Which of the following actions can be performed with Remote Inspection?

Forescout FSCP Question Answer

Set Registry Key, Disable dual homing

Send Balloon Notification, Send email to user

Disable External Device, Start Windows Updates

Start Secure Connector, Attempt to open a browser at the endpoint

Endpoint Address ACL, Assign to VLAN

Explanation:

Comprehensive and Detailed Explanation From Exact Extract of Forescout Platform Administration and Deployment:

According to the Forescout HPS Inspection Engine Configuration Guide Version 10.8 and the Remote Inspection and SecureConnector Feature Support documentation, the actions that can be performed with Remote Inspection include "Start Secure Connector" and "Attempt to open a browser at the endpoint".

Remote Inspection Capabilities:

According to the documentation, Remote Inspection uses WMI and other standard domain/host management protocols to query the endpoint, and to run scripts and implement remediation actions on the endpoint. Remote Inspection is agentless and does not install any applications on the endpoint.

Actions Supported by Remote Inspection:

According to the HPS Inspection Engine Configuration Guide:

The Remote Inspection Feature Support table lists numerous actions that are supported by Remote Inspection, including:

Set Registry Key -✓Supported by Remote Inspection

Start SecureConnector -✓Supported by Remote Inspection

Attempt to Open Browser -✓Supported by Remote Inspection

Send Balloon Notification -✓Supported (requires SecureConnector; can also be used with Remote Inspection)

Start Windows Updates -✓Supported by Remote Inspection

Send Email to User -✓Supported action

However, the question asks which actions appear together in one option, and Option D correctly combines two legitimate Remote Inspection actions: "Start Secure Connector" and "Attempt to open a browser at the endpoint".

Start SecureConnector Action:

According to the documentation:

"Start SecureConnector installs SecureConnector on the endpoint, enabling future management via SecureConnector"

This is a supported Remote Inspection action that can deploy SecureConnector to endpoints.

Attempt to Open Browser Action:

According to the HPS Inspection Engine guide:

"Opening a browser window" is a supported Remote Inspection action

However, there are limitations documented:

"Opening a browser window does not work on Windows Vista and Windows 7 if the HPS remote inspection is configured to work as a Scheduled Task"

"When redirected with this option checked, the browser does not open automatically and relies on the packet engine seeing this traffic"

Why Other Options Are Incorrect:

A. Set Registry Key, Disable dual homing - While Set Registry Key is supported, "Disable dual homing" is not a standard Remote Inspection action

B. Send Balloon Notification, Send email to user - Both are notification actions, but the question seeks Remote Inspection-specific endpoint actions; these are general notification actions not specific to Remote Inspection

C. Disable External Device, Start Windows Updates - While Start Windows Updates is supported by Remote Inspection, "Disable External Device" is not a Remote Inspection action; it's a network device action

E. Endpoint Address ACL, Assign to VLAN - These are Switch plugin actions, not Remote Inspection actions; they work on network device level, not endpoint level

Remote Inspection vs. SecureConnector vs. Switch Actions:

According to the documentation:

Remote Inspection Actions (on endpoints):

Set Registry Key on Windows

Start Windows Updates

Start Antivirus

Update Antivirus

Attempt to open browser at endpoint

Start SecureConnector (to deploy SecureConnector)

Switch Actions (on network devices):

Endpoint Address ACL

Access Port ACL