The Enterprise Discover policy uses what property to identify Networking Equipment?

Select one:

Function

Open port 80/HTTP

DNS name

Session as Client

Access IP

Which of the following is NOT displayed by the Setup Summary section of the initial
command line installation?
Select one:

DNS server

NTP server

IP Mask and Default Gateway for Management Interface

Appliance host name

(T)est to verify the default gateway and DNS

Which one of the following will cause errors when using the Linux plugin to enable Remote
Inspection on endpoints?
Select one:

The admin service account configured in the Linux plugin has not been created on every
endpoint to be managed.

Forescout’s public SSH key was added to the “authorized_keys” file on the endpoints.

The “Enable remote inspection” check box is selected in the Linux plugin.

The network infrastructure is not blocking TCP/22 between Forescout and the managed
endpoints.

The SSH server is installed and running on the endpoints to be managed.

What is the default port used to manage a member appliance from an Enterprise Manager?
Select one:

UDP 69

TCP 13000

TCP 52311

TCP 443

UDP 61

Forescout operations are described as See, Control, and Orchestrate. What are the policy
families that fall within “SEE”? (Choose two)
Select one or more:

Assess

Restrict

Port Block

Notify

Discover

ACL blocking enables protection at the switch port level. Select the option that does NOT
represent one of the ACL blocking benefits.
Select one:

More robust control of TCP traffic.

More robust control of UDP traffic.

Block specific (but not all) hosts on a switch port.

Assign access limitations on wireless controllers with the switch plugin.

Limit access on flat networks when there is no opportunity to assign hosts to a VLAN.
Which is a Classify goal?
Select one:

Identify hosts that are blocked by policy

Determine specifics about endpoints that could not be detected in compliance.

Identify hosts that are corporate assets.

Determine specifics about endpoints that could not be detected in control.

Make segments of classified systems, devices, and break them down into organizational
units.

Which of the following is a reason to use guest tags?

Select one:

To provide guests with different types of network access.

To differentiate guest authentication databases.

Categorize approved unmanaged network guests into specific cells.

To restrict user bandwidth within Forescout.

To treat all guests with equal restrictions.

What is required to display a Balloon Message on a managed host?

Select one:

Domain credentials

SecureConnector

A client Web Browser

A layer-two response port

SPAN Session
How can you add more properties to be displayed for an endpoint in the NAC > detections
area?
Select one:

Select Manage Organizational Units

Select Views Panel option

Right click Threat protection

Right click column headers

Select option in the legacy Assets portal

Which design approach has the least visibility into endpoint VLANs?
Select one:

Centralized

Layer 2

Per Appliance Licensing

Distributed

Hybrid

What is required to achieve agentless management of a Windows host?

Select one:

port 445 or 139, RDP, Remote Registry, C$ admin share

port 445 or 139, RPC, Remote Registry, C$ admin share

port 443, 139, RPC, DNS

port 445, 1300, RPC

port 443, 13000, RPC, RDP, Remote Registry

Which of the following is the primary function of the HPS Inspection Engine plugin.
Select one:

It allows Forescout to manage Macintosh endpoints.

It allows Forescout to extract information associated with hosts from Active Directory.

It allows Forescout to manage all hosts.

It allows Forescout to manage Linux endpoints.

It allows Forescout to manage Windows endpoints.

You have drilled down into a dashboard widget and are seeing 3,968 Results on the related
Assets Tab, but when you scroll down to the bottom of the list you see they are not all
displayed. Which of the following is true regarding this situation?
Select one:

You must search using more specific criteria to reduce the number

The search feature will only search through information in the displayed columns

You need to re-run the dashboard policy template

You may export all 3,968 matching endpoints for external analysis

You cannot display more than 2,500 endpoints on the dashboard

Which of the following best defines a sub-rule?

Select one:

An if – then statement that is limited by the main rule and with notification only actions.

An if – then statement that runs independently of the main rule at set intervals.

An if – then statement that informs Forescout of infected end points via the Main rule.

An if – then statement that instructs Forescout how to follow-up with hosts after initial
detection via the Main rule.

An if – then statement that determines whether a host will be processed by other policies.
How do you exit the console? (Choose two).
Select one or more:

Control + P

Go to File>Stop all policies

Control + Alt + Delete

Go to File>Exit

Select the X button

Which of the following is true regarding sub-rules?

