• ホーム
  • ブログ
  • WatchGuardは2023年最新のEssentialsサンプル問題は信頼され続けるEssentialsテストエンジン [Q34-Q53]

WatchGuardは2023年最新のEssentialsサンプル問題は信頼され続けるEssentialsテストエンジン [Q34-Q53]

Share

WatchGuardは2023年最新のEssentialsサンプル問題は信頼され続けるEssentialsテストエンジン

無料お試しWatchGuard Essentials問題集PDFは必ずベストの問題集オプションを使おう

質問 # 34
The IP address for the trusted interface on your Firebox is 10.0.40.1/24, but you want to change the IP address for this interface. How can you avoid a network outage for clients on the trusted network when you change the interface IP address to 10.0.50.1/24? (Select one.)

  • A. Add 10.0.40.1/24 as a secondary IP address for the interface.
  • B. Add IP addresses on the 10.0.40.0/24 subnet to the DHCP Server IP address pool for this interface.
  • C. Add a route to 10.0.40.0/24 with the gateway 10.0.50.1.
  • D. Create a 1-to-1 NAT rule for traffic from the 10.0.40.0/24 subnet to addresses on the 10.0.50.0/24 subnet.

正解:A


質問 # 35
Which tool can add an IP address for the Firebox to permanently block? (Select one)

  • A. FireWatch
  • B. Traffic Monitor
  • C. FireBox System Manager - Blocked Sites list
  • D. Log Server
  • E. Firebox System Manager - Authentication list
  • F. Firebox System Manager - Subscription services

正解:C

解説:
Explanation/Reference:
Block a site permanently
The Successful Company network administrator has been driven to distraction recently by a script kiddy using addresses in the 192.136.15.0/24 network to run probes of the Successful network. In this exercise, we permanently block all connections from that network.
1. From Policy Manager, select Setup > Default Threat Protection > Blocked Sites.
The Blocked Sites Configuration dialog box opens.
2. On the Blocked Sites tab, click Add.
3. The Add Site dialog box opens. 3. Use the Choose Type drop-down list to select Network IP. In the Value text box, type 192.136.15.0/ 24.
4. Click OK.
The entry appears in the Blocked Sites list. With this configuration, the Firebox blocks all packets to and from the 192.136.15.0/24 network range.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181


質問 # 36
Which WatchGuard Subscription Service must be enabled in a proxy policy before you can use APT Blocker? (Select one.)

  • A. Application Control
  • B. IPS
  • C. WebBlocker
  • D. RED
  • E. Gateway Antivirus

正解:E


質問 # 37
You can use Firebox-DB authentication with any type of Mobile VPN.

  • A. True
  • B. False

正解:A

解説:
http://www.watchguard.com/help/docs/fireware/11/en-US/Content/en-US/mvpn/general/mobile_vpn_types_c.html


質問 # 38
Which diagnostic tasks can you run from the Traffic Monitor tab of Firebox System Manager? (Select four.)

  • A. Traceroute
  • B. Ping
  • C. MAC address lookup
  • D. DNSlookup
  • E. TCP dump
  • F. Reputation lookup

正解:A、B、D、E

解説:
From Firebox System Manager, you can run diagnostic tasks to review information in all the log messages from your Firebox or XTM device. This can help you debug problems on your network.
1.On the Traffic Monitor tab, right-click a message and select Diagnostic Tasks. Or, select Tools > Diagnostic Tasks.
2.From the Task drop-down list, select the task to run. Ping IPv4 Ping IPv6 traceroute DNS Lookup TCP Dump
Reference:http://watchguard.com/help/docs/wsm/xtm_11/en-us/content/enus/fsm/log_message_learn_more_wsm.html


質問 # 39
From the Fireware Web UI, you can generate a report that shows your device configuration settings.

  • A. True
  • B. False

正解:A


質問 # 40
With the policies configured as shown in this image, HTTP traffic can be sent and received through branch office VPN tunnel.1 and tunnel.2.

