WatchGuard PracticeTest Essentials v2018-04-16 by Omar 49q

Essentials.
watchguard
Number: Essentials
Passing Score: 800
Time Limit: 120 min
https://www.gratisexam.com/
Exam A
QUESTION 1
Clients on the trusted network need to connect to a server behind a router on the optional network. Based on this image, what static route must be added to the
Firebox for traffic from clients on the trusted network to reach a server at 10.0.20.100? (Select one.)
A. Route to 10.0.20.0/24, Gateway 10.0.2.1

B. Route to 10.0.20.0/24, Gateway 10.0.2.254
C. Route to 10.0.20.0, Gateway 10.0.2.254
D. Route to 10.0.10.0/24, Gateway 10.0.10.1
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
We must add a trusted static route to the 10.0.20.0/24 network through the 10.0.2.254 gateway.
QUESTION 2
Which of these options are private IPv4 addresses you can assign to a trusted interface, as described in RFC 1918, Address Allocation for Private Internets?
(Select three.)
A. 192.168.50.1/24
B. 10.50.1.1/16
C. 198.51.100.1/24
D. 172.16.0.1/16
E. 192.0.2.1/24
Correct Answer: ABD

Section: (none)
Explanation
QUESTION 3
The policies in a default Firebox configuration do not allow outgoing traffic from optional interfaces.
A. True
B. False
Correct Answer: B
Section: (none)
Explanation
QUESTION 4
When you examine the log messages In Traffic Monitor, you see that some network packets are denied with an unhandled packet log message. What does
this log massage mean? (Select one.)
A. The packet is denied because the site is on the Blocked Sites List.
B. The packet is denied because it matched a policy.
C. The packet is denied because it matched an IPS signature.
D. The packet is denied because it does not match any firewall policies.
Correct Answer: D
Section: (none)
Explanation
QUESTION 5
Which of these actions adds a host to the temporary or permanent blocked sites list? (Select three.)
A. Enable the AUTO-block sites that attempt to connect option in a deny policy.
B. Add the site to the Blocked Sites Exceptions list.
C. On the Firebox System Manager >Blocked Sites tab, select Add.
D. In Policy Manager, select Setup> Default Threat Protection > Blocked Sites and click Add.
Correct Answer: ACD

Section: (none)
Explanation
A: You can configure a deny policy to automatically block sites that originate traffic that does not comply with the policy rulese
1. From Policy Manager, double-click the PCAnywhere policy.
2. Click the Properties tab. Select the Auto-block sites that attempt to connect checkbox.
Reference: https://www.watchguard.com/training/fireware/80/defense8.htm
C: The blocked sites list shows all the sites currently blocked as a result of the rules defined in Policy Manager. From this tab, you can add sites to the temporary
blocked sites list, or remove temporary blocked sites.
Reference: http://www.watchguard.com/training/fireware/82/monitoa6.htm
D: You can use Policy Manager to permanently add sites to the Blocked Sites list.
1. select Setup > Default Threat Protection > Blocked Sites.
2. Click Add.
The Add Site dialog box appears.
Reference: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-US/intrusionprevention/blocked_sites_permanent_c.html
QUESTION 6
Which of these threats can the Firebox prevent with the default packet handling settings? (Select four.)
A. Access to inappropriate websites

B. Denial of service attacks
C. Flood attacks
D. Malware in downloaded files
E. Port scans
F. Viruses in email messages
G. IP spoofing
Correct Answer: BCEG

