Select the option that corresponds to the following statement: This feature provides remote

failover for an Enterprise Manager that is no longer functioning due to, for example, a natural
disaster or crisis:
Select one:

Active/Active clustering

VRRP

Port Mirroring

High Availability

Recovery Manager

How can you tell which username you are logged in to the console with?
Select one:

Go to the view pane

Go to the Menu

Go to the inventory

Go to the title bar

Go to the threats

Which TCP Port must be allowed on the local firewall to ensure Linux and Apple Macintosh
endpoints can be managed by Forescout via Local credentials?
Select one:

Port 445/TCP

Port 13000/TCP

Port 22/TCP

Port 10003/TCP

Port 10005/TCP
Select the option that is NOT required for a successful virtual firewall action.
Select one:

The channel is properly configured for monitoring

This policy's Virtual Firewall Action Threshold has not yet been reached

The virtual firewall policy is correctly structured

The appliance is in Full Enforcement mode

SecureConnector is installed on the endpoint

What authentication methods are available for console users? (Choose two)
Select one or more:

TACACS+

OAuth

CLI

Local

MS-Direcotry Services

Which of the following is a common cause of problems with Windows host management?
Select one:

The Remote Registry service is enabled by default.

The service account is not a member of the Local Administrators group.

SecureConnector is installed.

Forescout does not have write permission to the temp directory for script execution.

Host based IPS products never block “Remote Inspection”.

Complete the following statement: The primary reason for the Internal Network range is to
Select one:

Set the IP range(s) to be used in the scope of a NAC policy

Define which IP range(s) an appliance will manage

Configure the IP range for the IPS feature to use when creating virtual endpoints as marks for
threats.

Restrict the management addresses authorized to connect to the console

Define the IP range(s) to be protected by the Forescout deployment

What Virtual Firewall parameters are configured when provisioning a policy? (Choose two)
Select one or more:

Malware blocking

Blocking exceptions

Quality of service

Blocking rules

Session connection state

Which of the following is required for the Virtual Firewall action to function properly?
Select one:

Switch SNMP Integration

Mirrored/SPAN Traffic

Host Manageability

Switch ACL Integration

Router Integration
Which feature provides an attribute-based perspective of your network resources rather than
an endpoint-based view?
Select one:

User Directory plugin

Dashboards

Reports Portal

Policy Manager Tab

Asset Inventory Tab

Which of the following is true about manual classification.

Select one:

It is used to assign a host to a segment.

A device can be manually assigned to only one group

It prevents other discovery actions.

It is preferred over all other classification actions.

It is a manual action that causes a network asset to match a specific device type.

Which of the following action categories modifies network infrastructure devices to manage
the network access of detected endpoints?
Select one:

Enable

Remediate

Manage

Restrict

Notify

Which of the following is a valid reason to consider deploying SecureConnector?

Select one:

It enables the Kill Process Remediate action

It enables end user HTTP notification actions

It disables the wireless NIC on dual homed PCs

It allows external USB devices to be disabled

Time sensitive reporting is not needed.

Which of the following shows how to correctly reset the Admin GUI password from the
Forescout command line?
Select one:

[root@vct1 ~]# passwd –u admin (then type new password and confirm)

[root@vct1 ~]# fstool passwd ( then type new password and confirm)

[root@vct1 ~]# fstool passwd -admin (then type new password and confirm)

[root@vct1 ~]# passwd (then type new password and confirm)

[root@vct1 ~]# fstool passwd -gui (then type new password and confirm)

Classification is fed by:

Select one:

Assessment Policies

Informational Security

Discover Policy

Control Policies

ActiveResponse
What must be done to populate all the widgets in the default dashboard tab “Device
Visibility”?
Select one:

The Dashboard policy templates must be run

SecureConnector must be running

Assess policies must be tagged as an application issue

Device Discovery must be disabled

Classify policies must be categorized

What is a purpose of the Classify policies?

