You configured four Device Administrator user accounts for your Firebox.
To see a report of witch Device Management users have made changes to the device configuration, what must you do? (Select two.)
- A . Start Firebox System Manager for the device and review the activity for the Management Users on the Authentication List tab.
- B . Connect to Report Manager or Dimension and view the Audit Trail report for your device.
- C . Open WatchGuard Server Center and review the configuration history for managed devices.
- D . Configure your device to send audit trail log messages to your WatchGuard Log Server or Dimension Log Server.
Which takes precedence: WebBlocker category match or a WebBlocker exception?
- A . WebBlocker exception
- B . WebBlocker category match
From the Firebox System Manager >Authentication List tab, you can view all of the authenticated users connected to your Firebox and disconnect any of them.
- A . True
- B . False
Users on the trusted network cannot browse Internet websites.
Based on the configuration shown in this image, what could be the problem with this policy configuration? (Select one.)
- A . The default Outgoing policy has been removed and there is no policy to allow DNS traffic.
- B . The HTTP-proxy policy has higher precedence than the HTTPS-proxy policy.
- C . The HTTP-proxy policy is configured for the wrong port.
- D . The HTTP-proxy allows Any-Trusted and Any-Optional to Any-External.
HOTSPOT
Match each WatchGuard Subscription Service with its function:
Explanation:
WebBlocker
Spam Blocker
Gateway / Antivirus
APT Blocker
Application Control
Quarantee Server
Intrusion Prevention Server IPS
Data Loss Prvention DLP
Reputation Enable Defense RED
Which of these threats can the Firebox prevent with the default packet handling settings? (Select four.)
- A . Access to inappropriate websites
- B . Denial of service attacks
- C . Flood attacks
- D . Malware in downloaded files
- E . Port scans
- F . Viruses in email messages
- G . IP spoofing
In the network configuration in this image, which aliases is Eth2 a member of? (Select three.)
- A . Any-optional
- B . Any-External
- C . Optional-1
- D . Any
- E . Any-Trusted
To enable remote devices to send log messages to Dimension through the gateway Firebox, what must you verify is included in your gateway Firebox configuration? (Select one.)
- A . You can only send log messages to Dimension from a computer that is on the network behind your gateway Firebox.
- B . You must change the connection settings in Dimension, not on the gateway Firebox.
- C . You must add a policy to the remote device configuration file to allow traffic to a Dimension.
- D . You must make sure that either the WG-Logging packet filter policy, or another policy that allows external connections to Dimension over port 4115, is included in the configuration file.
An email newsletter about sales from an external company is sometimes blocked by spamBlocker.
What option could you choose to make sure the newsletter is delivered to your users? (Select one.)
- A . Add a spamBlocker exception based on the From field of the newsletter email.
- B . Set the spamBlocker action to quarantine the email for later retrieval.
- C . Add a spamBlocker subject tag for bulk email messages.
- D . Set the spamBlocker virus outbreak detection action to allow emails from the newsletter source.
You can use Firebox-DB authentication with any type of Mobile VPN.
- A . True
- B . False
You can configure your Firebox to automatically redirect users to the Authentication Portal page.
- A . True
- B . False
Your company denies downloads of executable files from all websites.
What can you do to allow users on the network to download executable files from the company’s remote website? (Select one.)
- A . Add an HTTP proxy exception for the company’s remote website.
- B . Create a WebBlocker exception to allow access to the company’s remote website.
- C . Create an IPS exception.
- D . Create a Blocked Sites exception.
- E . Configure HTTP Request > URL Paths to allow the company’s remote website.
You have a privately addressed email server behind your Firebox.
If you want to make sure that all traffic from this server to the Internet appears to come from the public IP address 203.0.113.25, regardless of policies, which from of NAT would you use? (Select one.)
- A . In the SMTP policy that handles traffic from the email server, select the option to apply dynamic NAT to all traffic in the policy and set the source IP address 203.0.113.25.
- B . Create a global dynamic NAT rule for traffic from the email server and set the source IP address to 203.0.113.25.
- C . Create a static NAT action for traffic to the email server, and set the source IP address to 203.0.113.25.
While troubleshooting a branch office VPN tunnel, you see this log message:
2014-07-23 12:29:15 iked (203.0.113.10<->203.0.113.20) Peer proposes phase one encryption 3DES, expecting AES
What settings could you modify in the local device configuration to resolve this issue? (Select one.)
- A . BOVPN Gateway settings
- B . BOVPN-Allow policies
- C . BOVPN Tunnel settings
- D . BOVPN Tunnel Route settings
A
Explanation:
The WatchGuard BOVPN settings error in this example states phase one encryption. Only the BOVPN Gateway settings can specify phase one settings. BOVPN Tunnel settings specify phase 2 settings.
Which WatchGuard tools can you use to review the log messages generated by your Firebox? (Select three).
- A . Firebox System Manager > Traffic Monitor
- B . Fireware XTM Web UI > Traffic Monitor
- C . Firebox System Manager > Status Report
- D . Dimension > Log manager
- E . WatchGuard System Manager > Policy Manager