Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Similar documents
WatchGuard System Manager Fireware Configuration Guide. WatchGuard Fireware Pro v8.1

WatchGuard Dimension v2.0 Update 2 Release Notes. Introducing New Dimension Command. Build Number Revision Date 13 August 2015

What s New in Fireware v WatchGuard Training

Configuration Example

Release Notes for XTM 2, 5, and 8 Series, XTM 1050, and Firebox X Peak, Core and Edge e-series Appliances

Release Notes for XTM 1050 and Firebox X Peak, Core, and Edge e-series Appliances

What s New in Fireware v12.2 WatchGuard Training

WatchGuard Dimension v2.1.1 Update 3 Release Notes

What s New in Fireware v12.3 WatchGuard Training

Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version

AccessEnforcer Version 4.0 Features List

Contents GUIDE TO INTEGRATION IMPLEMENTATION

INBOUND AND OUTBOUND NAT

Barracuda Firewall Release Notes 6.6.X

Easy To Install. Easy To Manage. Always Up-To-Date.

Firebox Cloud. Deployment Guide. Firebox Cloud for AWS and Microsoft Azure

Training UNIFIED SECURITY. Signature based packet analysis

EN6200 Series Feature Sheet

WatchGuard XTMv Setup Guide

Integration Guide. Oracle Bare Metal BOVPN

Test Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version

Chapter 8 roadmap. Network Security

Remote Access VPN. Remote Access VPN Overview. Licensing Requirements for Remote Access VPN

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Barracuda Link Balancer

Threat Detection and Response. Deployment Guide

Gigabit SSL VPN Security Router

WatchGuard Dimension v1.1 Update 1 Release Notes

Indicate whether the statement is true or false.

Chapter 3 LAN Configuration

Configuration Example

Appliance Installation Guide

DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0

Intranets 4/4/17. IP numbers and Hosts. Dynamic Host Configuration Protocol. Dynamic Host Configuration Protocol. CSC362, Information Security

High Availability Synchronization PAN-OS 5.0.3

Using Centralized Security Reporting

Test-king q

How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT

CISCO EXAM QUESTIONS & ANSWERS

Fundamentals of Network Security v1.1 Scope and Sequence

WatchGuard XTMv Setup Guide Fireware XTM v11.8

vcloud Director User's Guide 04 OCT 2018 vcloud Director 9.5

Palo Alto Networks PCNSE7 Exam

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Network Security. Thierry Sans

CyberP3i Course Module Series

Step-by-Step Configuration

Feature. *1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Why Firewalls? Firewall Characteristics

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Remote Access via Cisco VPN Client

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Cisco Passguide Exam Questions & Answers

provides several new features and enhancements, and resolves several issues reported by WatchGuard customers.

All-in one security for large and medium-sized businesses.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Step-by-Step Configuration

Request for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )

BIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0

BIG-IP Access Policy Manager : Portal Access. Version 12.1

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Cisco - ASA Lab Camp v9.0

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

Configuration Guide TL-ER5120/TL-ER6020/TL-ER REV3.0.0

Firepower Threat Defense Remote Access VPNs

BIG-IP Access Policy Manager : Portal Access. Version 13.0

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Internet Security: Firewall

User Guide TL-R470T+/TL-R480T REV9.0.2

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

W is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation

ASA/PIX Security Appliance

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

CSC 4900 Computer Networks: Security Protocols (2)

Remote Access VPN. Remote Access VPN Overview. Maximum Concurrent VPN Sessions By Device Model

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

CISCO EXAM QUESTIONS & ANSWERS

Step-by-Step Configuration

Chapter 3 LAN Configuration

Max sessions (IPv4 or IPv6) 500, , ,000

TestsDumps. Latest Test Dumps for IT Exam Certification

Paloalto Networks Exam PCNSE6 Palo Alto Networks Certified Network Security Engineer 6.0 Version: 6.1 [ Total Questions: 153 ]

*Performance and capacities are measured under ideal testing conditions using PAN-OS 8.0. Additionally, for VM

Deploying F5 with Microsoft Active Directory Federation Services

Systrome Next Gen Firewalls

XTM 3, 5, 8, 800, 1500, and 2500 Series XTM 25, XTM 26, XTM 1050, XTM 2050 Firebox T10, XTMv, WatchGuard AP

DPX8000 Series Deep Service Switching Gateway User Configuration Guide Probe Service Board Module v1.0

