Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ForeScout FSCA > FSCA > Flashcards

FSCA Flashcards

1
Q

ICS stands for ____________ Control System

A

Industrial

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is an inaccurate statement regarding ICS?

a) It may span across multiple countries

b) It may be confined to just a single factory

c) Its a system that manages industrial processes

d) There are two types of ICS architectures

e) Its used to control windows domain services

A

e) It’s used to control windows domain services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SCADA stands for ‘Supervisory Control and _______ Acquisition’

A

Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

DCS stands for _____________ Control System

A

Distributed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following are characteristics of a DCS architecture? Select three.

a) Field controllers simply acquire and pass along data.

b) Primarily used in single factories

c) Uses open protocols

d) Uses control loops to manage processes

e) Used in large geographical areas

f) Most control functions take place by the field controllers

A

b) Primarily used in single factories

d) Uses control loops to manage processes

f) Most control functions take place by the field controllers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

True or False: Since they were developed many years ago, ICS protocols have been modified to include security features.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True of False: It’s unlikely to have a DCS architecture that uses multiple different ICS protocols

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following are examples of ICS protocols used in SCADA architectures? Select three.

a) IEC104

b) DNP3

c) IEC61850

d) RS232

e) Delta

A

a) IEC104

b) DNP3

c) IEC61850

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

True or False: The main purpose of the Purdue reference model is to make it easier for different devices to communicate.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

PLC stands for Programmable _________ Controller

A

Logic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which Purdue level is responsible for supervising, monitoring and controlling manufacturing processes?

a) Purdue level 0

b) Purdue level 1

c) Purdue level 2

d) Purdue level 3

e) Purdue level 4

A

c) Purdue level 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which devices would you find in Purdue level 1? Select two.

a) RTUs

b) SCADA servers

c) PLCs

d) HMIs

e) Historian

f) SIEM

A

a) RTUs

c) PLCs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

OT stands for ____________ Technology

A

Operational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following are characteristics of an IT environment? Select three.

a) Control, availability, and integrity are the most important

b) There are not typically a lot of a new devices added

c) New devices and applications are added without IT approval

d) They’re engineered to have long-lasting processes

e) Throughput and confidentiality are the most important

f) They typically contain many types of devices and applications

A

c) New devices and applications are added without IT approval

e) Throughput and confidentiality are the most important

f) They typically contain many types of devices and applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

True or False: In the past, for OT environments, physical security was the number one security concern.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

True or False: Due to new standards, all of today’s OT environments have become connected to their organization’s IT networks.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following are characteristics of an OT environment: Select three:
a) New devices and applications are added without IT approval
b) They typically contain many types of devices and applications
c) They’re engineered to have long-lasting processes
d) Throughput and confidentiality are the most important
e) Control, availability, and integrity are the most important
f) There are not typically a lot of new devices added

A

c) They’re engineered to have long-lasting processes
e) Control, availability, and integrity are the most important
f) There are not typically a lot of new devices added

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following is NOT a benefit of the convergence of IT and OT environments:
a) An administrator can control the PLC devices of all locations from a single place
b) An administrator can provide network assessments from home
c) An administrator can view processes of a satellite plant
d) An administrator can view security assessments on the road
e) A SCADA server can run on a windows server

A

e) A SCADA server can run on a windows server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

True or False: One of the critical factors of OT environments is that they have no downtime.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following is a downside of the convergence of IT and OT environments?
a) It’s easier for administrators to manage manufacturing processes locally
b) Organizations require more field devices and field controllers
c) Administrators do not need to travel as much
d) It widens the attack surface for the OT environment
e) Administrators have less control of the overall processes

A

d) It widens the attack surface for the OT environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

True or False: Distributed intelligence happens on the command center, and centralized management happens on the enterprise command center.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following are characteristics of an active sensor? Select three.
a) They send traffic details to the enterprise command center
b) They use queries that are configured on the command center
c) They are required for eyeInspect deployments
d) They can obtain Windows update details
e) They do not add an additional network traffic
f) They add additional network traffic

A

b) They use queries that are configured on the command center
d) They can obtain Windows update details
f) They add additional network traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the benefit of using an enterprise command center?
a) They can retrieve data from both active and passive sensors
b) They can connect to more than 50 passive sensors
c) They enable communications over wide-area networks
d) They display data from multiple command centers
e) They provide license and software version control

A

d) They display data from multiple command centers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which of the following can be used to access and eyeInspect command center? Select two:
a) http://<IP_address>
b) https://<IP_address>
c) http://<host_name>
d) https://<host_name>
e) ftp://<host_name></host_name></host_name></host_name></IP_address></IP_address>

A

b) https://<IP_address>
d) https://<host_name></host_name></IP_address>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is the default username and password for a newly installed eyeInspect command center?

