Chapter 8 - Classification Flashcards Preview

Training > Chapter 8 - Classification > Flashcards

Flashcards in Chapter 8 - Classification Deck (10):
1

What happens if the endpoint does not match any of the conditions specified by the sub-rules?

It will be classified as “unclassified.”

2

Explain how to classify a specific unclassified endpoint as new device type?

Manually create a new sub-rule and place it above the Unclassified endpoints sub-rule.

3

Can Groups names created after using a classification policy template be changed?

Yes. You can rename them in the group manager.

4

What information is needed for asset classification?

• OS fingerprints • OS type (NMAP profile) • Open ports • Hardware properties, such as Network Interface Card (NIC) vendor (Media Access Control [MAC]) • Service banners

5

How do classification policies organize network assets?

Setting different categories or sub-rules

6

Give examples of criteria used for network asset classification.

Operative System
Network devices
infrastructure devices (printers, scanners..)

7

Give examples of active data collection done through policy classification.

OS fingerprints • OS type (NMAP profile) • Open ports • Hardware properties, such as Network Interface Card (NIC) vendor (Media Access Control [MAC]) • Service banners

8

Give examples of passive data collection done through policy classification.

• Device behavior • Traffic detection • HTTP User Agents • Authorization Traffic

9

Give examples of the types of network activities that CounterACT can classify.

*Monitor 802.1X requests to the built- in or external RADIUS server
*Monitor DHCP requests to detect when a new host requests an IP address
*Optionally monitor a network SPAN port to see network traffic such as HTTP traffic and banners

10

Give examples of classification methods.

By Adding devices in groups (Windows, network devices, printers) automatically with policies
Manually