WatchGuard Essentials Real Exam Questions and Answers FREE [Q26-Q42]

Share

WatchGuard Essentials Real Exam Questions and Answers FREE

Exam Dumps Essentials Practice Free Latest WatchGuard Practice Tests

NEW QUESTION 26
Which authentication servers can you use with your Firebox? (Select four.)

  • A. Linux Authentication
  • B. LDAP
  • C. Firebox databases
  • D. RADIUS
  • E. Kerberos
  • F. Active Directory
  • G. TACACS+

Answer: B,C,D,F

 

NEW QUESTION 27
When you configure the Global Application Control action, it is automatically applied to all policies.

  • A. True
  • B. False

Answer: B

 

NEW QUESTION 28
Clients on the trusted network need to connect to a server behind a router on the optional network.

Based on this image, what static route must be added to the Firebox for traffic from clients on the trusted network to reach a server at 10.0.20.100? (Select one.)

  • A. Route to 10.0.20.0/24,Gateway 10.0.2.254
  • B. Route to 10.0.20.0/24,Gateway 10.0.2.1
  • C. Route to 10.0.20.0, Gateway 10.0.2.254
  • D. Route to 10.0.10.0/24, Gateway 10.0.10.1

Answer: C

 

NEW QUESTION 29
Which takes precedence: WebBlocker category match or a WebBlocker exception?

  • A. WebBlocker category match
  • B. WebBlocker exception

Answer: B

 

NEW QUESTION 30
Match each WatchGuard Subscription Service with its function.
Controls access to website based on content categories. . (Choose one).

  • A. Reputation Enable Defense RED
  • B. Application Control
  • C. Explanation:
    WebBlocker controls access to the good and bad places that are reachable on the web,preventing users from gaining access to sites that have evil intentions.
    If you configure WebBlocker to use the Websense cloud for WebBlocker lookups, WebBlocker uses the Websense content categories. A web site is added to a category when the content of the web site meets the criteria for the content category.
    Reference:http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html
    QUESTIONNO: 74
    Match each type of NAT with the correct description:
    Allows a user on the trusted or optional network to connect to a public server that is on the same physical Firebox interface by its public IP address or domain name. (Choose one)
    A. 1-to1 NAT
    B. Dynamic NAT
    C. NAT Loopback
  • D. Intrusion Prevention Server IPS
  • E. WebBlocker
  • F. Gateway / Antivirus

Answer: E

Explanation:
NAT loopback allows a user on the trusted or optional networks to get access to a public server that is on the same physical Firebox or XTM device interface by its public IP address or domain name.
Reference:http://www.watchguard.com/help/docs/wsm/11/en-US/index_Left.html#CSHID=en-US%2Fnat%2Fnat_loopback_c.html|StartTopic=Content%2FenUS%2Fnat%2Fnat_loopback_c.html

 

NEW QUESTION 31
In the default Firebox configuration file, which policies control management access to the device? (Select two.)

  • A. WatchGuard Web UI
  • B. Outgoing
  • C. Ping
  • D. FTP
  • E. WatchGuard

Answer: A,E

 

NEW QUESTION 32
In the network configuration in this image, which aliases is Eth2 a member of? (Select three.)

  • A. Optional-1
  • B. Any
  • C. Any-optional
  • D. Any-External
  • E. Any-Trusted

Answer: A,B,C

 

NEW QUESTION 33
If your Firebox has a single public IP address, and you want to forward inbound traffic to internal hosts based on the destination port, which type of NAT should you use? (Select one.)

  • A. 1-to-1 NAT
  • B. Dynamic NAT
  • C. Static NAT

Answer: C

Explanation:
https://www.watchguard.com/training/fireware/10/fireware10_basics.pdf
See page 76: Static NAT allows inbound connections on specific ports to one or more public servers from a single external IP address. The Firebox changes the destination IP address of the packets and forwards them based on the original destination port number.

 

NEW QUESTION 34
Which WatchGuard Subscription Service must be enabled in a proxy policy before you can use APT Blocker?
(Select one.)

  • A. RED
  • B. Application Control
  • C. WebBlocker
  • D. IPS
  • E. Gateway Antivirus

Answer: E

 

NEW QUESTION 35
When your users connect to the Authentication Portal page to authenticate, they see a security warning message in their browses, which they must accept before they can authenticate. How can you make sure they do not see this security warning message in their browsers? (Select one.)

