Week 6

Question 1

What are the ePO compliance checks?

Answer 1

• McAfee Agent Version
• virus scan
• anti spyware
• HIP
• PA
• Assets
• DAT files

Question 2

FIM allows you to do what? 4 things.

Answer 2

1. Define which files should be tracked
2. Define what files should not be checked
3. Specify the frequency for detecting file change
4. See and receive notification about changes to file or file attributes

Question 3

Two types of scans for ABM

Answer 3

• baseline

- activity

Question 4

ABM has how many policy categories?

What are they?

Answer 4

3

• file permissions
• registry permissions
• Trusted activity

Question 5

If there is a suspected attack, who do you inform?

Answer 5

IAM

Question 6

What log details all actions of the ePO Application Server?

Answer 6

EpoApSvr.log

Question 7

What log file is a more detailed version of the log available through the McAfee Agent GUI?

Answer 7

Agent_.log

Question 8

What log provides detailed information of all actions performed by Rogue System Sensors?

Answer 8

RSDSensor_out.log

Question 9

How often does the RSS log communicate with ePO?

Answer 9

Every 5 minutes

Question 10

What are the common logs contained on all Windows machines?

Answer 10

• Application
• Security
• System

Question 11

What is the boot order?

Answer 11

• MSSQL
• ACAS (SSCVI)
• HBSS

Question 12

What are the two services on MSSQL that are required to run?

Answer 12

• SQL Server (MSSQLSERVER)

- SQL Server Agent (MSSQLSERVER)

Question 13

When is MSSQL backed up?

Answer 13

Daily at 0030

Question 14

When is ACAS/SCCVI backed up?

Answer 14

Weekly on Sunday

Question 15

CANES she’s what for cross domain services?

Answer 15

Thin client

Question 16

What VMs are used on DHCP in the UNCLAS and Secret enclaves?

Answer 16

• IAEXET

- WEB

Question 16

Is DHCP allowed on SCI?

Answer 16

No!

Question 16

What is used to restrict data flow from applications and users in each enclave?

Answer 16

-virtual routing and forwarding

Question 16

How is CANES providing data-at-rest protection?

Answer 16

Hard drive encryption

Question 17

Net IQ is used for?

Answer 17

Analyze siem log

Question 17

Are CANES logging standards the same as DISA, what we currently use?

Answer 17

Yes

Question 18

EMET can be used to prevent?

Answer 18

PKI based man-in-the-middle

Question 18

What is he module that applies local security to servers on COMPOSE networks?

Answer 18

SCM-security configuration module

Question 18

Where is Symantec Endpoint Protection Manager installed?

Answer 18

EX001

Question 18

What are the 4 enforcers for COMPOSE Security Architecture?

Answer 18

- gateway - LAN - DHCP - Integrated

Question 18

What are the Symantec Mail Security policies?

Answer 18

- general - antivirus - anti spam

Question 19

What stage of CCRI asks for documentation?

Answer 19

Stage 1

Question 20

How do you make system changes after a CCRI?

Answer 20

Coordinate with the SYSCOM

Question 21

What system service migrates events from an old database to a new database?

Answer 21

Event migration

Question 22

What system service takes systems older than 14 days, moves them to the inactive group, and hen deletes after 30 days?

Answer 22

Inactive agent cleanup

Question 23

What system service syncs select Windows NT domains in Active Directory containers that are mapped to system groups?

Answer 23

NT domain active directory sync task

Question 24

What system service retrieved packages from the source site and places them in the master repository?

Answer 24

Repository pull

Question 25

What system service updates distributed repository from master repository?

Answer 25

Repository replication

Question 26

What system service imports summary compliance far from other registered ePO servers?

Answer 26

Roll up data compliance

Question 27

What system service imports summary data from other registered ePO servers?

Answer 27

Roll up managed systems

Question 28

What system service evaluated all managed systems against selected tag criteria?

Answer 28

Run tag criteria

Question 29

What system service runs selected query?

Answer 29

Run query

Question 30

What is the type of auditor that PA functions as because it evaluates against both government and industry standards?

Answer 30

Independent auditor

Question 31

What is a benchmark? How do you get them?

Answer 31

- a file dictating what checks to run - third party - DISA - supplied by McAfee

Question 32

What will a waiver do on a system?

Answer 32

-it will not include it in audit scanning

Question 33

Is ABM active or passive?

Answer 33

Passive

Question 34

How far apart should NIPR and SIPR workstations be?

Answer 34

1 meter

Question 35

Agent_.log

Answer 35

Detailed version of the log available through the McAfee Agent GUI

Question 36

EpoApSvr.log

Answer 36

All actions of the ePO Application Server

Question 37

Server.log

Answer 37

Details all actions of ePO server

Question 38

RSDSensor_out.log

Answer 38

All actions performed by Rogue System Sensor

Question 39

Eventparser.log

Answer 39

All info regarding event parser

Question 40

Debug_sycit.log

Answer 40

SCCVI, used to troubleshoot retina issues

Question 41

What log is used to investigate USB events?

Answer 41

DLP log

Question 42

What services allow hardware and software access in information transferred to different security domains or levels of classification?

Answer 42

Cross domain/multi-layer System

Question 43

What do we use PKI certificates for?

Answer 43

- authentication | - email signing

Question 44

What service is the first layer of firewall protection for wireless access to CANES?

Answer 44

NAC

Question 45

What protects Windows/OS/workstations from host and network based intrusions?

Answer 45

IPS/HBSS

Question 46

COMPOSE has automated hardening

Answer 46

True

Question 47

GPO is used to ensure what?

Answer 47

- policy settings - user rights - computer behavior

Question 48

The TMG server will be deployed as a member server of what domain?

Answer 48

COMPOSE

Question 49

When blue team comes onboard, what must you do?

Answer 49

Create exceptions in the HBSS suite

Question 50

What must IPS protection status on all systems be set to?

Answer 50

Enabled

Question 51

Block high severity set to?

Answer 51

Prevent

Question 52

Block medium severity set to?

Answer 52

Prevent

Question 53

Block/log low severity set to?

Answer 53

Prevent/log