WatchGuard Examskey Essentials v2019!03!23 by Martin 49q

Fireware Essentials.
49q
Number: Fireware Essentials

Passing Score: 800
Time Limit: 120 min
https://www.gratisexam.com/
Fireware Essentials Exam
Exam A
QUESTION 1
You configured four Device Administrator user accounts for your Firebox. To see a report of witch Device Management users have made changes to the device
configuration, what must you do? (Select two.)
A. Start Firebox System Manager for the device and review the activity for the Management Users on the Authentication List tab.
B. Connect to Report Manager or Dimension and view the Audit Trail report for your device.
C. Open WatchGuard Server Center and review the configuration history for managed devices.
D. Configure your device to send audit trail log messages to your WatchGuard Log Server or Dimension Log Server.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
Which items are included in a Firebox backup image? (Select four.)
A. Support snapshot
B. Fireware OS
C. Configuration file
D. Log file
E. Feature keys
F. Certificates
Correct Answer: BCEF

Section: (none)
Explanation
A Firebox backup image is a saved copy of the working image from the Firebox flash disk. The backup image includes the Firebox appliance software,
configuration file, licenses, and certificates.
When you purchase an option for your Firebox, you add a new feature key to your configuration file.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 14, 57
QUESTION 3
Only 50 clients on the trusted network of your Firebox can connect to the Internet at the same time. What could cause this? (Select one.)
A. TheLiveSecurity feature key is expired.

B. The device feature key allows a maximum of 50 client connections.
C. The DHCP address pool on the trusted interface has only 50 IP addresses.
D. The Outgoing policy allows a maximum of 50 client connections.
Correct Answer: C
Section: (none)
Explanation
QUESTION 4
The IP address for the trusted interface on your Firebox is 10.0.40.1/24, but you want to change the IP address for this interface. How can you avoid a network
outage for clients on the trusted network when you change the interface IP address to 10.0.50.1/24? (Select one.)
A. Create a 1-to-1 NAT rule for traffic from the 10.0.40.0/24 subnet to addresses on the 10.0.50.0/24 subnet.
B. Add 10.0.40.1/24 as a secondary IP address for the interface.
C. Add IP addresses on the 10.0.40.0/24 subnet to the DHCP Server IP address pool for this interface.
D. Add a route to 10.0.40.0/24 with the gateway 10.0.50.1.
Correct Answer: B
Section: (none)
Explanation
QUESTION 5
In the network configuration in this image, which aliases is Eth2 a member of? (Select three.)
A. Any-optional
B. Any-External
C. Optional-1
D. Any
E. Any-Trusted
Correct Answer: ACD

Section: (none)
Explanation
QUESTION 6
Clients on the trusted network need to connect to a server behind a router on the optional network. Based on this image, what static route must be added to the
Firebox for traffic from clients on the trusted network to reach a server at 10.0.20.100? (Select one.)
A. Route to 10.0.20.0/24, Gateway 10.0.2.1

B. Route to 10.0.20.0/24, Gateway 10.0.2.254
C. Route to 10.0.20.0, Gateway 10.0.2.254
D. Route to 10.0.10.0/24, Gateway 10.0.10.1
Correct Answer: B
Section: (none)
Explanation
We must add a trusted static route to the 10.0.20.0/24 network through the 10.0.2.254 gateway.
QUESTION 7
The policies in a default Firebox configuration do not allow outgoing traffic from optional interfaces.
A. True
B. False
Correct Answer: B
Section: (none)
Explanation
QUESTION 8
When you examine the log messages In Traffic Monitor, you see that some network packets are denied with an unhandled packet log message. What does
this log massage mean? (Select one.)
A. The packet is denied because the site is on the Blocked Sites List.
B. The packet is denied because it matched a policy.
C. The packet is denied because it matched an IPS signature.
D. The packet is denied because it does not match any firewall policies.
Correct Answer: D
Section: (none)
Explanation
QUESTION 9
Which of these actions adds a host to the temporary or permanent blocked sites list? (Select three.)
A. Enable the AUTO-block sites that attempt to connect option in a deny policy.
B. Add the site to the Blocked Sites Exceptions list.
C. On the Firebox System Manager >Blocked Sites tab, select Add.
D. In Policy Manager, select Setup> Default Threat Protection > Blocked Sites and click Add.
Correct Answer: ACD