Select one:

Determining host online status

Generating host inventory

Setting host control status

Reporting host compliance status

Determining corporate manageability and ownership of the endpoint

A Forescout administrator has created a custom dashboard tab containing specialized widgets
and wishes to share this tab with another administrator. Which of the following is true?
Select one:

Set the privacy settings to Private so other admins can create the tab.

Set the privacy settings to Public so other admins can add the tab.

Share the tab then other admins will see it when they log out and log back in.

There is no way to accomplish this without other admins manually creating the tab and all the
widgets.

Share the tab so it automatically appears for all other admins.

Which feature prevents Forescout from using resources such as Nmap and OS Fingerprint
scans to learn device properties?
Select one:

Threat Protection Legitimate Scan addresses

Properties-Passive Learning

Ignored IPs

HPS fsprocsvc

IoT Posture Assessment Engine

Select the option that is NOT one of the phases of the deployment timeline?
Select one:

Audit: Send notifications to admins and managers

Engineer: Design and construct various elements of the network

Enforce: Limit access to network/Internet until compliant

Discover: Detect non-compliant assets

Educate and Train: Automatic, personal, directed email or Web notification to inform users
of new policies

Select the item that can NOT be shown by the Filter pane.
Select one:

Properties - Passive Learning

Ignored IPs

Groups

Segments

Irresolvable Hosts
Which directory on the Forescout appliance contains the log files?
Select one:

/tmp/logs/forescout

/usr/local/forescout/log

/var/log/forescout

/etc/forescout/logs

/usr/logs/forescout

Which of the following are mandatory for a policy? (Choose two)

Select one or more:

Main rule Condition

Main rule Action

Unique Name

Sub-rules

Scope

Select the actions that all require SecureConnector.

Select one:

Send Email to user, Run Windows Script, Kill Peer to Peer, HTTP redirection to URL

Disable Dual-Homed, Send Balloon Notification, Disable External Device

Start Antivirus, Set Registry Key, Windows Self Remediation

Disable External Device, Disable Dual-Homed, Windows Self Remediation

Disable Dual-Homed, Run Windows Script, HTTP redirection to URL

A Forescout administrator cannot determine why manageable endpoints do not match the
Linux Manageable sub-rule shown in the image. Using the image below select the response
that has caused this.

Select one:

The policy scope is not set to managed Linux endpoints

The main rule has no conditions

The first sub-rule has no conditions

SSH is not open on the endpoints

The last sub-rule has conditions

What are the 4 phases of the policy life cycle?
Select one:

Classification, Informational, Clarification, Enforcement

Classification, Clarification, Security, Control

Classification, Clarification, Security, Enforcement

Discover, Classify, Assess, Control

Classification, Clarification, Compliance, Enforcement

Which of the properties listed might be used by the Enterprise Discover policy to identify
Printers?
Select one:

Network Adapter

DHCP Device OS

WLAN AP Name

Function

IPv4 address

Forescout identified your company's network monitoring tool as a malicious device because
it is scanning your network using SNMP / ICMP. Which of the following configurations will
prevent your scanning server from being detected as malicious?
Select one:

Add the scanner’s IP address to "Ignored IPs" in the Filters pane in the Forescout GUI

Create an object in Segment Manager called "Out of Scope" and add the IP of this Network
Management server to "Out of Scope" range.

Add the Server to Group "Exempt-Approved-Misc Devices" and exclude group from Asset
Classification Policy

Add your scanner's IP addres to Threat Protection -> Legitimate Scan under "Options" in the
Forescout GUI

Create a policy that ignores Threat Protection detections.

Which of the following is NOT required for the HPS Plugin to be functional for Windows
endpoint manageability? (Choose two)
Select one or more:

The Domain service account must be a member of the Local Administrators group.

File and printer sharing must be enabled.

The C$ share must be present.

SMB signing must be enabled on the endpoints

NTLMv2 authentication must be disabled.

