• ホーム
  • ブログ
  • [Q18-Q39] WatchGuard Essentials認証された練習解答、必ずあなたを試験合格させる![2023]

[Q18-Q39] WatchGuard Essentials認証された練習解答、必ずあなたを試験合格させる![2023]

Share

WatchGuard Essentials認証された練習解答、必ずあなたを試験合格させる![2023]

有効な合格方法Fireware EssentialsのEssentials試験問題集

質問 # 18
To use the Web Setup Wizard or Quick Setup Wizard to configure your Firebox or XTM device, your computer must have an IP address on which subnet? (Select one.)

  • A. 10.0.10.0/24
  • B. 172.16.10.0/24
  • C. 192.168.1.0/24
  • D. 10.0.1.0/24

正解:D


質問 # 19
Match each WatchGuard Subscription Service with its function.
Uses signatures to provide real-time protection against network attacks. (Choose one).

  • A. Reputation Enable Defense RED
  • B. Intrusion Prevention Server IPS
  • C. APT Blocker
  • D. Application Control
  • E. Data Loss Prevention DLP

正解:B

解説:
Explanation/Reference:
Intrusion Prevention Service (IPS) -- As with the other IPS offers, the IPS module is intended to detect and in real time mitigate intrusions coming into a network. This includes a large signature data base that monitors for spyware, SQL injections, cross-site scripting (XSS), and buffer overflows.
Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html


質問 # 20
Which tool can add an IP address for the Firebox to permanently block? (Select one)

  • A. Log Server
  • B. Firebox System Manager - Subscription services
  • C. FireWatch
  • D. Firebox System Manager - Authentication list
  • E. FireBox System Manager - Blocked Sites list
  • F. Traffic Monitor

正解:E

解説:
Explanation/Reference:
Block a site permanently
The Successful Company network administrator has been driven to distraction recently by a script kiddy using addresses in the 192.136.15.0/24 network to run probes of the Successful network. In this exercise, we permanently block all connections from that network.
1. From Policy Manager, select Setup > Default Threat Protection > Blocked Sites.
The Blocked Sites Configuration dialog box opens.
2. On the Blocked Sites tab, click Add.
3. The Add Site dialog box opens. 3. Use the Choose Type drop-down list to select Network IP. In the Value text box, type 192.136.15.0/ 24.
4. Click OK.
The entry appears in the Blocked Sites list. With this configuration, the Firebox blocks all packets to and from the 192.136.15.0/24 network range.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181


質問 # 21
When your users connect to the Authentication Portal page to authenticate, they see a security warning message in their browses, which they must accept before they can authenticate. How can you make sure they do not see this security warning message in their browsers? (Select one.)

  • A. Add the user accounts for your users who use the Authentication Portal to a list of trusted users on your Firebox.
  • B. Replace the Firebox certificate with the trusted certificate from your web server.
  • C. Instruct them to disable security warning message in their preferred browsers.
  • D. Import a custom self-signed certificate or a third-party certificate to your Firebox and import the same certificate to all client computers or web browsers.

正解:A


質問 # 22
Which of these options must you configure in an HTTPS-proxy policy to detect credit card numbers in HTTP traffic that is encrypted with SSL? (Select two.)

  • A. WebBlocker
  • B. Deep inspection of HTTPS content
  • C. Application Control
  • D. Data Loss Prevention
  • E. Gateway AntiVirus

正解:B


質問 # 23
Which takes precedence: WebBlocker category match or a WebBlocker exception?

  • A. WebBlocker category match
  • B. WebBlocker exception

正解:B


質問 # 24
Users on the trusted network cannot browse Internet websites.

Based on the configuration shown in this image, what could be the problem with this policy configuration? (Select one.)

  • A. The HTTP-proxy policy has higher precedence than the HTTPS-proxy policy.
  • B. The HTTP-proxy policy is configured for the wrong port.
  • C. The HTTP-proxy allows Any-Trusted and Any-Optional to Any-External.
  • D. The default Outgoing policy has been removed and there is no policy to allow DNS traffic.

正解:B


質問 # 25
Match each type of NAT with the correct description:
Conserves IP addresses and hides the internal topology of your network. (Choose one)

  • A. Dynamic NAT
  • B. NAT Loopback
  • C. 1-to1 NAT

正解:A


質問 # 26
How can you prevent connections to the Fireware Web UI from computers on optional interface Eth2?
(Select one.)

  • A. Remove Any-Optional from the From list of the WatchGuard policy.
  • B. Remove Any-Optional from the To list of the WatchGuard Web UI policy.
  • C. Remove Eth2 from the Any-Optional alias.
  • D. Remove Any-Optional from the From list of the WatchGuard Web UI policy
  • E. Remove Any-Optional from the To list of the WatchGuard policy

正解:D


質問 # 27
If you disable the Outgoing policy, which policies must you add to allow trusted users to connect to commonly used websites? (Select three.)