Section: (none)
Explanation
A: You can configure a deny policy to automatically block sites that originate traffic that does not comply with the policy rulese
1. From Policy Manager, double-click the PCAnywhere policy.
2. Click the Properties tab. Select the Auto-block sites that attempt to connect checkbox.
Reference: https://www.watchguard.com/training/fireware/80/defense8.htm
C: The blocked sites list shows all the sites currently blocked as a result of the rules defined in Policy Manager. From this tab, you can add sites to the temporary
blocked sites list, or remove temporary blocked sites.
Reference: http://www.watchguard.com/training/fireware/82/monitoa6.htm
D: You can use Policy Manager to permanently add sites to the Blocked Sites list.
1. select Setup > Default Threat Protection > Blocked Sites.
2. Click Add.
The Add Site dialog box appears.
Reference: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-US/intrusionprevention/blocked_sites_permanent_c.html
QUESTION 10
Which of these threats can the Firebox prevent with the default packet handling settings? (Select four.)
A. Access to inappropriate websites

B. Denial of service attacks
C. Flood attacks
D. Malware in downloaded files
E. Port scans
F. Viruses in email messages
G. IP spoofing
Correct Answer: BCEG

Section: (none)
Explanation
B: The default configuration of the XTM device is to block DDoS attacks.
C: In a flood attack, attackers send a very high volume of traffic to a system so it cannot examine and allow permitted network traffic. For example, an ICMP flood
attack occurs when a system receives too many ICMP ping commands and must use all of its resources to send reply commands. The XTM device can protect
against these types of flood attacks: IPSec, IKE, ICMP. SYN, and UDP.
E: When the Block Port Space Probes (port scans) and Block Address Space Probes check boxes are selected, all incoming traffic on all interfaces is examined by
the XTM device.
CG: Default packet handling can reject a packet that could be a security risk, including packets that could be part of a spoofing attack or SYN flood attack
Reference: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/intrusionprevention/default_pkt_handling_opt_about_c.html%3FTocPath%
3DDefault%2520Threat%2520Protection%7CAbout%2520Default%2520Packet%2520Handling%2520Options%7C_____0
QUESTION 11
Users on the trusted network cannot browse Internet websites. Based on the configuration shown in this image, what could be the problem with this policy
configuration? (Select one.)
A. The default Outgoing policy has been removed and there is no policy to allow DNS traffic.
B. The HTTP-proxy policy has higher precedence than the HTTPS-proxy policy.
C. The HTTP-proxy policy is configured for the wrong port.
D. The HTTP-proxy allows Any-Trusted and Any-Optional to Any-External.
Correct Answer: A
Section: (none)
Explanation
QUESTION 12
If you disable the Outgoing policy, which policies must you add to allow trusted users to connect to commonly used websites? (Select three.)
A. HTTP port 80
B. NAT policy
C. FTP port 21
D. HTTPS port 443
E. DNS port 53
Correct Answer: ADE

Section: (none)
Explanation
TCP-UDP packet filter
If you decide to remove the Outgoing policy, you must add a policy for any type of traffic you want to allow through the Firebox. If you remove the Outgoing policy
and then decide you want to allow all TCP and UDP connections through the Firebox again, you must add the TCP-UDP packet filter to provide the same function.
This is because the Outgoing policy does not appear in the list of standard policies available from Policy Manager.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 97
QUESTION 13
How is a proxy policy different from a packet filter policy? (Select two.)
A. Only a proxy policy examines information in the IP header.

B. Only a proxy policy uses the IP source, destination, and port to control network traffic.
C. Only a proxy policy can prevent specific threats without blocking the entire connection.
D. Only a proxy works at the application, network, and transport layers to examine all connection data.
Correct Answer: CD
Section: (none)
Explanation
C: Proxies can prevent potential threats from reaching your network without blocking the entire connection.
D: A proxy operates at the application layer, as well as the network and transport layers of a TCP/IP packet, while a packet filter operates only at the network and
transport protocol layers.
Incorrect:
Not A: A packet filter examines each packet’s IP header to control the network traffic into and out of your network.
QUESTION 14
Which authentication servers can you use with your Firebox? (Select four.)
A. Active Directory
B. RADIUS
C. LDAP
D. Linux Authentication
E. Kerberos
F. TACACS+
G. Firebox databases
Correct Answer: ABCG

