[2023年更新]Essentials.PDFの問題回答PDFサンプル問題現実的 [Q44-Q67]

[2023年更新]Essentials.PDFの問題回答PDFサンプル問題現実的

WatchGuard Essentials問題集PDFはまもなく最高のベストスコア

WatchGuard Essentials（FireWare Essentials）試験には、WatchGuardネットワークセキュリティソリューションに関連するさまざまな分野で個人の知識とスキルを評価する厳格なテストプロセスがあります。この試験は、WatchGuardファイアウォールとVPNSを構成およびトラブルシューティングする個人の能力をテストする複数選択の質問と実践的な演習で構成されています。この試験は、それに合格した個人がWatchGuard製品を深く理解し、それらを使用して組織のネットワークを脅威から保護できるようにするように設計されています。

WatchGuard Essentials（Fireware Essentials）認定を取得することは、WatchGuard Fireboxセキュリティソリューションを使用してネットワークを管理し、セキュリティを確保するために必要なスキルと知識を持っていることを雇用主やクライアントに示すことができます。この認定は、ネットワークセキュリティと管理のキャリアを進めたいITプロフェッショナルにとって貴重な資産です。

 

質問 # 44
What is one reason that users could see a certificate warning in their web browsers when they connect to Fireware XTM Web UI? (Select one.)

• A. The authentication server does not respond after three minutes.
• B. The Firebox or XTM device uses the default self-signed certificate.
• C. The user has been previously added to the Blocked Sites list.
• D. The user or group is not present in the Firebox User database.

正解：B

質問 # 45
When you configure the Global Application Control action, it is automatically applied to all policies.

• A. False
• B. True

正解：A

質問 # 46
For which of these third party authentication methods must you specify a search base? (Select two.)

• A. LDAP
• B. RADIUS
• C. SecurID
• D. Active Directory

正解：A、D

質問 # 47
Clients on the trusted network need to connect to a server behind a router on the optional network. Based on this image, what static route must be added to the Firebox for traffic from clients on the trusted network to reach a server at 10.0.20.100? (Select one.)

• A. Route to 10.0.20.0/24, Gateway 10.0.2.254
• B. Route to 10.0.20.0, Gateway 10.0.2.254
• C. Route to 10.0.20.0/24, Gateway 10.0.2.1
• D. Route to 10.0.10.0/24, Gateway 10.0.10.1

正解：A

解説：
Explanation/Reference:
We must add a trusted static route to the 10.0.20.0/24 network through the 10.0.2.254 gateway.

質問 # 48
How can you include log messages from more than one Firebox in a single report generated by Dimension? (Select two.)

• A. You cannot see report data in Dimension for more than one device.
• B. Create a report schedule that includes all the devices you want to include in the report.
• C. Export report data as a single PDF file for all the devices you want to include in the report.
• D. Create a device group and view the reports for that group.

正解：B、D

質問 # 49
The IP address for the trusted interface on your Firebox is 10.0.40.1/24, but you want to change the IP address for this interface. How can you avoid a network outage for clients on the trusted network when you change the interface IP address to 10.0.50.1/24? (Select one.)

• A. Create a 1-to-1 NAT rule for traffic from the 10.0.40.0/24 subnet to addresses on the 10.0.50.0/24 subnet.
• B. Add a route to 10.0.40.0/24 with the gateway 10.0.50.1.
• C. Add IP addresses on the 10.0.40.0/24 subnet to the DHCP Server IP address pool for this interface.
• D. Add 10.0.40.1/24 as a secondary IP address for the interface.

正解：D

質問 # 50
Match each WatchGuard Subscription Service with its function.
Uses signatures to provide real-time protection against network attacks. (Choose one).