H Q&As. HCNA-HNTD (Huawei Network Technology and Device) Pass Huawei H Exam with 100% Guarantee

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

New Features for ASA Version 9.0(2)

Sophos Appliance Configuration Guide. Product Version 4.3 Sophos Limited 2017

HP Instant Support Enterprise Edition (ISEE) Security overview

A. Verify that the IKE gateway proposals on the initiator and responder are the same.

Vendor: Cisco. Exam Code: Exam Name: Implementing Cisco Threat Control Solutions. Version: Demo

vcloud Director User's Guide

NSE6_FML exam.14q

Transcription:

Fireware-Essentials Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.0 http://www.gratisexam.com/ Fireware Essentials Fireware Essentials Exam

Exam A QUESTION 1 Which items are included in a Firebox backup image? (Select four.) A. Support snapshot B. Fireware OS C. Configuration file D. Log file E. Feature keys F. Certificates Correct Answer: ACDE /Reference: QUESTION 2 Only 50 clients on the trusted network of your Firebox can connect to the Internet at the same time. What could cause this? (Select one.) http://www.gratisexam.com/ A. TheLiveSecurity feature key is expired. B. The device feature key allows a maximum of 50 client connections. C. The DHCP address pool on the trusted interface has only 50 IP addresses. D. The Outgoing policy allows a maximum of 50 client connections. Correct Answer: C

/Reference: QUESTION 3 The IP address for the trusted interface on your Firebox is 10.0.40.1/24, but you want to change the IP address for this interface. How can you avoid a network outage for clients on the trusted network when you change the interface IP address to 10.0.50.1/24? (Select one.) A. Create a 1-to-1 NAT rule for traffic from the 10.0.40.0/24 subnet to addresses on the 10.0.50.0/24 subnet. B. Add 10.0.40.1/24 as a secondary IP address for the interface. C. Add IP addresses on the 10.0.40.0/24 subnet to the DHCP Server IP address pool for this interface. D. Add a route to 10.0.40.0/24 with the gateway 10.0.50.1. Correct Answer: B /Reference: QUESTION 4 In the network configuration in this image, which aliases is Eth2 a member of? (Select three.)

A. Any-optional B. Any-External C. Optional-1 D. Any E. Any-Trusted Correct Answer: ACD /Reference:

QUESTION 5 Clients on the trusted network need to connect to a server behind a router on the optional network. http://www.gratisexam.com/

Based on this image, what static route must be added to the Firebox for traffic from clients on the trusted network to reach a server at 10.0.20.100? (Select one.) A. Route to 10.0.20.0/24,Gateway 10.0.2.1 B. Route to 10.0.20.0/24,Gateway 10.0.2.254 C. Route to 10.0.20.0, Gateway 10.0.2.254 D. Route to 10.0.10.0/24, Gateway 10.0.10.1 Correct Answer: C /Reference: QUESTION 6 Which of these options are private IPv4 addresses you can assign to a trusted interface, as described in RFC 1918, Address Allocation for Private Internets? (Select three.) A. 192.168.50.1/24 B. 10.50.1.1/16 C. 198.51.100.1/24 D. 172.16.0.1/16 E. 192.0.2.1/24 Correct Answer: ABD /Reference: QUESTION 7 The policies in a default Firebox configuration do not allow outgoing traffic from optional interfaces.

http://www.gratisexam.com/ A. True B. False Correct Answer: B /Reference: QUESTION 8 When you examine the log messages In Traffic Monitor, you see that some network packets are denied with an unhandled packet log message. What does this log massage mean? (Select one.) A. The packet is denied because the site is on the Blocked Sites List. B. The packet is denied because it matched a policy. C. The packet is denied because it matched an IPS signature. D. The packet is denied because it does not match any firewall policies. Correct Answer: C /Reference: QUESTION 9 Which of these actions adds a host to the temporary or permanent blocked sites list? (Select three.) A. Enable the AUTO-block sites that attempt to connect option in a deny policy.

B. Add the site to the Blocked Sites Exceptions list. C. On the Firebox System Manager >Blocked Sites tab, select Add. D. In Policy Manager, select Setup> Default Threat Protection > Blocked Sites and click Add. Correct Answer: ACD /Reference: QUESTION 10 Which of these threats can the Firebox prevent with the default packet handling settings? (Select four.) A. Access to inappropriate websites B. Denial of service attacks C. Flood attacks D. Malware in downloaded files E. Port scans F. Viruses in email messages G. IP spoofing Correct Answer: BCEG /Reference: QUESTION 11 Users on the trusted network cannot browse Internet websites.