Section: (none)
Explanation
QUESTION 15
When your users connect to the Authentication Portal page to authenticate, they see a security warning message in their browses, which they must accept before
they can authenticate. How can you make sure they do not see this security warning message in their browsers? (Select one.)
A. Import a custom self-signed certificate or a third-party certificate to your Firebox and import the same certificate to all client computers or web browsers.
B. Replace the Firebox certificate with the trusted certificate from your web server.
C. Add the user accounts for your users who use the Authentication Portal to a list of trusted users on your Firebox.
D. Instruct them to disable security warning message in their preferred browsers.
Correct Answer: A
Section: (none)
Explanation
QUESTION 16
You can configure your Firebox to automatically redirect users to the Authentication Portal page.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 17
From the SMTP proxy action settings in this image, which of these options is configured for outgoing SMTP traffic? (Select one.)
A. Rewrite the Mail From header for the example.com domain.
B. Deny incoming mail from the example.com domain.
C. Prevent mail relay for the example.com domain.
D. Deny outgoing mail from the example.com domain.
Correct Answer: B
Section: (none)
Explanation
QUESTION 18
You can configure the SMTP-proxy policy to restrict email messages and email content based on which of these message characteristics? (Select four.)
A. Sender Mail From address

B. Check URLs in message with WebBlocker
C. Email message size
D. Attachment file name and content type
E. Maximum email recipients
Correct Answer: ACDE

Section: (none)
Explanation
A: Another way to protect your SMTP server is to restrict incoming traffic to only messages that use your company domain. In this example, we use the
mywatchguard.com domain. You can use your own company domain.
1. From the SMTP-Incoming Categories list, select Address > Rcpt To.
2. In the Pattern text box, type *.mywatchguard.com. Click Add. This denies any email messages with a Rcpt To address that does not match the company domain.
3. Click OK to close the SMTP Proxy Action Configuration dialog box.
C: In this exercise we will reduce the maximum email size to 5 MB (5, 000 kilobytes).
1. From the SMTP Proxy Action dialog box under the Categories list, select General > General Settings.
2. Find the Limits section. In the Set the maximum email size value box, type 5000.
D: Example: He must configure the Firebox to allow Microsoft Access database files to go through the SMTP proxy. He must also configure the Firebox to deny
Apple iTunes MP4 files because of a recent vulnerability announced by Apple.
1. From the SMTP-Incoming Categories list, select Attachments > Content Types.
2. In the Actions to take section, use the None Matched drop-down list to select Allow.
This allows all content types through Firebox to the SMTP server. After Successful Company is able to add in the specific content types they want to allow, they set
this parameter to strip content type that does not match their list of allowed content types.
From the SMTP-Incoming Categories list, select Attachments > Filenames.
4. The filename extension for Microsoft Access databases is “.mdb”. In the list of filenames, find and select .mdb. Click Remove. Click Yes to confirm.
3. If no rules match, the Action to take option is set to allow the attachment. In this example, MS Access files are now allowed through the Firebox.
5. In the Pattern text box, type *.mp4. Click Add.
This rule configures the Firebox to deny all files with the Apple iTunes “.mp4” file extension bound for the SMTP server.
E: The Set the maximum email recipient checkbox is used to set the maximum number of email recipients to which a message can be sent in the adjacent text box
that appears, type or select the number of recipients.
The XTM device counts and allows the specified number of addresses through, and then drops the other addresses. For example, if you set the value to 50 and
there is a message for 52 addresses, the first 50 addresses get the email message. The last two addresses do not get a copy of the message.
Incorrect:
Not B: Webblocker is configured through a HTTP-policy, not through an SMTP policy.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 125, 126
Reference: http://watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/proxies/smtp/proxy_smtp_gen_settings_c.html
QUESTION 19
After you enable spamBlocker, your users experience no reduction in the amount of spam they receive. What could explain this? (Select three.)
A. Connections cannot be resolved to the spamBlocker servers because DNS is not configured on the Firebox.
B. The spamBlocker action for Confirmed Spam is set to Allow.
C. The Maximum File Size to Scan option is set too high.
D. A spamBlocker exception is configured to allow traffic from sender *.
E. spamBlocker Virus Outbreak Detection is not enabled.
Correct Answer: ABD