A

admin/admin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

True or False: You must install a software license on the command center before you can add a passive sensor.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What detail is not displayed about a software license upon uploading it to the command center?
a) Expiration date
b) Maximum number of assets
c) Maximum number of connected sensors
d) Installation date
e) License level

A

d) Installation date

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which of the following are menus in an eyeInspect command center? Select four:
a) Events
b) Reports
c) Sensors
d) Configuration
e) Assets
f) Home

A

a) Events
c) Sensors
e) Assets
f) Home

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is the default port when adding a new passive sensor running v5.0 or prior?
a) 1000
b) 7676
c) 10640
d) 9999
e) 1234

A

d) 9999

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

True or False: It’s recommended to change the default port when adding a new sensor?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is the monitoring status of a newly added sensor?
a) Open
b) Needs configuration
c) Licensed
d) Active
e) Connected

A

e) Connected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What are the possible State options for sensor detection modules? Select four:
a) Error
b) Detecting
c) Learning
d) Active
e) Alerting
f) Paused

A

b) Detecting
c) Learning
d) Active
f) Paused

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

True or False: For best communication between the command center and connected sensors, it’s recommended to manually set the date and time on both systems.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which built-module would identify when an attacker attempts to identify which services are running on a device?
a) Frequent even aggregation
b) Malformed packed detection
c) Event logging
d) Visual analytics
e) Portscan detection
f) Man-in-the-Middle detection

A

e) Portscan detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which built-in module would identify when an attacker attempts to alter communication between two hosts?
a) Frequent event aggregation
b) Event logging
c) Portscan detection
d) Visual Analytics
e) Man-in-the-middle detection
f) Malformed packet detection

A

e) Man-in-the-middle detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which built-in module would identify when an attacker attempts to add an extra parameter to a communication?
a) Frequent event aggregation
b) Event logging
c) Portscan Detection
d) Visual analytics
e) Man-in-the-middle detection
f) Malformed packet detection

A

f) Malformed packet detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

True or False: Each eyeInspect user maintains their own Network Analytics page with custom widgets and tabs.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

True or False: The visual analytics engine enables users to see network behavior in real-time.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What is a widget?
a) A backup and restore process
b) a toggle button
c) A method for sending network data
d) A license file
e) A chart

A

e) A chart

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

True or False: It’s important to consider disabling the visual analytics engine as it causes sensors to send flow information in full data format.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

By default, how long is visual analytics data stored on the command center?
a) Data is not stored on the command center
b) 24 hours
c) 2 weeks
d) 1 month
e) 3 months

A

e) 3 months

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Once the visual analytics engine is active, what does the sensor send to the command center?
a) Traffic patterns
b) Flow information
c) Network Logs
d) Alerts
e) Asset details

A

b) Flow information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

True or False: You can disable parts of the visual analytics engine to conserve network bandwidth.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What does eyeInspect do if it doesn’t recognize the protocol being used?
a) It ignores the traffic
b) It labels it using ‘TCP’ or ‘UDP’ and the port number
c) It requests a port-to-name mapping
d) It labels it as ‘Unknown’
e) It labels it as ‘NotAKnown One’

A

e) It labels it as ‘NotAKnown One’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Which of the following are widget datasources? Select four:
a) Authentication Events
b) Assets
c) Flow Information
d) Sensors
e) Logged Events
f) Alerts

A

b) Assets
c) Flow Information
e) Logged Events
f) Alerts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which of the following are widget types? Select four:
a) Histogram
b) Pie
c) Scatter
d) Column
e) Sunburst
f) Chord

A

a) Histogram
b) Pie
e) Sunburst
f) Chord

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Which of the following are widget dimensions? Select four:
a) Source MAC
b) L2 Protocol
c) Destination IP
d) Connections
e) Sensor Name
f) Bytes

