WATCHGUARD FIREWARE
ESSENTIALS ONLINE COURSE
How is a proxy policy different from a packet filter policy? - ANSWER-Only a proxy
policy uses IP source, destination and port to control network traffic.
Only a proxy works the application, network and transport layers to examine all
connection data.
If you disable the outgoing policy, which policies must you add to allow trusted users to
connect to commonly used websites? - ANSWER-HTTP Port 80
HTTPS Port 443
DNS Port 53
If your firebox has a single public IP address and you want to forward inbound traffic to
internal hosts based on the desintation port, which type of NAT should you use? -
ANSWER-STATIC NAT
You can configure the SMTP-Proxy to restrict email messages and content based on
which of these message characteristics? - ANSWER-Email message size
Attachment file name and content type
Maximum e-mail recipients
After you enable spamBLocker, your users experience no reduction in the amount of
spam they receive. What could explain this? (Select three) - ANSWER-A. Connections
cannot be resolved to the spamBlocker servers because DNS is not configured on the
Firebox.
B. The spamBlocker action for confirmed spam is set to allow
C. a spam locker exception is configured to allow traffic from sender.
Which of these third party authentication methods must you specify a search base? -
ANSWER-Active Directory
LDAP
Only 50 clients on the trusted network of your firebox can connect to the internet at the
same time. What could cause this? - ANSWER-The DHCP Address pool on the trusted
only has 50 IP addresses
Which items are included on the firebox backup file? - ANSWER-Fireware OS
Config File
Feature Keys
Certificates
, DYNAMIC NAT - ANSWER-Conserves IP addresses and hides the internal topology of
your network.
LOOPBACK NAT - ANSWER-Allows a user on the trusted or optional network to
connect to a public server that is on the same physical firebox interface by its public IP
address or domain name.
1-to-1 NAT - ANSWER-changes all incoming and outgoing packets sent from one range
of addresses to a different range of addresse
An e-mail newsletter about sales from an external company is sometimes blocked by
spamBlocker. What option could you use to make sure the newsletter is delivered to
your users? - ANSWER-Add a spamBlocker exception based on the From field of the
newsletter e-mail.
The policies in a default firebox configuration do not allow outgoing traffic from optional
interfaces. - ANSWER-false
Which treats can the firebox prevent with default packet handling settings? - ANSWER-
DOS
Flood attacks
Port Scans
IP Spoofing
You have a privately addressed e-mail server behind your firebox. IF you want to make
sure all traffic from this server to the internet appears to come from address
203.0.113.25, regardless of policies, which NAT should you use? - ANSWER-Create a
global dynamic NAT rule for all traffic from the email server and set the source IP as
address to 203.0.113.25
Which of these 3 actions add a host to the temporary or permanent blocked sites list? -
ANSWER-A. Enable the AUTO-BLOCK sites that attempt to connect option in a deny
polcy
C. On the firebox system manager > blocked sites tab, select ADD.
D. In policy manager, select Setup > default threat protection > blocked sites and click
Add.
From the SMTP Proxy action settings in this image, which of these options is configured
for outgoing SMTP Traffic? - ANSWER-Deny outgoing mail from the example.com
domain.
When your users connect to the Authentication Portal page to authenticate, they see a
security warning message in their browsers. How can you make sure they don't see it -
ANSWER-A. Import a custom self-signed certificate or a third-party certificate, then to
all computers and/or web browsers
ESSENTIALS ONLINE COURSE
How is a proxy policy different from a packet filter policy? - ANSWER-Only a proxy
policy uses IP source, destination and port to control network traffic.
Only a proxy works the application, network and transport layers to examine all
connection data.
If you disable the outgoing policy, which policies must you add to allow trusted users to
connect to commonly used websites? - ANSWER-HTTP Port 80
HTTPS Port 443
DNS Port 53
If your firebox has a single public IP address and you want to forward inbound traffic to
internal hosts based on the desintation port, which type of NAT should you use? -
ANSWER-STATIC NAT
You can configure the SMTP-Proxy to restrict email messages and content based on
which of these message characteristics? - ANSWER-Email message size
Attachment file name and content type
Maximum e-mail recipients
After you enable spamBLocker, your users experience no reduction in the amount of
spam they receive. What could explain this? (Select three) - ANSWER-A. Connections
cannot be resolved to the spamBlocker servers because DNS is not configured on the
Firebox.
B. The spamBlocker action for confirmed spam is set to allow
C. a spam locker exception is configured to allow traffic from sender.
Which of these third party authentication methods must you specify a search base? -
ANSWER-Active Directory
LDAP
Only 50 clients on the trusted network of your firebox can connect to the internet at the
same time. What could cause this? - ANSWER-The DHCP Address pool on the trusted
only has 50 IP addresses
Which items are included on the firebox backup file? - ANSWER-Fireware OS
Config File
Feature Keys
Certificates
, DYNAMIC NAT - ANSWER-Conserves IP addresses and hides the internal topology of
your network.
LOOPBACK NAT - ANSWER-Allows a user on the trusted or optional network to
connect to a public server that is on the same physical firebox interface by its public IP
address or domain name.
1-to-1 NAT - ANSWER-changes all incoming and outgoing packets sent from one range
of addresses to a different range of addresse
An e-mail newsletter about sales from an external company is sometimes blocked by
spamBlocker. What option could you use to make sure the newsletter is delivered to
your users? - ANSWER-Add a spamBlocker exception based on the From field of the
newsletter e-mail.
The policies in a default firebox configuration do not allow outgoing traffic from optional
interfaces. - ANSWER-false
Which treats can the firebox prevent with default packet handling settings? - ANSWER-
DOS
Flood attacks
Port Scans
IP Spoofing
You have a privately addressed e-mail server behind your firebox. IF you want to make
sure all traffic from this server to the internet appears to come from address
203.0.113.25, regardless of policies, which NAT should you use? - ANSWER-Create a
global dynamic NAT rule for all traffic from the email server and set the source IP as
address to 203.0.113.25
Which of these 3 actions add a host to the temporary or permanent blocked sites list? -
ANSWER-A. Enable the AUTO-BLOCK sites that attempt to connect option in a deny
polcy
C. On the firebox system manager > blocked sites tab, select ADD.
D. In policy manager, select Setup > default threat protection > blocked sites and click
Add.
From the SMTP Proxy action settings in this image, which of these options is configured
for outgoing SMTP Traffic? - ANSWER-Deny outgoing mail from the example.com
domain.
When your users connect to the Authentication Portal page to authenticate, they see a
security warning message in their browsers. How can you make sure they don't see it -
ANSWER-A. Import a custom self-signed certificate or a third-party certificate, then to
all computers and/or web browsers
