /execinto D. /defConfig
A. tfwPassthru
In which order are HIPs Firewall rules processed to filler incoming packets? A. Top to bottom B. Bottom to top C. Most severre rules first D. Least severe rules first
A. Top to bottom
Which of the following is the HIPs executable for the McAfee Validation Trust Protection service? A. FireSvc.exe B. FireTray.exe C. FrameworkService.exe D. Mfevlps.exe
D. Mfevlps.exe
Which of the following statements best defines the Application Protection (Shielding and Enveloping) feature? A. Applications, system registry and services are locked down against malicious activity. B. Applications are not permitted to access data, registry and services outside of their application envelope C. Applications are prevented from communicating with any undefined network services D. Applications can only hook into processes that match a specific digital signature
A. Applications, system registry and services are locked down against malicious activity.
What McAfee propietary protocol is used for secure communication between the McAfee Agent and server? A. IPSEC B. SPIPE C. SSL D. HTTP
B. SPIPE
Which of the following methods utilize HIPs events? (Select the three that apply) A. Exception creation B. Health checking C. Reporting D. Alerting E. Updating
A. Exception creation C. Reporting D. Alerting
Which component controls the schedules tasks and communicated with the commont agent1 A. Task Manager B.. McShield C. Framework Service D. Scan32exe
C. Framework Service
Which of the following is the HIPs policy the allows a generated listing of applications that are known to be safe and are allowed to perform any normal operation A. Trusted Applications Policy B. Local Applications Policy C. Safe Applications Policy D. Host Application
A. Trusted Applications Policy
Which of the following HIPS features provides the ability to reuse common policy components, particularly Firewall groups and rules? A. Policy Catalog B. Host IPS Catalog C. Policy Assingment rules D. Policy Inheritance
B. Host IPS Catlog
Which of the following extensions is required to enable IPS within HIPs? A, Host IPS Trust Validation B. Host IPS Content C. Host IPS Advanced D.Host IPS License
D.Host IPS License
Which of the following methods are used for Application Blocking? (Select the two that apply) A. Application Hooking B. Application Creation C. Application Usage D. Application Testing E. Application Signature
A. Application Hooking B. Application Creation
Which of the following databases are not support in HIPs? A. MS SQL 2005 B.. MS SQL 2008 C. MS SQL 2008 R2 D.. MS SQL 2000
D.. MS SQL 2000
Which of the following is the supported executable that is used to install HIPs for Windows? A. McAfeeHIP_ Install.msi B. McAfeeHIP_ClientSetup.exe C. McAfeeHIP_ClientSetup.msi D. McAfeeHIP_Install.exe
B. McAfeeHIP_ClientSetup.exe
Which of the following HIPs client services are used for Firewall Learn Mode? A. FireSvc.exe B. FireTray.exe C. McAfeeFire.exe D.MfeFire.exe
C. McAfeeFire.exe
With statefull filtering, a slate table is considered a match when which of the follwoing conditions of the packet are matched. A. Protocol, Local Address, Local Port B .Protocol, Local Address, Remote Address C. Protocol, Local Address, Local Port, Remote Address D. Protocol, Local Address, Local Port, Remote Address,Remote Port
D. Protocol, Local Address, Local Port, Remote Address,Remote Port
In which of the following files are all triggered Automatic Response actions logged? A. Response log B. Server Task top C. Threat Event log D. Notification log
B. Server Task top
Which of the following security level adjustments to “all clients” would be the equivalent to defining and exception valid for all clients, users and processes under a specific signature? A. Disabled B. Information C. Low D. One
A. Disabled
Which of the following McAfee Agent files are used to report the results of script commands used during updates and deployment? A. McScript.log B. Agent_{SYSTEM NAME}.log C. Sitelist.xml D.Site.StatList.xml
A. McScript.log
What is the update frequency for Host Intrusion Prevention signature content? A. monthly B. bi-weely C. daily D. yearly
A. monthly
Which of the following steps should be performed first when troubleshooting issues with custom signatures? A. Use the Process Monitor and Process Explorer tools B. Review violations in the HipShield.log file C. Simplify violations in the HipShield.log file D. Disable the HIPS component
C. Simplify violations in the HipShield.log file
Which of the following is the installation directory for HIPs non-Windows platforms? A, /opt/McAfee/hip B, /opt/McAfee/bin/hip C. /etc/bin/McAfee/hip D. /var/root/McAfee/hip
A. /opt/McAfee/hip
