WatchGuard Network Security Essentials Practice Quiz, Exams of Advanced Education

A practice quiz for watchguard network security essentials, covering various aspects of firewall configuration and management. It includes multiple-choice questions and true/false statements, testing knowledge on topics such as network interfaces, nat, spamblocker, logging, ipsec vpn, firecluster, traffic management, and more. The quiz provides a valuable tool for self-assessment and preparation for the watchguard network security essentials certification exam.

Typology: Exams

2024/2025

Available from 01/21/2025

EXAMGUIDE
EXAMGUIDE šŸ‡ŗšŸ‡ø

4.4

(33)

32K documents

1 / 23

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
WatchGuard Network Security
Essentials Practice Quiz
What is the URL of the Firebox Authentication web page? (Select one.)
A. https://auth.watchguard.com:4100/
B. https://<trusted or optional device interface IP address>:4100/
C. http://ip address of device interface:411/
D. https://gateway IP address of Firebox:4000/ - Correct Answers -What is the URL of
the Firebox Authentication web page?
B. https://<trusted or optional device interface IP address>:4100/
What are the four types of network interfaces you can configure on your firewall?
A. External, Trusted, Optional, Custom
B. External, Optional, Trusted, Optional
C. Trusted, Primary, Optional, DHCP
D. Optional, Trusted, Custom, Internet - Correct Answers -What are the four types of
network interfaces you can configure on your firewall?
B. External, Trusted, Optional, Custom
True or False: In order to enable NAT Loopback on your firewall, you have to configure
this under the Dynamic NAT settings.
False
True - Correct Answers -False. NAT Loopback does not require anything to be enabled.
You simple have to write a policy to allow it.
Choose the actions that SpamBlocker can take when configuring SpamBlocker with an
SMTP proxy. (Select five.)
1. Deny Stops the message without a reply
2. Quarantine option: Isolates the message on a Quarantine Server
3. Allow Option: allow messages to reach the Firebox without tags
4. Ignore Sends the message to SpamBlocker for processing
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17

Partial preview of the text

Download WatchGuard Network Security Essentials Practice Quiz and more Exams Advanced Education in PDF only on Docsity!

WatchGuard Network Security

Essentials Practice Quiz

What is the URL of the Firebox Authentication web page? (Select one.) A. https://auth.watchguard.com:4100/ B. https://:4100/ C. http://ip address of device interface:411/ D. https://gateway IP address of Firebox:4000/ - Correct Answers -What is the URL of the Firebox Authentication web page?

B. https://:4100/

What are the four types of network interfaces you can configure on your firewall? A. External, Trusted, Optional, Custom B. External, Optional, Trusted, Optional C. Trusted, Primary, Optional, DHCP D. Optional, Trusted, Custom, Internet - Correct Answers -What are the four types of network interfaces you can configure on your firewall?

B. External, Trusted, Optional, Custom

True or False: In order to enable NAT Loopback on your firewall, you have to configure this under the Dynamic NAT settings. False True - Correct Answers -False. NAT Loopback does not require anything to be enabled. You simple have to write a policy to allow it.

Choose the actions that SpamBlocker can take when configuring SpamBlocker with an SMTP proxy. (Select five.)

  1. Deny Stops the message without a reply
  2. Quarantine option: Isolates the message on a Quarantine Server
  3. Allow Option: allow messages to reach the Firebox without tags
  4. Ignore Sends the message to SpamBlocker for processing
  1. Drop Option: It drops the connection immediately and does not send error messages to the sender.
  2. Tag Add a "spam" tag to the email title and allow messages to reach the recipient - Correct Answers -1. Deny Stops the message without a reply
  3. Quarantine option: Isolates the message on a Quarantine Server
  4. Allow Option: allow messages to reach the Firebox without tags
  5. Drop Option: It drops the connection immediately and does not send error messages to the sender.
  6. Tag Add a "spam" tag to the email title and allow messages to reach the recipient

True False? The Firebox can only send log messages to one WatchGuard Log Server at a time. True False - Correct Answers -False

True or false? If you want to report on the use of applications that are not blocked, you must enable logging of allowed packages in each policy that has Application Control enabled. True False - Correct Answers -True

What is the default port of the Web UI? (Select one.) 8100 8080 8000 8088 - Correct Answers -

True or False: When setting up a static route, a lower metric means a lower precedence. True False - Correct Answers -False. A lower metric indicates a higher precedence in the routing table.