Sequence the following sub-rules as recommended by ForeScout for Antivirus Assessment.

Complete the following statement. A main rule condition is…

Select one:

A set of criteria queried when evaluating hosts to match a policy.

A set of actions taken for all hosts matching the policy scope.

A set of policies that are controlled and enforced.

A set of measures taken at network hosts.

A set of sub-rules that are queried when evaluating hosts.

Which of the following statements are true about the Options > NAC > HTTP Login
Attempts. (Choose two)
Select one or more:

Define the failed login limit for endpoint users attempting to authenticate via the HTTP Login
page.

The HTTP Login Attempts will supply hints to the users.

Users that exceed this limit can be tracked using the Event > HTTP Login Failure property

The HTTP Login Attempts use 501 status codes.

Users that exceed this limit cannot be tracked using the Event > HTTP Login Failure property

When creating a control policy to block hosts, what is the appropriate Restrict action when it
is attached to an unmanaged switch?
Select one:

Action: Virtual Firewall

Action: Email Notification to admin

Action: Access Port ACL

Action: Switchport VLAN

Action: Switch Block

Which of the following ports is not used by the HPS Inspection Engine Plugin to manage
Windows clients?
Select one:

TCP/139

TCP/22

TCP/135

TCP/445

TCP/10003
Which of the following methods of switch communication does the switch plugin support?
Select one:

SNMP, RPC, HTTPS, and SSH

SNMP, Telnet, SSH and SMTP

SNMP, SSH, CDP and STP

SNMP, SMTP, FTP, and SSH

SNMP, Telnet, and SSH

Select the option that best describes two common deployment types for Forescout.
Select one:

Infrastructure and Software

Centralized or distributed

Layer 3 or Layer 4

Hub and Spoke

Listening or Blocking

Which of the following is NOT a Remediate action?

Select one:

Start Windows Updates

Kill Process

Run Script

Start/Update Antivirus

Virtual Firewall
Which of the following is NOT a way that Forescout can provide user notifications on
managed devices?
Select one:

Send Balloon Notification using SecureConnector

Send Email to User

Messenger service pop ups

HTTP redirection to URL

HTTP Notification

Select the statement below that is true:

Select one:

Double clicking on a Dashboard widget displays all the matching hosts on the legacy Assets
Portal.

Searching the displayed Asset info only searches the displayed information.

When creating widgets, any chart type may always be selected no matter what data type you
choose.

Double clicking on a Dashboard widget displays up to 1000 of the matching hosts on the
Assets tab.

Double clicking on a Dashboard widget displays all the matching hosts on the Assets tab, no
matter how many.

Which of the following are NOT valid deployment architectures? (Choose two)
Select one or more:

Hybrid NAC architecture

Distributed NAC architecture

Centralized NAC architecture

Remote NAC architecture

Layer-2 NAC architecture

Complete the following statement: Lists are ___________________
Select one:

A collection of property values to use in a policy condition

A collection of Forescout appliance licenses

A collection of action log files

A collection of archived policies

A collection of dissimilar properties for use in a policy condition

Which of the following best completes the statement: The Forescout admin Password… ?
Select one:

should be the same as the root password for the appliance.

is the root user password to the Forescout GUI Console.

is initially the same as the root password for the appliance but should be changed as soon as
possible.

is the admin user password to the Forescout CLI.

should be used by all Forescout administrators when configuring the GUI Console.

Match each fstool command to its corresponding description.

Which of the following can be used to send notification messages to unregistered guest users?
Select one:

http redirection

VLAN reassignment

IP ACL

SMTP
SecureConnector balloon

Which of the following best completes the following statement: An action configured on the
main rule of a policy is taken on…?
Select one:

network hosts, such as providing automatic remediation.

some of the endpoints matching the scope and main rule criteria for a policy, as determined
by the sub-rules (if any).

all endpoints matching the scope and main rule criteria for a policy, after which no sub-rules
are evaluated.

all endpoints matching the scope and main rule criteria for a policy, after which endpoints are
evaluated by the sub-rules (if any).

some of the endpoints matching the scope and main rule criteria for a policy, after which
endpoints are evaluated by the sub-rules (if any).