Section: (none)
Explanation
B: The default configuration of the XTM device is to block DDoS attacks.
C: In a flood attack, attackers send a very high volume of traffic to a system so it cannot examine and allow permitted network traffic. For example, an ICMP flood
attack occurs when a system receives too many ICMP ping commands and must use all of its resources to send reply commands. The XTM device can protect
against these types of flood attacks: IPSec, IKE, ICMP. SYN, and UDP.
E: When the Block Port Space Probes (port scans) and Block Address Space Probes check boxes are selected, all incoming traffic on all interfaces is examined by
the XTM device.
CG: Default packet handling can reject a packet that could be a security risk, including packets that could be part of a spoofing attack or SYN flood attack
Reference: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/intrusionprevention/default_pkt_handling_opt_about_c.html%3FTocPath%
3DDefault%2520Threat%2520Protection%7CAbout%2520Default%2520Packet%2520Handling%2520Options%7C_____0
QUESTION 7
Users on the trusted network cannot browse Internet websites. Based on the configuration shown in this image, what could be the problem with this policy
configuration? (Select one.)
A. The default Outgoing policy has been removed and there is no policy to allow DNS traffic.
B. The HTTP-proxy policy has higher precedence than the HTTPS-proxy policy.
C. The HTTP-proxy policy is configured for the wrong port.
D. The HTTP-proxy allows Any-Trusted and Any-Optional to Any-External.
Correct Answer: A
Section: (none)
Explanation
QUESTION 8
If you disable the Outgoing policy, which policies must you add to allow trusted users to connect to commonly used websites? (Select three.)
A. HTTP port 80
B. NAT policy
C. FTP port 21
D. HTTPS port 443
E. DNS port 53
Correct Answer: ADE

Section: (none)
Explanation
TCP-UDP packet filter
If you decide to remove the Outgoing policy, you must add a policy for any type of traffic you want to allow through the Firebox. If you remove the Outgoing policy
and then decide you want to allow all TCP and UDP connections through the Firebox again, you must add the TCP-UDP packet filter to provide the same function.
This is because the Outgoing policy does not appear in the list of standard policies available from Policy Manager.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 97
QUESTION 9
How is a proxy policy different from a packet filter policy? (Select two.)
A. Only a proxy policy examines information in the IP header.

B. Only a proxy policy uses the IP source, destination, and port to control network traffic.
C. Only a proxy policy can prevent specific threats without blocking the entire connection.
D. Only a proxy works at the application, network, and transport layers to examine all connection data.
Correct Answer: CD
Section: (none)
Explanation
C: Proxies can prevent potential threats from reaching your network without blocking the entire connection.
D: A proxy operates at the application layer, as well as the network and transport layers of a TCP/IP packet, while a packet filter operates only at the network and
transport protocol layers.
Incorrect:
Not A: A packet filter examines each packet’s IP header to control the network traffic into and out of your network.
QUESTION 10
Which authentication servers can you use with your Firebox? (Select four.)
A. Active Directory
B. RADIUS
C. LDAP
D. Linux Authentication
E. Kerberos
F. TACACS+
G. Firebox databases
Correct Answer: ABCG

Section: (none)
Explanation
QUESTION 11
When your users connect to the Authentication Portal page to authenticate, they see a security warning message in their browses, which they must accept before
they can authenticate. How can you make sure they do not see this security warning message in their browsers? (Select one.)
A. Import a custom self-signed certificate or a third-party certificate to your Firebox and import the same certificate to all client computers or web browsers.
B. Replace the Firebox certificate with the trusted certificate from your web server.
C. Add the user accounts for your users who use the Authentication Portal to a list of trusted users on your Firebox.
D. Instruct them to disable security warning message in their preferred browsers.
Correct Answer: A
Section: (none)
Explanation
QUESTION 12
You can configure your Firebox to automatically redirect users to the Authentication Portal page.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 13
For which of these third party authentication methods must you specify a search base? (Select two.)
A. RADIUS
B. Active Directory
C. SecurID
D. LDAP
Correct Answer: BD
Section: (none)
Explanation
B: Configuring the Firebox to use Active Directory authentication is similar to the process for LDAP authentication. You must set a search base to put limits on the
directories on the authentication server the Firebox searches in for an authentication match.
D: When you configure the Firebox to use LDAP authentication, you must set a search base to put limits on the directories on the authentication server the Firebox
searches in for an authentication match
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 83-84
QUESTION 14
You have a privately addressed email server behind your Firebox. If you want to make sure that all traffic from this server to the Internet appears to come from the
public IP address 203.0.113.25, regardless of policies, which from of NAT would you use? (Select one.)
A. In the SMTP policy that handles traffic from the email server, select the option to apply dynamic NAT to all traffic in the policy and set the source IP address
203.0.113.25.
B. Create a global dynamic NAT rule for traffic from the email server and set the source IP address to 203.0.113.25.
C. Create a static NAT action for traffic to the email server, and set the source IP address to 203.0.113.25.
Correct Answer: B
Section: (none)
Explanation
QUESTION 15
Match each type of NAT with the correct description:
Conserves IP addresses and hides the internal topology of your network. (Choose one)
A. 1-to1 NAT
B. Dynamic NAT
C. NAT Loopback
Correct Answer: B
Section: (none)
Explanation
Dynamic NAT is also known as IP masquerading. With dynamic NAT many computers can connect to the Internet from one public IP address. Dynamic NAT gives
more security for internal hosts that use the Internet, because it hides the IP addresses of hosts on your network.
Reference: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/nat/nat_dynamic_use_c.html%3FTocPath%3DNetwork%2520Address%
2520Translation%2520(NAT)%7CAbout%2520Dynamic%2520NAT%7C_____0
QUESTION 16
If your Firebox has a single public IP address, and you want to forward inbound traffic to internal hosts based on the destination port, which type of NAT should you
use? (Select one.)
A. Static NAT
B. 1-to-1 NAT
C. Dynamic NAT
Correct Answer: B
Section: (none)
Explanation
QUESTION 17
You need to create an HTTP-proxy policy to a specific domain for software updates (example.com). The update site has multiple subdomains and dynamic IP
addresses on a content delivery network. Which of these options is the best way to define the destination in your HTTP-proxy policy? (Select one.)
A. Configure a host name for update.example.com.

