FCSP (Forescout Certified Services Professional) Practice Exam100 Multiple Choice
Questions with Answer Key and Explanations
**1.** What is the primary purpose of the Forescout platform?
A) A vulnerability scanner
B) An Endpoint Detection and Response (EDR) tool
C) A Network Access Control (NAC) and visibility platform
D) A Security Information and Event Management (SIEM) system
**Answer:** C
**Explanation:** Forescout is fundamentally a NAC and network visibility platform,
providing continuous device discovery, classification, assessment, and control.
**2.** The Forescout platform operates primarily at which OSI model layer(s) to discover
devices?
A) Layer 7 (Application) only
B) Layer 2 (Data Link) and Layer 3 (Network)
C) Layer 1 (Physical)
D) Layer 4 (Transport) only
**Answer:** B
**Explanation:** Forescout uses Layer 2 (ARP, MAC) and Layer 3 (IP, ICMP, SNMP)
techniques for passive and active discovery.
**3.** What is a "Counter" in the Forescout context?
A) A metric for the number of failed login attempts
B) A customizable numeric property that increments based on defined conditions
C) A type of report on policy violations
D) A tool to count the number of IP addresses in a range
,**Answer:** B
**Explanation:** Counters are dynamic properties that track occurrences (e.g., number of
times a device is non-compliant) and can be used in policies and dashboards.
**4.** Which Forescout component is responsible for communicating with network
infrastructure devices (switches, routers, wireless controllers)?
A) Enterprise Manager
B) NAC
C) Control
D) Console
**Answer:** C
**Explanation:** The **Control** component (formerly the NAC Server) handles
communication with network devices for enforcement (port shutdown, VLAN change, etc.).
**5.** The Forescout **EyeSight** technology is used for:
A) Optical character recognition on the network
B) Agentless device fingerprinting and classification
C) Video surveillance integration
D) Visual dashboard design
**Answer:** B
**Explanation:** EyeSight is Forescout's proprietary technology for passive, agentless
identification and classification of devices by analyzing network traffic and attributes.
**6.** What is the function of a "Host Scan" in Forescout?
A) To passively listen to network traffic
B) To actively query an endpoint for detailed information (OS, services, applications)
C) To scan for open ports on a device
,D) To check the device's physical location
**Answer:** B
**Explanation:** A Host Scan is an active interrogation method where Forescout connects
to the endpoint (using WMI, SSH, etc.) to gather deep host information.
**7.** Which property would most definitively identify a device as an Apple iPhone using
Forescout?
A) The IP address is in a specific range
B) The MAC address OUI (Organizationally Unique Identifier) starts with Apple's prefix
C) The hostname contains "iPhone"
D) It is connected to a Wi-Fi SSID named "Apple Store"
**Answer:** B
**Explanation:** The OUI in the MAC address is a reliable hardware vendor identifier. Apple
has registered OUIs (e.g., 00:1B:63, 88:66:5A).
**8.** What is a "Condition" in a Forescout policy?
A) The list of all devices on the network
B) The set of actions taken when a rule is triggered
C) A logical statement that evaluates device properties (IF clause)
D) The final result of a policy execution
**Answer:** C
**Explanation:** A Condition is the "IF" part of a policy rule. It defines the criteria a device
must meet for the rule to execute (e.g., IF device type == "Printer").
**9.** A common use case for Forescout's "Endpoint Compliance" module is to check for:
A) Network bandwidth usage
B) Presence and status of antivirus software, firewalls, or patches
, C) Physical tampering of the device
D) User web browsing history
**Answer:** B
**Explanation:** The Endpoint Compliance module integrates with security agents (like
McAfee, Symantec) to assess the security posture of managed endpoints.
**10.** The Forescout **Enterprise Manager** is primarily used for:
A) Managing a single Forescout appliance
B) Centralized management of multiple Forescout deployments (multi-site)
C) Managing user directories like Active Directory
D) Writing custom discovery scripts
**Answer:** B
**Explanation:** Enterprise Manager provides a single pane of glass for managing,
monitoring, and reporting across distributed Forescout installations.
**11.** Which action would you use in a policy to temporarily isolate a non-compliant
device?
A) Send Email
B) Change VLAN
C) Run Script
D) Increment Counter
**Answer:** B
**Explanation:** The "Change VLAN" action is a core NAC enforcement action, moving a
device to a quarantine or remediation VLAN.
