watchguard essentials practice test
Essentials
Question 1
When your device is in a default state, to which interface do you connect your management
computer so you can use the Quick Setup Wizard or Web Setup Wizard to configure the device?
(Select one.)
- A. Interface 0
- B. Console interface
- C. Any interface
- D. Interface 1
Answer:
D
Question 2
In the default Firebox configuration file, which policies control management access to the device?
(Select two.)
- A. WatchGuard
- B. FTP
- C. Ping
- D. WatchGuard Web UI
- E. Outgoing
Answer:
A,D
Question 3
To use the Web Setup Wizard or Quick Setup Wizard to configure your Firebox or XTM device, your
computer must have an IP address on which subnet? (Select one.)
- A. 10.0.10.0/24
- B. 10.0.1.0/24
- C. 172.16.10.0/24
- D. 192.168.1.0/24
Answer:
B
Question 4
What is the best method to downgrade the version of Fireware OS on your Firebox without losing all
device configuration settings? (Select one.)
- A. Restore a saved backup image that was created for the device before the last Fireware OS upgrade.
- B. Use the Upgrade OS feature in Fireware Web UI to install the sysa_dl file for an order version of Fireware OS.
- C. Change the OS compatibility setting in Policy Manager to downgrade the device. Then use Policy Manager to save the configuration to the device.
- D. Use the downgrade feature on Policy Manager to select a previous of Fireware OS.
Answer:
A
Question 5
You configured four Device Administrator user accounts for your Firebox. To see a report of witch
Device Management users have made changes to the device configuration, what must you do?
(Select two.)
- A. Start Firebox System Manager for the device and review the activity for the Management Users on the Authentication List tab.
- B. Connect to Report Manager or Dimension and view the Audit Trail report for your device.
- C. Open WatchGuard Server Center and review the configuration history for managed devices.
- D. Configure your device to send audit trail log messages to your WatchGuard Log Server or Dimension Log Server.
Answer:
B,C
Question 6
Which items are included in a Firebox backup image? (Select four.)
- A. Support snapshot
- B. Fireware OS
- C. Configuration file
- D. Log file
- E. Feature keys
- F. Certificates
Answer:
A,C,D,E
Question 7
Only 50 clients on the trusted network of your Firebox can connect to the Internet at the same time.
What could cause this? (Select one.)
- A. TheLiveSecurity feature key is expired.
- B. The device feature key allows a maximum of 50 client connections.
- C. The DHCP address pool on the trusted interface has only 50 IP addresses.
- D. The Outgoing policy allows a maximum of 50 client connections.
Answer:
C
Question 8
The IP address for the trusted interface on your Firebox is 10.0.40.1/24, but you want to change the
IP address for this interface. How can you avoid a network outage for clients on the trusted network
when you change the interface IP address to 10.0.50.1/24? (Select one.)
- A. Create a 1-to-1 NAT rule for traffic from the 10.0.40.0/24 subnet to addresses on the 10.0.50.0/24 subnet.
- B. Add 10.0.40.1/24 as a secondary IP address for the interface.
- C. Add IP addresses on the 10.0.40.0/24 subnet to the DHCP Server IP address pool for this interface.
- D. Add a route to 10.0.40.0/24 with the gateway 10.0.50.1.
Answer:
B
Question 9
In the network configuration in this image, which aliases is Eth2 a member of? (Select three.)
- A. Any-optional
- B. Any-External
- C. Optional-1
- D. Any
- E. Any-Trusted
Answer:
A, C, D
Question 10
Clients on the trusted network need to connect to a server behind a router on the optional network.
Based on this image, what static route must be added to the Firebox for traffic from clients on the
trusted network to reach a server at 10.0.20.100? (Select one.)
- A. Route to 10.0.20.0/24,Gateway 10.0.2.1
- B. Route to 10.0.20.0/24,Gateway 10.0.2.254
- C. Route to 10.0.20.0, Gateway 10.0.2.254
- D. Route to 10.0.10.0/24, Gateway 10.0.10.1
Answer:
C
Question 11
Which of these options are private IPv4 addresses you can assign to a trusted interface, as described
in RFC 1918, Address Allocation for Private Internets? (Select three.)
- A. 192.168.50.1/24
- B. 10.50.1.1/16
- C. 198.51.100.1/24
- D. 172.16.0.1/16
- E. 192.0.2.1/24
Answer:
A,B,D
Question 12
The policies in a default Firebox configuration do not allow outgoing traffic from optional interfaces.
- A. True
- B. False
Answer:
B
Question 13
When you examine the log messages In Traffic Monitor, you see that some network packets are
denied with an unhandled packet log message. What does this log massage mean? (Select one.)
- A. The packet is denied because the site is on the Blocked Sites List.
- B. The packet is denied because it matched a policy.
- C. The packet is denied because it matched an IPS signature.
- D. The packet is denied because it does not match any firewall policies.
Answer:
C
Question 14
Which of these actions adds a host to the temporary or permanent blocked sites list? (Select three.)
- A. Enable the AUTO-block sites that attempt to connect option in a deny policy.
- B. Add the site to the Blocked Sites Exceptions list.
- C. On the Firebox System Manager >Blocked Sites tab, select Add.
- D. In Policy Manager, select Setup> Default Threat Protection > Blocked Sites and click Add.
Answer:
A,C,D
Question 15
Which of these threats can the Firebox prevent with the default packet handling settings? (Select
four.)
- A. Access to inappropriate websites
- B. Denial of service attacks
- C. Flood attacks
- D. Malware in downloaded files
- E. Port scans
- F. Viruses in email messages
- G. IP spoofing
Answer:
B,C,E,G