  • A. True
  • B. False

正解:B


質問 # 41
Match each WatchGuard Subscription Service with its function.
A repository where email messages can be sent based on analysis by spamBlocker, Gateway AntiVirus, or Data Loss Prevention. (Choose one).

  • A. Gateway / Antivirus
  • B. Intrusion Prevention Server IPS
  • C. Spam Blocker
  • D. Quarantine Server
  • E. Data Loss Prevention DLP

正解:D

解説:
Explanation/Reference:
The WatchGuard Quarantine Server provides a safe mechanism to quarantine any email messages that are suspected or known to be spam, or to contain viruses or sensitive data. The Quarantine Server is a repository for email messages that the SMTP proxy sends to quarantine based on analysis by spamBlocker, Gateway AntiVirus, or Data Loss Prevention.
Reference: https://www.watchguard.com/help/docs/webui/xtm_11/en-US/index.html#cshid=en-US/ quarantineserver/quar_server_about_c.html


質問 # 42
If you use an external authentication server for mobile VPN, which option must you complete before remote users can authenticate? (Select one.)

  • A. Add the remote users to a Mobile VPN user group on your Firebox.
  • B. Create aliases for each remote user's virtual IP address.
  • C. Reboot the authentication server.
  • D. Add the Mobile VPN user group and remote users to your authentication server.

正解:D

解説:
Explanation


質問 # 43
While troubleshooting a branch office VPN tunnel, you see this log message:
2 014-07-23 12:29:15 iked (203.0.113.10<->203.0.113.20) Peer proposes phase one encryption 3DES, expecting AES
What settings could you modify in the local device configuration to resolve this issue? (Select one.)

  • A. BOVPN Tunnel settings
  • B. BOVPN Gateway settings
  • C. BOVPN Tunnel Route settings
  • D. BOVPN-Allow policies

正解:B

解説:
Explanation/Reference:
The WatchGuard BOVPN settings error in this example states phase one encryption. Only the BOVPN Gateway settings can specify phase one settings. BOVPN Tunnel settings specify phase 2 settings.


質問 # 44
Clients on the trusted network need to connect to a server behind a router on the optional network. Based on this image, what static route must be added to the Firebox for traffic from clients on the trusted network to reach a server at 10.0.20.100? (Select one.)

  • A. Route to 10.0.10.0/24, Gateway 10.0.10.1
  • B. Route to 10.0.20.0, Gateway 10.0.2.254
  • C. Route to 10.0.20.0/24, Gateway 10.0.2.1
  • D. Route to 10.0.20.0/24, Gateway 10.0.2.254

正解:D

解説:
Explanation/Reference:
We must add a trusted static route to the 10.0.20.0/24 network through the 10.0.2.254 gateway.


質問 # 45
What settings must you device configuration file include for Gateway AntiVirus to protect users on your network? (Select two.)

  • A. Configure Gateway AntiVirus settings for a proxy action.
  • B. Configure a policy to use a proxy action that has AntiVirus settings configured.
  • C. Decrease the scan limits
  • D. Disable automatic signature updates.
  • E. Install the Gateway AntiVirus server on your network.

正解:A、B


質問 # 46
Which of these threats can the Firebox prevent with the default packet handling settings? (Select four.)

  • A. Malware in downloaded files
  • B. Access to inappropriate websites
  • C. Flood attacks
  • D. IP spoofing
  • E. Port scans
  • F. Denial of service attacks
  • G. Viruses in email messages

正解:C、D、E、F

解説:
Explanation/Reference:
B: The default configuration of the XTM device is to block DDoS attacks.
C: In a flood attack, attackers send a very high volume of traffic to a system so it cannot examine and allow permitted network traffic. For example, an ICMP flood attack occurs when a system receives too many ICMP ping commands and must use all of its resources to send reply commands. The XTM device can protect against these types of flood attacks: IPSec, IKE, ICMP. SYN, and UDP.
E: When the Block Port Space Probes (port scans) and Block Address Space Probes check boxes are selected, all incoming traffic on all interfaces is examined by the XTM device.
CG: Default packet handling can reject a packet that could be a security risk, including packets that could be part of a spoofing attack or SYN flood attack Reference: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/intrusionprevention/ default_pkt_handling_opt_about_c.html%3FTocPath%3DDefault%2520Threat%2520Protection%7CAbout%
2520Default%2520Packet%2520Handling%2520Options%7C_____0


質問 # 47
If you use an external authentication server for mobile VPN, which option must you complete before remote users can authenticate? (Select one.)

