Chapter 12 - Host Management Flashcards Preview

Training > Chapter 12 - Host Management > Flashcards

Flashcards in Chapter 12 - Host Management Deck (10):
1

What if the remote inspection option is not enabled in the Linux/Mac plugin?

Then SecureConnector would need to be used to manage Linux and Mac endpoints

2

What happens if the Windows endpoint does not have Remote Registry service running?

CounterACT will not be able to manage such endpoint.

3

What is the purpose of the HTTP Localhost Login action?

This allows CounterACT to prompt the user for credentials so that it can be remotely inspected and managed.

4

What are the requirements for Windows host credential?

*It requires a domain level account with administrative privileges to perform RI.
*WMI and MS-RRP requires that ports 139/TCP and 445/TCP are open.
Additional requirements include:
• Windows file and print sharing enabled – C$ share present
• Remote Registry, RPC and Server services are running

5

What services need to be running for the HPS Plugin to be functional in Windows clients?

- Server
- Credentials Manager
- Windows Management Instrumentation

6

What ports are required for the HPS plugin to manage windows clients?

*WMI and MS-RRP requires that ports 135/TCP and 445/TCP are open.

7

How can you distribute the CounterACT SSH public key?

You can use fstool to distribute CounterACT’s public key to hosts for remote inspection:
From an Appliance or Enterprise Manager:
• fstool pkdis –u –h | |

8

List some common Mac/Linux client issues.

• Incorrect credentials provisioned in the plug-in
• The SSH server not installed or running on the host
• The network blocking SSH connections between CounterACT and the host
• CounterACT’s public SSH key possibly not be installed on the endpoint.

9

What are common Windows management issues?

Windows Firewall “Normal” and “Domain” profile flip-flop
• Based on DNS Domain Suffix GPO is applied from
• Laptops that hibernate between locations will often start in an unmanaged state
• Will typically self-resolve within 90 minutes

Group Policy processing issues
• Service account not “stamped” in Local Administrators group
• Remote Registry service not enabled—Default for Windows 7

10

If SecureConnector is not used, what is required for MAC or Linux hosts to be considered manageable?

Remote inspection for Macintosh and Linux devices requires SSH access (22/TCP) and local administrative credentials. This enables CounterACT to log into the device to inspect and control various properties, such as running processes, software updates, and more.