Which of the following is not a SecureConnector deployment method? (Choose two)

Select one or more:

Dissolvable

Permanent as a Service

Permanent as an Application

Transient

Removable
What causes the Antivirus Assessment policy to have two paths feeding it in the following
diagram?

Select one:

The Windows Enterprise Manageability policy automatically passes results to the Antivirus
Compliance policy. The administrator added an “If member of group Linux” condition to the
Antivirus Compliance policy.

The Anitvirus Assessment policy automatically pulls results from all Windows related
policies.

Policies 1.1.1 and 1.2.1 have a “Push results to” action applied by the administrator.

The Primary Classification and Windows Enterprise Manageability policies automatically

push groups to the Antivirus Assessment policy for evaluation.

The Antivirus Assessment policy has a {“If member of group Windows” OR “If member of
Corporate Hosts”} condition.

Match the Options NAC Time Setting to its appropriate description

Which of the following options represents an example of active data collection?
Select one:

Browser type

Power state

OS Fingerprint scan

Switch SNMP traps

NetFlow data

Which feature can be populated through Options > Discovery Rules and through targeted
policies?
Select one:

Policy Results panel

Advanced Tools

Group Manager

Threat Protection Results panel

Asset Inventory Tab

What Forescout feature protects against service attacks?

Select one:

Access Control Lists

Ping sweep

Nmap

ActiveResponse

SecureConnector
Which design strategy deploys Forescout exclusively in the network core?
Select one:

Hub and spoke

Distributed

Centralized

Point to Point

Hybrid

What policy configuration is required to inform Forescout that a policy should be used to
measure compliance?
Select one:

SecureConnector must be installed

All sub-rules must be labeled compliant

The policy must be tagged as an application issue

The endpoints must be managed

The policy must be categorized as a compliance policy

Which of the following is a prerequisite for sub-rule evaluation for an endpoint by a policy
with sub-rules?
Select one:

The first sub-rule must look for compliant conditions on the endpoint

The scope must have a group filter applied

The endpoint must match at least one main rule condition

The endpoint must match the main rule conditions and scope

The main rule must have an action to trigger sub-rules

Select the option that best describes the GUI location to access the Segment Manager
Select one:

Filters Pane

Detections Pane

Inventory Pane

Views Pane

Details Pane

Which of the following is NOT true about HPS Remote inspection credential requirements.
Select one:

Multiple service accounts and domain entries are possible.

The service account should be able to connect to Windows clients using MS-WMI or MS-
RRP.

The service account must authenticate with endpoints using NTLMv2.

The service account should be a Domain level account that has local administrative privileges
on systems to be managed by Forescout.

When multiple service acounts exist, the domain name of the endpoint is used to select the
proper credentials.

What action type is usually performed by Discover policies?

Select one:

Add to a group

Add to a list

Add to a subnet

Add to the Discovered IP list

Add to a segment
Which of the following is NOT configured during the initial command line configuration?
Select one:

High Availability

Subnet mask and default gateway

Management Interface

NTP Server Address

IP Address

Which of the following is a benefit of Appliance management tools? (Options > CounterAct
Devices for EM deployments or Options > Appliance for standalone deployments)
Select one:

They help to manage wireless

They help to manage backup servers

They help to manage switches

They help to upgrade plugins

They help to view appliance IP Assignments

Which of the following is NOT a configuration option of the Options > CounterAct Devices
management tools for an Enterprise Manager?
Select one:

Add Recovery Manager

Reinstall software

Add/Remove Appliances

Start/Stop Appliances

Upgrade Software
Which type of Assess policy has high potential bandwidth impact?
Select one:

Pushing Windows Patches from Forescout

Activating Classification Policy

Invoking Threat Protection

Enabling Anti-virus

Restricting Peer-to-Peer

Which of the following is NOT true of Forescout when it is operating in Partial Enforcement
mode?
Select one:

Threat Protection is disabled

HTTP Actions are disabled

All Restrict actions are disabled

Forescout will communicate with endpoints with SecureConnector installed.