B. Configure an FQDN for *.example.com.
C. Add IP addresses that correspond to each software update server in the domain.
D. Create an alias for all subdomains and known IP addresses for example.com.
Correct Answer: B
Section: (none)
Explanation
QUESTION 18
From the SMTP proxy action settings in this image, which of these options is configured for outgoing SMTP traffic? (Select one.)
A. Rewrite the Mail From header for the example.com domain.
B. Deny incoming mail from the example.com domain.
C. Prevent mail relay for the example.com domain.
D. Deny outgoing mail from the example.com domain.
Correct Answer: B
Section: (none)
Explanation
QUESTION 19
You can configure the SMTP-proxy policy to restrict email messages and email content based on which of these message characteristics? (Select four.)
A. Sender Mail From address

B. Check URLs in message with WebBlocker
C. Email message size
D. Attachment file name and content type
E. Maximum email recipients
Correct Answer: ACDE

Section: (none)
Explanation
A: Another way to protect your SMTP server is to restrict incoming traffic to only messages that use your company domain. In this example, we use the
mywatchguard.com domain. You can use your own company domain.
1. From the SMTP-Incoming Categories list, select Address > Rcpt To.
2. In the Pattern text box, type *.mywatchguard.com. Click Add. This denies any email messages with a Rcpt To address that does not match the company domain.
3. Click OK to close the SMTP Proxy Action Configuration dialog box.
C: In this exercise we will reduce the maximum email size to 5 MB (5, 000 kilobytes).
1. From the SMTP Proxy Action dialog box under the Categories list, select General > General Settings.
2. Find the Limits section. In the Set the maximum email size value box, type 5000.
D: Example: He must configure the Firebox to allow Microsoft Access database files to go through the SMTP proxy. He must also configure the Firebox to deny
Apple iTunes MP4 files because of a recent vulnerability announced by Apple.
1. From the SMTP-Incoming Categories list, select Attachments > Content Types.
2. In the Actions to take section, use the None Matched drop-down list to select Allow.
This allows all content types through Firebox to the SMTP server. After Successful Company is able to add in the specific content types they want to allow, they set
this parameter to strip content type that does not match their list of allowed content types.
From the SMTP-Incoming Categories list, select Attachments > Filenames.
4. The filename extension for Microsoft Access databases is “.mdb”. In the list of filenames, find and select .mdb. Click Remove. Click Yes to confirm.
3. If no rules match, the Action to take option is set to allow the attachment. In this example, MS Access files are now allowed through the Firebox.
5. In the Pattern text box, type *.mp4. Click Add.
This rule configures the Firebox to deny all files with the Apple iTunes “.mp4” file extension bound for the SMTP server.
E: The Set the maximum email recipient checkbox is used to set the maximum number of email recipients to which a message can be sent in the adjacent text box
that appears, type or select the number of recipients.
The XTM device counts and allows the specified number of addresses through, and then drops the other addresses. For example, if you set the value to 50 and
there is a message for 52 addresses, the first 50 addresses get the email message. The last two addresses do not get a copy of the message.
Incorrect:
Not B: Webblocker is configured through a HTTP-policy, not through an SMTP policy.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 125, 126
Reference: http://watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/proxies/smtp/proxy_smtp_gen_settings_c.html
QUESTION 20
After you enable spamBlocker, your users experience no reduction in the amount of spam they receive. What could explain this? (Select three.)
A. Connections cannot be resolved to the spamBlocker servers because DNS is not configured on the Firebox.
B. The spamBlocker action for Confirmed Spam is set to Allow.
C. The Maximum File Size to Scan option is set too high.
D. A spamBlocker exception is configured to allow traffic from sender *.
E. spamBlocker Virus Outbreak Detection is not enabled.
Correct Answer: ABD

