WATCHGUARD
PRACTICE EXAM QUESTIONS WITH
CORRECT DETAILED ANSWERS |
ALREADY GRADED A+<RECENT
VERSION>
1) What are the three components of the WatchGuard System Manager software? -
ANSWER Policy Manager, Firebox System Manager (FSM), Host Watch
2) Which of the following do you need to ensure you have when initially activating your
firewall? Choose all that apply. - ANSWER Firebox Serial Number and Account on the
WatchGuard website
3) Which account do you need to log into your WatchGuard firewall through WatchGuard
System Manager? - ANSWER Status
4) True or False: A Feature Key can be migrated between devices. - ANSWER False. A
Feature Key is specific to a specific device, because it is based on the serial number.
5) What are the four types of network interfaces you can configure on your firewall? -
ANSWER External, Trusted, Optional, Custom
6) True or False: There are three modes you can operate your firewall under: Mixed Routing,
Bridged and Drop-In. Bridged mode is the default selection. - ANSWER False. Mixed
Routing mode is the default mode.
7) What can you view directly through Firebox System Manager? Select all that apply. -
ANSWER Gateway Wireless Controller, Traffic Monitor, Service Watch
,8) True or False: Through Firebox System Manager, you can run the TCP Dump command. -
ANSWER True. This option is available under the Diagnostic Tasks tool.
9) What is the purpose of Static NAT? - ANSWER To allow inbound access over a specific
port.
10) True or False: In order to enable NAT Loopback on your firewall, you have to configure this
under the Dynamic NAT settings. - ANSWER False. NAT Loopback does not require
anything to be enabled. You simple have to write a policy to allow it.
11) When you see the log "Unhandled Internal Packet," what does this mean? - ANSWER
Someone inside of your network tried to send outbound traffic, but there was no policy to
allow it.
12) When your device is in a default state, to which interface do you connect your management
computer so you can use the Quick Setup Wizard or Web Setup Wizard to configure the
device? (Select one.)
A. Interface 0
B. Console interface
C. Any interface
D. Interface 1 - ANSWER Interface 1
13) In the default Firebox configuration file, which policies control management access to the
device? (Select two.)
A. WatchGuard
B. FTP
C. Ping
D. WatchGuard Web UI
E. Outgoing - ANSWER WatchGuard
WatchGuard Web UI
14) What are included in a config file?
1. DNS servers
, 2. External interface configuration
3. Trusted interface configuration
4. Feature key
5. Policies
6. User and roles - ANSWER DNS server
External
interface config
trusted interface config
Policies
15) Match the diagnostic tool to the system component?
1. Performance Metrics
2. Able to ping the source of a denied packet - ANSWER 1. SD-WAN
2.Traffic monitor
16) Line of code from traffic monitor for troubleshooting IKV2-VPN.
If it fails phase 1, what do you check?
If it fails on phase 2, what do you check? - ANSWER Phase 1-Check gateway settings
Phase 2-Check tunnel settings
17) ***True and False Default Threat protection happens after going through the policy list top
to bottom - ANSWER false
18) What authentication servers can a mobile VPN with IKEv2 use? - ANSWER Firebox-DB
Radius
19) What authentication servers can a mobile VPN with L2TP? - ANSWER Firebox-DB Radius
20) IdP Portal - ANSWER Page showing SAML resources and Corporate Credentials to users
21) SAML Resources - ANSWER Resources for exchanging information between service and
identity providers
, 22) Corporate Credentials - ANSWER Login credentials available in the password vault
23) Auth Point - ANSWER Identity provider for multi-factor authentication
24) Authentication Policy - ANSWER Rules specifying authentication requirements for
resources
25) Logon App - ANSWER Application adding MFA to Windows and Mac computers
26) RDP - ANSWER Remote Desktop Protocol for accessing computers remotely
27) Auth Point Agent - ANSWER Application installed on a computer or server for Logon app
28) Access for Non-Auth Point Users - ANSWER Feature allowing non-Auth Point users to log
in without MFA
29) Gateway - ANSWER Software for communication between Auth Point and local services
30) RADIUS - ANSWER Protocol for authentication, authorization, and accounting
31) MS-CHAPv2 - ANSWER Microsoft Challenge-Handshake Authentication Protocol v2 for
VPN connections
32) Firebox - ANSWER Device providing secure remote access to web applications
33) SAML Certificate - ANSWER Certificate for identifying Auth Point as a trusted identity
provider
34) ADFS - ANSWER Active Directory Federation Services for single sign-on