お手軽Essentials問題集PDFのベスト問題集を使おう！高得点目指すならここ [Q43-Q66]

お手軽Essentials問題集PDFのベスト問題集を使おう！高得点目指すならここ

Fireware Essentials Essentials試験と認定テストエンジン

WatchGuard Essentials（FireWare Essentials）認定試験は、WatchGuardファイアウォールを使用しているITプロフェッショナルの知識とスキルをテストするように設計されています。この試験では、ネットワークセキュリティ、仮想プライベートネットワーク（VPN）、トラフィック管理、認証など、幅広いトピックをカバーしています。試験に合格すると、WatchGuardファイアウォールテクノロジーとこれらのソリューションを効果的に実装および管理する能力の完全な理解が示されています。

 

質問 # 43
While troubleshooting a branch office VPN tunnel, you see this log message:
2014-07-23 12:29:15 iked (203.0.113.10<->203.0.113.20) Peer proposes phase one encryption 3DES, expecting AES What settings could you modify in the local device configuration to resolve this issue? (Select one.)

• A. BOVPN Tunnel settings
• B. BOVPN Gateway settings
• C. BOVPN Tunnel Route settings
• D. BOVPN-Allow policies

正解：B

解説：
Explanation/Reference:
The WatchGuard BOVPN settings error in this example states phase one encryption. Only the BOVPN Gateway settings can specify phase one settings. BOVPN Tunnel settings specify phase 2 settings.

質問 # 44
Match the monitoring tool to the correct task.
Which tool can ping the source of a denied packet? (Select one)

• A. Firebox System Manager - Authentication list
• B. FireBox System Manager - Blocked Sites list
• C. Log Server
• D. Traffic Monitor
• E. Firebox System Manager - Subscription services
• F. FireWatch

正解：D

解説：
Explanation/Reference:
For a quick look at the log messages generated by the Firebox, use Traffic Monitor. With Traffic Monitor, you can apply color to different types of messages, and ping or traceroute to the IP addresses of computers included in the log messages.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181

質問 # 45
What is the best method to downgrade the version of Fireware OS on your Firebox without losing all device configuration settings? (Select one.)

• A. Use the downgrade feature on Policy Manager to select a previous of Fireware OS.
• B. Restore a saved backup image that was created for the device before the last Fireware OS upgrade.
• C. Use the Upgrade OS feature in Fireware Web UI to install the sysa_dl file for an order version of Fireware OS.
• D. Change the OS compatibility setting in Policy Manager to downgrade the device. Then use Policy Manager to save the configuration to the device.

正解：B

質問 # 46
Match the monitoring tool to the correct task.
Which tool can view a list of users connected to the Firebox? (Select one)

• A. Firebox System Manager - Authentication list
• B. FireBox System Manager - Blocked Sites list
• C. Traffic Monitor
• D. Log Server
• E. Firebox System Manager - Subscription services
• F. FireWatch

正解：A

解説：
Explanation/Reference:
You can view a list of users connected to the Firebox through HostWatch, and you can also use Authentication List, which identifies the IP addresses and user names of all the users that are authenticated to the Firebox.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181

質問 # 47
If you disable the Outgoing policy, which policies must you add to allow trusted users to connect to commonly used websites? (Select three.)

• A. DNS port 53
• B. HTTPS port 443
• C. NAT policy
• D. FTP port 21
• E. HTTP port 80

正解：A、B、E

解説：
Explanation/Reference:
TCP-UDP packet filter
If you decide to remove the Outgoing policy, you must add a policy for any type of traffic you want to allow through the Firebox. If you remove the Outgoing policy and then decide you want to allow all TCP and UDP connections through the Firebox again, you must add the TCP-UDP packet filter to provide the same function. This is because the Outgoing policy does not appear in the list of standard policies available from Policy Manager.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 97

質問 # 48
From the SMTP proxy action settings in this image, which of these options is configured for outgoing SMTP traffic? (Select one.)

• A. Deny outgoing mail from the example.com domain.
• B. Rewrite the Mail From header for the example.com domain.
• C. Prevent mail relay for the example.com domain.
• D. Deny incoming mail from the example.com domain.

正解：A

解説：

質問 # 49
HOTSPOT
Match each WatchGuard Subscription Service with its function:

正解：

解説：

Explanation:
WebBlocker
Spam Blocker Gateway / Antivirus APT Blocker Application Control Quarantee Server Intrusion Prevention Server IPS Data Loss Prvention DLP Reputation Enable Defense RED

質問 # 50
Which WatchGuard Subscription Service must be enabled in a proxy policy before you can use APT Blocker? (Select one.)

