A financial services company is deploying WatchGuard Endpoint Security. To comply with industry regulations, they must prevent any data exfiltration via removable storage. However, the finance department uses specific, company-issued encrypted USB drives for transferring large reports between air-gapped systems. What is the most effective policy configuration in WatchGuard EPP to meet these requirements?
A security analyst at a healthcare organization is reviewing an alert from WatchGuard EPDR. The alert indicates that `powershell.exe` was launched by `winword.exe` and executed an obfuscated script that made a network connection to an unknown IP address. This activity was automatically blocked by the Zero-Trust Application Service. Which actions should the analyst take next to investigate and remediate the threat? (Select TWO)
True or False: When WatchGuard Full Encryption is configured to manage BitLocker on a Windows endpoint, the recovery key is stored only on the local device's TPM chip and is not accessible through the WatchGuard Cloud management console.
A university is using WatchGuard Patch Management to maintain the security of its computer labs, which consist of Windows and macOS devices. A critical, zero-day vulnerability was announced for a widely used third-party application. The IT department needs to deploy the patch immediately but is concerned about potential conflicts with specialized academic software. What is the most prudent course of action using the Patch Management module?
The CIO of a company wants a weekly high-level report that summarizes the overall security posture of all endpoints. The report must include the number of threats detected, the patch status compliance percentage, and the current encryption status of the device fleet. Which tool within the WatchGuard ecosystem is best suited for creating and automatically scheduling this report?
A consultant is explaining WatchGuard's Zero-Trust Application Service to a new client. Which statement best describes the operational principle of this service?
An administrator is configuring a new URL filtering policy for a K-12 school. The goal is to block access to social media, gaming, and adult content websites, while allowing access to all educational resources. The administrator has applied the appropriate category blocks. However, teachers report that a specific online learning platform, `learn.example.com`, which is categorized under 'Education', is being blocked. Troubleshooting reveals that the platform's login page, `login.example.com`, is categorized as 'Social Networking'. What is the most efficient way to resolve this issue while maintaining the security policy?
**Case Study:** A mid-sized logistics company, 'Global Transports', operates a fleet of 300 Windows laptops used by its mobile workforce. The company has recently adopted WatchGuard EPDR and the Full Encryption module to secure its devices and data. The IT team is small, with only two administrators responsible for endpoint security. The primary security concerns are ransomware attacks and data loss from stolen laptops. All laptops must have their primary drive encrypted. The mobile workforce frequently connects to untrusted Wi-Fi networks at truck stops and hotels. A key requirement is that administrators must be able to centrally manage encryption and recover data from a locked device without requiring the physical device to be present. Recently, a driver reported their laptop was stolen. The device was online for a short period after the theft. The IT team needs to ensure the data is secure and wants to determine what actions the thief may have attempted. They have confirmed that the Full Encryption policy was successfully applied to the laptop before it was stolen. Which combination of WatchGuard Endpoint Security features provides the best solution to meet Global Transports' requirements for device security, data recovery, and post-theft analysis?
An Indicator of Attack (IoA) is fundamentally different from a signature-based Indicator of Compromise (IoC). Which of the following best describes an IoA that WatchGuard EDR would detect?
A company has a policy that all available critical and important patches for Windows operating systems and Microsoft Office must be installed within 7 days of release. Which components must be configured in WatchGuard Patch Management to automate this process? (Select THREE)