• A. Application Control
• B. Intrusion Prevention Server IPS
• C. APT Blocker
• D. Data Loss Prevention DLP
• E. Reputation Enable Defense RED

正解：B

解説：
Intrusion PreventionService (IPS) -- As with the other IPS offers, the IPS module is intended to detect and in real time mitigate intrusions coming into a network. This includes a large signaturedata base that monitors for spyware, SQL injections, cross-site scripting (XSS),and buffer overflows.
Reference:http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html

質問 # 51
Match each WatchGuard Subscription Service with its function.
Uses rules, pattern matching, and sender reputation to block unwanted email messages. (Choose one).

• A. Gateway / Antivirus
• B. Intrusion Prevention Server IPS
• C. APTBlocker
• D. Reputation Enable Defense RED
• E. Spam Blocker

正解：E

解説：
SpamBlocker provides a spam scanning engine that works in concert with WatchGuard's cloud-based technology to prevent spam from gaining access to the email servers (and clients).
Reference:http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html

質問 # 52
In the network configuration in this image, which aliases is Eth2 a member of? (Select three.)

• A. Any-Trusted
• B. Any-External
• C. Any
• D. Optional-1
• E. Any-optional

正解：C、D、E

質問 # 53
Match the monitoring tool to the correct task.
Which tool can view a list of users connected to the Firebox? (Select one)

• A. FireBox System Manager - Blocked Sites list
• B. Firebox System Manager - Authentication list
• C. FireWatch
• D. Traffic Monitor
• E. Firebox System Manager - Subscription services
• F. Log Server

正解：B

解説：
You can viewa list of users connected to the Firebox through HostWatch, and you can also use Authentication List, which identifiesthe IP addresses and user names of all the users that are authenticated to the Firebox.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181

質問 # 54
In a Mobile VPN configuration, why would you choose default route VPN over split tunnel VPN? (Select one.)

• A. Default route VPN uses less bandwidth
• B. Default route VPN automatically allows dynamic NAT
• C. Default route VPN allows your Firebox to examine all remote user traffic
• D. Default route VPN uses less processing power

正解：C

解説：
http://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/mvpn/pptp/mvpn_pptp_internet-access_c.html
The most secure option is to require that all remote user Internet traffic is routed through the VPN tunnel to the XTM device. Then, the traffic is sent back out to the Internet. With this configuration (known as default-route VPN), the XTM device is able to examine all traffic and provide increased security, although it uses more processing power and bandwidth.

質問 # 55
Match each WatchGuard Subscription Service with its function.
Prevents accidental or unauthorized transmission of confidential information outside your network.
(Choose one).

• A. Gateway / Antivirus
• B. Data Loss Prevention DLP
• C. APT Blocker
• D. Intrusion Prevention Server IPS
• E. Reputation Enable Defense RED

正解：B

解説：
Explanation/Reference:
Data Loss Prevention (DLP) watches for accidental and intentional breaches of private/sensitive data through an organizational policy. Provides a library of over 200 rules to protect organization data and has the ability to parse over 30 different file formats including Microsoft Office formats and PDFs.
Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html

質問 # 56
From the SMTP proxy action settings in this image, which of these options is configured for outgoing SMTP traffic? (Select one.)

• A. Prevent mail relay for theexample.comdomain.
• B. Rewrite theMail Fromheader for theexample.comdomain.
• C. Deny incoming mail from theexample.comdomain.
• D. Deny outgoing mail from theexample.comdomain.

正解：D

質問 # 57
Users on the trusted network cannot browse Internet websites. Based on the configuration shown in this image, what could be the problem with this policy configuration? (Select one.)

• A. The HTTP-proxy allows Any-Trusted and Any-Optional to Any-External.
• B. The default Outgoing policy has been removed and there is no policy to allow DNS traffic.
• C. The HTTP-proxy policy is configured for the wrong port.
• D. The HTTP-proxy policy has higher precedence than the HTTPS-proxy policy.

正解：B

質問 # 58
You configured four Device Administrator user accounts for your Firebox. To see a report of witch Device Management users have made changes to the device configuration, what must you do? (Select two.)

