ForeScout FSCA // KC Exam UPDATED
ACTUAL QUESTIONS AND CORRECT
ANSWERS
Which license is considered the "Base" Forescout license? - CORRECT ANSWER eyeSight
What does the "OT Premium Offering" add to the Forescout deployment? - CORRECT
ANSWER Full deep packet inspection identifying both IT and OT protocols, passive network
traffic monitoring.
It provides security for OT networks including a dynamic asset map, threat hunting capabilities, risk
management and more.
Compare and contrast centralized and distributed deployments. - CORRECT
ANSWER Centralized deployments, while more cost effective and easier to deploy and
maintain, use more bandwidth. NAC availability depends on WAN link, and remediation / control
actions are somewhat limited at remote locations.
Distributed deployments, while more expensive and lengthier to deploy, use less bandwidth, leverage
all core capabilities, have faster and more complete remediation/control options. (vFW and HTTP
notification / redirect actions)
What are some device discovery methods? - CORRECT ANSWER Forescout can query
Switches, Authentication servers, third party security device integration. The packet engine extracts
critical information from headers of mirrored traffic. Netflow and other flow sources may also be
used.
List some examples of things Forescout can discover about the network? - CORRECT
ANSWER Endpoint presence, manageability and compliance status.
Many other device properties may also be discovered with manageability.
What are the 4 main policy types in the policy lifecycle and what questions do they answer? -
CORRECT ANSWER Discovery: What is on the network?
, Classify: is it manageable, who owns it and what details do we know?
Asses: Does the endpoint conform to your security standards?
Control: What should be done about non-compliant and unmanaged endpoints?
How many devices can a single Enterprise Manager handle? - CORRECT ANSWER Up to 200
appliances
What is indicated by the last 2 digits of the 51XX appliance family? - CORRECT
ANSWER Relative endpoint capacity of the appliance.
What virtualization hypervisors are supported for Forescout Virtual Machines? - CORRECT
ANSWER Linux KVM
VMWare
Hyper-V
What limitations exist when deploying Forescout in a virtualized environment? - CORRECT
ANSWER Any and all physical connections to the vFP must be replicated on all hosts to which
vFP may be moving using vMotion or Live Migration (PAL Licensing ONLY: vFPs require a
connection to the internet for license verification.
Which resiliency configurations are not included with the basic eyeSight License? - CORRECT
ANSWER HA & Failover Clustering of Forescout member appliances require the eyeRecover
License.
What types of redundancy are available and briefly describe the use of each? - CORRECT
ANSWER High Availability: use for redundancy of a single appliance or EM. Deploy in the
same rack. Active / Standby
ACTUAL QUESTIONS AND CORRECT
ANSWERS
Which license is considered the "Base" Forescout license? - CORRECT ANSWER eyeSight
What does the "OT Premium Offering" add to the Forescout deployment? - CORRECT
ANSWER Full deep packet inspection identifying both IT and OT protocols, passive network
traffic monitoring.
It provides security for OT networks including a dynamic asset map, threat hunting capabilities, risk
management and more.
Compare and contrast centralized and distributed deployments. - CORRECT
ANSWER Centralized deployments, while more cost effective and easier to deploy and
maintain, use more bandwidth. NAC availability depends on WAN link, and remediation / control
actions are somewhat limited at remote locations.
Distributed deployments, while more expensive and lengthier to deploy, use less bandwidth, leverage
all core capabilities, have faster and more complete remediation/control options. (vFW and HTTP
notification / redirect actions)
What are some device discovery methods? - CORRECT ANSWER Forescout can query
Switches, Authentication servers, third party security device integration. The packet engine extracts
critical information from headers of mirrored traffic. Netflow and other flow sources may also be
used.
List some examples of things Forescout can discover about the network? - CORRECT
ANSWER Endpoint presence, manageability and compliance status.
Many other device properties may also be discovered with manageability.
What are the 4 main policy types in the policy lifecycle and what questions do they answer? -
CORRECT ANSWER Discovery: What is on the network?
, Classify: is it manageable, who owns it and what details do we know?
Asses: Does the endpoint conform to your security standards?
Control: What should be done about non-compliant and unmanaged endpoints?
How many devices can a single Enterprise Manager handle? - CORRECT ANSWER Up to 200
appliances
What is indicated by the last 2 digits of the 51XX appliance family? - CORRECT
ANSWER Relative endpoint capacity of the appliance.
What virtualization hypervisors are supported for Forescout Virtual Machines? - CORRECT
ANSWER Linux KVM
VMWare
Hyper-V
What limitations exist when deploying Forescout in a virtualized environment? - CORRECT
ANSWER Any and all physical connections to the vFP must be replicated on all hosts to which
vFP may be moving using vMotion or Live Migration (PAL Licensing ONLY: vFPs require a
connection to the internet for license verification.
Which resiliency configurations are not included with the basic eyeSight License? - CORRECT
ANSWER HA & Failover Clustering of Forescout member appliances require the eyeRecover
License.
What types of redundancy are available and briefly describe the use of each? - CORRECT
ANSWER High Availability: use for redundancy of a single appliance or EM. Deploy in the
same rack. Active / Standby
