WatchGuard Network Security Essentials
Practice Quiz Exam Questions Marking
Scheme New Update (A+ Pass)
What is the URL of the Firebox Authentication web page? (Select one.)
A. https://auth.watchguard.com:4100/
B. https://<trusted or optional device interface IP address>:4100/
C. http://ip address of device interface:411/
D. https://gateway IP address of Firebox:4000/ - Answers -What is the URL of the
Firebox Authentication web page?
B. https://<trusted or optional device interface IP address>:4100/
What are the four types of network interfaces you can configure on your firewall?
A. External, Trusted, Optional, Custom
B. External, Optional, Trusted, Optional
C. Trusted, Primary, Optional, DHCP
D. Optional, Trusted, Custom, Internet - Answers -What are the four types of network
interfaces you can configure on your firewall?
B. External, Trusted, Optional, Custom
True or False: In order to enable NAT Loopback on your firewall, you have to configure
this under the Dynamic NAT settings.
False
True - Answers -False. NAT Loopback does not require anything to be enabled. You
simple have to write a policy to allow it.
Choose the actions that SpamBlocker can take when configuring SpamBlocker with an
SMTP proxy. (Select five.)
1. Deny Stops the message without a reply
2. Quarantine option: Isolates the message on a Quarantine Server
3. Allow Option: allow messages to reach the Firebox without tags
4. Ignore Sends the message to SpamBlocker for processing
5. Drop Option: It drops the connection immediately and does not send error messages
to the sender.
6. Tag Add a "spam" tag to the email title and allow messages to reach the recipient -
Answers -1. Deny Stops the message without a reply
2. Quarantine option: Isolates the message on a Quarantine Server
3. Allow Option: allow messages to reach the Firebox without tags
,5. Drop Option: It drops the connection immediately and does not send error messages
to the sender.
6. Tag Add a "spam" tag to the email title and allow messages to reach the recipient
True False? The Firebox can only send log messages to one WatchGuard Log Server
at a time.
True
False - Answers -False
True or false? If you want to report on the use of applications that are not blocked, you
must enable logging of allowed packages in each policy that has Application Control
enabled.
True
False - Answers -True
What is the default port of the Web UI? (Select one.)
8100
8080
8000
8088 - Answers -8080
True or False: When setting up a static route, a lower metric means a lower
precedence.
True
False - Answers -False. A lower metric indicates a higher precedence in the routing
table.
True or false? Dynamic NAT rewrites the IP source addresses of the packets to use the
IP addresses of the outgoing interface.
True
False - Answers -True
True or False: Policy precedence is most often determined by the alphabetical order of
policy names.
False
True - Answers -False. Policy precedence is determined by how specific the policy is in
regards to what traffic is allowed.
When setting up an IPSec Mobile VPN, what must you make sure to configure?(2)
IPSec Tunnel
Allowed Resources
IPSec Gateway
Virtual IP Address Pool - Answers -IPSec Tunnel
Virtual IP Address Pool
When setting up a Firecluster, what requirements must you follow? Select all that apply.
, Each device must have a special FireCluster subscription.
Each device must be running the same firmware.
Each device must be the same model.
Each device must be activated on the WatchGuard website. - Answers -Each device
must be running the same firmware.
Each device must be the same model.
Each device must be activated on the WatchGuard website.
Which Multi-WAN method allows you to set weights on the interfaces?
Round-Robin
Interface Overflow
Failover
Routing Table - Answers -Round-Robin
Which of these log message settings are available in the policy manager? (Select two)
Reports by schedules
Configure an encryption key for the logs
Configure the mail server and email addresses for email notifications
Configure e-mail notification for denied SMTP packets
Select a backup log server for log messages
Configure the maximum size of the log database file - Answers -Configure e-mail
notification for denied SMTP packets
Select a backup log server for log messages
What is the purpose of the cluster interface?
To allow remote access to the Firecluster.
To allow the cluster members to communicate with each other.
To log Firecluster events.
To manage the Firecluster. - Answers -To allow the cluster members to communicate
with each other.
True or False: There are three modes you can operate your firewall under: Mixed
Routing, Bridged and Drop-In. Bridged mode is the default selection.
False
True - Answers -False. Mixed Routing mode is the default mode.
True or false? You can save a PCAP file and open it later in Traffic Monitor.
True
False - Answers -False
When you enable Mobile VPN with IPSec for the VPNusers group, what policies are
automatically created? (Select one.)
A single Mobile VPN policy with IPSec: VPN-users-Any.
Two firewall policies: Allow-IPSec-Users and WatchGuard IPSec.
A single firewall policy: Allow-VPNusers.in
Two firewall policies: Allow-VPN-users and WatchGuard IPSec.
