次の認定試験に速く合格する!

簡単に認定試験を準備し、学び、そして合格するためにすべてが必要だ。

会員センター  カート (0)
  • ホーム
  • ブログ
  • [2024年01月04日] 合格Fireware Essentials Essentials試験問題集には75問があります [Q31-Q48]

[2024年01月04日] 合格Fireware Essentials Essentials試験問題集には75問があります [Q31-Q48]

Share

[2024年01月04日] 合格Fireware Essentials Essentials試験問題集には75問があります

究極ガイドの無料準備WatchGuard Essentials試験問題と解答

質問 # 31
Which takes precedence: WebBlocker category match or a WebBlocker exception?

  • A. WebBlocker category match
  • B. WebBlocker exception

正解:A


質問 # 32
Which tool can add an IP address for the Firebox to permanently block? (Select one)

  • A. Firebox System Manager - Subscription services
  • B. FireWatch
  • C. Traffic Monitor
  • D. Log Server
  • E. FireBox System Manager - Blocked Sites list
  • F. Firebox System Manager - Authentication list

正解:F

解説:
Block a site permanently
The Successful Company networkadministrator has been driven to distraction recently by a script kiddy using addresses in the 192.136.15.0/24 network to run probes of the Successful network. In this exercise, we permanently block all connections from that network.
1.From PolicyManager, select Setup > Default Threat Protection > Blocked Sites. The Blocked Sites Configuration dialog box opens.
2.On the Blocked Sites tab, click Add.
3.The Add Site dialog box opens. 3. Use the Choose Type drop-down list to select Network IP. In the Value text box, type 192.136.15.0/ 24.
4. Click OK.
The entry appears in the Blocked Sites list. With this configuration, the Firebox blocks all packets to and from the 192.136.15.0/24 network range.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181


質問 # 33
Which takes precedence: WebBlocker category match or a WebBlocker exception?

  • A. WebBlocker category match
  • B. WebBlocker exception

正解:B


質問 # 34
What is one reason that users could see a certificate warning in their web browsers when they connect to Fireware XTM Web UI? (Select one.)

  • A. The Firebox or XTM device uses the default self-signed certificate.
  • B. The user or group is not present in the Firebox User database.
  • C. The authentication server does not respond after three minutes.
  • D. The user has been previously added to the Blocked Sites list.

正解:A


質問 # 35
Match each type of NAT with the correct description:
Conserves IP addresses and hides the internal topology of your network. (Choose one)

  • A. 1-to1 NAT
  • B. NAT Loopback
  • C. Dynamic NAT

正解:B

解説:
Dynamic NAT is also known as IP masquerading.With dynamic NAT many computers can connect to the Internet from one public IP address. Dynamic NAT gives more security for internal hosts that use the Internet, because it hides the IP addresses of hosts on your network.
Reference:http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/nat/nat_dynamic_use_c.html%3FTocPath%3DNetwork%2520Address%2520Translation%252 0(NAT)%7CAbout%2520Dynamic%2520NAT%7C_____0


質問 # 36
In a Mobile VPN configuration, why would you choose default route VPN over split tunnel VPN? (Select one.)

  • A. Default route VPN automatically allows dynamic NAT
  • B. Default route VPN uses less bandwidth
  • C. Default route VPN uses less processing power
  • D. Default route VPN allows your Firebox to examine all remote user traffic

正解:A


質問 # 37
How is a proxy policy different from a packet filter policy? (Select two.)

  • A. Only a proxy works ta the application, network, and transport layers to examine all connection data.
  • B. Only a proxy policy can prevent specific threats without blocking the entire connection.
  • C. Only a proxy policy uses the IP source, destination, and port to control network traffic.
  • D. Only a proxy policy examines information in the IP header.

正解:A、C


質問 # 38
Which WatchGuard Subscription Service must be enabled in a proxy policy before you can use APT Blocker? (Select one.)

  • A. Application Control
  • B. Gateway Antivirus
  • C. IPS
  • D. WebBlocker
  • E. RED

正解:B


質問 # 39
Match each WatchGuard Subscription Service with its function.
Prevents accidental or unauthorized transmission of confidential information outside your network. (Choose one).

  • A. Data Loss Prevention DLP
  • B. Reputation EnableDefense RED
  • C. APT Blocker
  • D. Gateway / Antivirus
  • E. Intrusion Prevention Server IPS

正解:A

解説:
Data Loss Prevention (DLP) watches for accidental and intentional breaches of private/sensitive data through an organizational policy. Provides a library of over 200 rules to protect organization data and has the ability to parse over 30 different file formats including Microsoft Office formats and PDFs.
Reference:http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html


質問 # 40
With the policies configured as shown in this image, HTTP traffic can be sent and received through branch office VPN tunnel.1 and tunnel.2.

