Chapter 9 - Clarification Flashcards Preview

Training > Chapter 9 - Clarification > Flashcards

Flashcards in Chapter 9 - Clarification Deck (11):
1

What are the four main clarification policies?

Windows, Linux, Macintosh, Unclassified

2

What if service account credentials configured for HPS plugin are not correct?

The Windows clarification policy will not be able to determine which endpoints are manageable Windows devices.

3

What if in the clarification policy scope there is no way to feed the CounterACT appliance with SPAN traffic?

You lose passive (event detection, traffic, etc.) clarification capability.

4

How can CounterACT clarify network activities?

Clarification attempts to characterize devices by groups. CounterACT clarifies devices from Classification groups.

5

What are the steps that must be taken for Linux/Unix and Mac clarification policies to work?

Create a sub-policy to match SSH manageable devices.
Create a sub-policy to match devices with secure connector installed.

6

Explain the proper order of Macintosh clarification.

Manually approved Mac devices.
Manageable SSH
unkown devices

7

What is the goal of clarification?

Who owns the asset?
How is it managed?
How is it connected?
Where is it located?
What else is known about the device?

8

Give examples of supported login events.

HTTP
Telnet
NetBIOS
FTP
Microsoft ds
logins

9

What are some of the questions to ask for clarification criteria

-“How is the asset managed (remotely, SecureConnector or unmanaged)?,”
- “Is it part of the domain?,”
- “What kind of traffic is seen from it?,”
- “What ports are open?.”

10

Give examples of best practices for clarification.

Interrogate: Use Classification groups to interrogate additional information.
Classify: Make hosts manageable
Investigate: Investigate Unclassified assets

11

What is Clarification?

*Determining ownership, and, therefore, manageability at this layer in the Policy Flow is crucial to later policies.
*Helps to separate managed and unmanaged devices by fine-tuning the initial classification of endpoints.