[2023年12月06日] 更新されたEssentials試験PDF問題集にはJPNTest合格保証付き
あなたを合格させるWatchGuard試験にはEssentials試験問題集
質問 # 22
Match each WatchGuard Subscription Service with its function.
Uses signatures to provide real-time protection against network attacks. (Choose one).
- A. Intrusion Prevention Server IPS
- B. Application Control
- C. APT Blocker
- D. Data Loss Prevention DLP
- E. Reputation Enable Defense RED
正解:A
解説:
Explanation/Reference:
Intrusion Prevention Service (IPS) -- As with the other IPS offers, the IPS module is intended to detect and in real time mitigate intrusions coming into a network. This includes a large signature data base that monitors for spyware, SQL injections, cross-site scripting (XSS), and buffer overflows.
Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html
質問 # 23
How can you prevent connections to the Fireware Web UI from computers on optional interface Eth2? (Select one.)
- A. Remove Any-Optional from theTolist of the WatchGuard Web UI policy.
- B. Remove Any-Optional from theTolist of the WatchGuard policy
- C. Remove Eth2 from the Any-Optional alias.
- D. Remove Any-Optional from theFromlist of the WatchGuard policy.
- E. RemoveAny-Optional from theFromlist of the WatchGuard Web UI policy
正解:A
質問 # 24
Match each WatchGuard Subscription Service with its function.
Manages use of applications on your network. (Choose one).
- A. Application Control
- B. APT Blocker
- C. Data Loss Prevention DLP
- D. Reputation Enable Defense RED
- E. Intrusion Prevention Server IPS
正解:A
解説:
Explanation/Reference:
Application Control keeps unproductive, inappropriate, and dangerous applications off-limits.
Stay on top of the applications running on your network for tight security and high productivity with a subscription to WatchGuard Application Control. It allows you to establish which applications can be used within your organization, by whom, and when.
Reference: http://www.watchguard.com/docs/brochure/wg_application-control_ds.pdf
質問 # 25
If your Firebox has a single public IP address, and you want to forward inbound traffic to internal hosts based on the destination port, which type of NAT should you use? (Select one.)
- A. 1-to-1 NAT
- B. Dynamic NAT
- C. Static NAT
正解:A
質問 # 26
From the Fireware Web UI, you can generate a report that shows your device configuration settings.
- A. True
- B. False
正解:A
質問 # 27
After you enable spamBlocker, your users experience no reduction in the amount of spam they receive.
What could explain this? (Select three.)
- A. The spamBlocker action for Confirmed Spam is set to Allow.
- B. Connections cannot be resolved to the spamBlocker servers because DNS is not configured on the Firebox.
- C. The Maximum File Size to Scan option is set too high.
- D. spamBlocker Virus Outbreak Detection is not enabled.
- E. A spamBlocker exception is configured to allow traffic from sender *.
正解:A、B、E
解説:
Explanation/Reference:
A: Spamblocker requires DNS to be configured on your XTM device
B: If you use spamBlocker with the POP3 proxy, you have only two actions to choose from: Add Subject Tag and Allow. Allow lets spam email messages go through the Firebox without a tag.
D: The Firebox might sometimes identify a message as spam when it is not spam. If you know the address of the sender, you can configure the Firebox with an exception that tells it not to examine messages from that source address or domain.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 138
質問 # 28
You have a privately addressed email server behind your Firebox. If you want to make sure that all traffic from this server to the Internet appears to come from the public IP address 203.0.113.25, regardless of policies, which from of NAT would you use? (Select one.)
- A. Create a global dynamic NAT rule for traffic from the email server and set the source IP address to
203.0.113.25. - B. Create a static NAT action for traffic to the email server, and set the source IP address to
203.0.113.25. - C. In the SMTP policy that handles traffic from the email server, select the option to apply dynamic NAT to all traffic in the policy and set the source IP address203.0.113.25.
正解:A
質問 # 29
You can configure your Firebox to automatically redirect users to the Authentication Portal page.
- A. True
- B. False
正解:A
質問 # 30
When your device is in a default state, to which interface do you connect your management computer so you can use the Quick Setup Wizard or Web Setup Wizard to configure the device? (Select one.)
- A. Interface 0
- B. Interface 1
- C. Any interface
- D. Console interface
正解:B
質問 # 31
Match each type of NAT with the correct description:
Changes and routes all incoming and outgoing packets sent from one range of addresses to a different range of addresses. (Choose one)
- A. NAT Loopback
- B. 1-to1 NAT
- C. Dynamic NAT
正解:B
解説:
Explanation/Reference:
When you enable 1-to-1 NAT, the Firebox changes and routes all incoming and outgoing packets sent from one range of addresses to a different range of addresses.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 74
質問 # 32
Which of these threats can the Firebox prevent with the default packet handling settings? (Select four.)
