




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
WATCHGUARD NETWORK SECURITY ESSENTIALS EXAM WATCHGUARD NETWORK SECURITY ESSENTIALS EXAM
Typology: Exams
1 / 111
This page cannot be seen from the preview
Don't miss anything!





























































































What is the purpose of the WatchGuard Authentication policy? (Select one.) a. Allows management users to authenticate to Fireware Web UI b. Allows branch office VPN connections between two Fireboxes c. Allows user connections to the Firebox Authentication Portal d. Allows Mobile VPN users to authenticate to the Firebox Allows user connections to the Firebox Authentication Portal d. Yes, the Outgoing policy allows this traffic. From the policies shown in this image, can users in the Sales group connect from the trusted network to websites with HTTPS? (Select one.) a. No. The HTTPS-proxy policy only allows HTTPS traffic for the Accounting group. b. No. The Outgoing policy does not allow any traffic from the Sales group. c. Yes. The HTTP policy allows HTTP and HTTPS traffic for the Sales group. d. Yes. The Outgoing policy allows HTTPS traffic from the trusted network. You can configure Dynamic NAT to route incoming connections from the Internet to two different FTP servers on the trusted network. a. True b. False
b. False. Dynamic NAT applies only to outgoing connections. What port and protocol is used by DNS? (Select one.) a. UDP/ b. UDP/ c. TCP/ d. TCP/ UDP/ While troubleshooting a branch office VPN tunnel, you see the log message below. What settings could you modify in the local device configuration to resolve the configuration issue? (Select one.) iked (203.0.113.50<->203.0.113.20)IKE phase- 2 negotiation from 203.0.113.50:500 to 203.0.113.20:500 failed. Tunnel='tunnel.1' Reason=Received proposal without PFS, Expecting PFS enabled id="0205-0002" Debug a. BOVPN Gateway settings b. BOVPN Tunnel settings c. BOVPN over TLS settings d. IKEv2 Shared settings BOVPN Tunnel settings. b and d. You can configure a static route to the specific server, or to the entire subnet it is on. In either case, the gateway is the IP address of the router that connects to that network, and the gateway must be reachable by the firewall. Based on this network diagram, which of these static routes could you add to the Firebox to enable the Firebox to route traffic from clients on the 192.168.10.0/24 subnet to a server at 10.0.20.80? (Select two.)
SDWAN fails over under what conditions Is it Latency Jitter Loss . What NAT do you use when coming from a private network and trying to connection to servers on the internet? 1:1 Nat NAT loopback Dynamic NAT Static NAT . If a connection fails to fail over and your boss wants you tell him why it didn't failover? SDWAN ping policy wasn't setup Link monitor failed Link monitor was set to gradually fall back Link Monitor was set tp ping the default gateway but the outage happened further upstream Basically know exactly how link monitor works There's a very tricky question about this on the exam. .yes can advanced setting override an outbound global dynamic NAT policy?
Yes or no . outgoing connections with no policy the firebox will? send traffic to the default gateway Blocks traffic denies traffic drops traffic a graphical representation for the flow of data through the policies. (choose three) Bandwidth meter Traffic monitor Traffic management Service watch Firewatch Traffic management Service watch Firewatch What is the purpose of the WatchGuard Authentication policy? (Select one.) a. Allows management users to authenticate to Fireware Web UI b. Allows branch office VPN connections between two Fireboxes c. Allows user connections to the Firebox Authentication Portal d. Allows Mobile VPN users to authenticate to the Firebox Allows user connections to the Firebox Authentication Portal
negotiation from 203.0.113.50:500 to 203.0.113.20:500 failed. Tunnel='tunnel.1' Reason=Received proposal without PFS, Expecting PFS enabled id="0205-0002" Debug a. BOVPN Gateway settings b. BOVPN Tunnel settings c. BOVPN over TLS settings d. IKEv2 Shared settings BOVPN Tunnel settings. b and d. You can configure a static route to the specific server, or to the entire subnet it is on. In either case, the gateway is the IP address of the router that connects to that network, and the gateway must be reachable by the firewall. Based on this network diagram, which of these static routes could you add to the Firebox to enable the Firebox to route traffic from clients on the 192.168.10.0/24 subnet to a server at 10.0.20.80? (Select two.) a. Route to 10.0.20.0, Gateway 10.0.2. b. Route to 10.0.20.80, Gateway 192.168.10. c. Route to 192.168.10.5, Gateway 192.168.10. d. Route to 10.0.20.0/24, Gateway 192.168.10. You can use the TCP-UDP proxy to control Web, FTP, and SIP traffic on ports other than 80, 21, and 5060. a. True b. False a. True. The TCP-UDP proxy applies to TCP and UDP traffic on any TCP or UDP port. Which authentication servers can be used with any type of Mobile VPN (Select two.)
