WATCH GUARD NETWORK SECURITY ESSENTIALS
QUESTIONS AND ANSWERS LATEST UPDATE
(ALREADY GRADED A+)
WATCH GUARD NETWORK SECURITY ESSENTIALS QUESTIONS What is the best method to downgrade
the version of Fireware OS on your Firebox without losing all device configuration settings? (Select one.)
A. Restore a saved backup image that was created for the device before the last Fireware OS upgrade.
B. Use the Upgrade OS feature in Fireware Web UI to install the sysa_dl file for an order version of
Fireware OS.
C. Change the OS compatibility setting in Policy Manager to downgrade the device. Then use Policy
Manager to save the configuration to the device.
D. Use the downgrade feature on Policy Manager to select a previous of Fireware OS.
Answer : BC
You configured four Device Administrator user accounts for your Firebox. To see a report of witch Device
Management users have made changes to the device configuration, what must you do? (Select two.)
A. Start Firebox System Manager for the device and review the activity for the Management Users on
the Authentication List tab.
B. Connect to Report Manager or Dimension and view the Audit Trail report for your device.
C. Open WatchGuard Server Center and review the configuration history for managed devices.
D. Configure your device to send audit trail log messages to your WatchGuard Log Server or Dimension
Log Server
Answer : BCEF
Which items are included in a Firebox backup image? (Select four.)
A. Support snapshot
B. Fireware OS
C. Configuration file
D. Log file
E. Feature keys
F. Certificates
Answer : C
Only 50 clients on the trusted network of your Firebox can connect to the Internet at the same time.
What could cause this? (Select one.)
A. The Live Security feature key is expired.
B. The device feature key allows a maximum of 50 client connections.
C. The DHCP address pool on the trusted interface has only 50 IP addresses.
D. The Outgoing policy allows a maximum of 50 client connections.
Answer : B
, The IP address for the trusted interface on your Firebox is 10.0.40.1/24, but you want to change the IP
address for this interface. How can you avoid a network outage for clients on the trusted network when
you change the interface IP address to 10.0.50.1/24? (Select one.)
A. Create a 1-to-1 NAT rule for traffic from the 10.0.40.0/24 subnet to addresses on the 10.0.50.0/24
subnet.
B. Add 10.0.40.1/24 as a secondary IP address for the interface.
C. Add IP addresses on the 10.0.40.0/24 subnet to the DHCP Server IP address pool for this interface.
D. Add a route to 10.0.40.0/24 with the gateway 10.0.50.1.
Answer : ACD
In the network configuration in this image, which aliases is Eth2 a member of? (Select three.)
A. Any-optional
B. Any-External
C. Optional-1
D. Any
E. Any-Trusted
Answer : B
Clients on the trusted network need to connect to a server behind a router on the optional network.
Based on this image, what static route must be added to the Firebox for traffic from clients on the
trusted network to reach a server at 10.0.20.100? (Select one.)
A. Route to 10.0.20.0/24, Gateway 10.0.2.1
B. Route to 10.0.20.0/24, Gateway 10.0.2.254
C. Route to 10.0.20.0, Gateway 10.0.2.254
D. Route to 10.0.10.0/24, Gateway 10.0.10.1
Answer : ABD
Which of these options are private IPv4 addresses you can assign to a trusted interface, as described in
RFC 1918, Address Allocation for Private Internets? (Select three.)
A. 192.168.50.1/24
B. 10.50.1.1/16
C. 198.51.100.1/24
D. 172.16.0.1/16
E. 192.0.2.1/24
Answer : B
The policies in a default Firebox configuration do not allow outgoing traffic from optional interfaces.
A. True
B. False
Answer : D
When you examine the log messages In Traffic Monitor, you see that some network packets are denied
with an unhandled packet log message. What does this log massage mean? (Select one.)
A. The packet is denied because the site is on the Blocked Sites List.
QUESTIONS AND ANSWERS LATEST UPDATE
(ALREADY GRADED A+)
WATCH GUARD NETWORK SECURITY ESSENTIALS QUESTIONS What is the best method to downgrade
the version of Fireware OS on your Firebox without losing all device configuration settings? (Select one.)
A. Restore a saved backup image that was created for the device before the last Fireware OS upgrade.
B. Use the Upgrade OS feature in Fireware Web UI to install the sysa_dl file for an order version of
Fireware OS.
C. Change the OS compatibility setting in Policy Manager to downgrade the device. Then use Policy
Manager to save the configuration to the device.
D. Use the downgrade feature on Policy Manager to select a previous of Fireware OS.
Answer : BC
You configured four Device Administrator user accounts for your Firebox. To see a report of witch Device
Management users have made changes to the device configuration, what must you do? (Select two.)
A. Start Firebox System Manager for the device and review the activity for the Management Users on
the Authentication List tab.
B. Connect to Report Manager or Dimension and view the Audit Trail report for your device.
C. Open WatchGuard Server Center and review the configuration history for managed devices.
D. Configure your device to send audit trail log messages to your WatchGuard Log Server or Dimension
Log Server
Answer : BCEF
Which items are included in a Firebox backup image? (Select four.)
A. Support snapshot
B. Fireware OS
C. Configuration file
D. Log file
E. Feature keys
F. Certificates
Answer : C
Only 50 clients on the trusted network of your Firebox can connect to the Internet at the same time.
What could cause this? (Select one.)
A. The Live Security feature key is expired.
B. The device feature key allows a maximum of 50 client connections.
C. The DHCP address pool on the trusted interface has only 50 IP addresses.
D. The Outgoing policy allows a maximum of 50 client connections.
Answer : B
, The IP address for the trusted interface on your Firebox is 10.0.40.1/24, but you want to change the IP
address for this interface. How can you avoid a network outage for clients on the trusted network when
you change the interface IP address to 10.0.50.1/24? (Select one.)
A. Create a 1-to-1 NAT rule for traffic from the 10.0.40.0/24 subnet to addresses on the 10.0.50.0/24
subnet.
B. Add 10.0.40.1/24 as a secondary IP address for the interface.
C. Add IP addresses on the 10.0.40.0/24 subnet to the DHCP Server IP address pool for this interface.
D. Add a route to 10.0.40.0/24 with the gateway 10.0.50.1.
Answer : ACD
In the network configuration in this image, which aliases is Eth2 a member of? (Select three.)
A. Any-optional
B. Any-External
C. Optional-1
D. Any
E. Any-Trusted
Answer : B
Clients on the trusted network need to connect to a server behind a router on the optional network.
Based on this image, what static route must be added to the Firebox for traffic from clients on the
trusted network to reach a server at 10.0.20.100? (Select one.)
A. Route to 10.0.20.0/24, Gateway 10.0.2.1
B. Route to 10.0.20.0/24, Gateway 10.0.2.254
C. Route to 10.0.20.0, Gateway 10.0.2.254
D. Route to 10.0.10.0/24, Gateway 10.0.10.1
Answer : ABD
Which of these options are private IPv4 addresses you can assign to a trusted interface, as described in
RFC 1918, Address Allocation for Private Internets? (Select three.)
A. 192.168.50.1/24
B. 10.50.1.1/16
C. 198.51.100.1/24
D. 172.16.0.1/16
E. 192.0.2.1/24
Answer : B
The policies in a default Firebox configuration do not allow outgoing traffic from optional interfaces.
A. True
B. False
Answer : D
When you examine the log messages In Traffic Monitor, you see that some network packets are denied
with an unhandled packet log message. What does this log massage mean? (Select one.)
A. The packet is denied because the site is on the Blocked Sites List.