Section: (none)
Explanation
A: Spamblocker requires DNS to be configured on your XTM device
B: If you use spamBlocker with the POP3 proxy, you have only two actions to choose from: Add Subject Tag and Allow. Allow lets spam email messages go through
the Firebox without a tag.
D: The Firebox might sometimes identify a message as spam when it is not spam. If you know the address of the sender, you can configure the Firebox with an
exception that tells it not to examine messages from that source address or domain.
QUESTION 21
An email newsletter about sales from an external company is sometimes blocked by spamBlocker. What option could you choose to make sure the newsletter is
delivered to your users? (Select one.)
A. Add a spamBlocker exception based on the From field of the newsletter email.
B. Set the spamBlocker action to quarantine the email for later retrieval.
C. Add a spamBlocker subject tag for bulk email messages.
D. Set the spamBlocker virus outbreak detection action to allow emails from the newsletter source.
Correct Answer: C
Section: (none)
Explanation
QUESTION 22
Your company denies downloads of executable files from all websites. What can you do to allow users on the network to download executable files from the
company’s remote website? (Select one.)
A. Add an HTTP proxy exception for the company’s remote website.

B. Create a WebBlocker exception to allow access to the company’s remote website.
C. Create an IPS exception.
D. Create a Blocked Sites exception.
E. Configure HTTP Request > URL Paths to allow the company’s remote website.
Correct Answer: A
Section: (none)
Explanation
QUESTION 23
A user receives a deny message that the installation file (install.exe) is blocked by the HTTP-proxy policy and cannot be downloaded. Which HTTP proxy action rule
must you modify to allow download of the installation file? (Select one.)
A. HTTP Request > Request Methods
B. HTTP Response > Body Content Types
C. HTTP Response > Header Fields
D. WebBlocker
E. HTTP Request > Authorization
Correct Answer: B
Section: (none)
Explanation
QUESTION 24
Which takes precedence: WebBlocker category match or a WebBlocker exception?
A. WebBlocker exception
B. WebBlocker category match
Correct Answer: A
Section: (none)
Explanation
QUESTION 25
To prevent certificate error warnings in your browser when you use deep content inspection with the HTTPS proxy, you can export the proxy authority certificate
from the Firebox and import that certificate to all client devices.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 26
Which of these options must you configure in an HTTPS-proxy policy to detect credit card numbers in HTTP traffic that is encrypted with SSL? (Select two.)
A. WebBlocker
B. Gateway AntiVirus
C. Application Control
D. Deep inspection of HTTPS content
E. Data Loss Prevention
Correct Answer: DE
Section: (none)
Explanation
QUESTION 27
Match each WatchGuard Subscription Service with its function.
Uses full-system emulation analysis to identify characteristics and behavior of zero-day malware. (Choose one).
A. Reputation Enable Defense RED