a. Firebox-DB b. Active Directory c. RADIUS d. LDAP Firebox-DB RADIUS .Do you need a static route on Floor 1 and Floor 2 There are two networks one on floor 1 subnet 192.168.3.0/24 and one network on floor 2 192.168.2.0/24. How can people on floor 1 reach a server on floor 2. Do you need a static route on Floor 1 No changes need to be made networks on the same subnet. Do you need a static route on Floor 2 Do you need a static route on Floor 1 and Floor 2 . SDWAN fails over under what conditions Is it Latency Jitter Loss . What NAT do you use when coming from a private network and trying to connection to servers on the internet? 1:1 Nat NAT loopback Dynamic NAT Static NAT
Service watch Firewatch Traffic management Service watch Firewatch What is the purpose of the WatchGuard Authentication policy? (Select one.) a. Allows management users to authenticate to Fireware Web UI b. Allows branch office VPN connections between two Fireboxes c. Allows user connections to the Firebox Authentication Portal d. Allows Mobile VPN users to authenticate to the Firebox Allows user connections to the Firebox Authentication Portal d. Yes, the Outgoing policy allows this traffic. From the policies shown in this image, can users in the Sales group connect from the trusted network to websites with HTTPS? (Select one.) a. No. The HTTPS-proxy policy only allows HTTPS traffic for the Accounting group. b. No. The Outgoing policy does not allow any traffic from the Sales group. c. Yes. The HTTP policy allows HTTP and HTTPS traffic for the Sales group. d. Yes. The Outgoing policy allows HTTPS traffic from the trusted network. You can configure Dynamic NAT to route incoming connections from the Internet to two different FTP servers on the trusted network.
a. True b. False b. False. Dynamic NAT applies only to outgoing connections. What port and protocol is used by DNS? (Select one.) a. UDP/ b. UDP/ c. TCP/ d. TCP/ UDP/ While troubleshooting a branch office VPN tunnel, you see the log message below. What settings could you modify in the local device configuration to resolve the configuration issue? (Select one.) iked (203.0.113.50<->203.0.113.20)IKE phase- 2 negotiation from 203.0.113.50:500 to 203.0.113.20:500 failed. Tunnel='tunnel.1' Reason=Received proposal without PFS, Expecting PFS enabled id="0205-0002" Debug a. BOVPN Gateway settings b. BOVPN Tunnel settings c. BOVPN over TLS settings d. IKEv2 Shared settings BOVPN Tunnel settings. b and d. You can configure a static route to the specific server, or to the entire subnet it is on. In either case, the gateway is the IP address of the router that connects to that network, and the gateway must be reachable by the firewall. Based on this network diagram, which of these static routes could you add to the Firebox to enable the Firebox to route traffic from clients
SDWAN fails over under what conditions Is it Latency Jitter Loss . What NAT do you use when coming from a private network and trying to connection to servers on the internet? 1:1 Nat NAT loopback Dynamic NAT Static NAT . If a connection fails to fail over and your boss wants you tell him why it didn't failover? SDWAN ping policy wasn't setup Link monitor failed Link monitor was set to gradually fall back Link Monitor was set tp ping the default gateway but the outage happened further upstream Basically know exactly how link monitor works There's a very tricky question about this on the exam. .yes can advanced setting override an outbound global dynamic NAT policy?