  • A. Add the remote users to a Mobile VPN user group on your Firebox.
  • B. Create aliases for each remote user's virtual IP address.
  • C. Reboot the authentication server.
  • D. Add the Mobile VPN user group and remote users to your authentication server.

正解:D

解説:
http://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/mvpn/ipsec/mvpn_ipsec_ext_auth_server_config_wsm.html


質問 # 48
A local branch office VPN tunnel route is configured as shown in this image. On the remote peer device, what must be configured as the remote network address for this tunnel route? (Select one.)

  • A. 10.0.1.0/24
  • B. 10.0.20.0/24
  • C. 10.0.10.0/24

正解:C


質問 # 49
If your Firebox has a single public IP address, and you want to forward inbound traffic to internal hosts based on the destination port, which type of NAT should you use? (Select one.)

  • A. Static NAT
  • B. Dynamic NAT
  • C. 1-to-1 NAT

正解:A

解説:
https://www.watchguard.com/training/fireware/10/fireware10_basics.pdf
See page 76: Static NAT allows inbound connections on specific ports to one or more public servers from a single external IP address. The Firebox changes the destination IP address of the packets and forwards them based on the original destination port number.


質問 # 50
Which policies can use the Intrusion Prevention Service to block network attacks? (Select one?)

  • A. Only HTTP and HTTPS Proxy policies
  • B. All policies
  • C. Only proxy policies
  • D. Only packet filter policies
  • E. Only inbound policies

正解:B


質問 # 51
Match each WatchGuard Subscription Service with its function.
Uses signatures to provide real-time protection against network attacks. (Choose one).

  • A. Application Control
  • B. APT Blocker
  • C. Reputation Enable Defense RED
  • D. Intrusion Prevention Server IPS
  • E. Data Loss Prevention DLP

正解:D

解説:
Explanation/Reference:
Intrusion Prevention Service (IPS) -- As with the other IPS offers, the IPS module is intended to detect and in real time mitigate intrusions coming into a network. This includes a large signature data base that monitors for spyware, SQL injections, cross-site scripting (XSS), and buffer overflows.
Reference: http://www.tomsitpro.com/articles/network-security-solutions-guide, 2-866-6.html


質問 # 52
Which authentication servers can you use with your Firebox? (Select four.)

  • A. Firebox databases
  • B. Kerberos
  • C. Active Directory
  • D. Linux Authentication
  • E. RADIUS
  • F. TACACS+
  • G. LDAP

正解:A、C、E、G


質問 # 53
......


この試験は、基本的なネットワークコンセプト、ファイアウォールの基礎、VPNのセットアップと構成、Webセキュリティ、および電子メールセキュリティを含む広範囲のトピックをカバーしています。試験は2つの部分に分かれており、第1部は多肢選択問題、第2部は実践的なラボ演習から構成されています。実践的なラボ演習は、候補者がWatchGuardのFireboxセキュリティアプライアンスを構成およびトラブルシューティングする能力をテストするために設計されています。

 

有効な問題最新版を試そうEssentialsテスト解釈Essentials有効な試験ガイド:https://www.passtest.jp/WatchGuard/Essentials-shiken.html

Essentials試験資料WatchGuard学習ガイド:https://drive.google.com/open?id=1DUQLMoa_TPFTOCDRb2upYNSlIbG62hiy

関するブログ

もっと
Essentials 無料問題集