Watchguard Network Security Essentials
(100 Exam Practice Questions and
Correct Answers Latest 2026)
You can configure Dynamic NAT to route incoming connections from the Internet
to two different FTP servers on the trusted network.
a. True b. False
b. False. Dynamic NAT applies only to outgoing connections.
What port and protocol is used by DNS? (Select one.)
a. UDP/67
b. UDP/53
c. TCP/20
d. TCP/25
UDP/53
While troubleshooting a branch office VPN tunnel, you see the log message below.
What settings could you modify in the local device configuration to resolve the
configuration issue?
(Select one.) iked (203.0.113.50<->203.0.113.20)IKE phase-2 negotiation from
203.0.113.50:500 to 203.0.113.20:500 failed. Tunnel='tunnel.1' Reason=Received
proposal without PFS, Expecting PFS enabled id="0205-0002" Debug
a. BOVPN Gateway settings
b. BOVPN Tunnel settings
c. BOVPN over TLS settings
d. IKEv2 Shared settings
BOVPN Tunnel settings.
Based on this network diagram, which of these static routes could you add to the
Firebox to enable the Firebox to route traffic from clients on the 192.168.10.0/24
subnet to a server at 10.0.20.80? (Select two.)
pg. 1
,a. Route to 10.0.20.0, Gateway 10.0.2.1
b. Route to 10.0.20.80, Gateway 192.168.10.5
c. Route to 192.168.10.5, Gateway 192.168.10.1
d. Route to 10.0.20.0/24, Gateway 192.168.10.5
b and d.
You can configure a static route to the specific server, or to the entire subnet it is
on. In either case, the gateway is the IP address of the router that connects to that
network, and the gateway must be reachable by the firewall.
You can use the TCP-UDP proxy to control Web, FTP, and SIP traffic on ports
other than 80, 21, and 5060.
a. True b. False
a. True. The TCP-UDP proxy applies to TCP and UDP traffic on any TCP or UDP
port.
Which authentication servers can be used with any type of Mobile VPN (Select
two.)
a. Firebox-DB
b. Active Directory
c. RADIUS
d. LDAP
Firebox-DB RADIUS
pg. 2
, a graphical representation for the flow of data through the policies. (choose three)
Bandwidth meter
Traffic monitor
Traffic management
Service watch
Firewatch
Traffic management
Service watch
Firewatch
***When your device is in a default state, to which interface do you connect your
management computer so you can use the Quick Setup Wizard or Web
SetupWizard to configure the device? (Select one.)
A. Interface 0
B. Console interface
C. Any interface
D. Interface 1
Interface 1
***In the default Firebox configuration file, which policies control management
access to the device? (Select two.)
A. WatchGuard
B. FTP
C. Ping
D. WatchGuard Web UI
E. Outgoing
WatchGuard
WatchGuard Web UI
To use the Web Setup Wizard or Quick Setup Wizard to configure your Firebox or
XTM device, your computer must have an IP address on which subnet? (Select
one.)
pg. 3
(100 Exam Practice Questions and
Correct Answers Latest 2026)
You can configure Dynamic NAT to route incoming connections from the Internet
to two different FTP servers on the trusted network.
a. True b. False
b. False. Dynamic NAT applies only to outgoing connections.
What port and protocol is used by DNS? (Select one.)
a. UDP/67
b. UDP/53
c. TCP/20
d. TCP/25
UDP/53
While troubleshooting a branch office VPN tunnel, you see the log message below.
What settings could you modify in the local device configuration to resolve the
configuration issue?
(Select one.) iked (203.0.113.50<->203.0.113.20)IKE phase-2 negotiation from
203.0.113.50:500 to 203.0.113.20:500 failed. Tunnel='tunnel.1' Reason=Received
proposal without PFS, Expecting PFS enabled id="0205-0002" Debug
a. BOVPN Gateway settings
b. BOVPN Tunnel settings
c. BOVPN over TLS settings
d. IKEv2 Shared settings
BOVPN Tunnel settings.
Based on this network diagram, which of these static routes could you add to the
Firebox to enable the Firebox to route traffic from clients on the 192.168.10.0/24
subnet to a server at 10.0.20.80? (Select two.)
pg. 1
,a. Route to 10.0.20.0, Gateway 10.0.2.1
b. Route to 10.0.20.80, Gateway 192.168.10.5
c. Route to 192.168.10.5, Gateway 192.168.10.1
d. Route to 10.0.20.0/24, Gateway 192.168.10.5
b and d.
You can configure a static route to the specific server, or to the entire subnet it is
on. In either case, the gateway is the IP address of the router that connects to that
network, and the gateway must be reachable by the firewall.
You can use the TCP-UDP proxy to control Web, FTP, and SIP traffic on ports
other than 80, 21, and 5060.
a. True b. False
a. True. The TCP-UDP proxy applies to TCP and UDP traffic on any TCP or UDP
port.
Which authentication servers can be used with any type of Mobile VPN (Select
two.)
a. Firebox-DB
b. Active Directory
c. RADIUS
d. LDAP
Firebox-DB RADIUS
pg. 2
, a graphical representation for the flow of data through the policies. (choose three)
Bandwidth meter
Traffic monitor
Traffic management
Service watch
Firewatch
Traffic management
Service watch
Firewatch
***When your device is in a default state, to which interface do you connect your
management computer so you can use the Quick Setup Wizard or Web
SetupWizard to configure the device? (Select one.)
A. Interface 0
B. Console interface
C. Any interface
D. Interface 1
Interface 1
***In the default Firebox configuration file, which policies control management
access to the device? (Select two.)
A. WatchGuard
B. FTP
C. Ping
D. WatchGuard Web UI
E. Outgoing
WatchGuard
WatchGuard Web UI
To use the Web Setup Wizard or Quick Setup Wizard to configure your Firebox or
XTM device, your computer must have an IP address on which subnet? (Select
one.)
pg. 3
