
Essentials Study Guide Brilliant Essentials Exam Dumps PDF
View Essentials Exam Question Dumps With Latest Demo
NEW QUESTION 29
For which of these third party authentication methods must you specify a search base? (Select two.)
- A. LDAP
- B. RADIUS
- C. SecurID
- D. Active Directory
Answer: A,D
Explanation:
Explanation/Reference:
B: Configuring the Firebox to use Active Directory authentication is similar to the process for LDAP authentication. You must set a search base to put limits on the directories on the authentication server the Firebox searches in for an authentication match.
D: When you configure the Firebox to use LDAP authentication, you must set a search base to put limits on the directories on the authentication server the Firebox searches in for an authentication match Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 83-84
NEW QUESTION 30
Which items are included in a Firebox backup image? (Select four.)
- A. Fireware OS
- B. Feature keys
- C. Support snapshot
- D. Configuration file
- E. Log file
- F. Certificates
Answer: A,B,D,F
Explanation:
Explanation/Reference:
A Firebox backup image is a saved copy of the working image from the Firebox flash disk. The backup image includes the Firebox appliance software, configuration file, licenses, and certificates.
When you purchase an option for your Firebox, you add a new feature key to your configuration file.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 14, 57
NEW QUESTION 31
If you disable the Outgoing policy, which policies must you add to allow trusted users to connect to commonly used websites? (Select three.)
- A. HTTP port 80
- B. NAT policy
- C. FTP port 21
- D. DNS port 53
- E. HTTPS port 443
Answer: A,D,E
Explanation:
Explanation/Reference:
TCP-UDP packet filter
If you decide to remove the Outgoing policy, you must add a policy for any type of traffic you want to allow through the Firebox. If you remove the Outgoing policy and then decide you want to allow all TCP and UDP connections through the Firebox again, you must add the TCP-UDP packet filter to provide the same function.
This is because the Outgoing policy does not appear in the list of standard policies available from Policy Manager.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 97
NEW QUESTION 32
You configured four Device Administrator user accounts for your Firebox. To see a report of witch Device Management users have made changes to the device configuration, what must you do? (Select two.)
- A. Configure your device to send audit trail log messages to your WatchGuard Log Server or Dimension Log Server.
- B. Open WatchGuard Server Center and review the configuration history for managed devices.
- C. Start Firebox System Manager for the device and review the activity for the Management Users on the Authentication List tab.
- D. Connect to Report Manager or Dimension and view the Audit Trail report for your device.
Answer: B,D
NEW QUESTION 33
How can you prevent connections to the Fireware Web UI from computers on optional interface Eth2?
(Select one.)
- A. Remove Any-Optional from the To list of the WatchGuard Web UI policy.
- B. Remove Any-Optional from the To list of the WatchGuard policy
- C. Remove Any-Optional from the From list of the WatchGuard Web UI policy
- D. Remove Eth2 from the Any-Optional alias.
- E. Remove Any-Optional from the From list of the WatchGuard policy.
Answer: C
NEW QUESTION 34
You can use Firebox System Manager to download a PCAP file that includes packet information about the protocols that manage traffic on your network.
- A. False
- B. True
Answer: B
NEW QUESTION 35
If you use an external authentication server for mobile VPN, which option must you complete before remote users can authenticate? (Select one.)
- A. Add the remote users to a Mobile VPN user group on your Firebox.
- B. Reboot the authentication server.
- C. Create aliases for each remote user's virtual IP address.
- D. Add the Mobile VPN user group and remote users to your authentication server.
Answer: D
Explanation:
Explanation
NEW QUESTION 36
In a Mobile VPN configuration, why would you choose default route VPN over split tunnel VPN? (Select one.)
- A. Default route VPN allows your Firebox to examine all remote user traffic
- B. Default route VPN uses less bandwidth
- C. Default route VPN uses less processing power
- D. Default route VPN automatically allows dynamic NAT
Answer: A
Explanation:
http://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/mvpn/pptp/mvpn_pptp_internet-access_c.html
The most secure option is to require that all remote user Internet traffic is routed through the VPN tunnel to the XTM device. Then, the traffic is sent back out to the Internet. With this configuration (known as default-route VPN), the XTM device is able to examine all traffic and provide increased security, although it uses more processing power and bandwidth.
NEW QUESTION 37
You can configure your Firebox to automatically redirect users to the Authentication Portal page.
- A. True
- B. False
Answer: B
NEW QUESTION 38
To prevent certificate error warnings in your browser when you use deep content inspection with the HTTPS proxy, you can export the proxy authority certificate from the Firebox and import that certificate to all client devices.
- A. False
- B. True
Answer: B
NEW QUESTION 39
Match each type of NAT with the correct description:
Conserves IP addresses and hides the internal topology of your network. (Choose one)
- A. 1-to1 NAT
- B. Dynamic NAT
- C. NAT Loopback
Answer: B
Explanation:
Explanation/Reference:
Dynamic NAT is also known as IP masquerading. With dynamic NAT many computers can connect to the Internet from one public IP address. Dynamic NAT gives more security for internal hosts that use the Internet, because it hides the IP addresses of hosts on your network.
Reference: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/nat/ nat_dynamic_use_c.html%3FTocPath%3DNetwork%2520Address%2520Translation%2520(NAT)%
7CAbout%2520Dynamic%2520NAT%7C_____0
NEW QUESTION 40
You need to create an HTTP-proxy policy to a specific domain for software updates (example.com). The update site has multiple subdomains and dynamic IP addresses on a content delivery network. Which of these options is the best way to define the destination in your HTTP-proxy policy? (Select one.)