Section: (none)
Explanation
A: Spamblocker requires DNS to be configured on your XTM device
B: If you use spamBlocker with the POP3 proxy, you have only two actions to choose from: Add Subject Tag and Allow. Allow lets spam email messages go through
the Firebox without a tag.
D: The Firebox might sometimes identify a message as spam when it is not spam. If you know the address of the sender, you can configure the Firebox with an
exception that tells it not to examine messages from that source address or domain.
QUESTION 20
An email newsletter about sales from an external company is sometimes blocked by spamBlocker. What option could you choose to make sure the newsletter is
delivered to your users? (Select one.)
A. Add a spamBlocker exception based on the From field of the newsletter email.
B. Set the spamBlocker action to quarantine the email for later retrieval.
C. Add a spamBlocker subject tag for bulk email messages.
D. Set the spamBlocker virus outbreak detection action to allow emails from the newsletter source.
Correct Answer: C
Section: (none)
Explanation
QUESTION 21
Your company denies downloads of executable files from all websites. What can you do to allow users on the network to download executable files from the
company’s remote website? (Select one.)
A. Add an HTTP proxy exception for the company’s remote website.

B. Create a WebBlocker exception to allow access to the company’s remote website.
C. Create an IPS exception.
D. Create a Blocked Sites exception.
E. Configure HTTP Request > URL Paths to allow the company’s remote website.
Correct Answer: A
Section: (none)
Explanation
QUESTION 22
A user receives a deny message that the installation file (install.exe) is blocked by the HTTP-proxy policy and cannot be downloaded. Which HTTP proxy action rule
must you modify to allow download of the installation file? (Select one.)
A. HTTP Request > Request Methods
B. HTTP Response > Body Content Types
C. HTTP Response > Header Fields
D. WebBlocker
E. HTTP Request > Authorization
Correct Answer: B
Section: (none)
Explanation
QUESTION 23
Which takes precedence: WebBlocker category match or a WebBlocker exception?
A. WebBlocker exception
B. WebBlocker category match
Correct Answer: A
Section: (none)
Explanation
QUESTION 24
To prevent certificate error warnings in your browser when you use deep content inspection with the HTTPS proxy, you can export the proxy authority certificate
from the Firebox and import that certificate to all client devices.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 25
Which of these options must you configure in an HTTPS-proxy policy to detect credit card numbers in HTTP traffic that is encrypted with SSL? (Select two.)
A. WebBlocker
B. Gateway AntiVirus
C. Application Control
D. Deep inspection of HTTPS content
E. Data Loss Prevention
Correct Answer: DE
Section: (none)
Explanation
QUESTION 26
Match each WatchGuard Subscription Service with its function.
Uses full-system emulation analysis to identify characteristics and behavior of zero-day malware. (Choose one).
A. Reputation Enable Defense RED

B. Gateway / Antivirus
C. Data Loss Prevention DLP
D. Spam Blocker
E. WebBlocker
F. Intrusion Prevention Server IPS
G. Application Control
H. Quarantine Server
I. APT Blocker
Correct Answer: I
Section: (none)
Explanation
APT Blocker is intended to stop malware and zero-day threats that are trying to invade an organization's network.
APT Blocker uses a next-gen sandbox to get detailed views into the execution of a malware program. After first running through other security services, files are
fingerprinted and checked against an existing database – first on the appliance and then in the cloud. If the file has never been seen before, it is analyzed using the
system emulator, which monitors the execution of all instructions. It can spot the evasion techniques that other sandboxes miss.
Reference: http://www.watchguard.com/wgrd-products/security-modules/apt-blocker
QUESTION 27
When you configure the Global Application Control action, it is automatically applied to all policies.
A. True
B. False
Correct Answer: B
Section: (none)
Explanation
QUESTION 28
Which WatchGuard Subscription Service must be enabled in a proxy policy before you can use APT Blocker? (Select one.)
A. RED
B. Application Control
C. Gateway Antivirus
D. WebBlocker
E. IPS
Correct Answer: C
Section: (none)
Explanation
QUESTION 29
What settings must you device configuration file include for Gateway AntiVirus to protect users on your network? (Select two.)
A. Configure a policy to use a proxy action that has AntiVirus settings configured.
B. Install the Gateway AntiVirus server on your network.
C. Configure Gateway AntiVirus settings for a proxy action.
D. Disable automatic signature updates.

