Flashcards in Host Based Security System Deck (16)
HBSS utilizes a pull-system, what type of architecture is this?
What are the 3 components of HBSS?
- ePO Server
The Master Agent Handler is controlled by which HBSS component?
What distributes network traffic generated by agent-server communication by directing managed systems or groups of systems to report back.
The Master Repository falls under which HBSS component?
(T/F) The Master Repository manages policies, collects events, and installs code on the clients.
False. A repository is nothing more than a file share located in your environment that your clients can access.
What is the client-side component providing secure communication between McAfee ePO and managed products?
(T/F) In an environment with less than 10,000 endpoints, there is no need for a dedicated SQL database, Agent Handlers, or repositories.
At what point should an organization have a seperate SQL server, separate Agent Handler and properly placed repositories?
When they have 75K to 150K+ endpoints
What components are on the McAfee Agent?
- Virus Scan Enterprise
- Host Intrusion Prevention
- Rogue System Detection
- Policy Auditor
- Data Loss Prevention
In relation to the Virus Scan Enterprise, what is the difference between On-Access and On-Demand scans?
The On-Access scanner examines files on your computer as they are accessed.
The On-Demand scanner examines all parts of your computer for potential threats, at convenient times or at regular intervals.
What provides heuristic detection capability for suspicious files?
Which type of virus scan hooks into the system at the lowest levels, scanning files where they first enter the system?
What in HBSS utilizes a combination of passive and active enumeration techniques to detect systems that are not under the protection of HBSS?
RSD (Rogue System Detection) Agent
What can control data from entering or leaving the network and can protect against loss from the following:
- Clipboard software
- Cloud applications
- Email (including email sent to mobile devices)
- Network shares
- Screen captures
- Specified applications and browsers
- Web posts
DLP (Data Loss Prevention) Agent