Select one:

Sub-rules are evaluated simultaneously.

Sub-rules instruct Forescout how to follow-up with hosts after initial detection via the Main
rule.

All Sub-rules in a policy are evaluated for every host detected via the Main rule.

Sub-rules are if – then statements which must have a condition and an action.

Sub-rules inform Forescout when to follow-up with hosts not detected via the Main rule.

SecureConnector (SC) communicates with Forescout via:

Select one:

RPC over SSL

22/TCP or 445/TCP depending on the operating system

HTTPS

A highly secure, proprietary protocol called D.R.O.R.

A TLS encrypted connection from SC to Forescout

Which of the following does Forescout identify in the Enterprise Discover policy?
Select one:

AntiVirus version

User identity

External device attachment

VOIP devices

Authentication method

Which of the following is NOT required for initial command line installation?
Select one:

IP address

DHCP reservation

Management interface

Administrator password

DNS server

how can you show only active endpoints in the information pane?
Select one:

Select “Filter by online host”

Add an active endpoint column

Deselect “inactive” option

Select “Show only unassigned”

Filter by “internal” option

How do you access the Segment Manager to add a new subnet? (Choose two)
Select one or more:

Right click on Segments in the filters pane.

Select Segment Manager from the Tools menu.

Click on Internal Network pane from Options.

Provision from the Policy Tab

Click on the Options Gear Icon.

Which policy action type can terminate a Windows endpoint service?

Select one:

Notification

Restrict

Manage

Classify

Remediate

Which of the following is true regarding the range of IP addresses configured in Options >
Access > Web?
Select one:

By default, this is the Internal Network range.

Addresses NOT defined here will be able to receive configured Web feature (HTTP, various
portals, User Portal Builder etc).

By default, this is the Active Response range.

Addresses defined here will be able to receive the configured Web feature (HTTP, various
portals, User Portal Builder etc).

Span traffic is not necessary for HTTP redirection pages for Addresses configured here.
When creating a control policy to block hosts, what actions require a vendor compatible
managed switch? (Choose two)
Select one or more:

Action: Email Notification to admin

Action: HTTP Notification to user

Action: Virtual Firewall

Action: Endpoint Address ACL

Action: Switch Block

How did Forescout determine the properties for the portion of the Host Details capture shown
below?

Select one:

Classify Policies

Control Policies

Discover Policy

Assessment Policies

Orchestration Policies
Which statement is true for FLEXX Licensing?
Select one:

Orchestration is supported with the FLEXX Base License

FLEXX Base licensing includes appliance level High Availabiltiy resiliency.

Different versions of FLEXX are required for physical and virtual appliances.

FLEXX Add-On Licenses are needed for See operations.

Endpoint counts are not tied to a specific appliance.

Which of the following properties leverages the Device Classification Engine?

Select one:

Function

NIC

Hostname

Serial Number

User

Complete the statement: Remediation describes

Select one:

Evaluating device ownership to determine compliance

Modifying a manageable endpoint to make it compliant

Changing a VLAN assignment of an endpoint

Blocking an endpoint from the network

Integrating Forescout with a security appliance

Which of the following is NOT configured from Options > Appliance (or from Options >
CounterACT Devices in an Enterprise Manager)?
Select one:

Manage Forescout licenses

Upgrade Forescout

Define Internal Network

Start/Stop appliances

Backup Forescout

Which command determines whether or not Forescout sees TAGGED SPAN traffic on
interface eth1?
Select one:

fstool network status eth1

fstool ifcount eth1

fstool tcpdump -ni eth1 vlans

fstool traffic eth1

ifconfig –eth1 –o traffic

Forescout reads switch bridge tables with unicast traffic methods. Which interface does it
use?
Select one:

Monitor interface

DMZ interface

Response interface

Management interface

SPAN destination

Which Forescout policy type is used to identify and organize selected network assets into
large groups of devices?
Select one:

Control

Discover
Orchestrate

Informational

Assess

Which of the following triggers policy evaluation?