E. Decrease the scan limits
Correct Answer: AC
Section: (none)
Explanation
When you enable Gateway AntiVirus, you must set the actions to be taken if a virus or error is found in an email message (SMTP or POP3 proxies), web page
download or upload post (HTTP proxy), or uploaded or downloaded file (FTP proxy). When Gateway AntiVirus is enabled, it scans each file up to a specified
kilobyte count. Any additional bytes in the file are not scanned. This allows the proxy to partially scan very large files without a large effect on performance.
Reference: http://watchguard.com/help/docs/webui/xtm_11/en-us/content/en-us/services/gateway_av/av_actions_config_c.html
QUESTION 30
After you enable Gateway AntiVirus, IPS, or Application control, how can you make sure the services protect your network from the latest known threats? (Select
one.)
A. Enable default packet handling.

B. Configure reputation Enabled Defense.
C. Enable automatic signature updates.
D. Enable HTTPS deep inspection.
Correct Answer: C
Section: (none)
Explanation
QUESTION 31
Match the monitoring tool to the correct task.
Which is not a Fireware monitoring tool? (Select one)
A. FireBox System Manager – Blocked Sites list

B. Log Server
C. FireWatch
D. Firebox System Manager – Subscription services
E. Firebox System Manager – Authentication list
F. Traffic Monitor
Correct Answer: B
Section: (none)
Explanation
The Fireware monitor and configuration tools are: Edge Web Manager, Firebox System Manager, HostWatch, and Ping.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181
QUESTION 32
Which diagnostic tasks can you run from the Traffic Monitor tab of Firebox System Manager? (Select four.)
A. DNS lookup
B. MAC address lookup
C. Traceroute
D. Reputation lookup
E. Ping
F. TCP dump
Correct Answer: ACEF

Section: (none)
Explanation
From Firebox System Manager, you can run diagnostic tasks to review information in all the log messages from your Firebox or XTM device. This can help you
debug problems on your network.
1. On the Traffic Monitor tab, right-click a message and select Diagnostic Tasks.
Or, select Tools > Diagnostic Tasks.
2. From the Task drop-down list, select the task to run.
Ping IPv4
Ping IPv6
traceroute
DNS Lookup
TCP Dump
Reference: http://watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/fsm/log_message_learn_more_wsm.html
QUESTION 33
How can you include log messages from more than one Firebox in a single report generated by Dimension? (Select two.)
A. You cannot see report data in Dimension for more than one device.
B. Create a device group and view the reports for that group.
C. Create a report schedule that includes all the devices you want to include in the report.
D. Export report data as a single PDF file for all the devices you want to include in the report.
Correct Answer: BC
Section: (none)
Explanation
QUESTION 34
To enable remote devices to send log messages to Dimension through the gateway Firebox, what must you verify is included in your gateway Firebox
configuration? (Select one.)
A. You can only send log messages to Dimension from a computer that is on the network behind your gateway Firebox.
B. You must change the connection settings in Dimension, not on the gateway Firebox.
C. You must add a policy to the remote device configuration file to allow traffic to a Dimension.
D. You must make sure that either the WG-Logging packet filter policy, or another policy that allows external connections to Dimension over port 4115, is included
in the configuration file.
Correct Answer: C
Section: (none)
Explanation
QUESTION 35
Which WatchGuard tools can you use to review the log messages generated by your Firebox? (Select three).
A. Firebox System Manager > Traffic Monitor

B. Fireware XTM Web UI > Traffic Monitor
C. Firebox System Manager > Status Report
D. Dimension > Log manager
E. WatchGuard System Manager > Policy Manager
Correct Answer: ABD

Section: (none)
Explanation
A: You can use Firebox System Manager (FSM) to see log messages from your XTM device as they occur.
1. Start Firebox System Manager.
2. Select the Traffic Monitor tab.
Reference: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-US/fsm/log_msgs_traffic_mon_wsm.html
D: You can use Firebox System Manager to see log messages in real-time on the Traffic Monitor tab. You can also examine log messages with Log Manager or
WatchGuard Dimension.
B: After you connect to WatchGuard WebCenter, you can review the log messages sent from your XTM devices to your WatchGuard Log Server. Log Manager
enables you to see log messages from your device for any period of time you specify, if log messages were generated in the selected time frame. To see log
messages for an XTM device as they are generated, in real-time, you can use Firebox System Manager Traffic Monitor.
Reference: http://www.watchguard.com/help/docs/wsm/XTM_11/en-US/index.html#en-US/logging/log_mgr_view_device_wsm.html
Incorrect:
Not C: The Status Report tab shows statistics about Firebox or XTM device traffic and performance. It does not display log messages.
To see the Status Report:
1. Start Firebox System Manager.

