Forescout interview questions and answers
????? ?????????? ?
15?? ?????????????????? ||?????????????? || ??????????||?????????? ?????? || ???? || ???????????????????? ||??&?? || ??????|| ?????????? ???????????????? ||????????#?????????????????? || ?????????????? ????????????
The CounterACT platform provides infrastructure and device visibility, policy management, orchestration, and workflow streamlining to enhance network security. CounterACT provides enterprises with real-time contextual information about devices and users on the network. Policies are defined in CounterACT using this contextual information that helps ensure compliance, remediation, appropriate network access, and streamlining of service operations. This is delivered by providing:
· 1-Real-Time Network Visibility
· 2- Policy-Initiated or Manual Control
· 3- Comprehensive Third-Party
· 4- On-Demand Asset Intelligence
Real-Time Network Visibility:
CounterACT classifies devices into the below category:
· 1- Desktops, laptops, and servers
· 2- Mobile devices such as smartphones and tablets
· 3- Personal vs. corporate devices
· 4- On-premise virtual machines and off-premise cloud instances
· 5- Switches, WLAN controllers and access points, devices connecting via VPNs, routers, printers, modems,
6- VoIP phones (including PoE-connected VoIP, phones, and devices), WLAN access points, and other network devices
· 7- Peripheral devices such as USB memory sticks, external disk drives and
· 8- webcams
· 9- IoT devices
· 10 — Rogue device
CounterACT inspection capabilities resolve an extensive range of information about these devices, for example:
· 1- Desktop and mobile operating system information
· 2- User directory information
· 3- Applications installed and running
· 4- Login and authentication information
· 5- Software patch levels
· 6- Endpoint-connected devices, such as USB drives
· 7- Switch ports to which devices are connected
· 8— Windows registry information
Policy-Initiated or Manual Control :
Networks are constantly changing in device types connected, software and configurations, compliance requirements, and the internal and external threat landscape. Controls from notification, remediation, and restriction are needed based on enterprise policies enacted by CounterACT to secure the network.
Examples of CounterACT’s capabilities —
领英推荐
· 1- Port disable (802.1X, SNMP, CLI)
· 2- VLAN control
· 3- VPN disconnects
· 4- ACL block at switches, firewalls, and routers
· 5- Wireless allow/deny
· 6- Quarantine until the devices are remediated
· 7- Disable NIC
Application Control and Remediation
· 1- Start/stop applications
· 2- Start/stop peer-to-peer/IM
· 3- Apply updates and patches
· 4- Help ensure antivirus products are up-to-date
· 5- Start/stop processes
User Enforcement and Education
· 1- Open trouble tickets
· 2- Send emails to users or administrators
· 3- Personalize captive portal messages to notify end users, enforce policy
· 4- confirmation and allow self-remediation
· 5- Force authentication/password change
· 6- Log-off user disable user AD account
Enterprise Manager :
The Enterprise Manager is a dedicated second-tier management and aggregation device that communicates with multiple CounterACT Appliances distributed across the network. It manages Appliances and collects information detected by them. This information is available for display and reporting in the Console.
The following Enterprise Manager tasks can be performed:
–>> Upgrading the Enterprise Manager Software
–>> Viewing Enterprise Manager System Health Information
–>> Stopping and Starting the Enterprise Manager
Fore more forescout and network security troubleshooting and quetsions use below link-