In order to tighten a system’s intrusion prevention when using Host IPS, when should Adaptive Mode be disabled? A. Adaptive Mode should never be disabled B. Adaptive Mode should be disabled after the tuning period is over C. Adaptive Mode should be disabled during the tuning period D. Adaptive Mode should be disabled before the pilot period has begun
B. Adaptive Mode should be disabled after the tuning period is over
Which of ther following platforms does Host IPS not support? A. Windows B. Solaris C. :Linux D. AIX
D. AIX
Which of the following HIPs Policy categories are used to instruct the client system how to react when signatures of a specific severity are triggered? A. IPS Options (All Platforms) B. IPS Protection (All Platforms) C. IPS Rules (All Platforms) D. IPS Reactions (All Platforms)
B. IPS Protection (All Platforms)
Which port is used to access tyhe McAfee Agent Activity Log from a remote machine? A. 80 B. 443 C. 8081 D. 8082
C. 8081
Stateful firewalls utilize which of the following in order to keep track of the state of network connections travelling across them? A. connection cache B. product directory C. protocol inspector D. state table
D. state table
Stateful packet filtering occurs at which level of the Transport Layer? A. Layer 7 and lower B. Layer 6 and lower C. Layer 5 and lower D. Layer 4 and lower
D. Layer 4 and lower
Which of the following is not an available criteria for a Location Aware Group? A, DNS Server B. DHCP Server C. Default Gateway D. MAC Address
D. MAC Address
In order to locally install HIPs over a previously intalled version, which of the following must be disabled? A. Firewall B. McAfee Agent Policy Enforcementg C. VSE On-Access Scanner D. IPS Protection
A. Firewall
Which of the folliowing tasks provide signature updated to HIPs clients? A. McAfee Agent Update B. Host IPS Content Server C. Distributed Repository D. Repository Pull
A. McAfee Agent Update
Where is Firewall traffic displayed within the HIPs Client UI? A. Activity Log lab B. Application Protection List tab C. Blocked Hosts tab D. Firewall Policy tab
A. Activity Log lab
Which of the following is the command-line troubleshooting tool used for HiPs non-Windows platforms? A. fwinfo B. hipts C. s99hip D. clientcontrol
B. hipts
Which of the following is the HIPs executable that provides the McAfee Firewall Core Service? A. FireSVc.exe B. FireTray.exe C. McAfeeFirej.exe D. Mfefire.exe
D. Mfefire.exe
Before removing the Host IPS client, it is recommended to set the IPS Options Policy to which of the following configurations? A. On B. Off C. Adaptive D. Learn
B. Off
IPS exceptions are created in Adaptive Mode using which of the following parameters? A. IPS exceptions are created on a per-user, per-process basis B. IPS exceptions are created on a per-user, signature basis C. PS exceptions are created on a per-user, per process, per signature basis D. PS exceptions are created on a per-user, per process, per-application basis.
C. PS exceptions are created on a per-user, per process, per signature basis
Which of the following HIPs Policy categories are used to set reaction for signature seventy levels? A. IPS Options B. IPS Rules C. IPS Protection D. IPS Enforcement
C. IPS Protection
Which of the following HIPs Policy categories are used to set the protection reaction level for HOST IPS signature seventy levels? A. IPS Options B. IPS Rules C. IPS Protection D. IPS Enforcement
C. IPS Protection
The Connection Isolation option is available for which of the following? A. New Rule B. New Group C. Firewall Options D. Startup Protection
B. New Group
Under which policy category is the Application Protection List managed? A. Firewall Rules B. IPS Rules C. IPS Options D. Client UI
A. Firewall Rules
Which of the following is the HIPS executable that provides Host Intrusion Prevention service? A. FireSvc.exe B. FireTray.exe C. McAfeeFire.exe D. Mfefire.exe
A. FireSvc.exe
When are MPs client rule exceptions delivered to the ePO Server? A. During agent-to-server communication B. Custom Host C. Network D. Custom Network E.. Digital
A. During agent-to-server communication B. Custom Host C. Network
Which of the following types of signatures can be contained within an IPS Rules Policy? (Select the three that apply) A. Host B. Custom Host C. Network D. Custom Network E. Digital
A. Host B. Custom Host C. Network
Which of the following are the accepted methods of creating exceptions? (Select the two that apply? A. Evasion tool B. ClientException utility C. Manually D. Adaptive Mode E. Learn Mode
C. Manually D. Adaptive Mode
When creating a User Defined signatgure, Rule Definitions can be based on which of the following critieria? A. Windows and UNIX Files and Directories B. Windows Registry Keys C. Windows Registry Hive D. Windows Services E. Windows and UNIX ports
