Page 1 of 10
HBSS 501 QUESTIONS AND ANSWERS WITH
SOLUTIONS 2025
CND Services include Prepare; Protect and ____________
......ANSWER........Respond
What action should be taken if an event is found to be a false
positive? ......ANSWER........Start the tuning process
Which product is responsible for collecting endpoint properties
and policy enforcement? ......ANSWER........McAfee Agent
What is the correct order for prioritizing events?
......ANSWER........Severity; Action Taken; Volume
An admin creates ___________ to manage the software
installed on the endpoint. ......ANSWER........Policies
Which HIPS label shows the friendly name of a HIPS event?
......ANSWER........Signature Name (Host IPS)
Which of the following is not true about ArcSight and situational
awareness? ......ANSWER........Prevention
, Page 2 of 10
In order to manage an endpoint; ___________ must be
installed. ......ANSWER........McAfee Agent
A dashboard is a collection of __________ shown together in
the same location. ......ANSWER........Monitors
Which VSE label shows the friendly name of a VSE event?
......ANSWER........Threat Name
Which feature does HIPS and VSE both have in common but is
disabled on one when both are installed on the same endpoint?
......ANSWER........Buffer Overflow Protection
Which query filter label helps group similar data for VSE?
......ANSWER........Threat Type
As an Analyst; your duty includes reviewing all the data
collected by the ePO server. ......ANSWER........False
Which of the following is a valid query output?
......ANSWER........All of the above
HBSS 501 QUESTIONS AND ANSWERS WITH
SOLUTIONS 2025
CND Services include Prepare; Protect and ____________
......ANSWER........Respond
What action should be taken if an event is found to be a false
positive? ......ANSWER........Start the tuning process
Which product is responsible for collecting endpoint properties
and policy enforcement? ......ANSWER........McAfee Agent
What is the correct order for prioritizing events?
......ANSWER........Severity; Action Taken; Volume
An admin creates ___________ to manage the software
installed on the endpoint. ......ANSWER........Policies
Which HIPS label shows the friendly name of a HIPS event?
......ANSWER........Signature Name (Host IPS)
Which of the following is not true about ArcSight and situational
awareness? ......ANSWER........Prevention
, Page 2 of 10
In order to manage an endpoint; ___________ must be
installed. ......ANSWER........McAfee Agent
A dashboard is a collection of __________ shown together in
the same location. ......ANSWER........Monitors
Which VSE label shows the friendly name of a VSE event?
......ANSWER........Threat Name
Which feature does HIPS and VSE both have in common but is
disabled on one when both are installed on the same endpoint?
......ANSWER........Buffer Overflow Protection
Which query filter label helps group similar data for VSE?
......ANSWER........Threat Type
As an Analyst; your duty includes reviewing all the data
collected by the ePO server. ......ANSWER........False
Which of the following is a valid query output?
......ANSWER........All of the above
