BSS Study guides, Class notes & Summaries

HBSS 301 ePO5.3 Test How does the Rogue System Sensor find rogue machines on the network? - N: The sensor listens passively to layer 2 broadcasts. The Rogue System Sensor determines if a machine is a rogue system - 2.fALSE - right How many sensors must be installed for complete coverage? - 2. 1 in each broadcast segment An agent handler installation includes only which of the following? - 2. Apache and Event Parser Within an Agent Handler group; if the handler with the highest p...

CND Services include Prepare; Protect and _________ - Attack Remediate Respond Diagnose -Respond What action should be taken if an event is found to be a false positive? - Ignore It Start the tuning process Call the helpdesk Open a ticket with DISA -Start the tuning process Which product is responsible for collecting endpoint properties and policy enforcement? - McAfee VirusScan McAfee HIPS McAfee Agent ACCM -McAfee Agent What is the correct order for prioritizing events? - Sever...

DISA HBSS 201 Admin ePO5.1 What can be created to prevent interpreting a normal behavior as an attack? - Exception Which executable runs the main HIPS service? - F How do yo uninstall the HIPS 7.0 client for Windows from a managed system? - Remove the extension from the ePO Server and initiate the McAfee Agent wakeup call.( double check answer) Assume three IPS policies are applied to a node; 1 default and 2 custom. The default severity level is set to HIGH; 1 custom severity leve...

1. CND Services include Prepare; Protect and _________ - correct answer -Respond 2. What action should be taken if an event is found to be a false positive? - correct answer -Start the tuning process 3. Which product is responsible for collecting endpoint properties and policy enforcement? - correct answer -McAfee HIPS (?) 4. What is the correct order for prioritizing events? - correct answer -Severity; Action Taken; Volume 5. An admin creates ___________ to manage the softwa...

CND Services include prepare, protect and - attack remediate respond diagnose What action should be taken if an event is found to be a false positive? - ignore it start the tuning process call the help desk open a ticket with DISA Which product is responsible for collecting endpoint properties and policy enforcement? - McAfee VirusScan McAfee HIPS McAfee Agent ACCM What is the correct order for prioritizing events? - Severity Action Taken Volume An admin creates ___________ to ma...

Authentication and ___________ are the two steps required to connect to and 802.11 basic service set. Answer -Association Authentication for Wi-Fi is authentication that happens at layer _ of the OSI model. Answer 2 This is authentication to the access point. 802.11-2007 standard defines two different authentication methods: Answer -Open system authentication -Shared key authentication Open System authentication occurs with an exchange between the client STA and Answer AP. Open...

This document consists of notes about the given articles/ lectures. It shows a good overview including questions that might help while studying for the exam.

. CND Services include Prepare; Protect and _________ - correct answer -Respond 2. What action should be taken if an event is found to be a false positive? - correct answer -Start the tuning process 3. Which product is responsible for collecting endpoint properties and policy enforcement? - correct answer -McAfee HIPS (?) 4. What is the correct order for prioritizing events? - correct answer -Severity; Action Taken; Volume 5. An admin creates ___________ to manage the softwar...

Security Technical Information Guide (STIG) correct answer: A carefully crafted document that includes not only DoD policies and security regulations, but also up-todate best practices and configuration guidelines. These guidelines are used for securing a specific system or application in accordance with DoD requirements. Host-Based Security Systems (HBSS) correct answer: A host based security system, which means it is located on the individual workstation or the host. Uses multiple differe...

What component of ESS provides administrators with the ability to block the use of removable storage devices? Select the best answer; then select Submit. A. PA B. DLPe C. ePO D. HIPS B In the DLP Agent Configuration for Notifications, to append the name of the file/device/etc add a _______________________. Select the best answer; then select Submit. A. %d B. %s C. %r D. %f B DLP/DCM Plug and Play devices can be identified by _________________. Select the best answer; then select...