FS101 – Complete Forescout Certification Q&A
Study Guide (eyeSight, OT Premium, Deployment,
Policy & CLI)
Which license is considered the "Base" Forescout license? - eyeSight
What does the "OT Premium Offering" add to the Forescout deployment? - Full deep packet
inspection identifying both IT and OT protocols, passive network traffic monitoring.
It provides security for OT networks including a dynamic asset map, threat hunting capabilities,
risk management and more.
Compare and contrast centralized and distributed deployments. - Centralized deployments,
while more cost effective and easier to deploy and maintain, use more bandwidth. NAC
availability depends on WAN link, and remediation / control actions are somewhat limited at
remote locations.
Distributed deployments, while more expensive and lengthier to deploy, use less bandwidth,
leverage all core capabilities, have faster and more complete remediation/control options. (vFW
and HTTP notification / redirect actions)
What are some device discovery methods? - Forescout can query Switches, Authentication
servers, third party security device integration. The packet engine extracts critical information
from headers of mirrored traffic. Netflow and other flow sources may also be used.
List some examples of things Forescout can discover about the network? - Endpoint presence,
manageability and compliance status.
Many other device properties may also be discovered with manageability.
What are the 4 main policy types in the policy lifecycle and what questions do they answer? -
Discovery: What is on the network?
, Classify: is it manageable, who owns it and what details do we know?
Asses: Does the endpoint conform to your security standards?
Control: What should be done about non-compliant and unmanaged endpoints?
How many devices can a single Enterprise Manager handle? - Up to 200 appliances
What is indicated by the last 2 digits of the 51XX appliance family? - Relative endpoint capacity
of the appliance.
What virtualization hypervisors are supported for Forescout Virtual Machines? - Linux KVM
VMWare
Hyper-V
What limitations exist when deploying Forescout in a virtualized environment? - Any and all
physical connections to the vFP must be replicated on all hosts to which vFP may be moving
using vMotion or Live Migration (PAL Licensing ONLY: vFPs require a connection to the internet
for license verification.
Which resiliency configurations are not included with the basic eyeSight License? - HA &
Failover Clustering of Forescout member appliances require the eyeRecover License.
What types of redundancy are available and briefly describe the use of each? - High Availability:
use for redundancy of a single appliance or EM. Deploy in the same rack. Active / Standby
Recovery Manager: use for management redundancy, to provide for Enterprise Manager
functions in case of main data center failure. Deploy the RM at a DR site separate from the
Enterprise Manager.
Study Guide (eyeSight, OT Premium, Deployment,
Policy & CLI)
Which license is considered the "Base" Forescout license? - eyeSight
What does the "OT Premium Offering" add to the Forescout deployment? - Full deep packet
inspection identifying both IT and OT protocols, passive network traffic monitoring.
It provides security for OT networks including a dynamic asset map, threat hunting capabilities,
risk management and more.
Compare and contrast centralized and distributed deployments. - Centralized deployments,
while more cost effective and easier to deploy and maintain, use more bandwidth. NAC
availability depends on WAN link, and remediation / control actions are somewhat limited at
remote locations.
Distributed deployments, while more expensive and lengthier to deploy, use less bandwidth,
leverage all core capabilities, have faster and more complete remediation/control options. (vFW
and HTTP notification / redirect actions)
What are some device discovery methods? - Forescout can query Switches, Authentication
servers, third party security device integration. The packet engine extracts critical information
from headers of mirrored traffic. Netflow and other flow sources may also be used.
List some examples of things Forescout can discover about the network? - Endpoint presence,
manageability and compliance status.
Many other device properties may also be discovered with manageability.
What are the 4 main policy types in the policy lifecycle and what questions do they answer? -
Discovery: What is on the network?
, Classify: is it manageable, who owns it and what details do we know?
Asses: Does the endpoint conform to your security standards?
Control: What should be done about non-compliant and unmanaged endpoints?
How many devices can a single Enterprise Manager handle? - Up to 200 appliances
What is indicated by the last 2 digits of the 51XX appliance family? - Relative endpoint capacity
of the appliance.
What virtualization hypervisors are supported for Forescout Virtual Machines? - Linux KVM
VMWare
Hyper-V
What limitations exist when deploying Forescout in a virtualized environment? - Any and all
physical connections to the vFP must be replicated on all hosts to which vFP may be moving
using vMotion or Live Migration (PAL Licensing ONLY: vFPs require a connection to the internet
for license verification.
Which resiliency configurations are not included with the basic eyeSight License? - HA &
Failover Clustering of Forescout member appliances require the eyeRecover License.
What types of redundancy are available and briefly describe the use of each? - High Availability:
use for redundancy of a single appliance or EM. Deploy in the same rack. Active / Standby
Recovery Manager: use for management redundancy, to provide for Enterprise Manager
functions in case of main data center failure. Deploy the RM at a DR site separate from the
Enterprise Manager.
