Host Based Security System Flashcards Preview

UCT - Phase 2, Block 2 (DCO) > Host Based Security System > Flashcards

Flashcards in Host Based Security System Deck (16)
Loading flashcards...
1

HBSS utilizes a pull-system, what type of architecture is this?

client-server architecture

2

What are the 3 components of HBSS?

- Database
- ePO Server
- Endpoint

3

The Master Agent Handler is controlled by which HBSS component?

ePO Server

4

What distributes network traffic generated by agent-server communication by directing managed systems or groups of systems to report back.

Agent Handlers

5

The Master Repository falls under which HBSS component?

ePO Server

6

(T/F) The Master Repository manages policies, collects events, and installs code on the clients.

False. A repository is nothing more than a file share located in your environment that your clients can access.

7

What is the client-side component providing secure communication between McAfee ePO and managed products?

McAfee Agent

8

(T/F) In an environment with less than 10,000 endpoints, there is no need for a dedicated SQL database, Agent Handlers, or repositories.

True.

9

At what point should an organization have a seperate SQL server, separate Agent Handler and properly placed repositories?

When they have 75K to 150K+ endpoints

10

What components are on the McAfee Agent?

- Virus Scan Enterprise
- Host Intrusion Prevention
- Rogue System Detection
- Policy Auditor
- Data Loss Prevention

11

In relation to the Virus Scan Enterprise, what is the difference between On-Access and On-Demand scans?

The On-Access scanner examines files on your computer as they are accessed.

The On-Demand scanner examines all parts of your computer for potential threats, at convenient times or at regular intervals.

12

What provides heuristic detection capability for suspicious files?

Artemis Alerts

13

Which type of virus scan hooks into the system at the lowest levels, scanning files where they first enter the system?

On-Access

14

What in HBSS utilizes a combination of passive and active enumeration techniques to detect systems that are not under the protection of HBSS?

RSD (Rogue System Detection) Agent

15

What can control data from entering or leaving the network and can protect against loss from the following:
- Clipboard software
- Cloud applications
- Email (including email sent to mobile devices)
- Network shares
- Printers
- Screen captures
- Specified applications and browsers
- Web posts

DLP (Data Loss Prevention) Agent

16

What allows users to import and export benchmarks and checks that use SCAP?

Policy Auditor