Yes or no . outgoing connections with no policy the firebox will? send traffic to the default gateway Blocks traffic denies traffic drops traffic a graphical representation for the flow of data through the policies. (choose three) Bandwidth meter Traffic monitor Traffic management Service watch Firewatch Traffic management Service watch Firewatch What is the purpose of the WatchGuard Authentication policy? (Select one.) a. Allows management users to authenticate to Fireware Web UI b. Allows branch office VPN connections between two Fireboxes c. Allows user connections to the Firebox Authentication Portal d. Allows Mobile VPN users to authenticate to the Firebox Allows user connections to the Firebox Authentication Portal
negotiation from 203.0.113.50:500 to 203.0.113.20:500 failed. Tunnel='tunnel.1' Reason=Received proposal without PFS, Expecting PFS enabled id="0205-0002" Debug a. BOVPN Gateway settings b. BOVPN Tunnel settings c. BOVPN over TLS settings d. IKEv2 Shared settings BOVPN Tunnel settings. b and d. You can configure a static route to the specific server, or to the entire subnet it is on. In either case, the gateway is the IP address of the router that connects to that network, and the gateway must be reachable by the firewall. Based on this network diagram, which of these static routes could you add to the Firebox to enable the Firebox to route traffic from clients on the 192.168.10.0/24 subnet to a server at 10.0.20.80? (Select two.) a. Route to 10.0.20.0, Gateway 10.0.2. b. Route to 10.0.20.80, Gateway 192.168.10. c. Route to 192.168.10.5, Gateway 192.168.10. d. Route to 10.0.20.0/24, Gateway 192.168.10. You can use the TCP-UDP proxy to control Web, FTP, and SIP traffic on ports other than 80, 21, and 5060. a. True b. False a. True. The TCP-UDP proxy applies to TCP and UDP traffic on any TCP or UDP port. Which authentication servers can be used with any type of Mobile VPN (Select two.)
a. Firebox-DB b. Active Directory c. RADIUS d. LDAP Firebox-DB RADIUS .Do you need a static route on Floor 1 and Floor 2 There are two networks one on floor 1 subnet 192.168.3.0/24 and one network on floor 2 192.168.2.0/24. How can people on floor 1 reach a server on floor 2. Do you need a static route on Floor 1 No changes need to be made networks on the same subnet. Do you need a static route on Floor 2 Do you need a static route on Floor 1 and Floor 2 . SDWAN fails over under what conditions Is it Latency Jitter Loss . What NAT do you use when coming from a private network and trying to connection to servers on the internet? 1:1 Nat NAT loopback Dynamic NAT Static NAT
Service watch Firewatch Traffic management Service watch Firewatch What is the purpose of the WatchGuard Authentication policy? (Select one.) a. Allows management users to authenticate to Fireware Web UI b. Allows branch office VPN connections between two Fireboxes c. Allows user connections to the Firebox Authentication Portal d. Allows Mobile VPN users to authenticate to the Firebox Allows user connections to the Firebox Authentication Portal d. Yes, the Outgoing policy allows this traffic. From the policies shown in this image, can users in the Sales group connect from the trusted network to websites with HTTPS? (Select one.) a. No. The HTTPS-proxy policy only allows HTTPS traffic for the Accounting group. b. No. The Outgoing policy does not allow any traffic from the Sales group. c. Yes. The HTTP policy allows HTTP and HTTPS traffic for the Sales group. d. Yes. The Outgoing policy allows HTTPS traffic from the trusted network. You can configure Dynamic NAT to route incoming connections from the Internet to two different FTP servers on the trusted network.
a. True b. False b. False. Dynamic NAT applies only to outgoing connections. What port and protocol is used by DNS? (Select one.) a. UDP/ b. UDP/ c. TCP/ d. TCP/ UDP/ While troubleshooting a branch office VPN tunnel, you see the log message below. What settings could you modify in the local device configuration to resolve the configuration issue? (Select one.) iked (203.0.113.50<->203.0.113.20)IKE phase- 2 negotiation from 203.0.113.50:500 to 203.0.113.20:500 failed. Tunnel='tunnel.1' Reason=Received proposal without PFS, Expecting PFS enabled id="0205-0002" Debug a. BOVPN Gateway settings b. BOVPN Tunnel settings c. BOVPN over TLS settings d. IKEv2 Shared settings BOVPN Tunnel settings. b and d. You can configure a static route to the specific server, or to the entire subnet it is on. In either case, the gateway is the IP address of the router that connects to that network, and the gateway must be reachable by the firewall. Based on this network diagram, which of these static routes could you add to the Firebox to enable the Firebox to route traffic from clients