  • A. FTP port 21
  • B. DNS port 53
  • C. HTTPS port 443
  • D. HTTP port 80
  • E. NAT policy

正解:B、C、D

解説:
Explanation/Reference:
TCP-UDP packet filter
If you decide to remove the Outgoing policy, you must add a policy for any type of traffic you want to allow through the Firebox. If you remove the Outgoing policy and then decide you want to allow all TCP and UDP connections through the Firebox again, you must add the TCP-UDP packet filter to provide the same function. This is because the Outgoing policy does not appear in the list of standard policies available from Policy Manager.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 97


質問 # 28
Match the monitoring tool to the correct task.
Which is not a Fireware monitoring tool? (Select one)

  • A. Log Server
  • B. Firebox System Manager - Subscription services
  • C. FireWatch
  • D. Firebox System Manager - Authentication list
  • E. Traffic Monitor
  • F. FireBox System Manager - Blocked Sites list

正解:A

解説:
Explanation/Reference:
The Fireware monitor and configuration tools are: Edge Web Manager, Firebox System Manager, HostWatch, and Ping.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181


質問 # 29
From the Firebox System Manager >Authentication List tab, you can view all of the authenticated users connected to your Firebox and disconnect any of them.

  • A. True
  • B. False

正解:A

解説:
http://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/fsm/authentic_users_wsm.html


質問 # 30
You have a privately addressed email server behind your Firebox. If you want to make sure that all traffic from this server to the Internet appears to come from the public IP address 203.0.113.25, regardless of policies, which from of NAT would you use? (Select one.)

  • A. Create a static NAT action for traffic to the email server, and set the source IP address to 203.0.113.25.
  • B. Create a global dynamic NAT rule for traffic from the email server and set the source IP address to
    203.0.113.25.
  • C. In the SMTP policy that handles traffic from the email server, select the option to apply dynamic NAT to all traffic in the policy and set the source IP address 203.0.113.25.

正解:B


質問 # 31
Which WatchGuard Subscription Service must be enabled in a proxy policy before you can use APT Blocker? (Select one.)

  • A. RED
  • B. WebBlocker
  • C. IPS
  • D. Gateway Antivirus
  • E. Application Control

正解:D


質問 # 32
If you use an external authentication server for mobile VPN, which option must you complete before remote users can authenticate? (Select one.)

  • A. Create aliases for each remote user's virtual IP address.
  • B. Add the Mobile VPN user group and remote users to your authentication server.
  • C. Add the remote users to a Mobile VPN user group on your Firebox.
  • D. Reboot the authentication server.

正解:B

解説:
Explanation


質問 # 33
The policies in a default Firebox configuration do not allow outgoing traffic from optional interfaces.

  • A. True
  • B. False

正解:B


質問 # 34
Match each type of NAT with the correct description:
Changes and routes all incoming and outgoing packets sent from one range of addresses to a different range of addresses. (Choose one)

  • A. Dynamic NAT
  • B. NAT Loopback
  • C. 1-to1 NAT

正解:C

解説:
When you enable 1-to-1 NAT, the Firebox changes and routes all incoming and outgoing packets sent from one range of addresses to a different range of addresses.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, page 74


質問 # 35
When your device is in a default state, to which interface do you connect your management computer so you can use the Quick Setup Wizard or Web Setup Wizard to configure the device? (Select one.)

  • A. Console interface
  • B. Any interface
  • C. Interface 1
  • D. Interface 0

正解:C

解説:
Explanation/Reference:
To start the Web Setup Wizard, connect your computer to interface number 1 of your XTM device with an Ethernet cable. This is the trusted interface.
Reference: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/installation/ qsw_web_about_c.html


質問 # 36
If you use an external authentication server for mobile VPN, which option must you complete before remote users can authenticate? (Select one.)

  • A. Create aliases for each remote user's virtual IP address.
  • B. Add the Mobile VPN user group and remote users to your authentication server.
  • C. Add the remote users to a Mobile VPN user group on your Firebox.
  • D. Reboot the authentication server.

正解:B


質問 # 37
In the network configuration in this image, which aliases is Eth2 a member of? (Select three.)

  • A. Optional-1
  • B. Any
  • C. Any-optional
  • D. Any-External
  • E. Any-Trusted

正解:A、B、C


質問 # 38
Users on the trusted network cannot browse Internet websites. Based on the configuration shown in this image, what could be the problem with this policy configuration? (Select one.)

  • A. The HTTP-proxy policy has higher precedence than the HTTPS-proxy policy.
  • B. The HTTP-proxy allows Any-Trusted and Any-Optional to Any-External.
  • C. The HTTP-proxy policy is configured for the wrong port.
  • D. The default Outgoing policy has been removed and there is no policy to allow DNS traffic.

正解:D


質問 # 39
......


WatchGuard Essentials(Fireware Essentials)試験は、WatchGuardのFireboxセキュリティアプライアンスを構成、管理、トラブルシューティングするために必要な知識とスキルを提供するために設計された認定プログラムです。この認定は、WatchGuardのFireboxセキュリティソリューションの実装とメンテナンスを担当するITプロフェッショナル、ネットワーク管理者、およびセキュリティアナリストに最適です。


認定試験は、Fireware Essentialsトレーニングコースを修了したITプロフェッショナルに利用可能です。トレーニングコースは、WatchGuard Fireboxセキュリティソリューションの包括的な概要を提供し、認定試験でテストされるすべての重要なトピックをカバーしています。コースはオンラインで利用でき、候補者のペースで修了することができます。

 

WatchGuard Essentials事前試験練習テストはPassTest:https://www.passtest.jp/WatchGuard/Essentials-shiken.html

Essentials練習テスト問題、解答、解釈:https://drive.google.com/open?id=1EEHUN1sZYteZkAPvf6x3L9z7SDJGTlyK

関するブログ

もっと
Essentials 無料問題集