True or false? Dynamic NAT rewrites the IP source addresses of the packets to use the IP addresses of the outgoing interface. True False - Correct Answers -True

True or False: Policy precedence is most often determined by the alphabetical order of policy names. False True - Correct Answers -False. Policy precedence is determined by how specific the policy is in regards to what traffic is allowed.

When setting up an IPSec Mobile VPN, what must you make sure to configure?(2)

When you enable Mobile VPN with IPSec for the VPNusers group, what policies are automatically created? (Select one.) A single Mobile VPN policy with IPSec: VPN-users-Any. Two firewall policies: Allow-IPSec-Users and WatchGuard IPSec. A single firewall policy: Allow-VPNusers.in Two firewall policies: Allow-VPN-users and WatchGuard IPSec. A single Mobile VPN policy with IPSec: Allow-VPN-users. - Correct Answers -A single Mobile VPN policy with IPSec: VPN-users-any

What are the benefits of Link Aggregation? Select all that apply. Allows you to bridge interfaces so your firewall can act as a switch. Allows for redundancy of interfaces. Allows for additional throughput between your firewall and switches. Creates a separate, management interface for your firewall. - Correct Answers -Allows for redundancy of interfaces Allows for additional throughput between your firewall and switches

When setting up Traffic Management on your firewall, what is the order of actions that it will be applied? Policy > Application Category > Application Application Category > Application > policy Application > Application Category > Policy Policy > Application > Application Category - Correct Answers -Application > Application Category > Policy

When going through the initial Dimension installation, what must you make sure to do? Pick all that apply. Set a static IP for the Dimension server Set an encryption password Set up account for all users that will be accessing Dimension Enter the IP of all firewalls that will be logged - Correct Answers -Set a static IP for the Dimension server Set an encryption password

How often should you backup your firebox? Every time there is a major change to the configuration Monthly Weekly Daily Never - Correct Answers -Every time there is a major change to the configuration

Through Firebox System Manager, you can run the TCP Dump command? False True - Correct Answers -True. This option is available under Diagnostic Tasks tool

Which of the following options are necessary before you can use the Quick Setup Wizard to do a basic device setup that allows more than one Internet connection (4) The model number of the firebox An account on the WG Website An IP address to give to the internal and external interfaces of the Firebox The IP address of the gateway to which to connect this appliance An active internet connection A web browser feature key - Correct Answers -An account on the WG website An IP address to give to the internal and external interfaces of the Firebox The IP address of the gateway to which to connect this appliance Feature Key

Which format would you use to block an executable file from being uploaded through FTP? *EXE .EXE. EXE .exe - Correct Answers -.exe

You can only add one appliance administrator account to your Firebox False True - Correct Answers -False

You can save the Firebox configuration file to a local hard disk from the Web UI False True - Correct Answers -True

How many users can simultaneously enter the Web UI with the admin account?(1) 2 1 4 unlimited - Correct Answers -

APT Blocker requires that you activate Gateway AntiVirus on your chosen proxy True False - Correct Answers -True

Only the trusted interface of a Firebox is capable of assigning addresses as a DHCP server True False - Correct Answers -False

Which of the following services utilize firewall-based Intrusion Prevention Services? Select all that apply. Gateway Antivirus

Your WG Management computer Internet provider to route to Firebox - Correct Answers -Computers in their trusted and optional networks DHCP Mobile VPN connections to the Firebox

APT Blocker requires that Gateway Antivirus be enabled? True False - Correct Answers -True. APT Blocker uses the same scanning engine as APT Blocker, so the GAV service must first be enabled.

When adding a WebBlocker exception for .microsoft.com/ which sites would be allowed? Select all that apply. microsoft.com/updates microsoft.com/downloads updates.microsoft.com downloads.microsoft.com - Correct Answers -All of them are correct

A Feature Key can be migrated between devices True False - Correct Answers -False

The Global Application control Action applies to all policies in your configuration True False - Correct Answers -False

You can use the same VLAN ID for multiple VLANS on your firewall

True False - Correct Answers -False. Each VLAN must have a unique ID

When you view appliance group reports in Dimension, the data for each Firebox is included in a separate report.

True False - Correct Answers -False. When you create a group of fixtures in Dimension, the data for each fixture in the group is included in a single report.

