Which of the following is a reason to use guest tags?

Select one:

To treat all guests with equal restrictions.

To differentiate guest authentication databases.

Categorize approved unmanaged network guests into specific cells.

To restrict user bandwidth within Forescout.

To provide guests with different types of network access.

Disabling external devices via the “disable external devices” action, requires which
component?
Select one:

Host Manageability

Mirrored Traffic

Remote Registry Service

MAC address in a list

SecureConnector

Which of the following will, by default, cause endpoints to be inspected by Forescout?

Select one:

Disabling HPS

Enabling Full Enforcement

Policy Admission Events

HeartBeat Timer

Forescout License renewal timer expiration

Which of the following is included in the Network Base Module?

Select one:

Switch

Advanced Tools Plugin

DHCP Classifier

DNS Client

User Directory

Which of the following is NOT a service that needs to be running for the HPS Plugin to
manage Windows endpoints?
Select one:

Remote Registry

Windows Management Instrumentation

Remote procedure call (RPC)

Server

Security Accounts Manager

Which of the following is NOT an action you can take with a policy?
Select one:

Remediate rogue hosts

Remediate managed hosts

Block rogue hosts

Block managed hosts

Notify end users and IT security teams

Which of the following is a benefit of Appliance management tools? (Options > CounterAct
Devices for EM deployments or Options > Appliance for standalone deployments)
Select one:

They help to manage backup servers

They help to upgrade plugins

They help to view appliance IP Assignments

They help to manage wireless

They help to manage switches

You have drilled down into a dashboard widget and are seeing 3,968 Results on the related
Assets Tab, but when you scroll down to the bottom of the list you see they are not all
displayed. Which of the following is true regarding this situation?
Select one:

The search feature will only search through information in the displayed columns

You cannot display more than 2,500 endpoints on the dashboard

You must search using more specific criteria to reduce the number

You may export all 3,968 matching endpoints for external analysis

You need to re-run the dashboard policy template

Which of the following is true about manual classification.

Select one:

It is a manual action that causes a network asset to match a specific device type.

It prevents other discovery actions.

It is preferred over all other classification actions.

It is used to assign a host to a segment.

A device can be manually assigned to only one group

Which policy family is intended for sharing of information between Forescout and other
systems?
Select one:

Discover

Control

Orchestrate

Assess

Classify
Which of the following is NOT displayed by the Setup Summary section of the initial
command line installation?
Select one:

Appliance host name

IP Mask and Default Gateway for Management Interface

DNS server

NTP server

(T)est to verify the default gateway and DNS

Forescout Virtual Firewall actions are normally performed within what policy family?
Select one:

Assess

Control

Classify

Orchestrate

Discover

Which Forescout interface attaches to an access link?

Select one:

Response interface

Management interface

SPAN interface
Monitor interface

TAP “In” interface

Finish the statement: The Passive learning default group is used when
Select one:

A device is vulnerable to active scanning

The management port is set to passive mode

You don’t want it evaluated by policies

Active learning is not set on the monitor port

An endpoint is managed

Classification is fed by:

Select one:

Discover Policy

Assessment Policies

Control Policies

Informational Security

ActiveResponse

Once all the required template policies have been created, which of the following Dashboards
are NOT available by default? (Choose two)
Select one or more:

Device Compliance

Device Visibility

Health Compliance

Health Monitoring

Servers
Which of the following is NOT a configuration option of the Options > CounterAct Devices
management tools for an Enterprise Manager?
Select one:

Add Recovery Manager

Add/Remove Appliances

Upgrade Software

Reinstall software

Start/Stop Appliances

Which of the following is true when deploying SecureConnector to Windows endpoints?

Select one:

When pushing SecureConnector out via management systems, the name of the.exe file is
unimportant.

When deployed as a dissolvable agent, SecureConnector uninstalls itself when it’s no longer
needed.

End users cannot install SecureConnector on their own.

SecureConnector cannot be pushed out from Forescout.

The SecureConnector icon will always be displayed.

Which of the following is NOT true regarding plugins/modules?

Select one:

They can add actions which can then be applied via policies.

They extend Forescout’s capabilities.

Licenses must be purchased for all plugins/modules.

The most common are included in the initial Forescout deployment.

They can add properties which can then be used in policies to evaluate endpoints.
What action types are typically included within assessment policies?
Select one:

Adding remote inspection capabilities

Invoking a Restrict action

Adding management agent such as SecureConnector

Modifying a Forescout channel

Remediation actions
Which of the following does Forescout identify in the Enterprise Discover policy?
Select one:

Authentication method

User identity

External device attachment

AntiVirus version

VOIP devices

How can you manually download SecureConnector if you have a stand alone appliance?
Select one:

Navigate to https://ip_of_enterprise_manager/sc

Navigate to https://ip_of_forescout_appliance/sc

Navigate to https://ip_of_forescout_appliance/install

Navigate to http://ip_of_forescout_appliance/install

Navigate to http://ip_of_forescout_appliance/sc
Which Forescout interface connects to a switch SPAN destination port?
Select one:

Monitor interface

Response interface

Tap out interface

Management interface

NetFlow interface

Which of the following is an example of a restrict action?

