Flashcards in Chapter 9 - Clarification Deck (11):
What are the four main clarification policies?
Windows, Linux, Macintosh, Unclassified
What if service account credentials configured for HPS plugin are not correct?
The Windows clarification policy will not be able to determine which endpoints are manageable Windows devices.
What if in the clarification policy scope there is no way to feed the CounterACT appliance with SPAN traffic?
You lose passive (event detection, traffic, etc.) clarification capability.
How can CounterACT clarify network activities?
Clarification attempts to characterize devices by groups. CounterACT clarifies devices from Classification groups.
What are the steps that must be taken for Linux/Unix and Mac clarification policies to work?
Create a sub-policy to match SSH manageable devices.
Create a sub-policy to match devices with secure connector installed.
Explain the proper order of Macintosh clarification.
Manually approved Mac devices.
What is the goal of clarification?
Who owns the asset?
How is it managed?
How is it connected?
Where is it located?
What else is known about the device?
Give examples of supported login events.
What are some of the questions to ask for clarification criteria
-“How is the asset managed (remotely, SecureConnector or unmanaged)?,”
- “Is it part of the domain?,”
- “What kind of traffic is seen from it?,”
- “What ports are open?.”
Give examples of best practices for clarification.
Interrogate: Use Classification groups to interrogate additional information.
Classify: Make hosts manageable
Investigate: Investigate Unclassified assets