Which of the following components are from WG System Manager(3)

Router Log Viewer Policy Manager Appliance Monitor Windows NT server Management Computer

Report Server - Correct Answers -LogViewer Policy Manager Report Server

What are the three components of the WG System Manager software

Policy Manager, HostWatch, Dimension Policy Manager, Firebox System Manager(FSM), Management Server Policy Manager, Report Server, Management Server Policy Manager, Firebox System Manager (FSM), HostWatch - Correct Answers -Policy Manager, Firebox System Manager (FSM), HostWatch

In order to review the traffic that passes over your HTTP policy, what do you need to make sure to do first?

Turn on logging inside of WebBlocker No Change needs to be made. All policies log by default Turn up Diagnostic Logging under the Setup > Logging menu Turn on Logging in the HTTP policy. - Correct Answers -Turn on Logging in the HTTP policy

When implementing Authentication, which service can you utilize? Pick all that apply. LDAPS Active Directory Firebox Database Office 365 Single-Sign-On - Correct Answers -LDAPS Active Directory Firebox Database

To protect your DNS server from attacks, configure a proxy policy with the action DNS- incoming

True False - Correct Answers -True

If you use a third-party server for VPN authentication, that server must have a user group that exactly matches the name of the VPN configuration

True False - Correct Answers -True

Which of the following monitoring tools can be viewed directly on the Firebox System Manager tab?(2)

CA Manager Policy Manager

What tools are included in the WG reporting architecture?(3)

WSM Log Manager WSM Report Server Quarantine Server Firebox WSM Report Manager WG Dimension Active Directory server WSM Log Server - Correct Answers -WSM Report Server WG Dimension WSM Log Server

To configure your firebox to send log messages to Dimension, in Logging Settings of your Firebox, you have to add the IP and encryption key of the Dimension Log Server, just as you would with the WSM Log Server

True False - Correct Answers -True

What is the best pattern to block an Adobe PDF document in FTP uploads?

{DF .p .df .pdf - Correct Answers -.pdf

What do you need to know to set up a VPN between 2 devices?(4)

The IPSec certificate and the pre-shared key The public IP or domain information of the VPN remote gateway The configuration of phase 1 and phase 2 of the VPN remote gateway The private network address on the remote device where you want to send traffic The name of the gateway and tunnel on the remote VPN gateway - Correct Answers - The IPSec certificate and the pre-shared key. The public IP or domain information of the VPN remote gateway The configuration of phase 1 and phase 2 of the VPN remote gateway The private network address on the remote device where you want to send traffic

For each VLAN interface, how many untagged networks can you have? Dependent on the firewall model

Four One Unlimited - Correct Answers -One

You have configured a BOVPN and have just saved the configuration on both devices. When you look at the tunnel status in Firebox System Manager, the tunnel does not appear active. What could have caused this? (3)

There is no connection between the IP addresses of the external interface of each device No traffic was sent to the IP address on the other side of the tunnel There is a difference in the VPN Phase 1 or Phase 2 configuration The name of the Gateway or the tunnel is not the same as in the remote device. - Correct Answers -There is no connection between the IP addresses of the external interface of each device No traffic was sent to the IP address on the other side of the tunnel. There is a difference in the VPN Phase 1 or Phase 2 configuration

Which of these options are private IPv4 addresses you can assign to a trusted interface, as described in RFC 1918, Address Allocation for Private Internets(3)

192.168.50.1/ 10.50.1.1/ 198.51.100.1/ 172.16.0.1/ 192.0.2.1/24 - Correct Answers -192.168.50.1/ 10.50.1.1/ 172.16.0.1/

For which of these third party authentication methods must you specify a search base?(2)

RADIUS Active Directory SecurID LDAP - Correct Answers -Active Directory LDAP

You have a privately addressed email server behind your Firebox. If you want to make sure that all traffic from this server to the Internet appears to come from the public IP address 203.0.113.25, regardless of policies, which form of NAT would you use?(1) In the SMTP policy that handles traffic from the email server, select the optin to apply dynamic NAT to all traffic in the policy and set the source IP address 203.0.113. Create a global dynamic NAT rule for traffic from the email server and set the source IP address to 203.0.113. Create a static NAT action for traffic to the email server, and set the source IP address to 203.0.113.25 - Correct Answers -Create a global dynamic NAT rule for traffic from the email server and set the source IP address to 203.0.113.

BOVPN Gateway settings BOVPN-Allow policies BOVPN Tunnel settings BOVPN Tunnel Route settings - Correct Answers -BOVPN Gateway settings

The WatchGuard BOVPN settings error in this example states phase one encryption. Only the BOVPN Gateway settings can specify phase one settings. BOVPN Tunnel settings specify phase 2 settings.

