




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A practice exam for the mcafee web gateway (mwg), covering key concepts and functionalities. It includes questions related to dlp, rule sets, proxy modes, high availability, threat intelligence, ssl/tls inspection, and more. Each question is followed by the correct answer and a brief explanation, making it a useful resource for exam preparation and understanding mwg configurations. This practice exam is designed to test and reinforce knowledge of mcafee web gateway features and administration, helping users prepare for certification or enhance their understanding of web security concepts. It covers a range of topics, including url filtering, anti-malware, and integration with epolicy orchestrator.
Typology: Exams
1 / 121
This page cannot be seen from the preview
Don't miss anything!





























































































Question 1. Which core function of McAfee Web Gateway (MWG) is responsible for inspecting outbound traffic for confidential data leakage? A) URL Filtering B) Anti‑Malware Engine C) Data Loss Prevention (DLP) D) Access Control Answer: C Explanation: DLP in MWG examines outbound web traffic to detect and prevent the transmission of sensitive information such as credit‑card numbers or proprietary data. Question 2. In MWG terminology, what is the primary difference between a “Rule” and a “Rule Set”? A) A Rule defines an action; a Rule Set groups multiple Rules for processing order. B) A Rule Set is a single condition; a Rule contains multiple conditions. C) Rules are applied only to HTTPS; Rule Sets apply to all protocols. D) There is no difference; the terms are interchangeable. Answer: A Explanation: A Rule specifies a match condition and an action, while a Rule Set is a collection of Rules that are evaluated sequentially.
Question 3. Which deployment mode allows MWG to operate without requiring explicit proxy settings on client browsers? A) Explicit Proxy B) Transparent Proxy C) Reverse Proxy D) Hybrid Proxy Answer: B Explanation: Transparent Proxy intercepts traffic at the network level, so clients do not need to configure proxy settings. Question 4. When configuring High Availability (HA) in MWG, what does the “Active/Passive” model imply? A) Both nodes process traffic simultaneously. B) Only the passive node handles traffic during peak hours. C) The active node processes traffic while the passive node stands by for failover. D) Traffic is load‑balanced equally between the two nodes. Answer: C Explanation: In Active/Passive HA, the primary node handles all traffic; the secondary node becomes active only if the primary fails.
Question 7. Which protocol does MWG NOT natively inspect without additional configuration? A) HTTP B) HTTPS C) FTP D) SMTP Answer: D Explanation: MWG focuses on web traffic (HTTP/HTTPS/FTP). SMTP inspection requires separate mail gateway solutions. Question 8. When deploying SSL/TLS inspection, what is the purpose of installing a custom CA certificate on client devices? A) To encrypt traffic between the client and the internet. B) To allow the client to trust certificates generated by the MWG during decryption. C) To block all HTTPS traffic. D) To replace the server’s original certificate with a self‑signed one. Answer: B Explanation: The MWG generates a new certificate for each inspected site; the client must trust the MWG’s CA to avoid certificate warnings.
Question 9. Which MWG component is responsible for scanning files for known malware signatures? A) URL Filter B) Anti‑Malware Engine C) DLP Engine D) SSL Scanner Answer: B Explanation: The Anti‑Malware Engine compares file content against signature databases and heuristic rules. Question 10. In a rule that uses “Source IP” criteria, which of the following statements is true? A) The rule will apply only to traffic from the specified IP range regardless of user identity. B) The rule will also consider the destination IP automatically. C) The rule cannot be combined with other criteria. D) The rule only works for HTTPS traffic. Answer: A Explanation: “Source IP” restricts the rule to traffic originating from the defined IP addresses, independent of user or destination.
Question 13. Which authentication protocol supported by MWG can pass the user’s Windows credentials transparently to the gateway? A) LDAP B) Kerberos C) NTLM D) RADIUS Answer: C Explanation: NTLM enables transparent pass‑through authentication using the user’s existing Windows session credentials. Question 14. When integrating MWG with ePolicy Orchestrator (ePO), which of the following is NOT a benefit? A) Centralized policy distribution across multiple MWG appliances. B) Automatic generation of SSL certificates for each client. C) Unified reporting and compliance dashboards. D) Simplified licensing management. Answer: B Explanation: ePO does not generate SSL certificates for client devices; certificate management remains within MWG or a PKI system.
Question 15. In the MWG dashboard, the “CPU Utilization” graph primarily helps administrators to: A) Identify malformed HTTP requests. B) Detect potential performance bottlenecks. C) Verify successful SSL decryption. D) Monitor user authentication failures. Answer: B Explanation: CPU utilization indicates how much processing power the gateway is using, helping to spot overload conditions. Question 16. Which logging file records every URL request processed by MWG, regardless of the outcome? A) Audit Log B) Access Log C) Error Log D) System Log Answer: B Explanation: The Access Log captures each web request, including allowed, blocked, and redirected transactions.
