WatchGuard Endpoint Security Exam — Threat Detection, Protection, and Network
Defense Certification
Zero-day attacks and APTs - (ANSWER)New threats that have never been seen before
Fileless malware - (ANSWER)Malicious software that runs in memory instead of as a physical file on the
endpoint.
How does fileless malware operate? - (ANSWER)Exploits trusted processes in memory to remain
undetected.
"Living Off- the Land" Attack - (ANSWER)Attacks where a malicious user gain access to an endpoint and
uses legitimately installed software to perform further attacks.
Exploits - (ANSWER)A software tool designed to take advantage of a flaw in a computer system.
Ransomware - (ANSWER)Malicious software that encrypts and locks the contents and files of computers
and demands a ransom for the encryption to unlock the data.
The Protection Cycle - (ANSWER)1) Visibility
2) Detection
3) Remediation/response
4) Prevention
Visibility - (ANSWER)(Protection Cycle)Trace every action taken by running applications.
Detection - (ANSWER)(Protection Cycle)Monitor active processes and preform real-time blocking of
zero-day attacks, targeted attacks, and other advanced threats designed to bypass traditional antivirus
and anti-malware solutions.
Remediation/response - (ANSWER)(Protection Cycle)Use collected forensic information to complete in-
depth analysis of every attempted attack.
, WatchGuard Endpoint Security Exam — Threat Detection, Protection, and Network
Defense Certification
Prevention - (ANSWER)(Protection Cycle)Edit the protection model settings and patches for
vulnerabilities
Watchguard Endpoint Protection Platform (EPP) - (ANSWER)(Watchguard Endpoint Security) Protects
endpoints from threats and reduces the attack surface. Includes a full range of protection
features(antivirus, firewall, device control, URL filtering)
Watchgurad Endpoint Detection and Response (EDR) - (ANSWER)(Watchguard Endpoint Security)
Detects and responds effectively to any type of unknown malware, as well as the fileless and
malwareless attacks that traditional solutions cannot detect. Uses Zero-Trust application service to
prevent applications and processes from running until they are validated as trusted.
Watchguard Endpoint Protection Detection and Response (EPDR) - (ANSWER)(Watchguard Endpoint
Security) Prevents, detects, and responds to any type of known and unknown malware, as well as fileless
and malwareless attacks. Uses Zero-Trust Application Service alongside anitvirus, firewall, device
control, URL filtering, and more.
Watchguard Advanced EPDR - (ANSWER)(Watchguard Endpoint Security) Extends EPDR functionality
with additional capabilities that enable security operations teams to discover undetected threats on
their customers endpoints.
Watchguard Full Encryption - (ANSWER)Encrypts the contents of disks and USB/removable storage
drives connected to computers that watchguard endpoint security manages
Watchguard Patch Managment - (ANSWER)You can manage patches for operating system and third-
party application vulnerabilities on workstations and servers
Watchguard Advanced Reporting Tool - (ANSWER)You can generate security intelligence and IT insights
to pinpoint attacks, unusual behavior, and internal misuse
Defense Certification
Zero-day attacks and APTs - (ANSWER)New threats that have never been seen before
Fileless malware - (ANSWER)Malicious software that runs in memory instead of as a physical file on the
endpoint.
How does fileless malware operate? - (ANSWER)Exploits trusted processes in memory to remain
undetected.
"Living Off- the Land" Attack - (ANSWER)Attacks where a malicious user gain access to an endpoint and
uses legitimately installed software to perform further attacks.
Exploits - (ANSWER)A software tool designed to take advantage of a flaw in a computer system.
Ransomware - (ANSWER)Malicious software that encrypts and locks the contents and files of computers
and demands a ransom for the encryption to unlock the data.
The Protection Cycle - (ANSWER)1) Visibility
2) Detection
3) Remediation/response
4) Prevention
Visibility - (ANSWER)(Protection Cycle)Trace every action taken by running applications.
Detection - (ANSWER)(Protection Cycle)Monitor active processes and preform real-time blocking of
zero-day attacks, targeted attacks, and other advanced threats designed to bypass traditional antivirus
and anti-malware solutions.
Remediation/response - (ANSWER)(Protection Cycle)Use collected forensic information to complete in-
depth analysis of every attempted attack.
, WatchGuard Endpoint Security Exam — Threat Detection, Protection, and Network
Defense Certification
Prevention - (ANSWER)(Protection Cycle)Edit the protection model settings and patches for
vulnerabilities
Watchguard Endpoint Protection Platform (EPP) - (ANSWER)(Watchguard Endpoint Security) Protects
endpoints from threats and reduces the attack surface. Includes a full range of protection
features(antivirus, firewall, device control, URL filtering)
Watchgurad Endpoint Detection and Response (EDR) - (ANSWER)(Watchguard Endpoint Security)
Detects and responds effectively to any type of unknown malware, as well as the fileless and
malwareless attacks that traditional solutions cannot detect. Uses Zero-Trust application service to
prevent applications and processes from running until they are validated as trusted.
Watchguard Endpoint Protection Detection and Response (EPDR) - (ANSWER)(Watchguard Endpoint
Security) Prevents, detects, and responds to any type of known and unknown malware, as well as fileless
and malwareless attacks. Uses Zero-Trust Application Service alongside anitvirus, firewall, device
control, URL filtering, and more.
Watchguard Advanced EPDR - (ANSWER)(Watchguard Endpoint Security) Extends EPDR functionality
with additional capabilities that enable security operations teams to discover undetected threats on
their customers endpoints.
Watchguard Full Encryption - (ANSWER)Encrypts the contents of disks and USB/removable storage
drives connected to computers that watchguard endpoint security manages
Watchguard Patch Managment - (ANSWER)You can manage patches for operating system and third-
party application vulnerabilities on workstations and servers
Watchguard Advanced Reporting Tool - (ANSWER)You can generate security intelligence and IT insights
to pinpoint attacks, unusual behavior, and internal misuse