• A. Start Firebox System Manager for the device and review the activity for the Management Users on the Authentication List tab.
• B. Open WatchGuard Server Center and review the configuration history for managed devices.
• C. Connect to Report Manager or Dimension and view the Audit Trail report for your device.
• D. Configure your device to send audit trail log messages to your WatchGuard Log Server or Dimension Log Server.

正解：B、C

質問 # 59
Match each type of NAT with the correct description:
Conserves IP addresses and hides the internal topology of your network. (Choose one)

• A. 1-to1 NAT
• B. Dynamic NAT
• C. NAT Loopback

正解：B

解説：
Explanation/Reference:
Dynamic NAT is also known as IP masquerading. With dynamic NAT many computers can connect to the Internet from one public IP address. Dynamic NAT gives more security for internal hosts that use the Internet, because it hides the IP addresses of hosts on your network.
Reference: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/nat/ nat_dynamic_use_c.html%3FTocPath%3DNetwork%2520Address%2520Translation%2520(NAT)%
7CAbout%2520Dynamic%2520NAT%7C_____0

質問 # 60
Match each WatchGuard Subscription Service with its function.
Controls access to website based on content categories. . (Choose one).

• A. Application Control
• B. Gateway / Antivirus
• C. WebBlocker
• D. Intrusion Prevention Server IPS
• E. Reputation Enable Defense RED

正解：C

解説：
WebBlocker controls access to the good and bad places that are reachable on the web,preventing users from gaining access to sites that have evil intentions.
If you configure WebBlocker to use the Websense cloud for WebBlocker lookups, WebBlocker uses the Websense content categories. A web site is added to a category when the content of the web site meets the criteria for the content category.
Reference:http://www.tomsitpro.com/articles/network-security-solutions-guide,2-866-6.html

質問 # 61
You can configure your Firebox to automatically redirect users to the Authentication Portal page.

• A. False
• B. True

正解：B

質問 # 62
A local branch office VPN tunnel route is configured as shown in this image. On the remote peer device, what must be configured as the remote network address for this tunnel route? (Select one.)

• A. 10.0.20.0/24
• B. 10.0.1.0/24
• C. 10.0.10.0/24

正解：C

質問 # 63
When you examine the log messages In Traffic Monitor, you see that some network packets are denied with an unhandled packet log message. What does this log massage mean? (Select one.)

• A. The packet is denied because it matched an IPS signature.
• B. The packet is denied because the site is on the Blocked Sites List.
• C. The packet is denied because it matched a policy.
• D. The packet is denied because it does not match any firewall policies.

正解：D

質問 # 64
Which of these actions adds a host to the temporary or permanent blocked sites list? (Select three.)

• A. On the Firebox System Manager >Blocked Sites tab, select Add.
• B. Add the site to the Blocked Sites Exceptions list.
• C. Enable the AUTO-block sites that attempt to connect option in a deny policy.
• D. In Policy Manager, select Setup> Default Threat Protection > Blocked Sites and click Add.

正解：A、C、D

質問 # 65
If your Firebox has a single public IP address, and you want to forward inbound traffic to internal hosts based on the destination port, which type of NAT should you use? (Select one.)

• A. 1-to-1 NAT
• B. Dynamic NAT
• C. Static NAT

正解：C

質問 # 66
Match each WatchGuard Subscription Service with its function.
Scans files to detect malicious software infections. (Choose one).

• A. Spam Blocker
• B. Quarantine Server
• C. Gateway / Antivirus
• D. Data Loss Prevention DLP
• E. Reputation Enable Defense RED

正解：C

解説：
Explanation/Reference:
Gateway Antivirus provides a virus scanner that uses both an extensive signature database (updated through subscription) and a heuristic analysis engine.
Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html

質問 # 67
......

Essentials試験問題集（2023年最新のPDF問題集)現実的なEssentialsテストエンジン：https://www.jpntest.com/shiken/Essentials-mondaishu