**12.** When a device is discovered by Forescout, what is the FIRST major step the
platform takes?
Questions with Answer Key and Explanations
**1.** What is the primary purpose of the Forescout platform?
A) A vulnerability scanner
B) An Endpoint Detection and Response (EDR) tool
C) A Network Access Control (NAC) and visibility platform
D) A Security Information and Event Management (SIEM) system
**Answer:** C
**Explanation:** Forescout is fundamentally a NAC and network visibility platform,
providing continuous device discovery, classification, assessment, and control.
**2.** The Forescout platform operates primarily at which OSI model layer(s) to discover
devices?
A) Layer 7 (Application) only
B) Layer 2 (Data Link) and Layer 3 (Network)
C) Layer 1 (Physical)
D) Layer 4 (Transport) only
**Answer:** B
**Explanation:** Forescout uses Layer 2 (ARP, MAC) and Layer 3 (IP, ICMP, SNMP)
techniques for passive and active discovery.
**3.** What is a "Counter" in the Forescout context?
A) A metric for the number of failed login attempts
B) A customizable numeric property that increments based on defined conditions
C) A type of report on policy violations
D) A tool to count the number of IP addresses in a range
,**Answer:** B
**Explanation:** Counters are dynamic properties that track occurrences (e.g., number of
times a device is non-compliant) and can be used in policies and dashboards.
**4.** Which Forescout component is responsible for communicating with network
infrastructure devices (switches, routers, wireless controllers)?
A) Enterprise Manager
B) NAC
C) Control
D) Console
**Answer:** C
**Explanation:** The **Control** component (formerly the NAC Server) handles
communication with network devices for enforcement (port shutdown, VLAN change, etc.).
**5.** The Forescout **EyeSight** technology is used for:
A) Optical character recognition on the network
B) Agentless device fingerprinting and classification
C) Video surveillance integration
D) Visual dashboard design
**Answer:** B
**Explanation:** EyeSight is Forescout's proprietary technology for passive, agentless
identification and classification of devices by analyzing network traffic and attributes.
**6.** What is the function of a "Host Scan" in Forescout?
A) To passively listen to network traffic
B) To actively query an endpoint for detailed information (OS, services, applications)
C) To scan for open ports on a device
,D) To check the device's physical location
**Answer:** B
**Explanation:** A Host Scan is an active interrogation method where Forescout connects
to the endpoint (using WMI, SSH, etc.) to gather deep host information.
**7.** Which property would most definitively identify a device as an Apple iPhone using
Forescout?
A) The IP address is in a specific range
B) The MAC address OUI (Organizationally Unique Identifier) starts with Apple's prefix
C) The hostname contains "iPhone"
D) It is connected to a Wi-Fi SSID named "Apple Store"
**Answer:** B
**Explanation:** The OUI in the MAC address is a reliable hardware vendor identifier. Apple
has registered OUIs (e.g., 00:1B:63, 88:66:5A).
**8.** What is a "Condition" in a Forescout policy?
A) The list of all devices on the network
B) The set of actions taken when a rule is triggered
C) A logical statement that evaluates device properties (IF clause)
D) The final result of a policy execution
**Answer:** C
**Explanation:** A Condition is the "IF" part of a policy rule. It defines the criteria a device
must meet for the rule to execute (e.g., IF device type == "Printer").
**9.** A common use case for Forescout's "Endpoint Compliance" module is to check for:
A) Network bandwidth usage
B) Presence and status of antivirus software, firewalls, or patches
, C) Physical tampering of the device
D) User web browsing history
**Answer:** B
**Explanation:** The Endpoint Compliance module integrates with security agents (like
McAfee, Symantec) to assess the security posture of managed endpoints.
**10.** The Forescout **Enterprise Manager** is primarily used for:
A) Managing a single Forescout appliance
B) Centralized management of multiple Forescout deployments (multi-site)
C) Managing user directories like Active Directory
D) Writing custom discovery scripts
**Answer:** B
**Explanation:** Enterprise Manager provides a single pane of glass for managing,
monitoring, and reporting across distributed Forescout installations.
**11.** Which action would you use in a policy to temporarily isolate a non-compliant
device?
A) Send Email
B) Change VLAN
C) Run Script
D) Increment Counter
**Answer:** B
**Explanation:** The "Change VLAN" action is a core NAC enforcement action, moving a
device to a quarantine or remediation VLAN.
**12.** When a device is discovered by Forescout, what is the FIRST major step the
platform takes?
