Exam Essentials topic 1 question 36 discussion

Actual exam question from WatchGuard's Essentials

Question #: 36
Topic #: 1

Match each WatchGuard Subscription Service with its function.
Uses full-system emulation analysis to identify characteristics and behavior of zero-day malware. (Choose one).

A. Reputation Enable Defense RED
B. Gateway / Antivirus
C. Data Loss Prevention DLP
D. Spam Blocker
E. WebBlocker
F. Intrusion Prevention Server IPS
G. Application Control
H. Quarantine Server
I.

Show Suggested Answer

Suggested Answer: I
APT Blocker is intended to stop malware and zero-day threats that are trying to invade an organization's network.
APT Blocker uses a next-gen sandbox to get detailed views into the execution of a malware program. After first running through other security services, files are fingerprinted and checked against an existing database first on the appliance and then in the cloud. If the file has never been seen before, it is analyzed using the system emulator, which monitors the execution of all instructions. It can spot the evasion techniques that other sandboxes miss.
Reference:
http://www.watchguard.com/wgrd-products/security-modules/apt-blocker

by Arjjra at March 27, 2019, 10:43 p.m.

Comments

Submit Cancel

Arjjra

1 year, 11 months ago

not able to see the rest of the boxes. only the first one

upvoted 2 times

...

LoCarb_Monster

1 year, 2 months ago

The answer is APT, and should be the 'I.' option WatchGuard Network Security Essentials Study Guide v12.5 pg. 146 "APT Blocker Cloud-based service that uses emulation analysis to identify the characteristics and behavior of zero-day malware."

upvoted 3 times

...

EnjoiTech

1 year, 1 month ago

APT Blocker Cloud-based service that uses emulation analysis to identify the characteristics and behavior of zero-day malware.

upvoted 2 times

...

Satornjkk

2 months, 2 weeks ago

Yes, APT Blocker is correct.

upvoted 1 times

...