A

a) Source MAC
b) L2 Protocol
c) Destination IP
e) Sensor Name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

True or False: When you create a new tab using a template, the resulting tab layout cannot be modified.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

True or False: When you apply a filter to a tab, you can also apply an additional filter to one of the widgets on the tab.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

True or False: Information learned by active sensors is added to the Assets page.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Which of the following asset details are discovered by eyeInspect passive sensors?
a) Firmware version
b) MAC address
c) Model
d) Vendor
e) Purdue Level
f) Role

A

a) Firmware version
b) MAC address
c) Model
d) Vendor
e) Purdue Level
f) Role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Which of the following are widgets on the assets page? Select four:
a) Vulnerability instances per severity
b) Assets per Purdue level
c) Assets per risk
d) Assets per role
e) Top Protocols
f) Throughput per protocol

A

a) Vulnerability instances per severity
b) Assets per Purdue level
c) Assets per risk
e) Top Protocols

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

True or False: You can add custom widgets on the Assets page

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What is the default grouping of the assets on the Map view?
a) By risk
b) By criticality
c) By role
d) By purdue level
e) By network

A

c) By role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What is the default layout for assets on the Map view?
a) Purdue levels
b) Communications
c) Risks
d) Roles
e) Networks

A

a) Purdue Levels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What information can you see about an asset when you mouse over it on the map?
a) It’s risk
b) Which assets it communicates with
c) Its hostname
d) Its MAC address
e) It’s vendor
f) It’s criticality

A

a) It’s risk
b) Which assets it communicates with
c) Its hostname
d) Its MAC address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

By default, how often are the overall risk levels evaluated?
a) Never
b) Every minute
c) Every 30 seconds
d) Every hour
e) Every 12 hours

A

d) Every hour

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Which alert details can be modified? Select three:
a) Event type
b) Severity
c) Tactic
d) Status
e) Detection Engine
f) Case

A

b) Severity
d) Status
f) Case

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

How does eyeInspect cluster assets together?
a) By communication only
b) By role only
c) By network only
d) By role and communications
e) By role and network

A

d) By role and communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

True or False: An eyeInspect active sensor can be used to obtain details that a passive sensor can’t provide

A

True

61
Q

Where can you install an active sensor?
a) On a dedicated appliance
b) On the same appliance as a passive sensor
c) On the same appliance as a command center
d) A and B
e) A, B , C

A

e) A, B , C

62
Q

True or False: You can add an active sensor using the command line on the appliance it will run on.

A

False

63
Q

What is the default port when adding an active sensor?
a) 180
b) 7575
c) 9001
d) 9999
e) None of the above

A

c) 9001

64
Q

What is the State value once you finish adding a new sensor?
a) Connected
b) Sensor is being deployed
c) In process
d) Active
e) Deployment Started

A

b) Sensor is being deployed

65
Q

What is the state value once an active sensor has been successfully deployed?
a) Working
b) Normal
c) Active
d) Connected
e) Needs Attention

A

d) Connected

66
Q

What do most active scans use to obtain information from hosts?
a) SNMP
b) NMAP
c) ICMP
d) CDP
e) Telnet

A

b) NMAP

67
Q

Which of the following are types of active scans? Select four:
a) OS/Ports
b) Active IPs
c) Services
d) Windows
e) OT Ports
f) Open Ports

A

a) OS/Ports
b) Active IPs
d) Windows
e) OT Ports

68
Q

True or False: Windows active scans will typically be placed higher in the queue than an OS/Ports scan

A

True

69
Q

True or False: The OS/Ports scan uses WMI to identify the operating system installed on Host.

A

False

70
Q

True or False: Active scan policies are only used for issuing scans on a schedule?

A

False

71
Q

True or False: You can manually start an active scan policy that is configured to run on a schedule

A

True

72
Q

True or False: You must purchase an additional license to use eyeInspect alerts.

A

False

73
Q

True or False: alerts are generated on a passive sensor and then sent to a command center.

A

True

74
Q

True or False: An alert is always an indication of a security issue that needs to be addressed.

A

False

75
Q

To open the alert page, select the _____ menu and click alerts.