• A. Application Control
• B. IPS
• C. WebBlocker
• D. RED
• E. Gateway Antivirus

正解：E

質問 # 51
You can configure the SMTP-proxy policy to restrict email messages and email content based on
which of these message characteristics? (Select four.)

• A. Check URLs in message with WebBlocker
• B. Sender Mail From address
• C. Maximum email recipients
• D. Attachment file name and content type
• E. Email message size

正解：A、B、C、E

質問 # 52
If you use an external authentication server for mobile VPN, which option must you complete before remote users can authenticate? (Select one.)

• A. Create aliases for each remote user's virtual IP address.
• B. Reboot the authentication server.
• C. Add the remote users to a Mobile VPN user group on your Firebox.
• D. Add the Mobile VPN user group and remote users to your authentication server.

正解：A

質問 # 53
Match each type of NAT with the correct description:
Conserves IP addresses and hides the internal topology of your network. (Choose one)

• A. NAT Loopback
• B. 1-to1 NAT
• C. Dynamic NAT

正解：C

解説：
Explanation/Reference:
Dynamic NAT is also known as IP masquerading. With dynamic NAT many computers can connect to the Internet from one public IP address. Dynamic NAT gives more security for internal hosts that use the Internet, because it hides the IP addresses of hosts on your network.
Reference: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/nat/ nat_dynamic_use_c.html%3FTocPath%3DNetwork%2520Address%2520Translation%2520(NAT)%
7CAbout%2520Dynamic%2520NAT%7C_____0

質問 # 54
With the policies configured as shown in this image, HTTP traffic can be sent and received through branch office VPN tunnel.1 and tunnel.2.

• A. False
• B. True

正解：A

質問 # 55
Only 50 clients on the trusted network of your Firebox can connect to the Internet at the same time. What could cause this? (Select one.)

• A. The Outgoing policy allows a maximum of 50 client connections.
• B. The DHCP address pool on the trusted interface has only 50 IP addresses.
• C. The device feature key allows a maximum of 50 client connections.
• D. TheLiveSecurity feature key is expired.

正解：B

質問 # 56
Match each type of NAT with the correct description:
Conserves IP addresses and hides the internal topology of your network. (Choose one)

• A. NAT Loopback
• B. 1-to1 NAT
• C. Dynamic NAT

正解：A

解説：
Dynamic NAT is also known as IP masquerading.With dynamic NAT many computers can connect to the Internet from one public IP address. Dynamic NAT gives more security for internal hosts that use the Internet, because it hides the IP addresses of hosts on your network.
Reference:http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/nat/nat_dynamic_use_c.html%3FTocPath%3DNetwork%2520Address%2520Translation%252 0(NAT)%7CAbout%2520Dynamic%2520NAT%7C_____0

質問 # 57
You can configure your Firebox to automatically redirect users to the Authentication Portal page.

• A. True
• B. False

正解：A

質問 # 58
How is a proxy policy different from a packet filter policy? (Select two.)

• A. Only a proxy policy can prevent specific threats without blocking the entire connection.
• B. Only a proxy works at the application, network, and transport layers to examine all connection data.
• C. Only a proxy policy examines information in the IP header.
• D. Only a proxy policy uses the IP source, destination, and port to control network traffic.

正解：A、B

解説：
Explanation/Reference:
C: Proxies can prevent potential threats from reaching your network without blocking the entire connection.
D: A proxy operates at the application layer, as well as the network and transport layers of a TCP/IP packet, while a packet filter operates only at the network and transport protocol layers.
Incorrect:
Not A: A packet filter examines each packet's IP header to control the network traffic into and out of your network.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 95

質問 # 59
Which of these actions adds a host to the temporary or permanent blocked sites list? (Select three.)

• A. Enable the AUTO-block sites that attempt to connect option in a deny policy.
• B. In Policy Manager, select Setup> Default Threat Protection > Blocked Sites and click Add.
• C. Add the site to the Blocked Sites Exceptions list.
• D. On the Firebox System Manager >Blocked Sites tab, select Add.

正解：A、B、D

解説：
Explanation/Reference:
A: You can configure a deny policy to automatically block sites that originate traffic that does not comply with the policy rulese
1. From Policy Manager, double-click the PCAnywhere policy.
2. Click the Properties tab. Select the Auto-block sites that attempt to connect checkbox.
Reference: https://www.watchguard.com/training/fireware/80/defense8.htm C: The blocked sites list shows all the sites currently blocked as a result of the rules defined in Policy Manager.
From this tab, you can add sites to the temporary blocked sites list, or remove temporary blocked sites.
Reference: http://www.watchguard.com/training/fireware/82/monitoa6.htm
D: You can use Policy Manager to permanently add sites to the Blocked Sites list.
1. select Setup > Default Threat Protection > Blocked Sites.
2. Click Add.
The Add Site dialog box appears.
Reference: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-US/ intrusionprevention/blocked_sites_permanent_c.html

質問 # 60
Match each WatchGuard Subscription Service with its function.
Uses full-system emulation analysis to identify characteristics and behavior of zero-day malware. (Choose one).