Select one:

Clearing an endpoint detection

A default 24-hour policy timer

Deleting an endpoint from the console

Selecting a policy in the View pane

An Admission Event

Which policy family gathers device properties in order to identify device types?
Select one:

Orchestrate

Discover

Informational

Control

Assess
Which feature is useful for helpdesk personnel who do not have a Console account but need
to obtain all endpoint properties known by Forescout about a particular endpoint and recheck
it for policies?
Select one:

Host Details panel

Legacy Assets Portal

Asset Inventory Tab

Dashboards

Reports Portal
How can you manually download SecureConnector if you have a stand alone appliance?
Select one:

Navigate to [Link]

Navigate to [Link]

Navigate to [Link]

Navigate to [Link]

Navigate to [Link]

Which of the following is NOT a valid option for the user type when adding a user profile?
Select one:

Single password

Group external user directory

Single external user directory

Single smart card

Single external RADIUS

Select the tool used to exclude specific IP addresses from being evaluated by NAC policies.
Select one:

Tactical map

Segments

Ignored IP manager

Active Response Range

Properties - Passive Learning

Which Forescout feature can disable a Telnet session?

Select one:

Discover

Virtual Firewall
Orchestrate

Assess

Classify

What operating system (OS) types are the Console available for?
Select one or more:

Mac OSX

Linux

iOS

Windows

Android

Which feature can generate Donut, Trend or Counter displays for policies?
Select one:

Policy Results panel

Threat Protection Results panel

Dashboards

Reports Portal

Asset Inventory Tab

Which of the following is NOT a service that needs to be running for the HPS Plugin to
manage Windows endpoints?
Select one:

Server

Remote Registry

Windows Management Instrumentation

Security Accounts Manager

Remote procedure call (RPC)

Provided that Options > Discovery rules are activated, which tab of the Console is used to
quickly examine open ports of endpoints?
Select one:

Asset Inventory tab

Dashboard tab
Reports View

Policy Management tab

Threat Detections tab

Disabling external devices via the “disable external devices” action, requires which
component?
Select one:

Host Manageability

Mirrored Traffic

MAC address in a list

SecureConnector

Remote Registry Service

Which of the following are profiling techniques?

Select one or more:

Span traffic screening/scanning

Manual classification

Active Response Ranges

IP Addresses

Active/Passive Banners & fingerprinting

What are some of the questions to ask in a Classify Policy? (Choose two)
Select one or more:

Is it SecureConnector manageable?

Is guest authenticated?

Is the antivirus up to date?

Is it domain or remotely manageable?

Is a specific application installed?

Policy flow could be disrupted if the following best practices option is not selected on most
available policy properties:
Select one:

Stop all policy actions

Evaluate irresolvable criteria

Enable Threat Protection

Ignore information older than 1 hour

Recheck hosts on TCP reset

Forescout collects IP Address to MAC Address mapping information through which of the
following mechanisms:
Select one:

ePO module

DNS Enforcement

User Directory

Advanced Tools Plugin

Switch Plugin

Using the Forescout console, how would you exclude an IP Address from being processed by
all policies but still allow it to be seen by Discovery?
Select one:

Options > Ignored IP Manager

Options > Segment Manager

Tools > Ignored IP Manager

Tools > Segment Manager

Options > CounterACT Devices > Add the IP Address to the IP Assignment block list
Which of the following is NOT true regarding plugins/modules?
Select one:

They can add properties which can then be used in policies to evaluate endpoints.

Licenses must be purchased for all plugins/modules.

They extend Forescout’s capabilities.

They can add actions which can then be applied via policies.

The most common are included in the initial Forescout deployment.

You notice that Threat Protection, HTTP Actions, and Virtual Firewall actions are not
working on a stand alone appliance. What is most likely the cause?
Select one:

An IP-layer channel has not been configured

Partial Enforcement mode is enabled

Full Enforcement mode is enabled

A threat protection exemption has not been configured

It must be controlled by an enterprise manager

Which of the following is not a valid SecureConnector deployment mode for Windows?
(Choose two)
Select one or more:

Run as a web app

Permanent as a service

Temporary as a service

Permanent as an application

Dissolvable

An Enterprise Manager named FSEM01 manages an appliance called FSCT01. You notice
that Threat Protection, HTTP Actions, and Virtual Firewall actions are not working. What is
most likely the cause?
Select one:

A Layer3 channel has not been configured on FSEM01

Full Enforcement mode is enabled for FSCT01

A Layer3 channel has not been configured on FSCT01

Partial Enforcement mode is enabled for FSCT01

FSCT01 has not registered with FSEM01

Which policies determine device ownership?