  • A. True
  • B. False

正解:A


質問 # 41
If your Firebox has a single public IP address, and you want to forward inbound traffic to internal hosts based on the destination port, which type of NAT should you use? (Select one.)

  • A. 1-to-1 NAT
  • B. Dynamic NAT
  • C. Static NAT

正解:A


質問 # 42
Which of these actions adds a host to the temporary or permanent blocked sites list? (Select three.)

  • A. Enable theAUTO-block sites that attempt to connectoption in a deny policy.
  • B. In Policy Manager, selectSetup> Default Threat Protection > Blocked Sitesand clickAdd.
  • C. Add the site to theBlocked Sites Exceptionslist.
  • D. On the Firebox System Manager >Blocked Sitestab, selectAdd.

正解:A、B、D

解説:
A: You can configure a deny policy to automatically block sites that originate traffic that does not comply with the policy rulese
1.From Policy Manager, double-click the PCAnywhere policy.
2.Click the Properties tab. Select the Auto-block sites that attempt to connect checkbox.
Reference:https://www.watchguard.com/training/fireware/80/defense8.htm
C: The blocked sites list shows all the sites currently blocked as a result of the rules defined in Policy Manager. From this tab, you can add sites to the temporary blocked sites list, or remove temporary blocked sites.
Reference:http://www.watchguard.com/training/fireware/82/monitoa6.htm
D: You can usePolicy Manager to permanently add sites to the Blocked Sites list.
1.select Setup > Default Threat Protection > Blocked Sites.
2.Click Add.
The Add Site dialog box appears.
Reference:http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-
US/intrusionprevention/blocked_sites_permanent_c.html


質問 # 43
How is a proxy policy different from a packet filter policy? (Select two.)

  • A. Only a proxy policy uses the IP source, destination, and port to control network traffic.
  • B. Only a proxy works at the application, network, and transport layers to examine all connection data.
  • C. Only a proxy policy examines information in the IP header.
  • D. Only a proxy policy can prevent specific threats without blocking the entire connection.

正解:B、D

解説:
Explanation/Reference:
C: Proxies can prevent potential threats from reaching your network without blocking the entire connection.
D: A proxy operates at the application layer, as well as the network and transport layers of a TCP/IP packet, while a packet filter operates only at the network and transport protocol layers.
Incorrect:
Not A: A packet filter examines each packet's IP header to control the network traffic into and out of your network.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 95


質問 # 44
If you disable the Outgoing policy, which policies must you add to allow trusted users to connect to commonly used websites? (Select three.)

  • A. FTP port 21
  • B. DNS port 53
  • C. NAT policy
  • D. HTTP port 80
  • E. HTTPS port 443

正解:B、D、E

解説:
TCP-UDP packet filter
If you decide to remove the Outgoing policy, you must add a policy for any type of traffic you want to allow through the Firebox. If you remove the Outgoing policy and then decide you want to allow all TCPand UDP connections through the Firebox again, you must add the TCP-UDP packet filter to provide the same function. This is because the Outgoing policy does not appear in the list of standard policies available from Policy Manager.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 97


質問 # 45
A local branch office VPN tunnel route is configured as shown in this image.

On the remote peer device, what must be configured as the remote network address for this tunnel route? (Select one.)

  • A. 10.0.20.0/24
  • B. 10.0.1.0/24
  • C. 10.0.10.0/24

正解:C


質問 # 46
When you configure the Global Application Control action, it is automatically applied to all policies.

  • A. False
  • B. True

正解:A


質問 # 47
Match each WatchGuard Subscription Service with its function.
Uses signatures to provide real-time protection against network attacks. (Choose one).

  • A. Reputation Enable Defense RED
  • B. Intrusion Prevention Server IPS
  • C. Application Control
  • D. APT Blocker
  • E. Data Loss Prevention DLP

正解:B

解説:
Intrusion PreventionService (IPS) -- As with the other IPS offers, the IPS module is intended to detect and in real time mitigate intrusions coming into a network. This includes a large signaturedata base that monitors for spyware, SQL injections, cross-site scripting (XSS),and buffer overflows.
Reference:http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html


質問 # 48
......

合格させるEssentialsテストエンジンとPDFで完全版無料問題集:https://www.jpntest.com/shiken/Essentials-mondaishu

関するブログ

もっと
Essentials無料問題集

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡 

関連リンク

トップ試験