DISA HBSS 201 ADMIN ePO5.1(2023) EXAM 100
QUESTIONS AND CORRECT ANSWERS (100%
VERIFIED ANSWERS) |AGRADE
Which ePO repository provides all updates to the ePO Master repository? –
ANSWER- Source
Which is not a type of IPS Signature? – ANSWER- Network Signatures
If a connection is in the state table; what action will occur with future traffic for
that connection? – ANSWER- Allow
Which ePO component gathers the events from the managed systems and
communicates them to the ePO server? – ANSWER- McAfee Agent
What are the four main types of Permission Sets in ePO? – ANSWER- Executive
Reviewer; Global Reviewer; Group Admin; Group Reviewer
To manually move a system from one group to another; you do which two things
with the system to move it to the other group? – ANSWER- A. Drag and drop –
testing
Which ePO core component enforces the policies on the systems? – ANSWERMcAfee Agent
In the Client Task Catalog you can export all of your client tasks into an XML file
that can be imported into another ePolicy Orchestrator Server. – ANSWER- True
From this list select the format that you cannot export your query results to. –
ANSWER- DOC – testing
Each Firewall Rule provides a set of conditions that which of the following has to
meet? – ANSWER- B. Computers – testing
Which IPS policy determines what options are available to a client computer with a
HIPS client; including; whether or not the client icon appears in the system tray;
types of intrusion alerts; and password to allow access to the client user interface? –
ANSWER- D. Client UI – testing
Which of the following is not a protection level defined in the IPS Protection
Policy? – ANSWER- C. Log – testing
What are the four severity levels of signature in HIPS? – ANSWER- High,
Medium, Low, Informational
The Client Task Catalog allows you to create which of the following? – ANSWERB. Client task objects – testing
To verify that the IP address sorting criteria that has not been configured to overlap
between different groups; you can use which of the following options? –
ANSWER- C. Check IP Groups – testing
Which of the following is a valid statement regarding the task of managing policies
in ePO? – ANSWER- B. When you assign a new policy to a particular group of the
Directory; then all systems under that group with inheritance intact will inherit the
new policy. -testing
Which statement is true concerning the ePO console? – ANSWER- A. It is web
based and designed completely in HTML and JavaScript. – testing
Select the ePolicy Orchestrator component that provides the UI of the System tree;
sorting of nodes; tags and policies. – ANSWER- Apache
In which order are HIPS Firewall rules processed to filter incoming packets? –
ANSWER- Top to bottom
The Agent to Server Communication for the McAfee Agent is encrypted using
which of the following? – ANSWER- TLS
Which answer lists ALL the layers of protection in the HIPS client? – ANSWERSignature, behavioral and firewall protection
What column is not displayed in the Audit Log? – ANSWER- Failure
What is the default password for unlocking the client user interface when
troubleshooting the McAfee HIPS client? – ANSWER- abcde12345
Which statement best defines Application Shielding in HIPS? – ANSWER- D.
Applications can only hook to the processes that match the digital signature
imported into HIPS. – testing
Which ePO user listed below can create and edit tags in ePO? – ANSWERAdministrator
What types of Tags can you create? – ANSWER- Tags without criteria and
Criteria-based tags
Public Queries exist in which of the following lists? – ANSWER- My Groups
Select the ePolicy Orchestrator component that caches policies to reduce database
reads and speed up ASCI time. – ANSWER- B. Apache
What ePO server task updates ePO distributed repositories from the master
repository? – ANSWER- Pull task
Which of the following can be created to prevent interpreting a normal behavior as
an attack? – ANSWER- Exception
How do you uninstall the HIPS client for Windows from a managed system? –
ANSWER- -Configure the IPS Options policy to disable IPS; Configure the
McAfee Agent deployment task to remove the HIPS client. – Testing.
Prior to imaging the system the registry entry for the McAfee Agent; which line
should be deleted? – ANSWER- –
HKEY_LOCAL_MACHINE\SOFTWARE\Network
Associates\ePO\Agent\EpoGUID – testing
Communications between Tomcat and the Web browser accessing the ePO console
is accomplished using what traffic through which port? – ANSWER- HTTPS. 8005
– Testing
A trusted network may be defined by all of the following except: – ANSWER- D.
Network Protocol
Agent Handlers consist primarily of what two services? – ANSWER- C. Apache
and Event Parser