Watchguard Exam Labs UPDATED
ACTUAL Questions and CORRECT
Answers
A user receives a deny message that the installation file (install.exe) is blocked by the
HTTP-proxy policy and cannot be downloaded. Which HTTP proxy action rule must you
modify to allow download of the installation file? (Select one.)
A. HTTP Request > Request Methods
B. HTTP Response > Body Content Types
C. HTTP Response > Header Fields
D. WebBlocker
E. HTTP Request > Authorization - CORRECT ANSWER - HTTP Response > Body
Content Types
How is a proxy policy different from a packet filter policy? (Select two.)
A. Only a proxy policy examines information in the IP header.
B. Only a proxy policy uses the IP source, destination, and port to control network traffic.
C. Only a proxy policy can prevent specific threats without blocking the entire connection.
D. Only a proxy works ta the application, network, and transport layers to examine all
connection data. - CORRECT ANSWER - C. Only a proxy policy can prevent specific
threats without blocking the entire connection.
D. Only a proxy works ta the application, network, and transport layers to examine all
connection data.
An email newsletter about sales from an external company is sometimes blocked by
spamBlocker. What option could you choose to make sure the newsletter is delivered to
your users? (Select one.)
A. Add a spamBlocker exception based on the From field of the newsletter email.
B. Set the spamBlocker action to quarantine the email for later retrieval.
,C. Add a spamBlocker subject tag for bulk email messages.
D. Set the spamBlocker virus outbreak detection action to allow emails from the newsletter
source. - CORRECT ANSWER - A. Add a spamBlocker exception based on the From field
of the newsletter email
Which WatchGuard tools can you use to review the log messages generated by your
Firebox? (Select three).
A. Firebox System Manager > Traffic Monitor
B. Fireware XTM Web UI > Traffic Monitor
C. Firebox System Manager > Status Report
D. Dimension > Log manager
E. WatchGuard System Manager > Policy Manager - CORRECT ANSWER - A. Firebox
System Manager > Traffic Monitor
B. Fireware XTM Web UI > Traffic Monitor
D. Dimension > Log manager
To enable remote devices to send log messages to Dimension through the gateway
Firebox, what must you verify is included in your gateway Firebox configuration? (Select
one.)
A. You can only send log messages to Dimension from a computer that is on the network behind
your gateway Firebox.
B. You must change the connection settings in Dimension, not on the gateway Firebox.
C. You must add a policy to the remote device configuration file to allow traffic to a Dimension.
D. You must make sure that either the WG-Logging packet filter policy, or another policy that
allows external connections to Dimension over port 4115, is included in the configuration file. -
CORRECT ANSWER - D. You must make sure that either the WG-Logging packet filter
policy, or another policy that allows external connections to Dimension over port 4115, is
included in the configuration file.
You have a privately addressed email server behind your Firebox. If you want to make sure
that all traffic from this server to the Internet appears to come from the public IP address
, 203.0.113.25, regardless of policies, which from of NAT would you use? (Select one.)
A. In the SMTP policy that handles traffic from the email server, select the option to apply
dynamic NAT to all traffic in the policy and set the source IP address 203.0.113.25.
B. Create a global dynamic NAT rule for traffic from the email server and set the source IP
address to 203.0.113.25.
C. Create a static NAT action for traffic to the email server, and set the source IP address to
203.0.113.25. - CORRECT ANSWER - in the SMTP policy that handles traffic from the
email server, select the option to apply dynamic NAT to all traffic in the policy and set the source
IP address 203.0.113.25.
The IP address for the trusted interface on your Firebox is 10.0.40.1/24, but you want to
change the IP address for this interface. How can you avoid a network outage for clients on
the trusted network when you change the interface IP address to 10.0.50.1/24? (Select
one.)
A. Create a 1-to-1 NAT rule for traffic from the 10.0.40.0/24 subnet to addresses on the
10.0.50.0/24 subnet.
B. Add 10.0.40.1/24 as a secondary IP address for the interface.
C. Add IP addresses on the 10.0.40.0/24 subnet to the DHCP Server IP address pool for this
interface.
D. Add a route to 10.0.40.0/24 with the gateway 10.0.50.1. - CORRECT ANSWER - Add
10.0.40.1/24 as a secondary IP address for the interface.
When your users connect to the Authentication Portal page to authenticate, they see a
security warning message in their browses, which they must accept before they can
authenticate. How can you make sure they do not see this security warning message in
their browsers? (Select one.)
A. Import a custom self-signed certificate or a third-party certificate to your Firebox and import
the same certificate to all client computers or web browsers.
B. Replace the Firebox certificate with the trusted certificate from your web server.
C. Add the user accounts for your users who use the Authentication Portal to a list of trusted
users on your Firebox.