Based on the configuration shown in this image, what could be the problem with this policy configuration? (Select one.) A. The default Outgoing policy has been removed and there is no policy to allow DNS traffic. B. The HTTP-proxy policy has higher precedence than the HTTPS-proxy policy. C. The HTTP-proxy policy is configured for the wrong port. D. The HTTP-proxy allows Any-Trusted and Any-Optional to Any-External. Correct Answer: C /Reference: QUESTION 12 If you disable the Outgoing policy, which policies must you add to allow trusted users to connect to commonly used websites? (Select three.) A. HTTP port 80 B. NAT policy C. FTP port 21 D. HTTPS port 443 E. DNS port 53 Correct Answer: ACD /Reference:

QUESTION 13 How is a proxy policy different from a packet filter policy? (Select two.) A. Only a proxy policy examines information in the IP header. B. Only a proxy policy uses the IP source, destination, and port to control network traffic. C. Only a proxy policy can prevent specific threats without blocking the entire connection. D. Only a proxy works ta the application, network, and transport layers to examine all connection data. Correct Answer: BD /Reference: QUESTION 14 Which authentication servers can you use with your Firebox? (Select four.) A. Active Directory B. RADIUS C. LDAP D. Linux Authentication E. Kerberos F. TACACS+ G. Firebox databases Correct Answer: ABCG /Reference:

QUESTION 15 When your users connect to the Authentication Portal page to authenticate, they see a security warning message in their browses, which they must accept before they can authenticate. How can you make sure they do not see this security warning message in their browsers? (Select one.) A. Import a custom self-signed certificate or a third-party certificate to your Firebox and import the same certificate to all client computers or web browsers. B. Replace the Firebox certificate with the trusted certificate from your web server. C. Add the user accounts for your users who use the Authentication Portal to a list of trusted users on your Firebox. D. Instruct them to disable security warning message in their preferred browsers. Correct Answer: C /Reference: QUESTION 16 You can configure your Firebox to automatically redirect users to the Authentication Portal page. A. True B. False Correct Answer: B

/Reference: QUESTION 17 For which of these third party authentication methods must you specify a search base? (Select two.) A. RADIUS B. Active Directory C. SecurID D. LDAP Correct Answer: BD /Reference: QUESTION 18 You have a privately addressed email server behind your Firebox. If you want to make sure that all traffic from this server to the Internet appears to come from the public IP address 203.0.113.25, regardless of policies, which from of NAT would you use? (Select one.) http://www.gratisexam.com/ A. In the SMTP policy that handles traffic from the email server, select the option to apply dynamic NAT to all traffic in the policy and set the source IP address 203.0.113.25. B. Create a global dynamic NAT rule for traffic from the email server and set the source IP address to 203.0.113.25. C. Create a static NAT action for traffic to the email server, and set the source IP address to 203.0.113.25. Correct Answer: B

/Reference: QUESTION 19 HOTSPOT Match each type of NAT with the correct description: Hot Area:

Correct Answer:

/Reference: QUESTION 20 If your Firebox has a single public IP address, and you want to forward inbound traffic to internal hosts based on the destination port, which type of NAT should you use? (Select one.) A. Static NAT B. 1-to-1 NAT C. Dynamic NAT Correct Answer: B /Reference: QUESTION 21 You need to create an HTTP-proxy policy to a specific domain for software updates (example.com). The update site has multiple subdomains and dynamic IP addresses on a content delivery network. Which of these options is the best way to define the destination in your HTTP-proxy policy? (Select one.) http://www.gratisexam.com/ A. Configure a host name for update.example.com. B. Configure an FQDN for *.example.com. C. Add IP addresses that correspond to each software update server in the domain. D. Create an alias for all subdomains and known IP addresses for example.com.

Correct Answer: C /Reference: QUESTION 22 From the SMTP proxy action settings in this image, which of these options is configured for outgoing SMTP traffic? (Select one.)

A. Rewrite the Mail From header for the example.com domain. B. Deny incoming mail from the example.com domain. C. Prevent mail relay for the example.com domain. D. Deny outgoing mail from the example.com domain.