Select one:

HTTP Redirect

Start SecureConnector

Switch block

Disable all external devices

Disable all internal devices

Which of the following is true regarding sub-rules?

Select one:

Sub-rules are evaluated in sequence until a match is found.

Sub-rules inform Forescout when to follow-up with hosts not detected via the Main rule.

All Sub-rules in a policy are evaluated for every host detected via the Main rule.

Sub-rules instruct Forescout how to follow-up with hosts before initial detection via the Main
rule.

Sub-rules are if – then statements which must have a condition and an action.

Which policies determine device ownership?

Select one:

Discover

Classify

Control
Assess

Orchestrate

What is required for Forescout to perform deep endpoint inspection?

Select one:

Forescout must have an orchestrate module enabled

The device must be manageable

An administrator must be logged into the endpoint

The endpoint must have a Window’s license

Windows devices must have port 22 open

Which of the following can be used to send notification messages to unregistered guest users?
Select one:

VLAN reassignment

SecureConnector balloon

http redirection

IP ACL

SMTP

Which of the following is true regarding the range of IP addresses configured in Options >
Access > Web?
Select one:

By default, this is the Active Response range.

Addresses NOT defined here will be able to receive configured Web feature (HTTP, various
portals, User Portal Builder etc).

Span traffic is not necessary for HTTP redirection pages for Addresses configured here.

Addresses defined here will be able to receive the configured Web feature (HTTP, various
portals, User Portal Builder etc).
By default, this is the Internal Network range.

Which type of Assess policy has high potential bandwidth impact?

Select one:

Pushing Windows Patches from Forescout

Enabling Anti-virus

Invoking Threat Protection

Activating Classification Policy

Restricting Peer-to-Peer

Which of the following properties leverages the Device Classification Engine?

Select one:

NIC

Function

Hostname
Serial Number

User

Forescout has command line tools to help configure custom options and troubleshoot. Which
of the following is an example of a utility that displays a configuration summary for
Forescout?
Select one:

config_sum

fstool network_sum

sum_config

fstool config_sum

fstool version
Over what transport protocol and port does an Enterprise Manager communicate with the
deployed appliances?
Select one:

TCP port 13000

TCP port 443

TCP port 10005

TCP port 10003

UDP port 53

Which feature can create PDFs on a scheduled basis?

Select one:

Dashboards

Host Details panel

Reports Portal

Switch module

User Directory plugin

How do you exit the console? (Choose two).

Select one or more:

Go to File>Exit

Control + P

Go to File>Stop all policies

Select the X button

Control + Alt + Delete

Which feature can generate Donut, Trend or Counter displays for policies?
Select one:

Reports Portal

Asset Inventory Tab

Dashboards

Policy Results panel

Threat Protection Results panel

When creating a control policy to block hosts, what is the appropriate Restrict action when it
is attached to an unmanaged switch?
Select one:

Action: Switch Block

Action: Virtual Firewall

Action: Switchport VLAN

Action: Access Port ACL

Action: Email Notification to admin

What is required to achieve agentless management of a Windows host?

Select one:

port 445 or 139, RPC, Remote Registry, C$ admin share

port 443, 13000, RPC, RDP, Remote Registry

port 445 or 139, RDP, Remote Registry, C$ admin share

port 445, 1300, RPC

port 443, 139, RPC, DNS

Which of the following is not a valid SecureConnector deployment mode for Windows?
(Choose two)
Select one or more:

Permanent as a service

Dissolvable

Temporary as a service

Permanent as an application
Run as a web app

Select a property that Forescout uses during discovery to identify the device type.
Select one:

Device manageability

AV up to date

Open sessions

Applications Installed

Operating System

Which is a Classify goal?

Select one:

Make segments of classified systems, devices, and break them down into organizational
units.

Identify hosts that are blocked by policy

Determine specifics about endpoints that could not be detected in control.

Identify hosts that are corporate assets.

Determine specifics about endpoints that could not be detected in compliance.

Which of the following are NOT valid deployment architectures? (Choose two)
Select one or more:

Layer-2 NAC architecture

Remote NAC architecture

Hybrid NAC architecture

Distributed NAC architecture

Centralized NAC architecture

Which of the following statements are true about the Options > NAC > HTTP Login
Attempts. (Choose two)
Select one or more:

The HTTP Login Attempts will supply hints to the users.

Users that exceed this limit cannot be tracked using the Event > HTTP Login Failure property

The HTTP Login Attempts use 501 status codes.

Users that exceed this limit can be tracked using the Event > HTTP Login Failure property

Define the failed login limit for endpoint users attempting to authenticate via the HTTP Login
page.