- A. Configure a host name for update.example.com.
- B. Create an alias for all subdomains and known IP addresses for example.com.
- C. Add IP addresses that correspond to each software update server in the domain.
- D. Configure an FQDN for *.example.com.
Answer: D
NEW QUESTION 41
After you enable Gateway AntiVirus, IPS, or Application control, how can you make sure the services protect your network from the latest known threats? (Select one.)
- A. Configure reputation Enabled Defense.
- B. Enable HTTPS deep inspection.
- C. Enable automatic signature updates.
- D. Enable default packet handling.
Answer: C
NEW QUESTION 42
Match each type of NAT with the correct description:
Changes and routes all incoming and outgoing packets sent from one range of addresses to a different range of addresses. (Choose one)
- A. Dynamic NAT
- B. 1-to1 NAT
- C. NAT Loopback
Answer: B
Explanation:
When you enable 1-to-1 NAT, the Firebox changes and routes all incoming and outgoing packets sent from one range of addresses to a different range of addresses.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 74
NEW QUESTION 43
From the Firebox System Manager >Authentication List tab, you can view all of the authenticated users connected to your Firebox and disconnect any of them.
- A. True
- B. False
Answer: B
NEW QUESTION 44
Which of these actions adds a host to the temporary or permanent blocked sites list? (Select three.)
- A. Add the site to theBlocked Sites Exceptionslist.
- B. On the Firebox System Manager >Blocked Sitestab, selectAdd.
- C. Enable theAUTO-block sites that attempt to connectoption in a deny policy.
- D. In Policy Manager, selectSetup> Default Threat Protection > Blocked Sitesand clickAdd.
Answer: B,C,D
Explanation:
A: You can configure a deny policy to automatically block sites that originate traffic that does not comply with the policy rulese
1.From Policy Manager, double-click the PCAnywhere policy.
2.Click the Properties tab. Select the Auto-block sites that attempt to connect checkbox.
Reference:https://www.watchguard.com/training/fireware/80/defense8.htm
C: The blocked sites list shows all the sites currently blocked as a result of the rules defined in Policy Manager. From this tab, you can add sites to the temporary blocked sites list, or remove temporary blocked sites.
Reference:http://www.watchguard.com/training/fireware/82/monitoa6.htm
D: You can usePolicy Manager to permanently add sites to the Blocked Sites list.
1.select Setup > Default Threat Protection > Blocked Sites.
2.Click Add.
The Add Site dialog box appears.
Reference:http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-
US/intrusionprevention/blocked_sites_permanent_c.html
NEW QUESTION 45
Match the monitoring tool to the correct task.
Which tool can ping the source of a denied packet? (Select one)
- A. FireBox System Manager - Blocked Sites list
- B. FireboxSystem Manager - Subscription services
- C. FireWatch
- D. Firebox System Manager - Authentication list
- E. Log Server
- F. Traffic Monitor
Answer: F
Explanation:
For a quick look at the log messages generated by the Firebox, use Traffic Monitor. With Traffic Monitor, you can apply color to differenttypes of messages, and ping or traceroute to the IP addresses of computers included in the log messages.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181
NEW QUESTION 46
You can configure your Firebox to automatically redirect users to the Authentication Portal page.
- A. False
- B. True
Answer: B
NEW QUESTION 47
You need to create an HTTP-proxy policy to a specific domain for software updates (example.com). The update site has multiple subdomains and dynamic IP addresses on a content delivery network. Which of these options is the best way to define the destination in your HTTP-proxy policy? (Select one.)
- A. Configure a host name for update.example.com.
- B. Configure an FQDN for *.example.com.
- C. Create an alias for all subdomains and known IP addresses for example.com.
- D. Add IP addresses that correspond to each software update server in the domain.
Answer: D
NEW QUESTION 48
What is the best method to downgrade the version of Fireware OS on your Firebox without losing all device configuration settings? (Select one.)
- A. Use the downgrade feature on Policy Manager to select a previous of Fireware OS.
- B. Use the Upgrade OS feature in Fireware Web UI to install the sysa_dl file for an order version of Fireware OS.
- C. Restore a saved backup image that was created for the device before the last Fireware OS upgrade.
- D. Change the OS compatibility setting in Policy Manager to downgrade the device. Then use Policy Manager to save the configuration to the device.
Answer: C
NEW QUESTION 49
You can configure your Firebox to send log messages to how many WatchGuard Log Servers at the same time? (Select one.)
- A. One
- B. Two
- C. As many as you have configured on your network.
Answer: B
NEW QUESTION 50
For which of these third party authentication methods must you specify a search base? (Select two.)
- A. LDAP
- B. RADIUS
- C. SecurID
- D. Active Directory
Answer: A,D
Explanation:
B: Configuring the Firebox to use Active Directory authentication is similar to the process for LDAP authentication. You must set a search base to put limits on the directories on the authentication server the Firebox searchesin for an authentication match.
D: When you configure the Firebox to use LDAP authentication, you must set a search base to put limits on the directories on the authentication server the Firebox searches in for an authentication match
Reference: FirewareBasics, Courseware: WatchGuard System Manager 10, page 83-84
NEW QUESTION 51
......
Free Essentials Test Questions Real Practice Test Questions: https://www.prepawayexam.com/WatchGuard/braindumps.Essentials.ete.file.html
Essentials Dumps Updated Apr 09, 2023 WIith 75 Questions: https://drive.google.com/open?id=1L7uNepmxyzQ-gi9e2tlZhTRzZ6aLqnjX