2. Select the Status Report tab.
QUESTION 36
You can configure your Firebox to send log messages to how many WatchGuard Log Servers at the same time? (Select one.)
A. One
B. Two
C. As many as you have configured on your network.
Correct Answer: B
Section: (none)
Explanation
QUESTION 37
How can you prevent connections to the Fireware Web UI from computers on optional interface Eth2? (Select one.)
A. Remove Eth2 from the Any-Optional alias.

B. Remove Any-Optional from the To list of the WatchGuard Web UI policy.
C. Remove Any-Optional from the From list of the WatchGuard policy.
D. Remove Any-Optional from the To list of the WatchGuard policy
E. Remove Any-Optional from the From list of the WatchGuard Web UI policy
Correct Answer: E
Section: (none)
Explanation
QUESTION 38
What is one reason that users could see a certificate warning in their web browsers when they connect to Fireware XTM Web UI? (Select one.)
A. The Firebox or XTM device uses the default self-signed certificate.

B. The authentication server does not respond after three minutes.
C. The user has been previously added to the Blocked Sites list.
D. The user or group is not present in the Firebox User database.
Correct Answer: A
Section: (none)
Explanation
QUESTION 39
From the Fireware Web UI, you can generate a report that shows your device configuration settings.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 40
In this diagram, which branch office VPN tunnel route must you add on the Site A Firebox to allow traffic between devices on the trusted network at Site A and the
trusted network at site B? (Select one.)
A. Local: 192.168.1.0/24 <--> Remote: 10.0.10.0/24
B. Local: 203.0.113.10/24 <--> Remote: 198.151.100.2/24
C. Local: 10.0.10.1/24 <--> Remote: 192.168.1.1/24
D. Local: 10.0.10.0/24 <--> Remote: 192.168.1.0/24
Correct Answer: D
Section: (none)
Explanation
QUESTION 41
You can use Firebox-DB authentication with any type of Mobile VPN.
A. True
B. False
Correct Answer: A
Section: (none)
Explanation
QUESTION 42
Which tool is used to see a treemap visualization of the traffic through your Firebox? (Select one)

B. Log Server
C. FireWatch
F. Traffic Monitor
Correct Answer: C
Section: (none)
Explanation
The FireWatch page is separated into tabs of data that is presented in a Treemap Visualization. The treemap is a widget that proportionally sizes blocks in the
display to represent the data for that tab. The largest blocks on the tab represent the largest data users. The data is sorted by the tab you select and the type you
select from the drop-down list at the top right of the page.
QUESTION 43
Which tool can add an IP address for the Firebox to permanently block? (Select one)

B. Log Server
C. FireWatch
F. Traffic Monitor
Correct Answer: A
Section: (none)
Explanation
Block a site permanently
The Successful Company network administrator has been driven to distraction recently by a script kiddy using addresses in the 192.136.15.0/24 network to run
probes of the Successful network. In this exercise, we permanently block all connections from that network.
1. From Policy Manager, select Setup > Default Threat Protection > Blocked Sites.
The Blocked Sites Configuration dialog box opens.
2. On the Blocked Sites tab, click Add.
3. The Add Site dialog box opens. 3. Use the Choose Type drop-down list to select Network IP. In the Value text box, type 192.136.15.0/ 24.
4. Click OK.
The entry appears in the Blocked Sites list. With this configuration, the Firebox blocks all packets to and from the 192.136.15.0/24 network range.
QUESTION 44
Which tool can ping the source of a denied packet? (Select one)

B. Log Server
C. FireWatch
F. Traffic Monitor
Correct Answer: F
Section: (none)
Explanation
For a quick look at the log messages generated by the Firebox, use Traffic Monitor. With Traffic Monitor, you can apply color to different types of messages, and
ping or traceroute to the IP addresses of computers included in the log messages.
QUESTION 45
Which tool can learn the status of your IPS signature database? (Select one)

B. Log Server
C. FireWatch
F. Traffic Monitor
Correct Answer: D
Section: (none)
Explanation
To look up information about an IPS signature:
1. Open Firebox System Manager.

