Professional Documents
Culture Documents
Ujian ForeScout FSCA 2
Ujian ForeScout FSCA 2
failover for an Enterprise Manager that is no longer functioning due to, for example, a natural
disaster or crisis:
Select one:
Active/Active clustering
VRRP
Port Mirroring
High Availability
Recovery Manager
How can you tell which username you are logged in to the console with?
Select one:
Go to the Menu
Go to the inventory
Go to the threats
Which TCP Port must be allowed on the local firewall to ensure Linux and Apple Macintosh
endpoints can be managed by Forescout via Local credentials?
Select one:
Port 445/TCP
Port 13000/TCP
Port 22/TCP
Port 10003/TCP
Port 10005/TCP
Select the option that is NOT required for a successful virtual firewall action.
Select one:
This policy's Virtual Firewall Action Threshold has not yet been reached
What authentication methods are available for console users? (Choose two)
Select one or more:
TACACS+
OAuth
CLI
Local
MS-Direcotry Services
Which of the following is a common cause of problems with Windows host management?
Select one:
SecureConnector is installed.
Forescout does not have write permission to the temp directory for script execution.
Complete the following statement: The primary reason for the Internal Network range is to
Select one:
What Virtual Firewall parameters are configured when provisioning a policy? (Choose two)
Select one or more:
Malware blocking
Blocking exceptions
Quality of service
Blocking rules
Which of the following is required for the Virtual Firewall action to function properly?
Select one:
Mirrored/SPAN Traffic
Host Manageability
Router Integration
Which feature provides an attribute-based perspective of your network resources rather than
an endpoint-based view?
Select one:
Dashboards
Reports Portal
It is a manual action that causes a network asset to match a specific device type.
Which of the following action categories modifies network infrastructure devices to manage
the network access of detected endpoints?
Select one:
Enable
Remediate
Manage
Restrict
Notify
Which of the following shows how to correctly reset the Admin GUI password from the
Forescout command line?
Select one:
[root@vct1 ~]# passwd –u admin (then type new password and confirm)
[root@vct1 ~]# fstool passwd ( then type new password and confirm)
[root@vct1 ~]# fstool passwd -admin (then type new password and confirm)
[root@vct1 ~]# fstool passwd -gui (then type new password and confirm)
Assessment Policies
Informational Security
Discover Policy
Control Policies
ActiveResponse
What must be done to populate all the widgets in the default dashboard tab “Device
Visibility”?
Select one:
A Forescout administrator has created a custom dashboard tab containing specialized widgets
and wishes to share this tab with another administrator. Which of the following is true?
Select one:
Set the privacy settings to Private so other admins can create the tab.
Set the privacy settings to Public so other admins can add the tab.
Share the tab then other admins will see it when they log out and log back in.
There is no way to accomplish this without other admins manually creating the tab and all the
widgets.
Properties-Passive Learning
Ignored IPs
HPS fsprocsvc
Select the option that is NOT one of the phases of the deployment timeline?
Select one:
Educate and Train: Automatic, personal, directed email or Web notification to inform users
of new policies
Select the item that can NOT be shown by the Filter pane.
Select one:
Ignored IPs
Groups
Segments
Irresolvable Hosts
Which directory on the Forescout appliance contains the log files?
Select one:
/tmp/logs/forescout
/usr/local/forescout/log
/var/log/forescout
/etc/forescout/logs
/usr/logs/forescout
Unique Name
Sub-rules
Scope
Send Email to user, Run Windows Script, Kill Peer to Peer, HTTP redirection to URL
Select one:
Which of the properties listed might be used by the Enterprise Discover policy to identify
Printers?
Select one:
Network Adapter
DHCP Device OS
WLAN AP Name
Function
IPv4 address
Forescout identified your company's network monitoring tool as a malicious device because
it is scanning your network using SNMP / ICMP. Which of the following configurations will
prevent your scanning server from being detected as malicious?
Select one:
Add the scanner’s IP address to "Ignored IPs" in the Filters pane in the Forescout GUI
Create an object in Segment Manager called "Out of Scope" and add the IP of this Network
Management server to "Out of Scope" range.
Add the Server to Group "Exempt-Approved-Misc Devices" and exclude group from Asset
Classification Policy
Add your scanner's IP addres to Threat Protection -> Legitimate Scan under "Options" in the
Forescout GUI
The Domain service account must be a member of the Local Administrators group.
A set of actions taken for all hosts matching the policy scope.
Define the failed login limit for endpoint users attempting to authenticate via the HTTP Login
page.
Users that exceed this limit can be tracked using the Event > HTTP Login Failure property
Users that exceed this limit cannot be tracked using the Event > HTTP Login Failure property
When creating a control policy to block hosts, what is the appropriate Restrict action when it
is attached to an unmanaged switch?
Select one:
Which of the following ports is not used by the HPS Inspection Engine Plugin to manage
Windows clients?
Select one:
TCP/139
TCP/22
TCP/135
TCP/445
TCP/10003
Which of the following methods of switch communication does the switch plugin support?
Select one:
Select the option that best describes two common deployment types for Forescout.
Select one:
Centralized or distributed
Layer 3 or Layer 4
Listening or Blocking
Kill Process
Run Script
Start/Update Antivirus
Virtual Firewall
Which of the following is NOT a way that Forescout can provide user notifications on
managed devices?