Practice Quiz Exam Questions Marking
Scheme New Update (A+ Pass)
What is the URL of the Firebox Authentication web page? (Select one.)
A. https://auth.watchguard.com:4100/
B. https://<trusted or optional device interface IP address>:4100/
C. http://ip address of device interface:411/
D. https://gateway IP address of Firebox:4000/ - Answers -What is the URL of the
Firebox Authentication web page?
B. https://<trusted or optional device interface IP address>:4100/
What are the four types of network interfaces you can configure on your firewall?
A. External, Trusted, Optional, Custom
B. External, Optional, Trusted, Optional
C. Trusted, Primary, Optional, DHCP
D. Optional, Trusted, Custom, Internet - Answers -What are the four types of network
interfaces you can configure on your firewall?
B. External, Trusted, Optional, Custom
True or False: In order to enable NAT Loopback on your firewall, you have to configure
this under the Dynamic NAT settings.
False
True - Answers -False. NAT Loopback does not require anything to be enabled. You
simple have to write a policy to allow it.
Choose the actions that SpamBlocker can take when configuring SpamBlocker with an
SMTP proxy. (Select five.)
1. Deny Stops the message without a reply
2. Quarantine option: Isolates the message on a Quarantine Server
3. Allow Option: allow messages to reach the Firebox without tags
4. Ignore Sends the message to SpamBlocker for processing
5. Drop Option: It drops the connection immediately and does not send error messages
to the sender.
6. Tag Add a "spam" tag to the email title and allow messages to reach the recipient -
Answers -1. Deny Stops the message without a reply
2. Quarantine option: Isolates the message on a Quarantine Server
3. Allow Option: allow messages to reach the Firebox without tags
,5. Drop Option: It drops the connection immediately and does not send error messages
to the sender.
6. Tag Add a "spam" tag to the email title and allow messages to reach the recipient
True False? The Firebox can only send log messages to one WatchGuard Log Server
at a time.
True
False - Answers -False
True or false? If you want to report on the use of applications that are not blocked, you
must enable logging of allowed packages in each policy that has Application Control
enabled.
True
False - Answers -True
What is the default port of the Web UI? (Select one.)
8100
8080
8000
8088 - Answers -8080
True or False: When setting up a static route, a lower metric means a lower
precedence.
True
False - Answers -False. A lower metric indicates a higher precedence in the routing
table.
True or false? Dynamic NAT rewrites the IP source addresses of the packets to use the
IP addresses of the outgoing interface.
True
False - Answers -True
True or False: Policy precedence is most often determined by the alphabetical order of
policy names.
False
True - Answers -False. Policy precedence is determined by how specific the policy is in
regards to what traffic is allowed.
When setting up an IPSec Mobile VPN, what must you make sure to configure?(2)
IPSec Tunnel
Allowed Resources
IPSec Gateway
Virtual IP Address Pool - Answers -IPSec Tunnel
Virtual IP Address Pool
When setting up a Firecluster, what requirements must you follow? Select all that apply.
, Each device must have a special FireCluster subscription.
Each device must be running the same firmware.
Each device must be the same model.
Each device must be activated on the WatchGuard website. - Answers -Each device
must be running the same firmware.
Each device must be the same model.
Each device must be activated on the WatchGuard website.
Which Multi-WAN method allows you to set weights on the interfaces?
Round-Robin
Interface Overflow
Failover
Routing Table - Answers -Round-Robin
Which of these log message settings are available in the policy manager? (Select two)
Reports by schedules
Configure an encryption key for the logs
Configure the mail server and email addresses for email notifications
Configure e-mail notification for denied SMTP packets
Select a backup log server for log messages
Configure the maximum size of the log database file - Answers -Configure e-mail
notification for denied SMTP packets
Select a backup log server for log messages
What is the purpose of the cluster interface?
To allow remote access to the Firecluster.
To allow the cluster members to communicate with each other.
To log Firecluster events.
To manage the Firecluster. - Answers -To allow the cluster members to communicate
with each other.
True or False: There are three modes you can operate your firewall under: Mixed
Routing, Bridged and Drop-In. Bridged mode is the default selection.
False
True - Answers -False. Mixed Routing mode is the default mode.
True or false? You can save a PCAP file and open it later in Traffic Monitor.
True
False - Answers -False
When you enable Mobile VPN with IPSec for the VPNusers group, what policies are
automatically created? (Select one.)
A single Mobile VPN policy with IPSec: VPN-users-Any.
Two firewall policies: Allow-IPSec-Users and WatchGuard IPSec.
A single firewall policy: Allow-VPNusers.in
Two firewall policies: Allow-VPN-users and WatchGuard IPSec.