What Virtual Firewall parameters are configured when provisioning a policy? (Choose two)
Select one or more:

Blocking rules

Quality of service

Session connection state

Blocking exceptions

Malware blocking

Which of the properties listed might be used by the Enterprise Discover policy to identify
Printers?
Select one:

Network Adapter

Function

WLAN AP Name

IPv4 address

DHCP Device OS

Which of the following is NOT critical information for asset discovery?

Select one:

Login events

Compliance events

Admission events

Open ports

Endpoint visibility

Which of the following is a remediation?

Select one:

Access Port ACL

Run Script on Windows

Virtual Firewall

Assign to a VLAN

Switch Block

Which of the following action categories modifies network infrastructure devices to manage
the network access of detected endpoints?
Select one:

Restrict

Manage

Notify

Enable

Remediate

Select the option that best describes the GUI location to access the Segment Manager
Select one:

Details Pane

Inventory Pane

Detections Pane

Views Pane

Filters Pane

How can you show only active endpoints in the information pane?
Select one:

Select “Filter by online host”

Deselect “inactive” option

Filter by “internal” option

Select “Show only unassigned”

Add an active endpoint column

Select the actions that all require SecureConnector.

Select one:
Disable External Device, Disable Dual-Homed, Windows Self Remediation

Start Antivirus, Set Registry Key, Windows Self Remediation

Disable Dual-Homed, Send Balloon Notification, Disable External Device

Disable Dual-Homed, Run Windows Script, HTTP redirection to URL

Send Email to user, Run Windows Script, Kill Peer to Peer, HTTP redirection to URL

Which of the following is NOT a way that Windows SecureConnector may be installed on
managed systems?
Select one:

On domain systems by pushing it out from an application management platform such as

SCCM.

Downloading it from the ForeScout support website.

Automatically on managed systems as a result of policy action.

By the end user, via link in an HTTP message on any system as a result of a policy HTTP
redirect action.

On managed systems as a result of a Forescout operator’s manual action.

How do you access the Segment Manager to add a new subnet? (Choose two)
Select one or more:

Provision from the Policy Tab

Select Segment Manager from the Tools menu.

Click on the Options Gear Icon.

Click on Internal Network pane from Options.

Right click on Segments in the filters pane.

Which of the following is required for the Virtual Firewall action to function properly?
Select one:
Switch SNMP Integration

Router Integration

Switch ACL Integration

Host Manageability

Mirrored/SPAN Traffic

Which policy action type can terminate a Windows endpoint service?

Select one:

Notification

Classify

Manage

Restrict

Remediate

What of the following is needed for Virtual Firewall to be effective?

Select one:

Spanning tree must be enabled on switches

A layer-three deployment

Anti-spoofing must be enabled on routers

Two Forescout channels

Symmetrical traffic monitoring

Which of the following are mandatory for a policy? (Choose two)

Select one or more:

Unique Name

Scope

Main rule Action

Main rule Condition

Sub-rules

Which of the following does NOT represent one of the elements of a policy structure?
Select one:

A unique policy name

History

Policy conditions

A policy scope

Policy actions

Which of the following shows how to correctly reset the Admin GUI password from the
Forescout command line?
Select one:

[root@vct1 ~]# fstool passwd -admin (then type new password and confirm)

[root@vct1 ~]# fstool passwd -gui (then type new password and confirm)

[root@vct1 ~]# passwd –u admin (then type new password and confirm)

[root@vct1 ~]# passwd (then type new password and confirm)

[root@vct1 ~]# fstool passwd ( then type new password and confirm)
Which of the following is NOT a Remediate action?
Select one:

Run Script

Start/Update Antivirus

Start Windows Updates

Virtual Firewall

Kill Process
When creating a control policy to block hosts, what actions require a vendor compatible
managed switch? (Choose two)
Select one or more:

Action: Virtual Firewall

Action: Email Notification to admin

Action: Switch Block

Action: HTTP Notification to user

Action: Endpoint Address ACL

What is the default port used to manage a member appliance from an Enterprise Manager?
Select one:

TCP 52311

UDP 69

TCP 13000

UDP 61

TCP 443

Which Forescout interfaces are needed for a layer 3 channel? (Choose two)
Select one or more:

Monitor interface

Trunk interface

Response interface

NetFlow interface

Management interface
Which of the following does NOT help to enhance discovery?
Select one:

Virtual firewall

Switch plugin integration

Mirroring logins to authentication servers

Mirroring as much traffic as possible

DHCP traffic

Which of the following triggers policy evaluation?

Select one:

Deleting an endpoint from the console

Selecting a policy in the View pane

A default 24-hour policy timer

An Admission Event

Clearing an endpoint detection

Which of the following is NOT required for initial command line installation?
Select one:

DNS server

DHCP reservation

Management interface

Administrator password

IP address

What authentication methods are available for console users? (Choose two)
Select one or more:

OAuth

TACACS+
MS-Direcotry Services

CLI

Local

Which feature can be populated through Options > Discovery Rules and through targeted
policies?
Select one:

Group Manager

Asset Inventory Tab

Advanced Tools

Policy Results panel

Threat Protection Results panel