Select one:

Discover

Assess

Orchestrate

Control

Classify
Which of the following best defines the term “policy”?
Select one:

A set of instructions for identifying, analyzing and responding to a broad range of network
activity within a defined scope which must include sub-rules.

A set of instructions for identifying, analyzing and responding to a broad range of network
activity within a defined scope which must include a main rule and sub-rules.

A set of instructions for identifying, analyzing and responding to a broad range of network
activity within a defined scope for the purpose of visibility, ensuring network compliance,
and security.

A set of instructions for identifying, analyzing and responding to a broad range of network
activity within the entire Internal Network which must include a main rule.

A set of instructions for identifying, analyzing and responding to a broad range of network
activity within the entire Internal Network for the purpose of visibility, ensuring network
compliance and security.

Which of the following are considered Forescout Restrict actions. (Choose two)
Select one or more:

Assign to VLAN

Casper updates

Start SecureConnector

Start windows update

Virtual Firewall

Which of the following is true regarding sub-rules?

Select one:

Sub-rules are if – then statements which must have a condition and an action.

Sub-rules are evaluated in sequence until a match is found.

Sub-rules inform Forescout when to follow-up with hosts not detected via the Main rule.

Sub-rules instruct Forescout how to follow-up with hosts before initial detection via the Main
rule.
All Sub-rules in a policy are evaluated for every host detected via the Main rule.

Which feature utilizes widgets?

Select one:

Dashboards

Options Policy Templates

Reports Portal

Asset Inventory Tab

Options Add Plugins

Which of the following is NOT an action you can take with a policy?
Select one:

Block managed hosts

Block rogue hosts

Remediate managed hosts

Remediate rogue hosts

Notify end users and IT security teams

Which of the following plugins is included in the Endpoint Base Module?

Select one:

HPS Inspection Engine

IoT Posture Assessment Engine

DHCP Classifier

Switch

Device Profile Library

Which of the following does NOT represent one of the elements of a policy structure?
Select one:

Policy conditions
History

A unique policy name

A policy scope

Policy actions

Select a property that Forescout uses during discovery to identify the device type.
Select one:

Applications Installed

Open sessions

Device manageability

Operating System

AV up to date

Endpoints found manageable by Classify policies are sent on to which type of policy?
Select one:

Control Policies

Informational Policies

Orchestration Policies

Discover Policy

Assess Policies
Which policy action type can modify a switch port?
Select one:

Restrict

Classify

Manage

Remediate

Notification

Which of the following is NOT required to show the “Health Monitoring” dashboard tab?
Select one:

Run the Virtual Appliances Inventory template

Run the Physical Appliances Inventory template

Run the Health Monitoring Policies template

Add the Health Monitoring tab to the dashboard

Run the Dashboard Policies template

What ports are used by a Forescout appliance to communicate with the Enterprise Manager
and endpoints (of all OS types) running SecureConnector?
Select one:

10005, 10003, 80, 22

10003, 80, 443, 22

13000, 10003, 10005, 10006

13000, 10002, 445, 139

1300, 445, 103, 22

Which two of the following are Restrict actions? (Choose two)

Select one or more:

Uninstall BitTorrent on an endpoint

Shutdown a switch port

Start SecureConnector

Disable a running endpoint process

Virtual FireWall to block a Telnet session

Which of the following is NOT an advantage of SecureConnector?

Select one:

Apply a switch ACL to an endpoint

Send a notification balloon to the desktop

To disable External Devices

Improve kill frequency when working with the Kill Process

Change the VLAN for a host connected through a VoIP phone.

Which Forescout interfaces are needed for a layer 3 channel? (Choose two)
Select one or more:

Trunk interface

NetFlow interface

Response interface

Monitor interface

Management interface
What is Forescout Assessment?
Select one:

A way to identify endpoints that need remediation to meet corporate security expectations.

A way to populate the Asset portal

A set of policies that quarantine endpoints that do not meet corporate security expectations

A way to delineate systems by OS

A mechanism to force endpoints to meet corporate security AntiVirus expectations