- A. Malware in downloaded files
- B. Flood attacks
- C. Denial of service attacks
- D. Viruses in email messages
- E. Port scans
- F. Access to inappropriate websites
- G. IP spoofing
正解:B、C、E、G
質問 # 33
Which of these actions adds a host to the temporary or permanent blocked sites list? (Select three.)
- A. In Policy Manager, selectSetup> Default Threat Protection > Blocked Sitesand clickAdd.
- B. Add the site to theBlocked Sites Exceptionslist.
- C. On the Firebox System Manager >Blocked Sitestab, selectAdd.
- D. Enable theAUTO-block sites that attempt to connectoption in a deny policy.
正解:A、C、D
解説:
A: You can configure a deny policy to automatically block sites that originate traffic that does not comply with the policy rulese
1.From Policy Manager, double-click the PCAnywhere policy.
2.Click the Properties tab. Select the Auto-block sites that attempt to connect checkbox.
Reference:https://www.watchguard.com/training/fireware/80/defense8.htm
C: The blocked sites list shows all the sites currently blocked as a result of the rules defined in Policy Manager. From this tab, you can add sites to the temporary blocked sites list, or remove temporary blocked sites.
Reference:http://www.watchguard.com/training/fireware/82/monitoa6.htm
D: You can usePolicy Manager to permanently add sites to the Blocked Sites list.
1.select Setup > Default Threat Protection > Blocked Sites.
2.Click Add.
The Add Site dialog box appears.
Reference:http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-
US/intrusionprevention/blocked_sites_permanent_c.html
質問 # 34
Only 50 clients on the trusted network of your Firebox can connect to the Internet at the same time. What could cause this? (Select one.)
- A. The device feature key allows a maximum of 50 client connections.
- B. The DHCP address pool on the trusted interface has only 50 IP addresses.
- C. The Outgoing policy allows a maximum of 50 client connections.
- D. TheLiveSecurity feature key is expired.
正解:B
質問 # 35
Which tool can add an IP address for the Firebox to permanently block? (Select one)
- A. Traffic Monitor
- B. Firebox System Manager - Authentication list
- C. Log Server
- D. FireWatch
- E. FireBox System Manager - Blocked Sites list
- F. Firebox System Manager - Subscription services
正解:E
解説:
Block a site permanently
The Successful Company networkadministrator has been driven to distraction recently by a script kiddy using addresses in the 192.136.15.0/24 network to run probes of the Successful network. In this exercise, we permanently block all connections from that network.
1.From PolicyManager, select Setup > Default Threat Protection > Blocked Sites. The Blocked Sites Configuration dialog box opens.
2.On the Blocked Sites tab, click Add.
3.The Add Site dialog box opens. 3. Use the Choose Type drop-down list to select Network IP. In the Value text box, type 192.136.15.0/ 24.
4. Click OK.
The entry appears in the Blocked Sites list. With this configuration, the Firebox blocks all packets to and from the 192.136.15.0/24 network range.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181
質問 # 36
You need to create an HTTP-proxy policy to a specific domain for software updates (example.com). The update site has multiple subdomains and dynamic IP addresses on a content delivery network. Which of these options is the best way to define the destination in your HTTP-proxy policy? (Select one.)
- A. Add IP addresses that correspond to each software update server in the domain.
- B. Configure a host name forupdate.example.com.
- C. Configure an FQDN for*.example.com.
- D. Create an alias for all subdomains and known IP addresses forexample.com.
正解:C
解説:
http://www.watchguard.com/help/docs/fireware/11/en-US/Content/en-US/policies/fqdn_about_c.html
質問 # 37
In a Mobile VPN configuration, why would you choose default route VPN over split tunnel VPN? (Select one.)
- A. Default route VPN automatically allows dynamic NAT
- B. Default route VPN allows your Firebox to examine all remote user traffic
- C. Default route VPN uses less processing power
- D. Default route VPN uses less bandwidth
正解:B
解説:
http://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/mvpn/pptp/mvpn_pptp_internet-access_c.html
The most secure option is to require that all remote user Internet traffic is routed through the VPN tunnel to the XTM device. Then, the traffic is sent back out to the Internet. With this configuration (known as default-route VPN), the XTM device is able to examine all traffic and provide increased security, although it uses more processing power and bandwidth.
質問 # 38
......
最新でリアルなEssentials試験問題集解答:https://www.jpntest.com/shiken/Essentials-mondaishu