In a Mobile VPN configuration, why would you choose default route VPN over split tunnel VPN? (Select one.) Default route VPN allows your Firebox to examine all remote user traffic Default route VPN uses less bandwidth Default route VPN uses less processing power Default route VPN automatically allows dynamic NAT - Correct Answers -Default route VPN allows your Firebox to examine all remote user traffic

Match the monitoring tool to the correct task. Which tool can view a list of users connected to the Firebox? (Select one) FireBox System Manager - Blocked Sites list Log Server FireWatch Firebox System Manager - Subscription services Firebox System Manager - Authentication list Traffic Monitor - Correct Answers -Firebox System Manager - Authentication list

You can view a list of users connected to the Firebox through HostWatch, and you can also use Authentication List, which identifies the IP addresses and user names of all the users that are authenticated to the Firebox. Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181

A local branch office VPN tunnel route is configured as shown below. On the remote peer device, what must be configured as the remote network address for this tunnel route? (Select one.)

Local: 10.0.1.0/ Remote: 10.0.20.1/ Direction Local <--> Remote 1:1 NAT: 10.0.10.0/

10.0.1.0/ 10.0.10.0/ 10.0.20.0/24 - Correct Answers -10.0.10.0/

If you use an external authentication server for mobile VPN, which option must you complete before remote users can authenticate? (Select one.) Create aliases for each remote user's virtual IP address. Reboot the authentication server Add the Mobile VPN user group and remote users to your authentication server. Add the remote users to a Mobile VPN user group on your Firebox. - Correct Answers - Add the Mobile VPN user group and remote users to your authentication server.

Match the monitoring tool to the correct task: Not a Fireware monitoring tool Log Server Firewatch Firbox System Manager - Blocked State List Traffic Monitor Firebox System Manager - Subscription Services - Correct Answers -Log Server

Match the monitoring tool to the correct task: See a treemap visualization of the traffic through your Firebox Log Server Firewatch Firbox System Manager - Blocked State List Traffic Monitor Firebox System Manager - Subscription Services - Correct Answers -Firewatch

Match the monitoring tool to the correct task: Add a IP address for the Firebox to permanently block Log Server Firewatch Firbox System Manager - Blocked State List Traffic Monitor Firebox System Manager - Subscription Services - Correct Answers -Firebox System Manager - Blocked State List

Match the monitoring tool to the correct task: Ping the source of a denied packet Log Server Firewatch Firbox System Manager - Blocked State List Traffic Monitor Firebox System Manager - Subscription Services - Correct Answers -Traffic Monitor

Match the monitoring tool to the correct task: Learn the status of your IPS signature database Log Server Firewatch Firbox System Manager - Blocked State List

SpamBlocker provides a spam scanning engine that works in concert with WatchGuard's cloud-based technology to prevent spam from gaining access to the email servers (and clients).

Match each WatchGuard Subscription Service with its function. Controls access to website based on content categories.. (Choose one). Reputation Enable Defense RED Gateway / Antivirus WebBlocker Intrusion Prevention Server IPS Application Control APT Blocker - Correct Answers -WebBlocker

WebBlocker controls access to the good and bad places that are reachable on the web, preventing users from gaining access to sites that have evil intentions. If you configure WebBlocker to use the Websense cloud for WebBlocker lookups, WebBlocker uses the Websense content categories. A web site is added to a category when the content of the web site meets the criteria for the content category.

Match each type of NAT with the correct description: Allows a user on the trusted or optional network to connect to a public server that is on the same physical Firebox interface by its public IP address or domain name. (Choose one) 1-to1 NAT Dynamic NAT NAT Loopback - Correct Answers -NAT Loopback

NAT loopback allows a user on the trusted or optional networks to get access to a public server that is on the same physical Firebox or XTM device interface by its public IP address or domain name.

Match each type of NAT with the correct description: Changes and routes all incoming and outgoing packets sent from one range of addresses to a different range of addresses. (Choose one) 1-to1 NAT Dynamic NAT NAT Loopback - Correct Answers -1-to1 NAT

When you enable 1-to-1 NAT, the Firebox changes and routes all incoming and outgoing packets sent from one range of addresses to a different range of addresses. Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 74

Which policies can use the Intrusion Prevention Service to block network attacks? (Select one?) Only HTTP and HTTPS Proxy policies Only proxy policies

All Policies Only packet filter policies Only inbound policies - Correct Answers -All policies

Which of these services would you use to allow the use of P2P programs for a specific department in your organization? (Select one.) Reputation Enabled Defense Application Control Data Loss Prevention IPS - Correct Answers -Application Control

You can use Firebox System Manager to download a PCAP file that includes packet information about the protocols that manage traffic on your network.

