ESSENTIALS Online Practice Questions and Answers

The IP address for the trusted interface on your Firebox is 10.0.40.1/24, but you want to change the IP address for this interface. How can you avoid a network outage for clients on the trusted network when you change the interface IP address to 10.0.50.1/24? (Select one.)

A. Create a 1-to-1 NAT rule for traffic from the 10.0.40.0/24 subnet to addresses on the 10.0.50.0/24 subnet.

B. Add 10.0.40.1/24 as a secondary IP address for the interface.

C. Add IP addresses on the 10.0.40.0/24 subnet to the DHCP Server IP address pool for this interface.

D. Add a route to 10.0.40.0/24 with the gateway 10.0.50.1.

The policies in a default Firebox configuration do not allow outgoing traffic from optional interfaces.

A. True

B. False

You can configure your Firebox to automatically redirect users to the Authentication Portal page.

A. True

B. False

Match each type of NAT with the correct description:

Conserves IP addresses and hides the internal topology of your network. (Choose one)

A. 1-to1 NAT

B. Dynamic NAT

C. NAT Loopback

A user receives a deny message that the installation file (install.exe) is blocked by the HTTP-proxy policy and cannot be downloaded. Which HTTP proxy action rule must you modify to allow download of the installation file? (Select one.)

A. HTTP Request > Request Methods

B. HTTP Response > Body Content Types

C. HTTP Response > Header Fields

D. WebBlocker

E. HTTP Request > Authorization

Which of these services would you use to allow the use of P2P programs for a specific department in your organization? (Select one.)

A. Reputation Enabled Defense

B. Application Control

C. Data Loss Prevention

D. IPS

To enable remote devices to send log messages to Dimension through the gateway Firebox, what must you verify is included in your gateway Firebox configuration? (Select one.)

A. You can only send log messages to Dimension from a computer that is on the network behind your gateway Firebox.

B. You must change the connection settings in Dimension, not on the gateway Firebox.

C. You must add a policy to the remote device configuration file to allow traffic to a Dimension.

D. You must make sure that either the WG-Logging packet filter policy, or another policy that allows external connections to Dimension over port 4115, is included in the configuration file.

What is one reason that users could see a certificate warning in their web browsers when they connect to Fireware XTM Web UI? (Select one.)

A. The Firebox or XTM device uses the default self-signed certificate.

B. The authentication server does not respond after three minutes.

C. The user has been previously added to the Blocked Sites list.

D. The user or group is not present in the Firebox User database.

While troubleshooting a branch office VPN tunnel, you see this log message:

2014-07-23 12:29:15 iked (203.0.113.10<->203.0.113.20) Peer proposes phase oneencryption 3DES, expecting AES

What settings could you modify in the local device configuration to resolve this issue? (Select one.)

A. BOVPN Gateway settings

B. BOVPN-Allow policies

C. BOVPN Tunnel settings

D. BOVPN Tunnel Route settings

If you use an external authentication server for mobile VPN, which option must you complete before remote users can authenticate? (Select one.)

A. Create aliases for each remote user's virtual IP address.

B. Reboot the authentication server.

C. Add the Mobile VPN user group and remote users to your authentication server.

D. Add the remote users to a Mobile VPN user group on your Firebox.

Match the monitoring tool to the correct task.

Which tool can view a list of users connected to the Firebox? (Select one)

A. FireBox System Manager – Blocked Sites list

B. Log Server

C. FireWatch

D. Firebox System Manager – Subscription services

E. Firebox System Manager – Authentication list

F. Traffic Monitor

Match each WatchGuard Subscription Service with its function.

A repository where email messages can be sent based on analysis by spamBlocker, Gateway AntiVirus, or Data Loss Prevention. (Choose one).

A. Gateway / Antivirus

B. Data Loss Prevention DLP

C. Spam Blocker

D. Intrusion Prevention Server IPS

E. Quarantine Server

Match each WatchGuard Subscription Service with its function.

Uses signatures to provide real-time protection against network attacks. (Choose one).

A. Reputation Enable Defense RED

B. Data Loss Prevention DLP

C. Intrusion Prevention Server IPS

D. Application Control

E. APT Blocker

Match each WatchGuard Subscription Service with its function.

Uses rules, pattern matching, and sender reputation to block unwanted email messages. (Choose one).

A. Reputation Enable Defense RED

B. Gateway / Antivirus

C. Spam Blocker

D. Intrusion Prevention Server IPS

E. APT Blocker

Match each type of NAT with the correct description:

Allows a user on the trusted or optional network to connect to a public server that is on the same physical Firebox interface by its public IP address or domain name. (Choose one)

A. 1-to1 NAT

B. Dynamic NAT

C. NAT Loopback