B. Gateway / Antivirus
C. Data Loss Prevention DLP
D. Spam Blocker
E. WebBlocker
F. Intrusion Prevention Server IPS
G. Application Control
H. Quarantine Server
I. APT Blocker
Correct Answer: I
Section: (none)
Explanation
APT Blocker is intended to stop malware and zero-day threats that are trying to invade an organization's network.
APT Blocker uses a next-gen sandbox to get detailed views into the execution of a malware program. After first running through other security services, files are
fingerprinted and checked against an existing database – first on the appliance and then in the cloud. If the file has never been seen before, it is analyzed using the
system emulator, which monitors the execution of all instructions. It can spot the evasion techniques that other sandboxes miss.
Reference: http://www.watchguard.com/wgrd-products/security-modules/apt-blocker
QUESTION 28
When you configure the Global Application Control action, it is automatically applied to all policies.
A. True
B. False
Correct Answer: B
Section: (none)
Explanation
QUESTION 29
Which WatchGuard Subscription Service must be enabled in a proxy policy before you can use APT Blocker? (Select one.)
A. RED
B. Application Control
C. Gateway Antivirus
D. WebBlocker
E. IPS
Correct Answer: C
Section: (none)
Explanation
QUESTION 30
What settings must you device configuration file include for Gateway AntiVirus to protect users on your network? (Select two.)
A. Configure a policy to use a proxy action that has AntiVirus settings configured.
B. Install the Gateway AntiVirus server on your network.
C. Configure Gateway AntiVirus settings for a proxy action.
D. Disable automatic signature updates.
E. Decrease the scan limits
Correct Answer: AC
Section: (none)
Explanation
When you enable Gateway AntiVirus, you must set the actions to be taken if a virus or error is found in an email message (SMTP or POP3 proxies), web page
download or upload post (HTTP proxy), or uploaded or downloaded file (FTP proxy). When Gateway AntiVirus is enabled, it scans each file up to a specified
kilobyte count. Any additional bytes in the file are not scanned. This allows the proxy to partially scan very large files without a large effect on performance.
Reference: http://watchguard.com/help/docs/webui/xtm_11/en-us/content/en-us/services/gateway_av/av_actions_config_c.html
QUESTION 31
After you enable Gateway AntiVirus, IPS, or Application control, how can you make sure the services protect your network from the latest known threats? (Select
one.)
A. Enable default packet handling.

B. Configure reputation Enabled Defense.
C. Enable automatic signature updates.
D. Enable HTTPS deep inspection.
Correct Answer: C
Section: (none)
Explanation
QUESTION 32
Which policies can use the Intrusion Prevention Service to block network attacks? (Select one?)
A. Only HTTP and HTTPS Proxy policies

B. Only proxy policies
C. All policies
D. Only packet filter policies
E. Only inbound policies
Correct Answer: C
Section: (none)
Explanation
QUESTION 33
Which WatchGuard tools can you use to review the log messages generated by your Firebox? (Select three).
A. Firebox System Manager > Traffic Monitor

B. Fireware XTM Web UI > Traffic Monitor
C. Firebox System Manager > Status Report
D. Dimension > Log manager
E. WatchGuard System Manager > Policy Manager
Correct Answer: ABD

Section: (none)
Explanation
A: You can use Firebox System Manager (FSM) to see log messages from your XTM device as they occur.
1. Start Firebox System Manager.
2. Select the Traffic Monitor tab.
Reference: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-US/fsm/log_msgs_traffic_mon_wsm.html
D: You can use Firebox System Manager to see log messages in real-time on the Traffic Monitor tab. You can also examine log messages with Log Manager or
WatchGuard Dimension.
B: After you connect to WatchGuard WebCenter, you can review the log messages sent from your XTM devices to your WatchGuard Log Server. Log Manager
enables you to see log messages from your device for any period of time you specify, if log messages were generated in the selected time frame. To see log
messages for an XTM device as they are generated, in real-time, you can use Firebox System Manager Traffic Monitor.
Reference: http://www.watchguard.com/help/docs/wsm/XTM_11/en-US/index.html#en-US/logging/log_mgr_view_device_wsm.html
Incorrect:
Not C: The Status Report tab shows statistics about Firebox or XTM device traffic and performance. It does not display log messages.
To see the Status Report:
1. Start Firebox System Manager.

2. Select the Status Report tab.
QUESTION 34
You can configure your Firebox to send log messages to how many WatchGuard Log Servers at the same time? (Select one.)
A. One
B. Two
C. As many as you have configured on your network.
Correct Answer: B
Section: (none)
Explanation
QUESTION 35
How can you prevent connections to the Fireware Web UI from computers on optional interface Eth2? (Select one.)
A. Remove Eth2 from the Any-Optional alias.