True False - Correct Answers -True

From the Firebox System Manager >Authentication List tab, you can view all of the authenticated users connected to your Firebox and disconnect any of them. True False - Correct Answers -True

When your device is in a default state, to which interface do you connect your management computer so you can use the Quick Setup Wizard or Web Setup Wizard to configure the device? Interface 0 Console Interface Any Interface Interface 1 - Correct Answers -Interface 1

To use the Quick Setup Wizard: 1. Connect your computer to interface 1 of the Firebox

In the default Firebox configuration file, which policies control management access to the device? (Select two) WatchGuard FTP Ping WatchGuard Web UI Outgoing - Correct Answers -WatchGuard WatchGuard Web UI

WatchGuard: The packet filter policy that controls administrative connections to the Firebox is WG-Firebox-Mgmt. The Quick Setup Wizard adds this policy with the name WatchGuard. (Page 31 - Fireware Essentials Student Guide)

Any-External Optional- Any Any-Trusted - Correct Answers -Any-optional Optional- Any

What settings must your device configuration file include for Gateway AntiVirus to protect users on your network? (Select two.) Configure a policy to use a proxy action that has AntiVirus settings configured. Install the Gateway AntiVirus server on your network Configure Gateway AntiVirus settings for a proxy action. Disable automatic signature updates. Decrease the scan limits. - Correct Answers -Configure a policy to use a proxy action that has AntiVirus settings configured. Configure Gateway AntiVirus settings for a proxy action.

Match the function with the appropriate WatchGuard Subscription Service Uses rules, pattern matching and sender reputation to block unwanted email messages WebBlocker Spam Blocker Gateway / Antivirus APT Blocker Application Control Quarantine Server Intrusion Prevention Server (IPS) Data Loss Prevention (DLP) Reputation Enable Defense (RED) - Correct Answers -Spam Blocker

Match the function with the appropriate WatchGuard Subscription Service Cloud based service that controls access to websites based on a sites previous behavior WebBlocker Spam Blocker Gateway / Antivirus APT Blocker Application Control Quarantine Server Intrusion Prevention Server (IPS) Data Loss Prevention (DLP) Reputation Enable Defense (RED) - Correct Answers -Reputation Enable Defense (RED)

Which of these options must you configure in an HTTPS-proxy policy to detect credit card numbers in HTTP traffic that is encrypted with SSL? (Select two.) WebBlocker

Gateway AntiVirus Application Control Deep inspection of HTTPS content Data Loss Prevention - Correct Answers -Deep inspection of HTTPS content Data Loss Prevention

You can configure your Firebox to automatically redirect users to the Authentication Portal page. True False - Correct Answers -True

If you disable the Outgoing policy, which policies must you add to allow trusted interface users to use in order to connect to commonly used websites? (Select THREE) HTTP port 80 NAT policy FTP 21 HTTPS port 443 DNS 53 - Correct Answers -HTTPS port 443 DNS 53 HTTP port 80

About the Outgoing Policy The default Outgoing policy is a packet filter policy that is automatically added to your Firebox configuration when you run the Quick Setup Wizard to set up your device and create a basic device configuration file. The Outgoing policy allows all TCP and UDP connections from any trusted or optional source on your network to any external network. Because it is a packet filter policy, not a proxy policy, the Outgoing policy does not filter content when it examines the traffic through your Firebox. If you remove the Outgoing policy from your device configuration file, you must add policies to your configuration that allow outbound traffic. You can either add a separate policy for each type of traffic that you want to allow out through your firewall, or you can add the TCP-UDP packet filter or TCP-UDP-proxy policy. For example, if you have removed the Outgoing policy, and you want to allow trusted users on your network to connect to web sites, you must create an HTTP-proxy policy for port 80, HTTPS-proxy policy for port 443, and a DNS policy for port 53 to allow DNS query resolution. (Page 154 - Fireware Essentials Student Guide)

Which of these actions adds a host to the temporary or permanent blocked sites list? (Select four.) Enable the AUTO-block sites that attempt to connect option in a deny policy. Add the site to the Blocked Sites Exceptions list On the Firebox System Manager > Blocked Sites tab, select Add In Policy Manager, select Setup > Default Threat Protection > Blocked Sites and click Add.