A

Events

76
Q

Which of the following are widgets on the asset page? Select four:
a) Alerts per L7 protocol
b) Alerts over time
c) Alerts per severity
d) Alerts per category
e) Alerts from today
f) Alerts per sensor

A

b) Alerts over time
c) Alerts per severity
d) Alerts per category
f) Alerts per sensor

77
Q

True or False: You cannot add custom widgets on the alerts page.

A

True

78
Q

What is the default time range of alerts on the alerts page?
a) The last hour
b) The last 12 hours
c) The last day
d) The last week
e) The last month

A

c) The last day.

79
Q

What is the default grouping of alerts in the alerts list?
a) By event type
b) By date
c) By severity
d) By sensor
e) By status

A

a) By event type

80
Q

How can you filter alerts on the alerts page? Select three:
a) Click on an area of the widget
b) Click the filter button and select the filter criteria
c) Add a new filter list option, and select an option from the list
d) Select one of the columns and click filter
e) Select an option from one of the default filter lists
f) Add a new widget

A

a) Click on an area of the widget
c) Add a new filter list option, and select an option from the list
e) Select an option from one of the default filter lists

81
Q

True or False: You can add custom widgets on a new tab on the alerts page

A

False

82
Q

Which of the following properties can be used to filter assets? Select four:
a) Engine type
b) Asset
c) Timestamp
d) Risk
e) Severity
f) Status

A

a) Engine type
c) Timestamp
e) Severity
f) Status

83
Q

Which of the following are views on the alerts page?
a) Risk
b) Vulnerabilities
c) Table
d) Cases
e) Map
f) Changelogs

A

c) Table
d) Cases

84
Q

Passive sensors use the _________ module to generate network logs.

A

Event Logging

85
Q

What is the default view on the network logs page?
a) List view
b) Table view
c) Custom View
d) Aggregated view
e) Detailed view

A

d) Aggregated view

86
Q

Which of the following fields can be used for filtering on the network logs page? Select three:
a) Sensor
b) Event name
c) Event date
d) Event severity
e) Event criticality
f) L7 protocol

A

b) Event name
d) Event severity
f) L7 protocol

87
Q

True or False: You can filter by more than one Event Name at a time.

A

True

88
Q

Which of the following are network log categories ? Select four.
a) Potentially dangerous operations
b) File operation
c) Authorization
d) Name resolution
e) Authentication
f) Application

A

a) Potentially dangerous operations
b) File operation
d) Name resolution
e) Authentication

89
Q

Instead of modifying columns on the aggregated view template, it’s recommended to use the _____ view template.

A

Custom

90
Q

By default, which fields are used for aggregating the network logs ? Select three.
a) Event category
b) Source IP
c) Destination IP
d) Sensor
e) Event name
f) L7 Protocol

A

b) Source IP
c) Destination IP
d) Sensor

91
Q

True or False: You can create multiple different custom views with different filtering, columns and aggregations.

A

True

92
Q

Which datasource is used to view network log analytics?
a) Network events
b) Network logs
c) Logged events
d) Events
e) Logs

A

c) Logged events

93
Q

True or False: The eyeInspect built-in-modules must perform a learning period before they begin.

A

False

94
Q

True or False: The eyeInspect built-in-modules must be started before they begin detecting malicious activity.

A

True

95
Q

Which of the following are eyeInspect built-in-modules? Select all that apply:
a) Man-in-the-middle detection
b) Frequent event aggregation
c) Visual analytics
d) Malformed packet detection
e) Event logging
f) Portscan detection

A

a) Man-in-the-middle detection
b) Frequent event aggregation
c) Visual analytics
d) Malformed packet detection
e) Event logging
f) Portscan detection

96
Q

Once enabled, the portscan detection module runs in the ________ state.

A

Detecting

97
Q

Once enabled, the Frequent detection module runs in the ________ state.

A

Active

98
Q

True or False: Port scanning is always an indication of malicious activity.

A

False

99
Q

True or False: Port scanning is configured by selecting a ‘Sensitivity level’

A

True

100
Q

Which of the following are portscan detection sensitivity levels? Select four:
a) Normal
b) Strict
c) High
d) Basic
e) Low
f) User Defined

A

a) Normal
b) Strict
d) Basic
f) User Defined

101
Q

True or False: You can disable specific Portscan TCP detection options.

