HBSS Exam Questions With Verified Answers.

HBSS Exam Questions With Verified Answers. What is HBSS - answer-host based security system on the individual workstation or the host -(COTS) -monitor, detect, and counter against known cyber threats. -address known traffic exploits What is HBSS on - answerCyber Tasking Order (CTO) 07 12, US Cyber Command (USCYBERCOM) mandates that HBSS be installed on every DoD system. Why do we use HBSS - answerallows us to centralize the administration of security tools. With this centralized administration we can control and monitor our different modules (VSE, HIPS, DLP, and any other module that is installed on the host. Who can you call for HBSS assistance - answerDISA HBSS Components - answer-ePolicy Orchestrator Server -the McAfee Agent -the distributed repositories -registered server The ePO server - answer-application server that manages the suit of product -contains the SQL database that stores logs, events, and policies -contains the master repository which stores all products as well as software that is deployable to the clients The McAfee Agent - answerinstalled on the clients and allows the ePO server to enforce polices on the client machine Distributed repositories - answerservers contain software packages for remote clients. These repositories are known as SADRs and are similar to that of a WSUS Registered servers - answeradditional servers on your network that you register with your ePO server to provide additional data such as LDAP, SNMP, and other ePO servers. How HBSS components work together - answerThrough the ePO's web interface create the policies & tell each product how they will behave, then stored on the local ePO server, agent on the client machine will pull the latest policy from the ePO server, enforce the last policy as long as agent is running Port 80 - answer-Agent to Server communication (TCP -Inbound TCP. The ePO server listens for requests from McAfee Agents Port 443 - answer-Agent to Server secure communication (TLS) -Inbound TCP. The ePO server listens for TLS (SSL)-encrypted requests from McAfee Agents Port 591 - answer-Agent Wakeup Call -Outbound TCP. For when the ePO server or an Agent Handler sends a Wakeup Call to a managed machine. Port 8005 - answer-Agent Handler Communication -Inbound TCP. ePO Agent Handlers connect to this port during installation and updates Port 8007 - answer-Console-to-application (HTTPS -Inbound TCP. Port used to connect to the ePO web interface using HTTPS Port 8443 - answer-Rogue system detection sensor (HTTPS) -Inbound TCP. The ePO server listens for Rogue System Detection events. Also used by Agent Handlers to get information from the ePO (like LDAP servers). Port 8082 - answer-UDP Broadcast communication port -Inbound UDP. Agents listen for UDP broadcasts from SuperAgents it is possible to lose access to the database if these ports are not open on the ePO server's host firewall - answer-Always apply firewall rules to the ePO server carefully. the prerequisites for the ePO server installation are - answer-Processors: At least one (two or more for production) -Memory:Atleast8 B (16GB+ for production) -Hard Disks:Follow the DISA build from image guide DISA builds, the default username and password is... - answer"napoleon/Charming2!". After installing the patches, you will need to? - answer-set the IP address,