  • A. Replace the Firebox certificate with the trusted certificate from your web server.
  • B. Add the user accounts for your users who use the Authentication Portal to a list of trusted users on your Firebox.
  • C. Import a custom self-signed certificate or a third-party certificate to your Firebox and import the same certificate to all client computers or web browsers.
  • D. Instruct them to disable security warning message in their preferred browsers.

Answer: B

 

NEW QUESTION 36
Match the monitoring tool to the correct task.
Which tool can learn the status of your IPS signature database? (Select one)

  • A. Log Server
  • B. Firebox System Manager - Authentication list
  • C. Traffic Monitor
  • D. FireBox System Manager - Blocked Sites list
  • E. FireWatch
  • F. Firebox System Manager - Subscription services

Answer: F

Explanation:
To look up information about an IPS signature:
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181

 

NEW QUESTION 37
While troubleshooting a branch office VPN tunnel, you see this log message:
2014-07-23 12:29:15 iked (203.0.113.10<->203.0.113.20) Peer proposes phase one encryption 3DES, expecting AES What settings could you modify in the local device configuration to resolve this issue? (Select one.)

  • A. BOVPN-Allow policies
  • B. BOVPN Gateway settings
  • C. BOVPN Tunnel settings
  • D. BOVPN Tunnel Route settings

Answer: B

Explanation:
Explanation/Reference:
The WatchGuard BOVPN settings error in this example states phase one encryption. Only the BOVPN Gateway settings can specify phase one settings. BOVPN Tunnel settings specify phase 2 settings.

 

NEW QUESTION 38
To prevent certificate error warnings in your browser when you use deep content inspection with the HTTPS proxy, you can export the proxy authority certificate from the Firebox and import that certificate to all client devices.

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 39
Which diagnostic tasks can you run from the Traffic Monitor tab of Firebox System Manager? (Select four.)

  • A. DNS lookup
  • B. Reputation lookup
  • C. Traceroute
  • D. Ping
  • E. TCP dump
  • F. MAC address lookup

Answer: A,C,D,E

Explanation:
Explanation/Reference:
From Firebox System Manager, you can run diagnostic tasks to review information in all the log messages from your Firebox or XTM device. This can help you debug problems on your network.
1. On the Traffic Monitor tab, right-click a message and select Diagnostic Tasks.
Or, select Tools > Diagnostic Tasks.
2. From the Task drop-down list, select the task to run.
Ping IPv4
Ping IPv6
traceroute
DNS Lookup
TCP Dump
Reference: http://watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/fsm/ log_message_learn_more_wsm.html

 

NEW QUESTION 40
Which tool is used to see a treemap visualization of the traffic through your Firebox? (Select one)

  • A. Log Server
  • B. Firebox System Manager - Authentication list
  • C. Traffic Monitor
  • D. Firebox System Manager - Subscription services
  • E. FireBox System Manager - Blocked Sites list
  • F. FireWatch

Answer: F

Explanation:
Explanation/Reference:
The FireWatch page is separated into tabs of data that is presented in a Treemap Visualization. The treemap is a widget that proportionally sizes blocks in the display to represent the data for that tab. The largest blocks on the tab represent the largest data users. The data is sorted by the tab you select and the type you select from the drop-down list at the top right of the page.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181

 

NEW QUESTION 41
What settings must you device configuration file include for Gateway AntiVirus to protect users on your network? (Select two.)

  • A. Configure Gateway AntiVirus settings for a proxy action.
  • B. Decrease the scan limits
  • C. Install the Gateway AntiVirus server on your network.
  • D. Configure a policy to use a proxy action that has AntiVirus settings configured.
  • E. Disable automatic signature updates.

Answer: A,D

Explanation:
Explanation/Reference:
When you enable Gateway AntiVirus, you must set the actions to be taken if a virus or error is found in an email message (SMTP or POP3 proxies), web page download or upload post (HTTP proxy), or uploaded or downloaded file (FTP proxy). When Gateway AntiVirus is enabled, it scans each file up to a specified kilobyte count. Any additional bytes in the file are not scanned. This allows the proxy to partially scan very large files without a large effect on performance.
Reference: http://watchguard.com/help/docs/webui/xtm_11/en-us/content/en-us/services/gateway_av/ av_actions_config_c.html

 

NEW QUESTION 42
......

Verified Essentials Exam Dumps Q&As - Provide Essentials with Correct Answers: https://www.itexamdownload.com/Essentials-valid-questions.html

Essentials Exam Questions | Real Essentials Practice Dumps: https://drive.google.com/open?id=1NLsYp47p6ItSGvE0ewjh0A2pzF4A9ggl