Virtual Firewall is disabled

What are some of the questions to ask in a Classify Policy? (Choose two)
Select one or more:

Is the antivirus up to date?

Is it domain or remotely manageable?

Is it SecureConnector manageable?

Is a specific application installed?

Is guest authenticated?
.
Which of the following is included in the Network Base Module?
Select one:

User Directory

Advanced Tools Plugin

Switch

DNS Client

DHCP Classifier

Select the command that can be used to test endpoint manageability with IP address
192.168.1.50 -
Select one:

fstool va_test –c 192.168.1.50

fstool va_test -h 192.168.1.50

fstool endpoint_test -h 192.168.1.50

fstool va_check -h 192.168.1.50

fstool endpoint_check -h 192.168.1.50

How many sub-rules are in this policy as seen in the Views Pane?

Select one:

15

You have to open the Policy Manager to determine that

What is required for Forescout to perform deep endpoint inspection?
Select one:

Forescout must have an orchestrate module enabled

The device must be manageable

Windows devices must have port 22 open

The endpoint must have a Window’s license

An administrator must be logged into the endpoint

Which one of the following management methods requires an agent on the endpoint?
Select one:

RPC management

WMI management

SSH

SecureConnector

NMAP

Which of the following represents an example of passive data collection?

Select one:

OS Fingerprint scan

Endpoint services running

OS Type (from NMAP profile)

File version

HTTP User Agents

What action types are typically included within assessment policies?

Select one:

Adding remote inspection capabilities

Modifying a Forescout channel

Remediation actions
Invoking a Restrict action

Adding management agent such as SecureConnector

Which step is NOT required for Linux/Unix and Mac Classify policies to work?
Select one:

SSH public keys must be exchanged

SSH private keys must be exchanged

SSHD must be running on host

Enable remote inspection in the module

Ensure infrastructure firewalls allow port 22 to Forescout appliances

Which of the following is NOT used in order for Classify policies to work?
Select one:

RPC

NTP

SMB

WMI

SecureConnector

Which of the following is NOT a Remediate action?

Select one:

Set Registry Key on Windows

Kill Instant Messaging on Windows

Start/Update Antivirus

Kill Process

Assign to VLAN
Which of the following is NOT a valid option for the user type when adding a user profile?
Select one:

Single external user directory

Single smart card

Single external RADIUS

Single password

Group external user directory

Finish the statement: The Passive learning default group is used when
Select one:

An endpoint is managed

You don’t want it evaluated by policies

The management port is set to passive mode

A device is vulnerable to active scanning

Active learning is not set on the monitor port

Which of the following will, by default, cause endpoints to be inspected by Forescout?

Select one:

Enabling Full Enforcement

HeartBeat Timer

Forescout License renewal timer expiration

Disabling HPS

Policy Admission Events

Once all the required template policies have been created, which of the following Dashboards
are NOT available by default? (Choose two)
Select one or more:

Servers

Device Visibility

Device Compliance

Health Compliance

Health Monitoring

Use the image to select the policy name that uses WMI for management.

Select one:

1.2.0.5 Network Device Manageability

1.2.0.2 Windows Enterprise Manageability

1.2.0.3 Mac OS Manageability

1.2.0.7 Mobile Devices

1.2.0.4 Linux Manageability

Discover policy results flow into what policy family?
Select one:

Orchestrate

Control

Assess

Test

Classify

Which of the following mechanisms does Forescout use to collect host MAC Address
information?
Select one:

ePO module

Advanced Tools Plugin

User Directory

DNS Enforcement

Host Property Scanner