Exam Essentials topic 1 question 27 discussion

This question is actually on the watchguard exam objectives sample questions. The answer is prevent mail relay for example.com domain. Answer should be C.

Everyone here says that che corrent answer is C but if you read the official guide there almost the same image at page 194 "Prevent SMTP Mail Relay" The only difference is that they configure Rcpt to and NOT Mail From. Read the guide online as well: You can use the Address: Mail From ruleset to put limits on email and to allow email into your network only from specified senders. The default configuration is to allow email from all senders. You can add, delete, or modify rules. For example, you can create rules to deny emails from a specific sender ([email protected]) or to deny all emails from a domain (*@example.com). The Address: Rcpt To ruleset can limit the email that goes out of your network to only specified recipients. The default configuration allows email to all recipients out of your network. On an SMTP-Incoming proxy action, you can use the Rcpt To ruleset to make sure your email server can not be used for email relaying. For more information, see Protect Your SMTP Server from Email Relaying.

Outgoing Traffic

Logically the only option is C. The question asks specifically "for outgoing SMTP traffic"; so that rules out B. immediately. A is wrong because the rules formatting would reflect the "rewrite" with domainA -> domainB. D. is wrong because this policy ONLY allows *@example.com; deny none matched. You can NOT have a DENY rule in the "simple view". C is the only options because relay is both inbound and outbound, this rule blocks the Outgoing SMTP traffic, as stated in the question. ALSO remember this snip is from the Proxy Action saved config, it doesn't actually mean because it is labeled "outgoing" that the policy that is applying this Proxy Action is not outbound or inbound, that information is not provided outside of the actual question which states "for outgoing SMTP traffic"

Actually the answer should be A. The window is shown in Simple Mode, but only "allow" and "replace/rewrite" rules can be shown in simple mode. B, C, D require a "Deny" rule which cannot be shown in Simple Mode. You can try it yourself in WSM.

Answer should be C (prevent mail relay).

Is outgoing traffic and you can see enabled mail from domains. This rule block other mail from domains relay. Answer C

Correct answer should be C: "You can configure the SMTP proxy action to provide basic mail relay protection. In the proxy action, in the Address > Rcpt To settings, configure the proxy to allow messages addressed to the domains your SMTP server receives mail for, and to deny messages addressed to any other domain. SMTP proxy action configured to allow mail to the domain example.com For more"

SMTP-Proxy: Mail From/Rcpt To You can use the Address: Mail From ruleset to put limits on email and to allow email into your network only from specified senders. The default configuration is to allow email from all senders. You can add, delete, or modify rules. For example, you can create rules to deny emails from a specific sender ([email protected]) or to deny all emails from a domain (*@example.com). In this particular question, as its set to Deny, it will DENY any email from example.com read more here >> https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/smtp/proxy_smtp_mail_from_to_c.html

This applies to outgoing mail so it must be C or D. I just had a look on a live Watchguard and the newer O/S shows it more clearly and says allowed or denied, above the no match denied box. I would probably guess D.

https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/smtp/proxy_smtp_mail_from_to_c.html

Using the Simple view (Change View buttom) you can switch the view type. The Simple view is used for this picture then you can create rules for Allow and Rewrite only. The correct answer is for avoid mail relay.

Confused... only info given is - Categories - Mail From; Rules - Simple view with *@etc & *@*etc; and Actions to take - None Matched - Deny. https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/smtp/proxy_smtp_mail_from_to_c.html "You can use the Address: Mail From ruleset to put limits on email and to allow email into your network only from specified senders. The default configuration is to allow email from all senders. You can add, delete, or modify rules. For example, you can create rules to deny emails from a specific sender ([email protected]) or to deny all emails from a domain (*@example.com)." so, all the above suggests B, no?

I agree, the answer should be C. B does not make any sense in this case; this is an outgoing SMTP rule. B would pertain to an incoming rule.

The meaning of configuration is "Allow only email sender from domain and sub domain of example.com." I think "C." is make sense because for smtp relay they trust the ip address so we can fake sender for some reason. this configure can prevent you to fake domain but you can still fake name also.

Answer is C - This is an outgoing SMTP Policy. The config shown permits traffic from example.com, anything that doesn't match that gets denied. If someone tries to spoof your mail server and send mail as example1.com, this will be denied.

This one was on the Exam V16 were the correct answer is D but its not written correctly as it is allow outgoing and NOT Deny