Question 19. When configuring a “Shared List” in MWG, what is its primary purpose? A) To store a collection of IP addresses for use across multiple rules. B) To cache frequently accessed web pages. C) To maintain a list of SSL certificates. D) To record user authentication attempts. Answer: A Explanation: Shared Lists allow administrators to define reusable objects such as IP groups, URL lists, or file hashes for multiple rules. Question 20. Which MWG feature enables administrators to monitor the real‑time flow of a specific transaction for debugging purposes? A) Log Viewer B) Rule Tracer C) Traffic Analyzer D) Packet Sniffer Answer: B Explanation: The Rule Tracer shows step‑by‑step evaluation of a transaction against the configured rules.
Question 21. In a “Time‑of‑Day” rule, what does the “Schedule” parameter define? A) The maximum bandwidth allowed during the period. B) The specific days and hours when the rule is active. C) The order in which the rule is evaluated. D) The list of users to which the rule applies. Answer: B Explanation: The Schedule sets the calendar days and time ranges during which the rule’s criteria are enforced. Question 22. Which of the following best describes the function of McAfee Advanced Threat Defense (ATD) when integrated with MWG? A) Provides real‑time URL categorization. B) Performs sandbox analysis on suspicious files before allowing them. C) Generates SSL certificates for decryption. D) Acts as a backup storage for blocked content. Answer: B Explanation: ATD analyzes potentially malicious files in a sandbox, enabling MWG to make informed allow/block decisions.
Question 25. Which MWG component must be updated regularly to maintain protection against the latest malware signatures? A) URL Filter Database B) Anti‑Malware Signature Database C) DLP Policy Library D) SSL Certificate Store Answer: B Explanation: The Anti‑Malware signatures are updated frequently to detect emerging threats. Question 26. In the context of MWG, what does “Coaching” refer to? A) Training users on safe browsing habits. B) Temporarily allowing a blocked request while logging the event. C) Redirecting traffic to a sandbox environment. D) Enabling bandwidth throttling for specific users. Answer: B Explanation: Coaching permits a user to bypass a block for a single request, useful for troubleshooting while still recording the attempt.
Question 27. Which of the following is NOT a valid source for importing user and group objects into MWG? A) LDAP directory B) CSV file C) Active Directory D) RADIUS server Answer: D Explanation: RADIUS provides authentication but does not serve as a source for bulk user/group import into MWG. Question 28. When configuring “Load Balancing” for multiple MWG appliances, which protocol is commonly used to distribute traffic? A) FTP B) DNS C) HAProxy D) TCP/UDP with a virtual IP (VIP) Answer: D Explanation: A virtual IP address with TCP/UDP load‑balancing distributes client connections across the appliance cluster.
Question 31. Which of the following is a recommended practice when deploying SSL/TLS inspection to minimize privacy concerns? A) Decrypt all traffic without exception. B) Create an exemption list for financial and healthcare sites. C) Use self‑signed certificates for all sites. D) Disable certificate validation on the client side. Answer: B Explanation: Exempting sensitive domains reduces the risk of exposing confidential data while still protecting the majority of traffic. Question 32. What does the “Rule Engine” in MWG primarily handle? A) Encryption of outbound traffic. B) Evaluation of transaction criteria against configured policies. C) Storage of log files. D) Generation of SSL certificates. Answer: B Explanation: The Rule Engine processes each web request, matches it against rules, and determines the appropriate action.
Question 33. Which of the following statements about “Shared Libraries” in MWG is correct? A) They store executable binaries for the gateway. B) They contain reusable objects like file type definitions for multiple rule sets. C) They are used to cache web content for faster delivery. D) They hold user authentication passwords. Answer: B Explanation: Shared Libraries allow administrators to define objects (e.g., file types, MIME categories) that can be referenced across many policies. Question 34. When an MWG appliance is configured in “Passive” HA mode, what happens to traffic if the active node fails? A) Traffic is automatically rerouted to the passive node with no interruption. B) Traffic stops until the passive node is manually activated. C) The passive node continues processing but logs all events as errors. D) The appliance shuts down entirely. Answer: A Explanation: In Passive HA, the standby unit takes over automatically, ensuring continuity of service.
Question 37. Which of the following best describes the purpose of the “Progress Page” in MWG? A) To display a loading screen while a large file is being scanned. B) To block the user permanently after multiple violations. C) To provide a summary of all blocked URLs for the session. D) To redirect users to a corporate intranet portal. Answer: A Explanation: The Progress Page informs users that the request is being processed, especially for large downloads undergoing scanning. Question 38. In MWG, a “Stop Rule Set” action differs from a “Stop Cycle” action in that it: A) Ends evaluation of the current rule set only, but continues with subsequent rule sets. B) Terminates the entire transaction immediately. C) Logs the transaction and then continues processing. D) Restarts the rule set from the first rule. Answer: A Explanation: “Stop Rule Set” halts further rules within the same set but allows later rule sets to be evaluated.
Question 39. Which command would you use on the MWG CLI to display current CPU and memory statistics? A) show system health B) get perf stats C) top D) status resources Answer: C Explanation: The “top” command provides a real‑time view of CPU and memory usage on the MWG Linux platform. Question 40. When configuring a “File Type” rule, which attribute determines whether the rule applies to a file’s extension or its MIME type? A) Content Inspection Mode B) Matching Method (Extension vs. MIME) C) Encryption Level D) Source Port Answer: B Explanation: The Matching Method setting lets administrators choose between checking the file extension or the MIME type header.