• A. Application Control
• B. WebBlocker
• C. Intrusion Prevention Server IPS
• D. Gateway / Antivirus
• E. Data Loss Prevention DLP
• F. Reputation Enable Defense RED
• G. Quarantine Server
• H. Spam Blocker
• I. APT Blocker

正解：I

解説：
Explanation/Reference:
APT Blocker is intended to stop malware and zero-day threats that are trying to invade an organization's network.
APT Blocker uses a next-gen sandbox to get detailed views into the execution of a malware program. After first running through other security services, files are fingerprinted and checked against an existing database - first on the appliance and then in the cloud. If the file has never been seen before, it is analyzed using the system emulator, which monitors the execution of all instructions. It can spot the evasion techniques that other sandboxes miss.
Reference: http://www.watchguard.com/wgrd-products/security-modules/apt-blocker

質問 # 61
You can use Firebox-DB authentication with any type of Mobile VPN.

• A. True
• B. False

正解：A

質問 # 62
When your users connect to the Authentication Portal page to authenticate, they see a security warning message in their browses, which they must accept before they can authenticate. How can you make sure they do not see this security warning message in their browsers? (Select one.)

• A. Replace the Firebox certificate with the trusted certificate from your web server.
• B. Import a custom self-signed certificate or a third-party certificate to your Firebox and import the same certificate to all client computers or web browsers.
• C. Instruct them to disable security warning message in their preferred browsers.
• D. Add the user accounts for your users who use the Authentication Portal to a list of trusted users on your Firebox.

正解：D

質問 # 63
From the Firebox System Manager >Authentication List tab, you can view all of the authenticated users connected to your Firebox and disconnect any of them.

• A. False
• B. True

正解：A

質問 # 64
In a Mobile VPN configuration, why would you choose default route VPN over split tunnel VPN? (Select one.)

• A. Default route VPN allows your Firebox to examine all remote user traffic
• B. Default route VPN uses less bandwidth
• C. Default route VPN uses less processing power
• D. Default route VPN automatically allows dynamic NAT

正解：A

解説：
http://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/mvpn/pptp/mvpn_pptp_internet-access_c.html
The most secure option is to require that all remote user Internet traffic is routed through the VPN tunnel to the XTM device. Then, the traffic is sent back out to the Internet. With this configuration (known as default-route VPN), the XTM device is able to examine all traffic and provide increased security, although it uses more processing power and bandwidth.

質問 # 65
Match each WatchGuard Subscription Service with its function.
Uses rules, pattern matching, and sender reputation to block unwanted email messages. (Choose one).

• A. Spam Blocker
• B. Intrusion Prevention Server IPS
• C. Gateway / Antivirus
• D. Reputation Enable Defense RED
• E. APT Blocker

正解：A

解説：
Explanation/Reference:
SpamBlocker provides a spam scanning engine that works in concert with WatchGuard's cloud-based technology to prevent spam from gaining access to the email servers (and clients).
Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html

質問 # 66
......

WatchGuard Essentials認定を取得することは、個人がWatchGuardファイアウォール製品を効率的に管理するために必要なスキルと知識を持っていることを示しています。この認定は、個人に求職市場で競争力を与え、ネットワークセキュリティの分野でさまざまなキャリアの機会を開くことができます。また、Fireware CoreおよびFireware Advancedのようなより高度なWatchGuard認定の足がかりとしても役立ちます。

WatchGuard Essentials（FireWare Essentials）認定試験は、WatchGuardファイアウォールシステムの個人の知識と理解を評価するように設計されています。この認定試験は、ITの専門家、ネットワークセキュリティ管理者、およびWatchGuardファイアウォールシステムの知識を強化することに関心のある人にとって貴重な資産です。試験はオンラインで入手でき、世界中のどこからでも撮影できます。

 

無料提供中のEssentials試験問題集で（2023年最新のPDF問題集）信頼度の高いEssentialsテストエンジン：https://www.passtest.jp/WatchGuard/Essentials-shiken.html

EssentialsのPDFで最近更新された問題です集試験点数を伸ばそう：https://drive.google.com/open?id=1EEHUN1sZYteZkAPvf6x3L9z7SDJGTlyK