SOPHOS CERTIFIED ENGINEER EXAM QUESTIONS WITH
CORRECT ANSWERS
Which TCP port is used to communicate policies to endpoints? Correct Answer 8190
Which Sophos Central manage product protects the data on a lost or stolen laptop?
Correct Answer Encryption
The option to stop the Auto Update service is greyed out in Windows Services. What is
the most likely reason for this? Correct Answer Tamper Protection is enabled
Complete the sentence: Signature-based file scanning relies on… Correct Answer
previously detected malware characteristics
TRUE or FALSE: Tamper protection is enabled by default. Correct Answer TRUE
You are unable to edit policies in Sophos Central. What do you check in Sophos
Central? Correct Answer That you have the correct role assigned
Which URL address do you use to login to Sophos Central Partner Dashboard? Correct
Answer partnerportal.sophos.com
You are detecting low-reputation files and want to change the reputation level from
recommended to strict. Which policy do you edit to make this change? Correct Answer
Threat Protection
What is the FIRST step you must take when deploying virtual environments? Correct
Answer Check the system requirements
You want to prevent users from copying database files to USB drives without blocking
the use of all USB devices. Which policy do you need to configure? Correct Answer
Data Loss Prevention
TRUE or FALSE: You can search for a malicious item across your network using EDR
Correct Answer TRUE
Which log provides a record of all activities? Correct Answer Audit log
What is the function of anti-exploit technology? Correct Answer To detect and stop
compromised vulnerable applications
Complete the sentence: The SAV32CLI clean-up tool is a… Correct Answer Command
line tool included in Sophos Central installation
When registering for a Sophos Central Trial, which of the following statements are
TRUE? Correct Answer You must use an email address that has not been used with
Sophos Central before
Which tab on the device details page displays the tamper protection information?
Correct Answer SUMMARY
What is the function of Live Protection? Correct Answer Connects to a cloud server to
check for the latest information about a file
How long are activities stored for in the Enterprise Dashboard? Correct Answer 90 days
What is the function of an Update Cache? Correct Answer To download updates from
Sophos Central and store them on a dedicated server on your network
What is the function of on-access scanning? Correct Answer Monitors running
processes’ behavior
Which of the following alerts is categorized as a high alert? Correct Answer Failed to
protect an endpoint
Which dashboard allows you to manage and apply global settings to multiple Sophos
Central accounts? Correct Answer The Partner Dashboard
Which detection feature can prevent attacks on the master boot record? Correct Answer
Wipe Guard
What is the function of a Message Relay? Correct Answer To enable all devices to
communicate all policy and reporting data using a dedicated server on your network
True or False: Marking an alert as acknowledge will resolve the threat on the endpoint.
Correct Answer FALSE
Which TCP port is used to communicate Updates on endpoints? Correct Answer 8191
TRUE or FALSE: The security VM installer is linked to your Sophos Central account.
Correct Answer FALSE
TRUE or FALSE: You can deploy an update cache without a Message Relay. Correct
Answer TRUE
You want to change an action for ‘confidential’ content. Where in Sophos Central do you
make this change? Correct Answer In the Data Loss Prevention Rule
What does HIPS do on a protected endpoint? Correct Answer Scans for potentially
malicious behavior
Sophos Endpoint and Server – engineer reviewer
questions with correct answers
In the Data Loss Prevention Rule CORRECT ANSWER You want to change an action for
‘confidential’ content. Where in Sophos Central do you make this change?
Modifying protection settings and uninstalling the endpoint agent CORRECT ANSWER Two of
the following that tamper protection prevent users from doing
Installed components CORRECT ANSWER An endpoint is reporting that Sophos Autoupdate is
not installed. In the Self-Help Tool which tab do you check to view whether AutoUpdate is listed
as Installed?
Threat Protection CORRECT ANSWER In which policy do you enable device isolation?
To connect Sophos security solutions in real time CORRECT ANSWER What is the function of
Sophos Synchronized Security?
Super Admin CORRECT ANSWER What is the minimum administrative role that will allow a user
to manage user roles and role assignments
previously detected malware characteristics CORRECT ANSWER Signature-based file scanning
relies on….
Help desk CORRECT ANSWER Minimum administrative role that will allow a user to scan
endpoints
True CORRECT ANSWER Tamper protection is enabled by default
Exclusions tab and global settings CORRECT ANSWER 2 places in Sophos Central do you add
exclusions for servers?