Correct Answer: D /Reference: QUESTION 23 You can configure the SMTP-proxy policy to restrict email messages and email content based on which of these message characteristics? (Select four.) A. Sender Mail From address B. Check URLs in message with WebBlocker C. Email message size D. Attachment file name and content type E. Maximum email recipients Correct Answer: ABCE /Reference: QUESTION 24 After you enable spamblocker, your users experience no reduction in the amount of spam they receive. What could explain this? (Select three.) A. Connections cannot be resolved to the spamblocker servers because DNS is not configured on the Firebox. B. The spamblocker action for Confirmed Spam is set to Allow.

C. The Maximum File Size to Scan option is set too high. D. A spamblocker exception is configured to allow traffic from sender *. E. spamblocker Virus Outbreak Detection is not enabled. Correct Answer: ABD /Reference: QUESTION 25 An email newsletter about sales from an external company is sometimes blocked by spamblocker. What option could you choose to make sure the newsletter is delivered to your users? (Select one.) A. Add a spamblocker exception based on the From field of the newsletter email. B. Set the spamblocker action to quarantine the email for later retrieval. C. Add a spamblocker subject tag for bulk email messages. D. Set the spamblocker virus outbreak detection action to allow emails from the newsletter source. Correct Answer: C /Reference: QUESTION 26 Your company denies downloads of executable files from all websites. What can you do to allow users on the network to download executable files from the company's remote website? (Select one.) A. Add an HTTP proxy exception for the company's remote website. B. Create a WebBlocker exception to allow access to the company's remote website. C. Create an IPS exception. D. Create a Blocked Sites exception. E. Configure HTTP Request > URL Paths to allow the company's remote website. Correct Answer: A

/Reference: QUESTION 27 A user receives a deny message that the installation file (install.exe) is blocked by the HTTP- proxy policy and cannot be downloaded. Which HTTP proxy action rule must you modify to allow download of the installation file? (Select one.) A. HTTP Request > Request Methods B. HTTP Response > Body Content Types C. HTTP Response > Header Fields D. WebBlocker E. HTTP Request > Authorization Correct Answer: E /Reference: QUESTION 28 Which takes precedence: WebBlocker category match or a WebBlocker exception? A. WebBlocker exception B. WebBlocker category match Correct Answer: B /Reference: QUESTION 29 To prevent certificate error warnings in your browser when you use deep content inspection with the HTTPS proxy, you can export the proxy authority certificate from the Firebox and import that certificate to all client devices.

A. True B. False Correct Answer: A /Reference: QUESTION 30 Which of these options must you configure in an HTTPS-proxy policy to detect credit card numbers in HTTP traffic that is encrypted with SSL? (Select two.) A. WebBlocker B. Gateway AntiVirus C. Application Control D. Deep inspection of HTTPS content E. Data Loss Prevention Correct Answer: D /Reference: QUESTION 31 HOTSPOT Match each WatchGuard Subscription Service with its function: Hot Area:

Correct Answer:

/Reference: QUESTION 32 When you configure the Global Application Control action, it is automatically applied to all policies. http://www.gratisexam.com/ A. True B. False Correct Answer: B /Reference: QUESTION 33 Which WatchGuard Subscription Service must be enabled in a proxy policy before you can use APT Blocker? (Select one.) A. RED B. Application Control C. Gateway Antivirus D. WebBlocker E. IPS Correct Answer: C

/Reference: QUESTION 34 What settings must you device configuration file include for Gateway AntiVirus to protect users on your network? (Select two.) A. Configure a policy to use a proxy action that has AntiVirus settings configured. B. Install the Gateway AntiVirus server on your network. C. Configure Gateway AntiVirus settings for a proxy action. D. Disable automatic signature updates. E. Decrease the scan limits Correct Answer: AC /Reference: QUESTION 35 After you enable Gateway AntiVirus, IPS, or Application control, how can you make sure the services protect your network from the latest known threats? (Select one.) A. Enable default packet handling. B. Configure reputation Enabled Defense. C. Enable automatic signature updates. D. Enable HTTPS deep inspection. Correct Answer: C /Reference: QUESTION 36 Which policies can use the Intrusion Prevention Service to block network attacks? (Select one?)

