Host Based Security System

Question 1

HBSS utilizes a pull-system, what type of architecture is this?

Answer 1

client-server architecture

Question 2

What are the 3 components of HBSS?

Answer 2

• Database
• ePO Server
• Endpoint

Question 3

The Master Agent Handler is controlled by which HBSS component?

Answer 3

ePO Server

Question 4

What distributes network traffic generated by agent-server communication by directing managed systems or groups of systems to report back.

Answer 4

Agent Handlers

Question 5

The Master Repository falls under which HBSS component?

Answer 5

ePO Server

Question 6

(T/F) The Master Repository manages policies, collects events, and installs code on the clients.

Answer 6

False. A repository is nothing more than a file share located in your environment that your clients can access.

Question 7

What is the client-side component providing secure communication between McAfee ePO and managed products?

Answer 7

McAfee Agent

Question 8

(T/F) In an environment with less than 10,000 endpoints, there is no need for a dedicated SQL database, Agent Handlers, or repositories.

Answer 8

True.

Question 9

At what point should an organization have a seperate SQL server, separate Agent Handler and properly placed repositories?

Answer 9

When they have 75K to 150K+ endpoints

Question 10

What components are on the McAfee Agent?

Answer 10

• Virus Scan Enterprise
• Host Intrusion Prevention
• Rogue System Detection
• Policy Auditor
• Data Loss Prevention

Question 11

In relation to the Virus Scan Enterprise, what is the difference between On-Access and On-Demand scans?

Answer 11

The On-Access scanner examines files on your computer as they are accessed.

The On-Demand scanner examines all parts of your computer for potential threats, at convenient times or at regular intervals.

Question 12

What provides heuristic detection capability for suspicious files?

Answer 12

Artemis Alerts

Question 13

Which type of virus scan hooks into the system at the lowest levels, scanning files where they first enter the system?

Answer 13

On-Access

Question 14

What in HBSS utilizes a combination of passive and active enumeration techniques to detect systems that are not under the protection of HBSS?

Answer 14

RSD (Rogue System Detection) Agent

Question 15

What can control data from entering or leaving the network and can protect against loss from the following:

• Clipboard software
• Cloud applications
• Email (including email sent to mobile devices)
• Network shares
• Printers
• Screen captures
• Specified applications and browsers
• Web posts

Answer 15

DLP (Data Loss Prevention) Agent

Question 16

What allows users to import and export benchmarks and checks that use SCAP?

Answer 16

Policy Auditor