2. Select the Subscription Services tab.
3. In the Intrusion Prevention section, click Show.
QUESTION 46
Manages use of applications on your network. (Choose one).

B. Data Loss Prevention DLP
C. Intrusion Prevention Server IPS
D. Application Control
E. APT Blocker
Correct Answer: D
Section: (none)
Explanation
Application Control keeps unproductive, inappropriate, and dangerous applications off-limits.
Stay on top of the applications running on your network for tight security and high productivity with a subscription to WatchGuard Application Control. It allows you to
establish which applications can be used within your organization, by whom, and when.
Reference: http://www.watchguard.com/docs/brochure/wg_application-control_ds.pdf
QUESTION 47
A repository where email messages can be sent based on analysis by spamBlocker, Gateway AntiVirus, or Data Loss Prevention. (Choose one).
A. Gateway / Antivirus
C. Spam Blocker
D. Intrusion Prevention Server IPS
E. Quarantine Server
Correct Answer: E
Section: (none)
Explanation
The WatchGuard Quarantine Server provides a safe mechanism to quarantine any email messages that are suspected or known to be spam, or to contain viruses
or sensitive data. The Quarantine Server is a repository for email messages that the SMTP proxy sends to quarantine based on analysis by spamBlocker, Gateway
AntiVirus, or Data Loss Prevention.
Reference: https://www.watchguard.com/help/docs/webui/xtm_11/en-US/index.html#cshid=en-US/quarantineserver/quar_server_about_c.html
QUESTION 48
Cloud based service that controls access to website based on a site’s previous behavior. (Choose one).

C. WebBlocker
D. Intrusion Prevention Server IPS
E. Application Control
F. Quarantine Server
Correct Answer: A
Section: (none)
Explanation
Reputation Enable Device (RED) is a cloud-based reputation service that controls user's ability to get main access to web malicious sites. Works in concert with the
WebBlocker module.
Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html
QUESTION 49
Scans files to detect malicious software infections. (Choose one).

B. Gateway / Antivirus
C. Data Loss Prevention DLP
D. Spam Blocker
E. Quarantine Server
Correct Answer: B
Section: (none)
Explanation
Gateway Antivirus provides a virus scanner that uses both an extensive signature database (updated through subscription) and a heuristic analysis engine.
Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html

WatchGuard Examskey Essentials v2019!03!23 by Martin 49q

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

WatchGuard Examskey Essentials v2019!03!23 by Martin 49q

Uploaded by

Copyright:

Available Formats

Fireware Essentials.

Number: Fireware Essentials

Fireware Essentials Exam

Correct Answer: BCEF

A. TheLiveSecurity feature key is expired.

Correct Answer: ACD

A. Route to 10.0.20.0/24, Gateway 10.0.2.1

Correct Answer: ACD

A. Access to inappropriate websites

Correct Answer: BCEG

Correct Answer: ADE

Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 97

A. Only a proxy policy examines information in the IP header.

Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 95

Correct Answer: ABCG

A. Sender Mail From address

Correct Answer: ACDE

Correct Answer: ABD

A. Add an HTTP proxy exception for the company’s remote website.

A. Reputation Enable Defense RED

D. Disable automatic signature updates.

A. Enable default packet handling.

Which is not a Fireware monitoring tool? (Select one)

A. FireBox System Manager – Blocked Sites list

Correct Answer: ACEF

A. Firebox System Manager > Traffic Monitor

Correct Answer: ABD

To see the Status Report:

1. Start Firebox System Manager.

A. Remove Eth2 from the Any-Optional alias.

A. The Firebox or XTM device uses the default self-signed certificate.

A. Local: 192.168.1.0/24 <--> Remote: 10.0.10.0/24

A. FireBox System Manager – Blocked Sites list

A. FireBox System Manager – Blocked Sites list

A. FireBox System Manager – Blocked Sites list

A. FireBox System Manager – Blocked Sites list

1. Open Firebox System Manager.

Manages use of applications on your network. (Choose one).

A. Reputation Enable Defense RED

A. Reputation Enable Defense RED

Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html

Scans files to detect malicious software infections. (Choose one).

A. Reputation Enable Defense RED

Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html

You might also like