無料Essentials試験ブレーン問題集認定ガイド問題と解答 [Q17-Q34]

無料Essentials試験ブレーン問題集認定ガイド問題と解答

Essentials認定概要最新のEssentialsPDF問題集

質問 17
Which WatchGuard Subscription Service must be enabled in a proxy policy before you can use APT Blocker? (Select one.)

• A. RED
• B. WebBlocker
• C. Gateway Antivirus
• D. Application Control
• E. IPS

正解: C

 

質問 18
Which WatchGuard tools can you use to review the log messages generated by your Firebox? (Select three).

• A. Firebox System Manager > Status Report
• B. WatchGuard System Manager > Policy Manager
• C. Firebox System Manager > Traffic Monitor
• D. Fireware XTM Web UI > Traffic Monitor
• E. Dimension > Log manager

正解: A,C,E

 

質問 19
Match each WatchGuard Subscription Service with its function.
Controls access to website based on content categories. . (Choose one).

• A. Gateway / Antivirus
• B. Explanation:
  WebBlocker controls access to the good and bad places that are reachable on the web,preventing users from gaining access to sites that have evil intentions.
  If you configure WebBlocker to use the Websense cloud for WebBlocker lookups, WebBlocker uses the Websense content categories. A web site is added to a category when the content of the web site meets the criteria for the content category.
  Reference:http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html
  QUESTIONNO: 74
  Match each type of NAT with the correct description:
  Allows a user on the trusted or optional network to connect to a public server that is on the same physical Firebox interface by its public IP address or domain name. (Choose one)
  A. 1-to1 NAT
  B. Dynamic NAT
  C. NAT Loopback
• C. WebBlocker
• D. Application Control
• E. Reputation Enable Defense RED
• F. Intrusion Prevention Server IPS

正解: C

解説:
NAT loopback allows a user on the trusted or optional networks to get access to a public server that is on the same physical Firebox or XTM device interface by its public IP address or domain name.
Reference:http://www.watchguard.com/help/docs/wsm/11/en-US/index_Left.html#CSHID=en-US%2Fnat%2Fnat_loopback_c.html|StartTopic=Content%2FenUS%2Fnat%2Fnat_loopback_c.html

 

質問 20
When you configure the Global Application Control action, it is automatically applied to all policies.

• A. True
• B. False

正解: B

 

質問 21
Which tool is used to see a treemap visualization of the traffic through your Firebox? (Select one)

• A. Traffic Monitor
• B. Log Server
• C. Firebox System Manager - Subscription services
• D. Firebox System Manager - Authentication list
• E. FireWatch
• F. FireBox System Manager - Blocked Sites list

正解: E

解説:
Explanation/Reference:
The FireWatch page is separated into tabs of data that is presented in a Treemap Visualization. The treemap is a widget that proportionally sizes blocks in the display to represent the data for that tab. The largest blocks on the tab represent the largest data users. The data is sorted by the tab you select and the type you select from the drop-down list at the top right of the page.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181

 

質問 22
Your company denies downloads of executable files from all websites. What can you do to allow users on the network to download executable files from the company's remote website? (Select one.)

• A. Create a Blocked Sites exception.
• B. Create an IPS exception.
• C. Add an HTTP proxy exception for the company's remote website.
• D. Create a WebBlocker exception to allow access to the company's remote website.
• E. Configure HTTP Request > URL Paths to allow the company's remote website.

正解: C

 

質問 23
After you enable Gateway AntiVirus, IPS, or Application control, how can you make sure the services protect your network from the latest known threats? (Select one.)

• A. Enable HTTPS deep inspection.
• B. Enable default packet handling.
• C. Enable automatic signature updates.
• D. Configure reputation Enabled Defense.

正解: C

 

質問 24
Which tool can add an IP address for the Firebox to permanently block? (Select one)

• A. Traffic Monitor
• B. Log Server
• C. Firebox System Manager - Subscription services
• D. Firebox System Manager - Authentication list
• E. FireBox System Manager - Blocked Sites list
• F. FireWatch

正解: E

解説:
Block a site permanently
The Successful Company networkadministrator has been driven to distraction recently by a script kiddy using addresses in the 192.136.15.0/24 network to run probes of the Successful network. In this exercise, we permanently block all connections from that network.
1.From PolicyManager, select Setup > Default Threat Protection > Blocked Sites. The Blocked Sites Configuration dialog box opens.
2.On the Blocked Sites tab, click Add.
3.The Add Site dialog box opens. 3. Use the Choose Type drop-down list to select Network IP. In the Value text box, type 192.136.15.0/ 24.
4. Click OK.
The entry appears in the Blocked Sites list. With this configuration, the Firebox blocks all packets to and from the 192.136.15.0/24 network range.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181

 

質問 25
Which of these options must you configure in an HTTPS-proxy policy to detect credit card numbers in HTTP traffic that is encrypted with SSL? (Select two.)

• A. WebBlocker
• B. Application Control
• C. Data Loss Prevention
• D. Deep inspection of HTTPS content
• E. Gateway AntiVirus

正解: C,D

 

質問 26
Which of these actions adds a host to the temporary or permanent blocked sites list? (Select three.)

