Forescout interview questions and answers

 

1. What is CounterACT 

 

The CounterACT platform provides infrastructure and device visibility, policy management, orchestration, and workflow streamlining to enhance network security. CounterACT provides enterprises with real-time contextual information about devices and users on the network. Policies are defined in CounterACT using this contextual information that helps ensure compliance, remediation, appropriate network access, and streamlining of service operations. This is delivered by providing: 

 

·       1-Real-Time Network Visibility 

·       2- Policy-Initiated or Manual Control 

·       3- Comprehensive Third-Party 

·       4- On-Demand Asset Intelligence 

 

Real-Time Network Visibility:

 

CounterACT classifies devices into the below category:

 

·       1- Desktops, laptops, and servers 

·       2- Mobile devices such as smartphones and tablets 

·       3- Personal vs. corporate devices 

·       4- On-premise virtual machines and off-premise cloud instances 

·       5- Switches, WLAN controllers and access points, devices connecting via VPNs, routers, printers, modems, 6- VoIP phones (including PoE-connected VoIP, phones, and devices), WLAN access points, and other network devices 

·       7- Peripheral devices such as USB memory sticks, external disk drives and 

·       8- webcams 

·       9- IoT devices 

·       10 - Rogue device 

 

CounterACT inspection capabilities resolve an extensive range of information about these devices, for example: 

 

·       1- Desktop and mobile operating system information 

·       2- User directory information 

·       3- Applications installed and running 

·       4- Login and authentication information 

·       5- Software patch levels 

·       7- Endpoint-connected devices, such as USB drives 

·       8- Switch ports to which devices are connected 

·       9 - Windows registry information 

 

 

Policy-Initiated or Manual Control :

 

Networks are constantly changing in device types connected, software and configurations, compliance requirements, and the internal and external threat landscape. Controls from notification, remediation, and restriction are needed based on enterprise policies enacted by CounterACT to secure the network. 

 

 

Examples of CounterACT’s capabilities ---

 

 

5. Network Restrictions 

·       1- Port disable (802.1X, SNMP, CLI) 

·       2- VLAN control 

·       3- VPN disconnects 

·       4- ACL block at switches, firewalls, and routers 

·       5- Wireless allow/deny 

·       6- Quarantine until the devices are remediated 

·       7- Disable NIC 

 

 

4. Application Control and Remediation 

 

·       1- Start/stop applications 

·       2- Start/stop peer-to-peer/IM 

·       3- Apply updates and patches 

·       4- Help ensure antivirus products are up-to-date 

·       5- Start/stop processes 

 

 

 

3. User Enforcement and Education 

·       1- Open trouble tickets 

·       2- Send emails to users or administrators 

·       3- Personalize captive portal messages to notify end users, enforce policy 

·       4- confirmation and allow self-remediation 

·       5- Force authentication/password change 

·       6- Log-off user disable user AD account 

 

Enterprise Manager :

The Enterprise Manager is a dedicated second-tier management and aggregation device that communicates with multiple CounterACT Appliances distributed across the network. It manages Appliances and collects information detected by them. This information is available for display and reporting in the Console.

The following Enterprise Manager tasks can be performed:

Ø  -->> Upgrading the Enterprise Manager Software

Ø  -->> Viewing Enterprise Manager System Health Information

-->> Stopping and Starting the Enterprise Manager