B. Remove Any-Optional from the To list of the WatchGuard Web UI policy.
C. Remove Any-Optional from the From list of the WatchGuard policy.
D. Remove Any-Optional from the To list of the WatchGuard policy
E. Remove Any-Optional from the From list of the WatchGuard Web UI policy
Correct Answer: E
Section: (none)
Explanation
QUESTION 36
What is one reason that users could see a certificate warning in their web browsers when they connect to Fireware XTM Web UI? (Select one.)
A. The Firebox or XTM device uses the default self-signed certificate.

B. The authentication server does not respond after three minutes.
C. The user has been previously added to the Blocked Sites list.
D. The user or group is not present in the Firebox User database.
Correct Answer: A
Section: (none)
Explanation
QUESTION 37
From the Fireware Web UI, you can generate a report that shows your device configuration settings.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 38
In this diagram, which branch office VPN tunnel route must you add on the Site A Firebox to allow traffic between devices on the trusted network at Site A and the
trusted network at site B? (Select one.)
A. Local: 192.168.1.0/24 <--> Remote: 10.0.10.0/24
B. Local: 203.0.113.10/24 <--> Remote: 198.151.100.2/24
C. Local: 10.0.10.1/24 <--> Remote: 192.168.1.1/24
D. Local: 10.0.10.0/24 <--> Remote: 192.168.1.0/24
Correct Answer: C
Section: (none)
Explanation
The local, Site A, network is 10.0.10.1/24 while the remote, Site B, network is 192.168.1.1/24.
QUESTION 39
Match the monitoring tool to the correct task.
Which tool can ping the source of a denied packet? (Select one)
A. FireBox System Manager – Blocked Sites list

B. Log Server
C. FireWatch
D. Firebox System Manager – Subscription services
E. Firebox System Manager – Authentication list
F. Traffic Monitor
Correct Answer: F
Section: (none)
Explanation
For a quick look at the log messages generated by the Firebox, use Traffic Monitor. With Traffic Monitor, you can apply color to different types of messages, and
ping or traceroute to the IP addresses of computers included in the log messages.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181
QUESTION 40
Which tool can learn the status of your IPS signature database? (Select one)

B. Log Server
C. FireWatch
F. Traffic Monitor
Correct Answer: D
Section: (none)
Explanation
To look up information about an IPS signature:
1. Open Firebox System Manager.

2. Select the Subscription Services tab.
3. In the Intrusion Prevention section, click Show.
QUESTION 41
Which tool can view a list of users connected to the Firebox? (Select one)

B. Log Server
C. FireWatch
F. Traffic Monitor
Correct Answer: E
Section: (none)
Explanation
You can view a list of users connected to the Firebox through HostWatch, and you can also use Authentication List, which identifies the IP addresses and user
names of all the users that are authenticated to the Firebox.
QUESTION 42
Manages use of applications on your network. (Choose one).

B. Data Loss Prevention DLP
C. Intrusion Prevention Server IPS
D. Application Control
E. APT Blocker
Correct Answer: D
Section: (none)
Explanation
Application Control keeps unproductive, inappropriate, and dangerous applications off-limits.
Stay on top of the applications running on your network for tight security and high productivity with a subscription to WatchGuard Application Control. It allows you to
establish which applications can be used within your organization, by whom, and when.
Reference: http://www.watchguard.com/docs/brochure/wg_application-control_ds.pdf
QUESTION 43
A repository where email messages can be sent based on analysis by spamBlocker, Gateway AntiVirus, or Data Loss Prevention. (Choose one).
A. Gateway / Antivirus
C. Spam Blocker
D. Intrusion Prevention Server IPS
E. Quarantine Server
Correct Answer: E
Section: (none)
Explanation
The WatchGuard Quarantine Server provides a safe mechanism to quarantine any email messages that are suspected or known to be spam, or to contain viruses
or sensitive data. The Quarantine Server is a repository for email messages that the SMTP proxy sends to quarantine based on analysis by spamBlocker, Gateway
AntiVirus, or Data Loss Prevention.
Reference: https://www.watchguard.com/help/docs/webui/xtm_11/en-US/index.html#cshid=en-US/quarantineserver/quar_server_about_c.html
QUESTION 44
Cloud based service that controls access to website based on a site’s previous behavior. (Choose one).