Select one:
HTTP Notification
Double clicking on a Dashboard widget displays all the matching hosts on the legacy Assets
Portal.
Searching the displayed Asset info only searches the displayed information.
When creating widgets, any chart type may always be selected no matter what data type you
choose.
Double clicking on a Dashboard widget displays up to 1000 of the matching hosts on the
Assets tab.
Double clicking on a Dashboard widget displays all the matching hosts on the Assets tab, no
matter how many.
Which of the following are NOT valid deployment architectures? (Choose two)
Select one or more:
Which of the following best completes the statement: The Forescout admin Password… ?
Select one:
is initially the same as the root password for the appliance but should be changed as soon as
possible.
should be used by all Forescout administrators when configuring the GUI Console.
Which of the following can be used to send notification messages to unregistered guest users?
Select one:
http redirection
VLAN reassignment
IP ACL
SMTP
SecureConnector balloon
Which of the following best completes the following statement: An action configured on the
main rule of a policy is taken on…?
Select one:
some of the endpoints matching the scope and main rule criteria for a policy, as determined
by the sub-rules (if any).
all endpoints matching the scope and main rule criteria for a policy, after which no sub-rules
are evaluated.
all endpoints matching the scope and main rule criteria for a policy, after which endpoints are
evaluated by the sub-rules (if any).
some of the endpoints matching the scope and main rule criteria for a policy, after which
endpoints are evaluated by the sub-rules (if any).
Dissolvable
Permanent as a Service
Permanent as an Application
Transient
Removable
What causes the Antivirus Assessment policy to have two paths feeding it in the following
diagram?
Select one:
The Windows Enterprise Manageability policy automatically passes results to the Antivirus
Compliance policy. The administrator added an “If member of group Linux” condition to the
Antivirus Compliance policy.
The Anitvirus Assessment policy automatically pulls results from all Windows related
policies.
Policies 1.1.1 and 1.2.1 have a “Push results to” action applied by the administrator.
The Antivirus Assessment policy has a {“If member of group Windows” OR “If member of
Corporate Hosts”} condition.
Browser type
Power state
OS Fingerprint scan
NetFlow data
Which feature can be populated through Options > Discovery Rules and through targeted
policies?
Select one:
Advanced Tools
Group Manager
Ping sweep
Nmap
ActiveResponse
SecureConnector
Which design strategy deploys Forescout exclusively in the network core?
Select one:
Distributed
Centralized
Point to Point
Hybrid
What policy configuration is required to inform Forescout that a policy should be used to
measure compliance?
Select one:
Which of the following is a prerequisite for sub-rule evaluation for an endpoint by a policy
with sub-rules?
Select one:
The first sub-rule must look for compliant conditions on the endpoint
The endpoint must match the main rule conditions and scope
Filters Pane
Detections Pane
Inventory Pane
Views Pane
Details Pane
Which of the following is NOT true about HPS Remote inspection credential requirements.
Select one:
The service account should be able to connect to Windows clients using MS-WMI or MS-
RRP.
The service account should be a Domain level account that has local administrative privileges
on systems to be managed by Forescout.
When multiple service acounts exist, the domain name of the endpoint is used to select the
proper credentials.
Add to a group
Add to a list
Add to a subnet
Add to a segment
Which of the following is NOT configured during the initial command line configuration?
Select one:
High Availability
Management Interface
IP Address
Which of the following is a benefit of Appliance management tools? (Options > CounterAct
Devices for EM deployments or Options > Appliance for standalone deployments)
Select one:
Which of the following is NOT a configuration option of the Options > CounterAct Devices
management tools for an Enterprise Manager?
Select one:
Reinstall software
Add/Remove Appliances
Start/Stop Appliances
Upgrade Software
Which type of Assess policy has high potential bandwidth impact?
Select one:
Enabling Anti-virus
Restricting Peer-to-Peer
Which of the following is NOT true of Forescout when it is operating in Partial Enforcement
mode?
Select one:
What are some of the questions to ask in a Classify Policy? (Choose two)
Select one or more:
Is it SecureConnector manageable?
Is guest authenticated?
.
Which of the following is included in the Network Base Module?
Select one:
User Directory
Switch
DNS Client
DHCP Classifier
Select the command that can be used to test endpoint manageability with IP address
192.168.1.50 -
Select one:
How many sub-rules are in this policy as seen in the Views Pane?
Select one:
15
Which one of the following management methods requires an agent on the endpoint?
Select one:
RPC management
WMI management
SSH
SecureConnector
NMAP
OS Fingerprint scan
File version
Remediation actions
Invoking a Restrict action
Which step is NOT required for Linux/Unix and Mac Classify policies to work?
Select one:
Which of the following is NOT used in order for Classify policies to work?
Select one:
RPC
NTP
SMB
WMI
SecureConnector
Start/Update Antivirus
Kill Process
Assign to VLAN
Which of the following is NOT a valid option for the user type when adding a user profile?
Select one:
Single password
Finish the statement: The Passive learning default group is used when
Select one:
An endpoint is managed
HeartBeat Timer
Disabling HPS
Servers
Device Visibility
Device Compliance
Health Compliance
Health Monitoring
Use the image to select the policy name that uses WMI for management.
Select one:
Orchestrate
Control
Assess
Test
Classify
Which of the following mechanisms does Forescout use to collect host MAC Address
information?
Select one:
ePO module
User Directory
DNS Enforcement