A

True

102
Q

Which of the following are man-in-the-middle detection options? Select three.
a) ICMP Spoofing
b) IP Spoofing
c) DHCP Spoofing
d) ARP poisoning
e) ICMP Misdirection
f) SSL Hijacking

A

a) ICMP Spoofing
c) DHCP Spoofing
d) ARP poisoning

103
Q

True or False: Man-in-the-middle attack can retrieve credit card details.

A

True

104
Q

True or False: All malformed packet detection alerts should be investigated to determine root cause.

A

True

105
Q

True or False: Using the frequent event aggregation module causes a high loss of alert information.

A

False

106
Q

Which page can you use to view the events that have been aggregated.
a) Network Logs
b) Asset Inventory
c) Sensor Overview
d) Home
e) Alerts

A

e) Alerts

107
Q

eyInspect includes LAN CP _________ profiles, also known as LAN CP profiles.

A

Communication patterns

108
Q

True or False: LAN CP Profiles use definitions to identify malicious network traffic.

A

False

109
Q

True or False: LAN CP profiles are used to issue alerts when traffic deviates from an established baseline.

A

True

110
Q

Which of the following are optional modes for a LAN CP Profile? Select two.
a) Blocking
b) Alerting
c) Building
d) Learning
e) Monitoring
f) Detecting

A

d) Learning
f) Detecting

111
Q

True or False: While in Learning mode, a LAN CP profile creates allow communication rules for all the traffic it monitors.

A

True

112
Q

How long should a LAN CP Profile remain in Learning mode?
a) 1 day
b) 1 week
c) 1 month
d) You can bypass learning mode for a faster deployment
e) It depends on the network environment

A

e) It depends on the network environment

113
Q

True or False: Once a LAN CP profile moves to Detecting mode, it blocks traffic that deviates form the established baseline.

A

False

114
Q

True or False: Once you install an eyeInspect command center, it comes with two LAN CP profiles by default.

A

False

115
Q

If you select the default options when you create a new passive sensor, which LAN CP profiles are created?
a) UDP communications
b) L7 communications
c) LLS communications
d) HTTP communications
e) TCP communications
f) L4 communications

A

a) UDP communications
e) TCP communications

116
Q

What is the default maximum number of rules that can be created for a LAN CP profile?
a) 100
b) 500
c) 1000
d) 10000
e) There is no maximum by default

A

c) 1000

116
Q

True or False: It’s recommended to increase the maximum number of learned rules to accommodate your network environment.

A

False

117
Q

True or False: The action for a LAN CP profile communication rule can be modified to alert.

A

True

118
Q

Which of the following does ITL stand for?
a) Internet Threat Language
b) Industrial Technology Library
c) Industrial Threat Library
d) Internet Technology Library
e) Internet Threat Library

A

c) Industrial Threat Library

119
Q

Which of the following describes the ITL? Select four:
a) It includes intelligence about the causes of problems
b) You can create your own ITL checks
c) ForeScout regularly adds new checks
d) It requires a learning period
e) It contains pre-configured checks
f) It has checks in 3 categories

A

a) It includes intelligence about the causes of problems
c) ForeScout regularly adds new checks
e) It contains pre-configured checks
f) It has checks in 3 categories

119
Q

What are the industrial threat library categories? Select three:
a) system
b) Operations
c) Security
d) Internet
e) Networking
f) Performance

A

b) Operations
c) Security
e) Networking

120
Q

Which of the following are networking sub-categories? Select two:
a) Malfunctioning or misbehaving device
b) Use of insecure protocol
c) Connectivity issues
d) Network Reconnaissance
e) Misconfigured Client/Server
f) Loss of expected communication

A

c) Connectivity issues
e) Misconfigured Client/Server

120
Q

Which of the following are Operations sub-categories? Select two:
a) Misconfigured Client/Server
b) Connectivity issues
c) Malfunctioning or misbehaving device
d) Use of insecure protocol
e) Network Reconnaissance
f) Loss of expected communication

A

c) Malfunctioning or misbehaving device
f) Loss of expected communication

121
Q

Which of the following are Security sub-categories? Select two:
a) Loss of expected communication
b) Connectivity issues
c) Misconfigured client/server
d) Malfunctioning or misbehaving device
e) Network reconnaissance
f) Use of insecure protocol

A

e) Network reconnaissance
f) Use of insecure protocol

122
Q

True or False: You can globally disable any of the ITL checks.