A. Only HTTP and HTTPS Proxy policies B. Only proxy policies C. All policies D. Only packet filter policies E. Only inbound policies Correct Answer: D /Reference: QUESTION 37 Which of these services would you use to allow the use of P2P programs for a specific department in your organization? (Select one.) http://www.gratisexam.com/ A. Reputation Enabled Defense B. Application Control C. Data Loss Prevention D. IPS Correct Answer: B /Reference: QUESTION 38 You can use Firebox System Manager to download a PCAP file that includes packet information about the protocols that manage traffic on your network.

A. True B. False Correct Answer: A /Reference: QUESTION 39 From the Firebox System Manager >Authentication List tab, you can view all of the authenticated users connected to your Firebox and disconnect any of them. A. True B. False Correct Answer: B /Reference: QUESTION 40 HOTSPOT Match the monitoring tool to the correct task: Hot Area:

Correct Answer:

/Reference: QUESTION 41 Which diagnostic tasks can you run from the Traffic Monitor tab of Firebox System Manager? (Select four.) A. DNS lookup B. MAC address lookup C. Traceroute D. Reputation lookup E. Ping F. TCP dump Correct Answer: ACDE /Reference: QUESTION 42 How can you include log messages from more than one Firebox in a single report generated by Dimension? (Select two.) A. You cannot see report data in Dimension for more than one device. B. Create a device group and view the reports for that group. C. Create a report schedule that includes all the devices you want to include in the report. D. E. Export report data as a single PDF file for all the devices you want to include in the report. Correct Answer: BC /Reference:

QUESTION 43 To enable remote devices to send log messages to Dimension through the gateway Firebox, what must you verify is included in your gateway Firebox configuration? (Select one.) A. You can only send log messages to Dimension from a computer that is on the network behind your gateway Firebox. B. You must change the connection settings in Dimension, not on the gateway Firebox. C. You must add a policy to the remote device configuration file to allow traffic to a Dimension. D. You must make sure that either the WG-Logging packet filter policy, or another policy that allows external connections to Dimension over port 4115, is included in the configuration file. Correct Answer: C /Reference: QUESTION 44 Which WatchGuard tools can you use to review the log messages generated by your Firebox? (Select three). A. Firebox System Manager > Traffic Monitor B. Fireware XTM Web UI > Traffic Monitor C. Firebox System Manager > Status Report D. Dimension > Log manager E. WatchGuard System Manager > Policy Manager Correct Answer: ACD /Reference: QUESTION 45 You can configure your Firebox to send log messages to how many WatchGuard Log Servers at the same time? (Select one.) A. One B. Two C. As many as you have configured on your network.

Correct Answer: C /Reference: QUESTION 46 With the policies configured as shown in this image, HTTP traffic can be sent and received through branch office VPN tunnel.1 and tunnel.2. A. True B. False Correct Answer: A

/Reference: QUESTION 47 A local branch office VPN tunnel route is configured as shown in this image. On the remote peer device, what must be configured as the remote network address for this tunnel route? (Select one.) A. 10.0.1.0/24 B. 10.0.10.0/24 C. 10.0.20.0/24

Correct Answer: B /Reference: QUESTION 48 While troubleshooting a branch office VPN tunnel, you see this log message: 2014-07-23 12:29:15 iked (203.0.113.10<->203.0.113.20) Peer proposes phase one encryption 3DES, expecting AES What settings could you modify in the local device configuration to resolve this issue? (Select one.) A. BOVPN Gateway settings B. BOVPN-Allow policies C. BOVPN Tunnel settings D. BOVPN Tunnel Route settings Correct Answer: A /Reference: The WatchGuard BOVPN settings error in this example states phase one encryption. Only the BOVPN Gateway settings can specify phase one settings. BOVPN Tunnel settings specify phase 2 settings. QUESTION 49 If you use an external authentication server for mobile VPN, which option must you complete before remote users can authenticate? (Select one.) A. Create aliases for each remote user's virtual IP address. B. Reboot the authentication server. C. Add the Mobile VPN user group and remote users to your authentication server. D. Add the remote users to a Mobile VPN user group on your Firebox. Correct Answer: A /Reference:

QUESTION 50 In a Mobile VPN configuration, why would you choose default route VPN over split tunnel VPN? (Select one.) A. Default route VPN allows your Firebox to examine all remote user traffic B. Default route VPN uses less bandwidth C. Default route VPN uses less processing power D. Default route VPN automatically allows dynamic NAT Correct Answer: D /Reference: http://www.gratisexam.com/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback