WATCHGUARD NETWORK SECURITY ESSENTIALS EXAM, Exams of Computer Science

WATCHGUARD NETWORK SECURITY ESSENTIALS EXAM WATCHGUARD NETWORK SECURITY ESSENTIALS EXAM

Typology: Exams

2025/2026

Available from 05/24/2026

Tutornurse
Tutornurse 🇺🇸

3.4

(5)

7.1K documents

1 / 111

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
WATCHGUARD NETWORK
SECURITY ESSENTIALS EXAM
What is the purpose of the WatchGuard Authentication policy?
(Select one.)
a.
Allows management users to authenticate to Fireware Web UI
b.
Allows branch office VPN connections between two Fireboxes
c.
Allows user connections to the Firebox Authentication Portal
d.
Allows Mobile VPN users to authenticate to the Firebox
Allows user connections to the Firebox Authentication Portal
d. Yes, the Outgoing policy allows this traffic.
From the policies shown in this image, can users in the Sales group
connect from the trusted network to websites with HTTPS? (Select
one.)
a.
No. The HTTPS-proxy policy only allows HTTPS traffic for the
Accounting group.
b.
No. The Outgoing policy does not allow any traffic from the Sales
group.
c.
Yes. The HTTP policy allows HTTP and HTTPS traffic for the
Sales group.
d.
Yes. The Outgoing policy allows HTTPS traffic from the trusted
network.
You can configure Dynamic NAT to route incoming connections
from the Internet to two different FTP servers on the trusted
network.
a.
True b. False
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download WATCHGUARD NETWORK SECURITY ESSENTIALS EXAM and more Exams Computer Science in PDF only on Docsity!

WATCHGUARD NETWORK

SECURITY ESSENTIALS EXAM

What is the purpose of the WatchGuard Authentication policy? (Select one.) a. Allows management users to authenticate to Fireware Web UI b. Allows branch office VPN connections between two Fireboxes c. Allows user connections to the Firebox Authentication Portal d. Allows Mobile VPN users to authenticate to the Firebox Allows user connections to the Firebox Authentication Portal d. Yes, the Outgoing policy allows this traffic. From the policies shown in this image, can users in the Sales group connect from the trusted network to websites with HTTPS? (Select one.) a. No. The HTTPS-proxy policy only allows HTTPS traffic for the Accounting group. b. No. The Outgoing policy does not allow any traffic from the Sales group. c. Yes. The HTTP policy allows HTTP and HTTPS traffic for the Sales group. d. Yes. The Outgoing policy allows HTTPS traffic from the trusted network. You can configure Dynamic NAT to route incoming connections from the Internet to two different FTP servers on the trusted network. a. True b. False

b. False. Dynamic NAT applies only to outgoing connections. What port and protocol is used by DNS? (Select one.) a. UDP/ b. UDP/ c. TCP/ d. TCP/ UDP/ While troubleshooting a branch office VPN tunnel, you see the log message below. What settings could you modify in the local device configuration to resolve the configuration issue? (Select one.) iked (203.0.113.50<->203.0.113.20)IKE phase- 2 negotiation from 203.0.113.50:500 to 203.0.113.20:500 failed. Tunnel='tunnel.1' Reason=Received proposal without PFS, Expecting PFS enabled id="0205-0002" Debug a. BOVPN Gateway settings b. BOVPN Tunnel settings c. BOVPN over TLS settings d. IKEv2 Shared settings BOVPN Tunnel settings. b and d. You can configure a static route to the specific server, or to the entire subnet it is on. In either case, the gateway is the IP address of the router that connects to that network, and the gateway must be reachable by the firewall. Based on this network diagram, which of these static routes could you add to the Firebox to enable the Firebox to route traffic from clients on the 192.168.10.0/24 subnet to a server at 10.0.20.80? (Select two.)

SDWAN fails over under what conditions Is it Latency Jitter Loss . What NAT do you use when coming from a private network and trying to connection to servers on the internet? 1:1 Nat NAT loopback Dynamic NAT Static NAT . If a connection fails to fail over and your boss wants you tell him why it didn't failover? SDWAN ping policy wasn't setup Link monitor failed Link monitor was set to gradually fall back Link Monitor was set tp ping the default gateway but the outage happened further upstream Basically know exactly how link monitor works There's a very tricky question about this on the exam. .yes can advanced setting override an outbound global dynamic NAT policy?

