Which control actions are available in Partial Enforcement mode?

In Partial Enforcement mode, the available control actions primarily involve the capability to enforce specific policies related to endpoint compliance and behavior without fully isolating the devices. Among the options presented, switch-based control actions represent a tailored approach to network access controls.

Switch-based control actions allow for the application of access policies at the switch level, enabling solutions to manage how devices connect and interact with the network. This includes dynamic VLAN assignment, port shutdowns, or access list adjustments for devices that are found to be non-compliant with security postures. Such actions enhance security while still permitting some level of connectivity, which is the hallmark of Partial Enforcement mode.

The other options primarily reflect broader or more aggressive security postures, such as full threat protection, which would typically belong to a more stringent enforcement mode. HTTP hijacking, while it's a method to intercept communications, is not a control action aligned with enforcement modes in the context of ForeScout’s solutions. Therefore, switch-based control actions are indeed the correct choice as they align well with the capabilities allowed within Partial Enforcement mode.