DISA HBSS 201 ADMIN EPO5.1 EXAM
2025 QUESTIONS AND ANSWERS
What can be created to prevent interpreting a normal behavior as an attack? -
ANS Exception
Which executable runs the main HIPS service? - ANS Firesvc.exe
How do yo uninstall the HIPS 7.0 client for Windows from a managed system? - ANS Remove
the extension from the ePO Server and initiate the McAfee Agent wakeup call.( double check
answer)
Assume three IPS policies are applied to a node; 1 default and 2 custom. The default severity
level is set to HIGH; 1 custom severity level is set to LOW and the other custom is set to
MEDIUM. What is the effective severity level outcome for the applied policy? - ANS Low
Med
Least Restrictive - testing
Which ePO repository provides all updates to the ePO Master repository? - ANS Source
Which is not a type of IPS Signature? - ANS Network Signatures
If a connection is in the state table; what action will occur with future traffic for that
connection? - ANS Allow
1 @COPYRIGHT THEBRIGHT 2025/2026
, Which ePO component gathers the events from the managed systems and communicates them
to the ePO server? - ANS McAfee Agent
What are the four main types of Permission Sets in ePO? - ANS Executive Reviewer; Global
Reviewer; Group Admin; Group Reviewer
To manually move a system from one group to another; you do which two things with the
system to move it to the other group? - ANS A. Drag and drop - testing
Which ePO core component enforces the policies on the systems? - ANS McAfee Agent
In the Client Task Catalog you can export all of your client tasks into an XML file that can be
imported into another ePolicy Orchestrator Server. - ANS True
From this list select the format that you cannot export your query results to. - ANS DOC -
testing
Each Firewall Rule provides a set of conditions that which of the following has to meet? -
ANS B. Computers - testing
Which IPS policy determines what options are available to a client computer with a HIPS client;
including; whether or not the client icon appears in the system tray; types of intrusion alerts;
and password to allow access to the client user interface? - ANS D. Client UI - testing
Which of the following is not a protection level defined in the IPS Protection Policy? - ANS C.
Log - testing
What are the four severity levels of signature in HIPS? - ANS High, Medium, Low,
Informational
2 @COPYRIGHT THEBRIGHT 2025/2026
2025 QUESTIONS AND ANSWERS
What can be created to prevent interpreting a normal behavior as an attack? -
ANS Exception
Which executable runs the main HIPS service? - ANS Firesvc.exe
How do yo uninstall the HIPS 7.0 client for Windows from a managed system? - ANS Remove
the extension from the ePO Server and initiate the McAfee Agent wakeup call.( double check
answer)
Assume three IPS policies are applied to a node; 1 default and 2 custom. The default severity
level is set to HIGH; 1 custom severity level is set to LOW and the other custom is set to
MEDIUM. What is the effective severity level outcome for the applied policy? - ANS Low
Med
Least Restrictive - testing
Which ePO repository provides all updates to the ePO Master repository? - ANS Source
Which is not a type of IPS Signature? - ANS Network Signatures
If a connection is in the state table; what action will occur with future traffic for that
connection? - ANS Allow
1 @COPYRIGHT THEBRIGHT 2025/2026
, Which ePO component gathers the events from the managed systems and communicates them
to the ePO server? - ANS McAfee Agent
What are the four main types of Permission Sets in ePO? - ANS Executive Reviewer; Global
Reviewer; Group Admin; Group Reviewer
To manually move a system from one group to another; you do which two things with the
system to move it to the other group? - ANS A. Drag and drop - testing
Which ePO core component enforces the policies on the systems? - ANS McAfee Agent
In the Client Task Catalog you can export all of your client tasks into an XML file that can be
imported into another ePolicy Orchestrator Server. - ANS True
From this list select the format that you cannot export your query results to. - ANS DOC -
testing
Each Firewall Rule provides a set of conditions that which of the following has to meet? -
ANS B. Computers - testing
Which IPS policy determines what options are available to a client computer with a HIPS client;
including; whether or not the client icon appears in the system tray; types of intrusion alerts;
and password to allow access to the client user interface? - ANS D. Client UI - testing
Which of the following is not a protection level defined in the IPS Protection Policy? - ANS C.
Log - testing
What are the four severity levels of signature in HIPS? - ANS High, Medium, Low,
Informational
2 @COPYRIGHT THEBRIGHT 2025/2026