Yes or no . outgoing connections with no policy the firebox will? send traffic to the default gateway Blocks traffic denies traffic drops traffic a graphical representation for the flow of data through the policies. (choose three) Bandwidth meter Traffic monitor Traffic management Service watch Firewatch Traffic management Service watch Firewatch What is the purpose of the WatchGuard Authentication policy? (Select one.) a. Allows management users to authenticate to Fireware Web UI b. Allows branch office VPN connections between two Fireboxes c. Allows user connections to the Firebox Authentication Portal d. Allows Mobile VPN users to authenticate to the Firebox Allows user connections to the Firebox Authentication Portal

negotiation from 203.0.113.50:500 to 203.0.113.20:500 failed. Tunnel='tunnel.1' Reason=Received proposal without PFS, Expecting PFS enabled id="0205-0002" Debug a. BOVPN Gateway settings b. BOVPN Tunnel settings c. BOVPN over TLS settings d. IKEv2 Shared settings BOVPN Tunnel settings. b and d. You can configure a static route to the specific server, or to the entire subnet it is on. In either case, the gateway is the IP address of the router that connects to that network, and the gateway must be reachable by the firewall. Based on this network diagram, which of these static routes could you add to the Firebox to enable the Firebox to route traffic from clients on the 192.168.10.0/24 subnet to a server at 10.0.20.80? (Select two.) a. Route to 10.0.20.0, Gateway 10.0.2. b. Route to 10.0.20.80, Gateway 192.168.10. c. Route to 192.168.10.5, Gateway 192.168.10. d. Route to 10.0.20.0/24, Gateway 192.168.10. You can use the TCP-UDP proxy to control Web, FTP, and SIP traffic on ports other than 80, 21, and 5060. a. True b. False a. True. The TCP-UDP proxy applies to TCP and UDP traffic on any TCP or UDP port. Which authentication servers can be used with any type of Mobile VPN (Select two.)

a. Firebox-DB b. Active Directory c. RADIUS d. LDAP Firebox-DB RADIUS .Do you need a static route on Floor 1 and Floor 2 There are two networks one on floor 1 subnet 192.168.3.0/24 and one network on floor 2 192.168.2.0/24. How can people on floor 1 reach a server on floor 2. Do you need a static route on Floor 1 No changes need to be made networks on the same subnet. Do you need a static route on Floor 2 Do you need a static route on Floor 1 and Floor 2 . SDWAN fails over under what conditions Is it Latency Jitter Loss . What NAT do you use when coming from a private network and trying to connection to servers on the internet? 1:1 Nat NAT loopback Dynamic NAT Static NAT

Service watch Firewatch Traffic management Service watch Firewatch What is the purpose of the WatchGuard Authentication policy? (Select one.) a. Allows management users to authenticate to Fireware Web UI b. Allows branch office VPN connections between two Fireboxes c. Allows user connections to the Firebox Authentication Portal d. Allows Mobile VPN users to authenticate to the Firebox Allows user connections to the Firebox Authentication Portal d. Yes, the Outgoing policy allows this traffic. From the policies shown in this image, can users in the Sales group connect from the trusted network to websites with HTTPS? (Select one.) a. No. The HTTPS-proxy policy only allows HTTPS traffic for the Accounting group. b. No. The Outgoing policy does not allow any traffic from the Sales group. c. Yes. The HTTP policy allows HTTP and HTTPS traffic for the Sales group. d. Yes. The Outgoing policy allows HTTPS traffic from the trusted network. You can configure Dynamic NAT to route incoming connections from the Internet to two different FTP servers on the trusted network.

a. True b. False b. False. Dynamic NAT applies only to outgoing connections. What port and protocol is used by DNS? (Select one.) a. UDP/ b. UDP/ c. TCP/ d. TCP/ UDP/ While troubleshooting a branch office VPN tunnel, you see the log message below. What settings could you modify in the local device configuration to resolve the configuration issue? (Select one.) iked (203.0.113.50<->203.0.113.20)IKE phase- 2 negotiation from 203.0.113.50:500 to 203.0.113.20:500 failed. Tunnel='tunnel.1' Reason=Received proposal without PFS, Expecting PFS enabled id="0205-0002" Debug a. BOVPN Gateway settings b. BOVPN Tunnel settings c. BOVPN over TLS settings d. IKEv2 Shared settings BOVPN Tunnel settings. b and d. You can configure a static route to the specific server, or to the entire subnet it is on. In either case, the gateway is the IP address of the router that connects to that network, and the gateway must be reachable by the firewall. Based on this network diagram, which of these static routes could you add to the Firebox to enable the Firebox to route traffic from clients

SDWAN fails over under what conditions Is it Latency Jitter Loss . What NAT do you use when coming from a private network and trying to connection to servers on the internet? 1:1 Nat NAT loopback Dynamic NAT Static NAT . If a connection fails to fail over and your boss wants you tell him why it didn't failover? SDWAN ping policy wasn't setup Link monitor failed Link monitor was set to gradually fall back Link Monitor was set tp ping the default gateway but the outage happened further upstream Basically know exactly how link monitor works There's a very tricky question about this on the exam. .yes can advanced setting override an outbound global dynamic NAT policy?