A

False

123
Q

True or False: When you select to create an exception, all ITL checks are initially enabled by default.

A

False

124
Q

Which of the following does CVE stand for?
a) Computer virus emulation
b) Computer virus encoding
c) Content vulnerability encoding
d) Common vulnerabilities and exposures
e) Content vulnerabilities and encryption

A

d) Common vulnerabilities and exposures

125
Q

IOC stand for Indicators of _________

A

Compromise

126
Q

How often does forescout update the CVE IoC database?
a) Once a week
b) Every other week
c) Once a month
d) Every six months
e) Once a year

A

C) Once a month

127
Q

Which of the following can be forwarded from eyeInspect? Select four:
a) Health status
b) User activity
c) Network logs
d) Network Analytics
e) Alerts
f) Assets

A

a) Health status
b) User activity
c) Network logs
e) Alerts

128
Q

True or False: Using email is only available with alert forwarding

A

True

129
Q

What information is needed when creating an email alert forwarding server? Select four:
a) To addresses
b) Message
c) Server address
d) From address
e) Connection security
f) Transport protocol

A

a) To addresses
c) Server address
d) From address
e) Connection security

130
Q

True or False: Using email is only available with alert forwarding

A

True

131
Q

What information can be supplied when creating a syslog alert forwarding server? Select four:
a) Compression
b) Connectivity
c) Forwarding conditions
d) Basic information
e) Security
f) Message

A

b) Connectivity
c) Forwarding conditions
d) Basic information
f) Message

132
Q

True or False: By default, all alerts are sent to an alert forwarding server

A

True

133
Q

True or False: Health status forwarding is enabled by default.

A

False

134
Q

Which of the following is an inaccurate statement about eyeInspect data storage?
a) Sensors do not retain collected data long term
b) Sensors collect data and forward the data to the command center
c) Sensors never retain collected data
d) The command center retains data long term
e) The amount of time data is retained on the command center can be customized.

A

c) Sensors never retain collected data

135
Q

Which of the following are default roles with a new eyeInspect command center installation? Select four:
a) Limited
b) Viewer
c) Operator
d) Admin
e) Analyst
f) Blank

A

b) Viewer
d) Admin
e) Analyst
f) Blank

136
Q

True or False: You can only assign a single permission to each role.

A

False

137
Q

Which of the following cannot be given permissions with a user role?
a) Alerts
b) Sensors
c) Events
d) Monitored networks
e) Alert Cases

A

c) Events

138
Q

Which eyeInspect features can be viewed in the eyeSight console with an eyeSight license? Select two:
a) Device visibility
b) Threat hunting
c) Asset map
d) Network monitoring and intelligence
e) Risk assessment
f) Vulnerability management

A

a) Device visibility
f) Vulnerability management

139
Q

Which eyeInspect menus are available when using an eyeSight license? Select two:
a) Home
b) Assets
c) Events
d) Analytics
e) Sensors
f) Settings

A

e) Sensors
f) Settings

140
Q

OTSM stands for __________

A

Operational Technology Security Module

141
Q

The eyeSight device that communicates with the command center is known as what?
a) The focal appliance
b) The data appliance
c) The access appliance
d) The communication appliance
e) The OTSM appliance

A

a) The focal appliance

141
Q

True or False: The only use of OTSM plug-in is to enable the communication between eyeSight and the command center.

A

False

142
Q

True or False: It’s not recommended to use an EyeSight device for both an integrated sensor and the focal appliance.

A

True

143
Q

What information must be provided when configuring the OTSM plug-in? Select four:
a) The IP address or hostname of the command center
b) The eyeSight device SSH access credentials
c) The command center SSH access credentials
d) The command center webUI credentials
e) The layer 4 protocols to use for communication
f) The eyeSight device to use as the focal appliance

A

a) The IP address or hostname of the command center
c) The command center SSH access credentials
d) The command center webUI credentials
f) The eyeSight device to use as the focal appliance

144
Q

Which host category would you find the OT Purdue level?
a) Classification details
b) Security
c) General
d) More
e) Classification

A

c) General

145
Q

Which host category would you find the OT vulnerabilities?
a) Security
b) Classification
c) Classification details
d) General
e) More

A

a) Security

ForeScout FSCA (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions