Forescout interview questions and answers

Posted by

 

  1. What is CounterACT 

 

The CounterACT platform provides
infrastructure and device visibility, policy management, orchestration, and
workflow streamlining to enhance network security. CounterACT provides
enterprises with real-time contextual information about devices and users on
the network. Policies are defined in CounterACT using this contextual information
that helps ensure compliance, remediation, appropriate network access, and
streamlining of service operations. This is delivered by providing: 

 

·       1-Real-Time Network Visibility 

·       2- Policy-Initiated or Manual Control 

·       3- Comprehensive Third-Party 

·       4- On-Demand Asset Intelligence 

 

Real-Time
Network Visibility:

 

CounterACT
classifies devices into the below category:

 

·       1- Desktops, laptops, and servers 

·       2- Mobile devices such as smartphones and tablets 

·       3- Personal vs. corporate devices 

·       4- On-premise virtual machines and off-premise cloud
instances 

·       5- Switches, WLAN controllers and access points, devices
connecting via VPNs, routers, printers, modems, 6- VoIP phones (including
PoE-connected VoIP, phones, and devices), WLAN access points, and other network
devices 

·       7- Peripheral devices such as USB memory sticks, external
disk drives and 

·       8- webcams 

·       9- IoT devices 

·       10 – Rogue device 

 

CounterACT inspection
capabilities resolve an extensive range of information about these devices, for
example:
 

 

·       1- Desktop and mobile operating system
information 

·       2- User directory information 

·       3- Applications installed and running 

·       4- Login and authentication information 

·       5- Software patch levels 

·       7- Endpoint-connected devices, such as USB
drives 

·       8- Switch ports to which devices are
connected 

·       9 – Windows registry information 

 

 

Policy-Initiated or Manual
Control
 :

 

Networks are constantly
changing in device types connected, software and configurations, compliance
requirements, and the internal and external threat landscape. Controls from
notification, remediation, and restriction are needed based on enterprise policies
enacted by CounterACT to secure the network. 

 

 

Examples of CounterACT’s
capabilities

 

 

  1. Network Restrictions 

·       1- Port disable (802.1X, SNMP, CLI) 

·       2- VLAN control 

·       3- VPN disconnects 

·       4- ACL block at switches, firewalls, and
routers 

·       5- Wireless allow/deny 

·       6- Quarantine until the devices are
remediated 

·       7- Disable NIC 

 

 

  1. Application Control and Remediation 

 

·       1- Start/stop applications 

·       2- Start/stop peer-to-peer/IM 

·       3- Apply updates and patches 

·       4- Help ensure antivirus products are
up-to-date 

·       5- Start/stop processes 

 

 

 

  1. User Enforcement and Education 

·       1- Open trouble tickets 

·       2- Send emails to users or administrators 

·       3- Personalize captive portal messages to notify
end users, enforce policy 

·       4- confirmation and allow self-remediation 

·       5- Force authentication/password change 

·       6- Log-off user disable user AD account 

 

Enterprise Manager :

The Enterprise Manager is a dedicated second-tier management and aggregation device that communicates with
multiple CounterACT Appliances distributed across the network. It manages
Appliances and collects information detected by them. This information is available
for display and reporting in the Console.

The following Enterprise Manager
tasks can be performed:

Ø  –>> Upgrading the Enterprise Manager Software

Ø  –>> Viewing Enterprise Manager System Health Information

–>> Stopping and Starting the Enterprise Manager


 

 

 

 

 

 

 

 

 

 

 

 

[the-post-grid id=”9538″ title=””]

Visit Our Store and Buy All document (F5, Zscaler, ASA, Paloalto, Checkpoint,Forescout, Cisco ISE etc) only in  1600RS, click here on store - Store

X
error: Content is protected !!