Yes or no . outgoing connections with no policy the firebox will? send traffic to the default gateway Blocks traffic denies traffic drops traffic a graphical representation for the flow of data through the policies. (choose three) Bandwidth meter Traffic monitor Traffic management Service watch Firewatch Traffic management Service watch Firewatch What is the purpose of the WatchGuard Authentication policy? (Select one.) a. Allows management users to authenticate to Fireware Web UI b. Allows branch office VPN connections between two Fireboxes c. Allows user connections to the Firebox Authentication Portal d. Allows Mobile VPN users to authenticate to the Firebox Allows user connections to the Firebox Authentication Portal

negotiation from 203.0.113.50:500 to 203.0.113.20:500 failed. Tunnel='tunnel.1' Reason=Received proposal without PFS, Expecting PFS enabled id="0205-0002" Debug a. BOVPN Gateway settings b. BOVPN Tunnel settings c. BOVPN over TLS settings d. IKEv2 Shared settings BOVPN Tunnel settings. b and d. You can configure a static route to the specific server, or to the entire subnet it is on. In either case, the gateway is the IP address of the router that connects to that network, and the gateway must be reachable by the firewall. Based on this network diagram, which of these static routes could you add to the Firebox to enable the Firebox to route traffic from clients on the 192.168.10.0/24 subnet to a server at 10.0.20.80? (Select two.) a. Route to 10.0.20.0, Gateway 10.0.2. b. Route to 10.0.20.80, Gateway 192.168.10. c. Route to 192.168.10.5, Gateway 192.168.10. d. Route to 10.0.20.0/24, Gateway 192.168.10. You can use the TCP-UDP proxy to control Web, FTP, and SIP traffic on ports other than 80, 21, and 5060. a. True b. False a. True. The TCP-UDP proxy applies to TCP and UDP traffic on any TCP or UDP port. Which authentication servers can be used with any type of Mobile VPN (Select two.)

a. Firebox-DB b. Active Directory c. RADIUS d. LDAP Firebox-DB RADIUS .Do you need a static route on Floor 1 and Floor 2 There are two networks one on floor 1 subnet 192.168.3.0/24 and one network on floor 2 192.168.2.0/24. How can people on floor 1 reach a server on floor 2. Do you need a static route on Floor 1 No changes need to be made networks on the same subnet. Do you need a static route on Floor 2 Do you need a static route on Floor 1 and Floor 2 . SDWAN fails over under what conditions Is it Latency Jitter Loss . What NAT do you use when coming from a private network and trying to connection to servers on the internet? 1:1 Nat NAT loopback Dynamic NAT Static NAT

Service watch Firewatch Traffic management Service watch Firewatch What is the purpose of the WatchGuard Authentication policy? (Select one.) a. Allows management users to authenticate to Fireware Web UI b. Allows branch office VPN connections between two Fireboxes c. Allows user connections to the Firebox Authentication Portal d. Allows Mobile VPN users to authenticate to the Firebox Allows user connections to the Firebox Authentication Portal d. Yes, the Outgoing policy allows this traffic. From the policies shown in this image, can users in the Sales group connect from the trusted network to websites with HTTPS? (Select one.) a. No. The HTTPS-proxy policy only allows HTTPS traffic for the Accounting group. b. No. The Outgoing policy does not allow any traffic from the Sales group. c. Yes. The HTTP policy allows HTTP and HTTPS traffic for the Sales group. d. Yes. The Outgoing policy allows HTTPS traffic from the trusted network. You can configure Dynamic NAT to route incoming connections from the Internet to two different FTP servers on the trusted network.

a. True b. False b. False. Dynamic NAT applies only to outgoing connections. What port and protocol is used by DNS? (Select one.) a. UDP/ b. UDP/ c. TCP/ d. TCP/ UDP/ While troubleshooting a branch office VPN tunnel, you see the log message below. What settings could you modify in the local device configuration to resolve the configuration issue? (Select one.) iked (203.0.113.50<->203.0.113.20)IKE phase- 2 negotiation from 203.0.113.50:500 to 203.0.113.20:500 failed. Tunnel='tunnel.1' Reason=Received proposal without PFS, Expecting PFS enabled id="0205-0002" Debug a. BOVPN Gateway settings b. BOVPN Tunnel settings c. BOVPN over TLS settings d. IKEv2 Shared settings BOVPN Tunnel settings. b and d. You can configure a static route to the specific server, or to the entire subnet it is on. In either case, the gateway is the IP address of the router that connects to that network, and the gateway must be reachable by the firewall. Based on this network diagram, which of these static routes could you add to the Firebox to enable the Firebox to route traffic from clients