ACTUAL Questions and CORRECT
Answers
A user receives a deny message that the installation file (install.exe) is blocked by the
HTTP-proxy policy and cannot be downloaded. Which HTTP proxy action rule must you
modify to allow download of the installation file? (Select one.)
A. HTTP Request > Request Methods
B. HTTP Response > Body Content Types
C. HTTP Response > Header Fields
D. WebBlocker
E. HTTP Request > Authorization - CORRECT ANSWER - HTTP Response > Body
Content Types
How is a proxy policy different from a packet filter policy? (Select two.)
A. Only a proxy policy examines information in the IP header.
B. Only a proxy policy uses the IP source, destination, and port to control network traffic.
C. Only a proxy policy can prevent specific threats without blocking the entire connection.
D. Only a proxy works ta the application, network, and transport layers to examine all
connection data. - CORRECT ANSWER - C. Only a proxy policy can prevent specific
threats without blocking the entire connection.
D. Only a proxy works ta the application, network, and transport layers to examine all
connection data.
An email newsletter about sales from an external company is sometimes blocked by
spamBlocker. What option could you choose to make sure the newsletter is delivered to
your users? (Select one.)
A. Add a spamBlocker exception based on the From field of the newsletter email.
B. Set the spamBlocker action to quarantine the email for later retrieval.
,C. Add a spamBlocker subject tag for bulk email messages.
D. Set the spamBlocker virus outbreak detection action to allow emails from the newsletter
source. - CORRECT ANSWER - A. Add a spamBlocker exception based on the From field
of the newsletter email
Which WatchGuard tools can you use to review the log messages generated by your
Firebox? (Select three).
A. Firebox System Manager > Traffic Monitor
B. Fireware XTM Web UI > Traffic Monitor
C. Firebox System Manager > Status Report
D. Dimension > Log manager
E. WatchGuard System Manager > Policy Manager - CORRECT ANSWER - A. Firebox
System Manager > Traffic Monitor
B. Fireware XTM Web UI > Traffic Monitor
D. Dimension > Log manager
To enable remote devices to send log messages to Dimension through the gateway
Firebox, what must you verify is included in your gateway Firebox configuration? (Select
one.)
A. You can only send log messages to Dimension from a computer that is on the network behind
your gateway Firebox.
B. You must change the connection settings in Dimension, not on the gateway Firebox.
C. You must add a policy to the remote device configuration file to allow traffic to a Dimension.
D. You must make sure that either the WG-Logging packet filter policy, or another policy that
allows external connections to Dimension over port 4115, is included in the configuration file. -
CORRECT ANSWER - D. You must make sure that either the WG-Logging packet filter
policy, or another policy that allows external connections to Dimension over port 4115, is
included in the configuration file.
You have a privately addressed email server behind your Firebox. If you want to make sure
that all traffic from this server to the Internet appears to come from the public IP address
, 203.0.113.25, regardless of policies, which from of NAT would you use? (Select one.)
A. In the SMTP policy that handles traffic from the email server, select the option to apply
dynamic NAT to all traffic in the policy and set the source IP address 203.0.113.25.
B. Create a global dynamic NAT rule for traffic from the email server and set the source IP
address to 203.0.113.25.
C. Create a static NAT action for traffic to the email server, and set the source IP address to
203.0.113.25. - CORRECT ANSWER - in the SMTP policy that handles traffic from the
email server, select the option to apply dynamic NAT to all traffic in the policy and set the source
IP address 203.0.113.25.
The IP address for the trusted interface on your Firebox is 10.0.40.1/24, but you want to
change the IP address for this interface. How can you avoid a network outage for clients on
the trusted network when you change the interface IP address to 10.0.50.1/24? (Select
one.)
A. Create a 1-to-1 NAT rule for traffic from the 10.0.40.0/24 subnet to addresses on the
10.0.50.0/24 subnet.
B. Add 10.0.40.1/24 as a secondary IP address for the interface.
C. Add IP addresses on the 10.0.40.0/24 subnet to the DHCP Server IP address pool for this
interface.
D. Add a route to 10.0.40.0/24 with the gateway 10.0.50.1. - CORRECT ANSWER - Add
10.0.40.1/24 as a secondary IP address for the interface.
When your users connect to the Authentication Portal page to authenticate, they see a
security warning message in their browses, which they must accept before they can
authenticate. How can you make sure they do not see this security warning message in
their browsers? (Select one.)
A. Import a custom self-signed certificate or a third-party certificate to your Firebox and import
the same certificate to all client computers or web browsers.
B. Replace the Firebox certificate with the trusted certificate from your web server.
C. Add the user accounts for your users who use the Authentication Portal to a list of trusted
users on your Firebox.