A. Windows and UNIX Files and Directories B. Windows Registry Keys D. Windows Services
When applying a patch or service pack to systems on the network, what is the recommended HIPs protection policy that is used for enforcement? A. Adaptive Mode B. Warning C. Basic Protection D. Enhanced Protection
B. Warning
Which of the following are examples of client tasks? A. Agent Wakeup B. Product Update C. Repository Pull D. Mirror Repositories E. Event Migration
A. Agent Wakeup B. Product Update D. Mirror Repositories
Which of the following protection is available for HIPs non-Windows clients? A. Malware Detection B. Firewall C. IPS D. Application Blocking
C. IPS
Which of the following operating systems does HIPs for Windows not support? A. Windows XPSP 3 32-bit B. Windows XPSP 3 64-bit C. Windows 7 64-bit D. Windows 2008 64-bit
B. Windows XPSP 3 64-bit
Which of the following options can prevent policy enforcements locally on the client? A. Open HIPS UI B. Un-lock HIPSUI C. Open VSE Console D. Un-lock VSE Console
B. Un-lock HIPSUI
Which of the following statements about Adaptive Mode are correct? A. Adaptive Mode triggers IPS events B. Adaptive Mode blocks all activity C. Adaptive Mode blocks all activity except malicious exploits D. Adaptive Mode triggers IPS alerts
C. Adaptive Mode blocks all activity except malicious exploits
Which of the following files is appended under each managed with disabled event information? A. EvtFiltr.ini B. Agent_Event.xml C. EvtForward.ini D. AgentEvent.log
A. EvtFiltr.ini
Which preconfigured server task is used to clean up all the adaptive mode rules and catalog entries in the database? A Host IPS 8.0 Catalog Maintenance Task B Duplicate Agent GUID - clear error count C Roll Up Data (Local ePO Server) D Host IPS 8.0 Adaptive - clear error count
A Host IPS 8.0 Catalog Maintenance Task
Which task provides signature updates to HIPs clients? A McAfee Agent Update B Host IPS Content Server C Distributed Repository D Repository Pull
A McAfee Agent Update
What is the name of the log in which the ClientControl.exe Utility records its activities? A CC.log B ClientUtility.log C Client.log D ClientControl.log
D ClientControl.log
MaxFwLogSize registry key controls the size of: A FireSvc.log B Shield.db C FireEpo.log D Except.db
A FireSvc.log
The Connection Isolation option is available for which of the following? A Firewall Rule B Firewall Group C Firewall Options D Firewall Catalogs
B Firewall Group
Which of the following is the command-line troubleshooting tool used for HIPS non-Windows platforms? A fwinfo B hipts C s99hip D clientcontrol
B hipts
Which of the following can be configured on the Client UI policy for non-Windows clients? A Icon display settings B Password for administrative access C Intrusion event reactions D Policy inheritance
B Password for administrative access
The Trusted Networks preconfigured default policies: A Includes a list of network addresses automatically. B Can be viewed, edited and exported by the Global Administrator. C Can be applied to Windows and Linux systems. D Includes local subnets automatically.
D Includes local subnets automatically.
Which signature type can be contained within an IPS Rules Policy? A Host B Digital C Custom Digital D Custom Network
A Host
Host IPS Firewall rules are found in the: A Host IPS Firewall Rules Catalog. B Host IPS Firewall Catalog. C Host IPS Rules Catalog. D Host IPS Catalog.
D Host IPS Catalog.
Where is HIPS installed on linux and solaris machines?
a.Opt/McAfee/hip is the path that contains the client, policy rules, troubleshooting tool, HIPS and Agent shared object modules, log directories. Source: HIPS 8.0 PG, p. 99(Linux), p. 96(Solaris)
What is this command for: /etc/rc2.d/S99hip status?
a. This command checks that the Solaris client is running. Source: HIPS 8.0 PG, p. 96
- What is this command for: /sbin/rc2.d/S99hip stop?
a.Run this command to stop the HIPS client after setting IPS options to OFF and applying the policy to the client. Source: HIPS 8.0 PG, p. 96
Where are the installation history files kept in Linux?
a. /opt/McAfee/etc/hip-install.log. Source: HIPS 8.0 PG, p 99.
There are 2 server tasks for HIPS, What are they? What do they do?
- Host IPS 8.0 Catalog Maintenance Task. Cleans up all the adaptive mode rules and catalog entries in the database. No configuration needed. Source ePO Menu | Automation | Server Tasks, Edit
- Host IPS 8.0 Property Translator. Tranlates client rule properties and populates appropriate database tables with this data. No configuration needed. Source ePO Menu | Automation | Server Tasks, Edit
Where are the HIPShield.log and HIPClient.log files found in linux?
a. McAfee/hip/log.Source HIPS 8.0 PG, p.99