• A. Add the site to theBlocked Sites Exceptionslist.
• B. Enable theAUTO-block sites that attempt to connectoption in a deny policy.
• C. In Policy Manager, selectSetup> Default Threat Protection > Blocked Sitesand clickAdd.
• D. On the Firebox System Manager >Blocked Sitestab, selectAdd.

正解: B,C,D

解説:
A: You can configure a deny policy to automatically block sites that originate traffic that does not comply with the policy rulese
1.From Policy Manager, double-click the PCAnywhere policy.
2.Click the Properties tab. Select the Auto-block sites that attempt to connect checkbox.
Reference:https://www.watchguard.com/training/fireware/80/defense8.htm
C: The blocked sites list shows all the sites currently blocked as a result of the rules defined in Policy Manager. From this tab, you can add sites to the temporary blocked sites list, or remove temporary blocked sites.
Reference:http://www.watchguard.com/training/fireware/82/monitoa6.htm
D: You can usePolicy Manager to permanently add sites to the Blocked Sites list.
1.select Setup > Default Threat Protection > Blocked Sites.
2.Click Add.
The Add Site dialog box appears.
Reference:http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-
US/intrusionprevention/blocked_sites_permanent_c.html

 

質問 27
Match each type of NAT with the correct description:
Conserves IP addresses and hides the internal topology of your network. (Choose one)

• A. Dynamic NAT
• B. 1-to1 NAT
• C. NAT Loopback

正解: A

解説:
Explanation/Reference:
Dynamic NAT is also known as IP masquerading. With dynamic NAT many computers can connect to the Internet from one public IP address. Dynamic NAT gives more security for internal hosts that use the Internet, because it hides the IP addresses of hosts on your network.
Reference: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/nat/ nat_dynamic_use_c.html%3FTocPath%3DNetwork%2520Address%2520Translation%2520(NAT)%7CAbout%
2520Dynamic%2520NAT%7C_____0

 

質問 28
In the network configuration in this image, which aliases is Eth2 a member of? (Select three.)

• A. Any
• B. Optional-1
• C. Any-Trusted
• D. Any-External
• E. Any-optional

正解: A,B,E

 

質問 29
How can you include log messages from more than one Firebox in a single report generated by Dimension? (Select two.)

• A. Create a report schedule that includes all the devices you want to include in the report.
• B. You cannot see report data in Dimension for more than one device.
• C. Export report data as a single PDF file for all the devices you want to include in the report.
• D. Create a device group and view the reports for that group.

正解: A,D

 

質問 30
In a Mobile VPN configuration, why would you choose default route VPN over split tunnel VPN? (Select one.)

• A. Default route VPN uses less processing power
• B. Default route VPN allows your Firebox to examine all remote user traffic
• C. Default route VPN uses less bandwidth
• D. Default route VPN automatically allows dynamic NAT

正解: B

解説:
http://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/mvpn/pptp/mvpn_pptp_internet-access_c.html
The most secure option is to require that all remote user Internet traffic is routed through the VPN tunnel to the XTM device. Then, the traffic is sent back out to the Internet. With this configuration (known as default-route VPN), the XTM device is able to examine all traffic and provide increased security, although it uses more processing power and bandwidth.

 

質問 31
While troubleshooting a branch office VPN tunnel, you see this log message:
2014-07-23 12:29:15 iked (203.0.113.10<->203.0.113.20) Peer proposes phase one encryption 3DES, expecting AES What settings could you modify in the local device configuration to resolve this issue? (Select one.)

• A. BOVPN Gateway settings
• B. BOVPN Tunnel Route settings
• C. BOVPN-Allow policies
• D. BOVPN Tunnel settings

正解: A

解説:
Explanation/Reference:
The WatchGuard BOVPN settings error in this example states phase one encryption. Only the BOVPN Gateway settings can specify phase one settings. BOVPN Tunnel settings specify phase 2 settings.

 

質問 32
From the SMTP proxy action settings in this image, which of these options is configured for outgoing SMTP traffic? (Select one.)

• A. Deny incoming mail from the example.comdomain.
• B. Deny outgoing mail from the example.comdomain.
• C. Rewrite the Mail From header for the example.comdomain.
• D. Prevent mail relay for the example.comdomain.

正解: A

 

質問 33
You need to create an HTTP-proxy policy to a specific domain for software updates (example.com). The update site has multiple subdomains and dynamic IP addresses on a content delivery network. Which of these options is the best way to define the destination in your HTTP-proxy policy? (Select one.)

• A. Create an alias for all subdomains and known IP addresses forexample.com.
• B. Configure an FQDN for*.example.com.
• C. Configure a host name forupdate.example.com.
• D. Add IP addresses that correspond to each software update server in the domain.

正解: B

解説:
http://www.watchguard.com/help/docs/fireware/11/en-US/Content/en-US/policies/fqdn_about_c.html

 

質問 34
......

ベストなWatchGuard Essentials学習ガイドと問題集には2023：https://www.jpntest.com/shiken/Essentials-mondaishu