14.14-24 Flashcards
(41 cards)
What is created so group admins can have
all permissions required to administer their individual assets while preventing access to
the rest of the ship’s network.
Permission Sets
When an administrator deploys with the embarkable
unit, allow them to administer their own assets by?
Creating a group admin account.
What should you do before embarkables deploy onboard?
Work with group admins to remove agents before connecting to your network.
What directory contains policies that have been
consolidated for a given module?
Comprehensive
What two HIP policies are called multiple instance or
“stackable” policies, because multiple policy instances can be assigned to a single node.
IPS Rules and Trusted Applications,
When policies are changed in the ePO console, the changes take effect on the managed
systems when?
The next agent-server communication interval (ASCI).
30 minutes for smaller networks
60 minutes for larger networks
Admins can assign policies in what 3 ways.
- Site or Group Level
- Single System
- Node with multiple policies
What prevents admins with appropriate permissions at the same level of the System Tree from
inadvertently replacing a policy
Assignment Locking
PA functions as what because it evaluates systems against standards developed by government and private industry such as DISA’s Security Technical Implementation Guides (STIG) and Microsoft Best Practices Guides?
Independent Auditor
Audits consist of the what 2 components:
- A benchmark or selected profile within a benchmark
2. An audit frequency or how often data should be gathered
What are documents that contain rules for describing the desired state of a system? What format is it? Essentially making them what?
Benchmarks
.xccdf
Files dictating what checks to run.
What appear in monitors and queries and
include additional information about the state of a system that is helpful to security officers
and network administrators when fixing issues
Findings
Audits are benchmarks are supplied from where?
McAfee
Can be imported from third-party sources
Created by you using Benchmark Editor
What monitors any specified file for changes but only maintains version changes to text files.
Admin can also: define which files should be tracked. Specify the frequency for detecting file changes
File Integrity Monitor
Has ability to retain up to 6 text file versions.
HIPS software requires these 6 components be installed and running to provide and
manage protection.
- ePO server and repository
- McAfee Agent
- HIP server components
- HIP Agent
- HIP content updates
- Policies on the server
Log settings for Firewall and IPS Logging include(4):
- Debug
- Information
- Warning
- Error
What is a list of applications that should be considered
“trusted” and thus should cause no event to be generated.
Trusted Applications Policy
What contains a list of network addresses and subnets that can be tagged as trusted. “Trusted,” means that that address, or address range, can potentially be
ignored by Network IPS and/or the Firewall, without having to created individual exceptions or
rules.
Trusted Networks Policy
What tab displays exceptions
relevant to the client and provides summary and detailed information for each rule.
IPS Policy Tab
What tab is used to monitor a list of blocked hosts (IP addresses) that is automatically created when NIPS protection is enabled.
Blocked Host Tab
What is used to permanently delete contents of the log?
Clear
What needs to be enabled for an alert to automatically appear when HIPS detects a potential attack.
IPS Protection
Display Pop-up Alert Option
What provides timelines and settings for tuning your network to avoid false positives?
FRAGO 13
What are the 2 types of tuning?
Manual and Automatic
