WATCH GUARD NETWORK SECURITY ESSENTIALS
QUESTIONS AND ANSWERS LATEST UPDATE
(ALREADY GRADED A+)
If your Firebox has a single public IP address, and you want to forward inbound traffic to internal hosts
based on the destination port, which type of NAT should you use? (Select one.)
Static NAT
1-to-1 NAT
Dynamic NAT
Static NAT
You need to create an HTTP-proxy policy to a specific domain for software updates (example.com).
The update site has multiple subdomains and dynamic IP addresses on a content delivery network.
Which of these options is the best way to define the destination in your HTTP-proxy policy? (Select
one.)
Configure a host name for update.example.com
Configure an FQDN for *.example.com
Add IP addresses that correspond to each software update server in the domain.
Create an alias for all subdomains and known IP addresses for example.com.
Configure an FQDN for *.example.com
While troubleshooting a branch office VPN tunnel, you see this log message:
2014-07-23 12:29:15 iked (203.0.113.10<->203.0.113.20) Peer proposes phase one encryption 3DES,
expecting AES
What settings could you modify in the local device configuration to resolve this issue? (Select one.)
BOVPN Gateway settings
BOVPN-Allow policies
BOVPN Tunnel settings
BOVPN Tunnel Route settings
BOVPN Gateway settings
The WatchGuard BOVPN settings error in this example states phase one encryption. Only the BOVPN
Gateway settings can specify phase one settings. BOVPN Tunnel settings specify phase 2 settings.
In a Mobile VPN configuration, why would you choose default route VPN over split tunnel VPN?
(Select one.)
Default route VPN allows your Firebox to examine all remote user traffic
Default route VPN uses less bandwidth
, Default route VPN uses less processing power
Default route VPN automatically allows dynamic NAT
Default route VPN allows your Firebox to examine all remote user traffic
Match the monitoring tool to the correct task. Which tool can view a list of users connected to the
Firebox? (Select one)
FireBox System Manager - Blocked Sites list
Log Server
FireWatch
Firebox System Manager - Subscription services
Firebox System Manager - Authentication list
Traffic Monitor
Firebox System Manager - Authentication list
You can view a list of users connected to the Firebox through HostWatch, and you can also use
Authentication List, which identifies the IP addresses and user names of all the users that are
authenticated to the Firebox.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181
A local branch office VPN tunnel route is configured as shown below. On the remote peer device, what
must be configured as the remote network address for this tunnel route? (Select one.)
Local: 10.0.1.0/24
Remote: 10.0.20.1/24
Direction Local <--> Remote
1:1 NAT: 10.0.10.0/24
10.0.1.0/24
10.0.10.0/24
10.0.20.0/24
10.0.10.0/24
If you use an external authentication server for mobile VPN, which option must you complete before
remote users can authenticate? (Select one.)
Create aliases for each remote user's virtual IP address.
Reboot the authentication server
Add the Mobile VPN user group and remote users to your authentication server.
Add the remote users to a Mobile VPN user group on your Firebox.
Add the Mobile VPN user group and remote users to your authentication server.
Match the monitoring tool to the correct task:
Not a Fireware monitoring tool
Log Server
Firewatch
QUESTIONS AND ANSWERS LATEST UPDATE
(ALREADY GRADED A+)
If your Firebox has a single public IP address, and you want to forward inbound traffic to internal hosts
based on the destination port, which type of NAT should you use? (Select one.)
Static NAT
1-to-1 NAT
Dynamic NAT
Static NAT
You need to create an HTTP-proxy policy to a specific domain for software updates (example.com).
The update site has multiple subdomains and dynamic IP addresses on a content delivery network.
Which of these options is the best way to define the destination in your HTTP-proxy policy? (Select
one.)
Configure a host name for update.example.com
Configure an FQDN for *.example.com
Add IP addresses that correspond to each software update server in the domain.
Create an alias for all subdomains and known IP addresses for example.com.
Configure an FQDN for *.example.com
While troubleshooting a branch office VPN tunnel, you see this log message:
2014-07-23 12:29:15 iked (203.0.113.10<->203.0.113.20) Peer proposes phase one encryption 3DES,
expecting AES
What settings could you modify in the local device configuration to resolve this issue? (Select one.)
BOVPN Gateway settings
BOVPN-Allow policies
BOVPN Tunnel settings
BOVPN Tunnel Route settings
BOVPN Gateway settings
The WatchGuard BOVPN settings error in this example states phase one encryption. Only the BOVPN
Gateway settings can specify phase one settings. BOVPN Tunnel settings specify phase 2 settings.
In a Mobile VPN configuration, why would you choose default route VPN over split tunnel VPN?
(Select one.)
Default route VPN allows your Firebox to examine all remote user traffic
Default route VPN uses less bandwidth
, Default route VPN uses less processing power
Default route VPN automatically allows dynamic NAT
Default route VPN allows your Firebox to examine all remote user traffic
Match the monitoring tool to the correct task. Which tool can view a list of users connected to the
Firebox? (Select one)
FireBox System Manager - Blocked Sites list
Log Server
FireWatch
Firebox System Manager - Subscription services
Firebox System Manager - Authentication list
Traffic Monitor
Firebox System Manager - Authentication list
You can view a list of users connected to the Firebox through HostWatch, and you can also use
Authentication List, which identifies the IP addresses and user names of all the users that are
authenticated to the Firebox.
Reference: Fireware Basics, Courseware: WatchGuard System Manager 10, pages 15, 34, 59, 181
A local branch office VPN tunnel route is configured as shown below. On the remote peer device, what
must be configured as the remote network address for this tunnel route? (Select one.)
Local: 10.0.1.0/24
Remote: 10.0.20.1/24
Direction Local <--> Remote
1:1 NAT: 10.0.10.0/24
10.0.1.0/24
10.0.10.0/24
10.0.20.0/24
10.0.10.0/24
If you use an external authentication server for mobile VPN, which option must you complete before
remote users can authenticate? (Select one.)
Create aliases for each remote user's virtual IP address.
Reboot the authentication server
Add the Mobile VPN user group and remote users to your authentication server.
Add the remote users to a Mobile VPN user group on your Firebox.
Add the Mobile VPN user group and remote users to your authentication server.
Match the monitoring tool to the correct task:
Not a Fireware monitoring tool
Log Server
Firewatch
