Chapter 12 - Host Management Flashcards Preview

Training > Chapter 12 - Host Management > Flashcards

Flashcards in Chapter 12 - Host Management Deck (10):

What if the remote inspection option is not enabled in the Linux/Mac plugin?

Then SecureConnector would need to be used to manage Linux and Mac endpoints


What happens if the Windows endpoint does not have Remote Registry service running?

CounterACT will not be able to manage such endpoint.


What is the purpose of the HTTP Localhost Login action?

This allows CounterACT to prompt the user for credentials so that it can be remotely inspected and managed.


What are the requirements for Windows host credential?

*It requires a domain level account with administrative privileges to perform RI.
*WMI and MS-RRP requires that ports 139/TCP and 445/TCP are open.
Additional requirements include:
• Windows file and print sharing enabled – C$ share present
• Remote Registry, RPC and Server services are running


What services need to be running for the HPS Plugin to be functional in Windows clients?

- Server
- Credentials Manager
- Windows Management Instrumentation


What ports are required for the HPS plugin to manage windows clients?

*WMI and MS-RRP requires that ports 135/TCP and 445/TCP are open.


How can you distribute the CounterACT SSH public key?

You can use fstool to distribute CounterACT’s public key to hosts for remote inspection:
From an Appliance or Enterprise Manager:
• fstool pkdis –u –h | |


List some common Mac/Linux client issues.

• Incorrect credentials provisioned in the plug-in
• The SSH server not installed or running on the host
• The network blocking SSH connections between CounterACT and the host
• CounterACT’s public SSH key possibly not be installed on the endpoint.


What are common Windows management issues?

Windows Firewall “Normal” and “Domain” profile flip-flop
• Based on DNS Domain Suffix GPO is applied from
• Laptops that hibernate between locations will often start in an unmanaged state
• Will typically self-resolve within 90 minutes

Group Policy processing issues
• Service account not “stamped” in Local Administrators group
• Remote Registry service not enabled—Default for Windows 7


If SecureConnector is not used, what is required for MAC or Linux hosts to be considered manageable?

Remote inspection for Macintosh and Linux devices requires SSH access (22/TCP) and local administrative credentials. This enables CounterACT to log into the device to inspect and control various properties, such as running processes, software updates, and more.