C. WebBlocker
E. Application Control
F. Quarantine Server
Correct Answer: A
Section: (none)
Explanation
Reputation Enable Device (RED) is a cloud-based reputation service that controls user's ability to get main access to web malicious sites. Works in concert with the
WebBlocker module.
Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html
QUESTION 45
Scans files to detect malicious software infections. (Choose one).
D. Spam Blocker
E. Quarantine Server
Correct Answer: B
Section: (none)
Explanation
Gateway Antivirus provides a virus scanner that uses both an extensive signature database (updated through subscription) and a heuristic analysis engine.
QUESTION 46
Prevents accidental or unauthorized transmission of confidential information outside your network. (Choose one).

E. APT Blocker
Correct Answer: C
Section: (none)
Explanation
Data Loss Prevention (DLP) watches for accidental and intentional breaches of private/sensitive data through an organizational policy. Provides a library of over 200
rules to protect organization data and has the ability to parse over 30 different file formats including Microsoft Office formats and PDFs.
QUESTION 47
Uses signatures to provide real-time protection against network attacks. (Choose one).

C. Intrusion Prevention Server IPS
D. Application Control
E. APT Blocker
Correct Answer: C
Section: (none)
Explanation
Intrusion Prevention Service (IPS) -- As with the other IPS offers, the IPS module is intended to detect and in real time mitigate intrusions coming into a network.
This includes a large signature data base that monitors for spyware, SQL injections, cross-site scripting (XSS), and buffer overflows.
QUESTION 48
Uses rules, pattern matching, and sender reputation to block unwanted email messages. (Choose one).

C. Spam Blocker
E. APT Blocker
Correct Answer: C
Section: (none)
Explanation
SpamBlocker provides a spam scanning engine that works in concert with WatchGuard's cloud-based technology to prevent spam from gaining access to the email
servers (and clients).
QUESTION 49
Controls access to website based on content categories. . (Choose one).

C. WebBlocker
E. Application Control
Correct Answer: C
Section: (none)
Explanation
WebBlocker controls access to the good and bad places that are reachable on the web, preventing users from gaining access to sites that have evil intentions.
If you configure WebBlocker to use the Websense cloud for WebBlocker lookups, WebBlocker uses the Websense content categories. A web site is added to a
category when the content of the web site meets the criteria for the content category.

WatchGuard PracticeTest Essentials v2018-04-16 by Omar 49q

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

WatchGuard PracticeTest Essentials v2018-04-16 by Omar 49q

Caricato da

Copyright:

Formati disponibili

Essentials.

A. Route to 10.0.20.0/24, Gateway 10.0.2.1

Correct Answer: ABD

Correct Answer: ACD

A. Access to inappropriate websites

Correct Answer: BCEG

Correct Answer: ADE

Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 97

A. Only a proxy policy examines information in the IP header.

Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 95

Correct Answer: ABCG

A. Configure a host name for update.example.com.

A. Sender Mail From address

Correct Answer: ACDE

Correct Answer: ABD

A. Add an HTTP proxy exception for the company’s remote website.

A. Reputation Enable Defense RED

A. Enable default packet handling.

A. Only HTTP and HTTPS Proxy policies

A. Firebox System Manager > Traffic Monitor

Correct Answer: ABD

To see the Status Report:

1. Start Firebox System Manager.

A. Remove Eth2 from the Any-Optional alias.

A. The Firebox or XTM device uses the default self-signed certificate.

A. Local: 192.168.1.0/24 <--> Remote: 10.0.10.0/24

A. FireBox System Manager – Blocked Sites list

A. FireBox System Manager – Blocked Sites list

1. Open Firebox System Manager.

A. FireBox System Manager – Blocked Sites list

Manages use of applications on your network. (Choose one).

A. Reputation Enable Defense RED

A. Reputation Enable Defense RED

Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html

Scans files to detect malicious software infections. (Choose one).

Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html

A. Reputation Enable Defense RED

Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html

A. Reputation Enable Defense RED

Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html

A. Reputation Enable Defense RED

Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html

Controls access to website based on content categories. . (Choose one).

A. Reputation Enable Defense RED

Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html

Potrebbero piacerti anche