Threat Protection CORRECT ANSWER You want to mitigate exploits in vulnerable applications.
Which policy do you enable the features in?
Download and run the installer from Sophos Central CORRECT ANSWER A method of deploying
endpoint protection?
Machine learning CORRECT ANSWER Is a pre-execution check performed by Intercept X?
Exploit technique detection CORRECT ANSWER Which feature of Intercept X is designed to
detect malware before it can execute?
Policy Enforced CORRECT ANSWER You have created a new policy Which tab do you select to
enable the policy?
Ransomware CORRECT ANSWER Which security threat does Intercept X protect against?
Admin CORRECT ANSWER What is the minimum administrative role that will allow a user to
create and edit policies
True CORRECT ANSWER When protecting a Mac client, you must know the password of the
administrator
Check the system requirements CORRECT ANSWER What is the first step you must take when
deploying virtual environments?
8190 CORRECT ANSWER Which TCP port is used to communicate policies to endpoints?
Sophos Technician questions with correct answers
Global Settings CORRECT ANSWER Where can the AD Sync tool be obtained from?
The connection was blocked but the root cause has NOT been cleaned up CORRECT ANSWER
Which of the following statements is TRUE for a C2/Generic-C detection?
Update > Update configuration CORRECT ANSWER Where in the Endpoint Self Help Tool will
show if an endpoint is using a proxy for updating?
DC=SOPHOS,DC=LOCAL CORRECT ANSWER When configuring AD synchronization, what location
was defined by default in filters under the User Discovery Filters tab?
ping 172.16.2.20 CORRECT ANSWER Enter the command you would use to test IP network
connectivity to the address 172.16.2.20.
Tamper Protection CORRECT ANSWER Which feature would protect the Sophos installation
from becoming disabled by malware?
389 CORRECT ANSWER AD Sync is not working, you have successfully pinged the DC by both
name and IP address. Which port do you use with telnet to confirm the LDAP port is accessible?
netsh winhttp reset proxy CORRECT ANSWER Enter the command you would use to remove the
currently configured system proxy.
%ProgramData%\Sophos\CloudInstaller\Logs CORRECT ANSWER Where is the
‘SophosCloudInstaller.log’ found?
To prevent malicious behavior in software CORRECT ANSWER What is the function of
application lockdown in Intercept X?
Virus Removal tool CORRECT ANSWER Which of these cleanup tools will scan for root kits?
Domain user CORRECT ANSWER What is the minimum type of user required to connect to AD
to gather the user and group information?
True CORRECT ANSWER TRUE or FALSE: Sophos recommends disabling HTTPS inspection for
Sophos updating traffic.
Sophos Intercept X CORRECT ANSWER On a Windows computer, which component logs
information to the ‘Sophos.log’ file?
nslookup CORRECT ANSWER The Central Admin Dashboard shows that none of your endpoints
are using one of your update caches. When pinging the update cache by name it fails. What
command do you use to investigate this further?
Resolve and verify CORRECT ANSWER What is the third step of the troubleshooting process?
Global settings > Controlled Updates CORRECT ANSWER By default, computers get the latest
Sophos product updates automatically, where can an admin change this to allow control over
updates?
SHA-256
The file paths
The certificate CORRECT ANSWER In which 3 ways can you allow a quarantined file to be
restored?
Windows client firewall blocking traffic CORRECT ANSWER When investigating an updating issue
on one of your endpoints, you used the telnet command to connect to dci.sophosupd.com on
port 443. This confirmed that there is a problem using a direct connection. What is most likely
to be causing this?
Sophos Firewall questions with correct answers
When a RED is deployed in Standard/Unified mode, how do the computers on the remote
network get their IP address? CORRECT ANSWER From a DHCP server running on the XG firewall
You are preparing a hardware XG Firewall for installation on a remote site. The order for the
license has not yet been processed. Which registration option do you select in the Initial Setup
wizard? CORRECT ANSWER I do not want to register now
You have created a report that displays data that you wish to check on a daily basis. how can
you make this data easily available in the WebAdmin interface?? CORRECT ANSWER Create a
bookmark for the report
Which of the following best describes greylisting? CORRECT ANSWER The first attempt to
deliver a message is temporarily denied.
One computer has a red health status. ON which 2 of the networks can the endpoints be
protected from the computer with a red health status? CORRECT ANSWER A. C
Sophos XG hardware devices come pre-loaded with software. CORRECT ANSWER True
Which 2 features are required if you want to make use of lateral movement protection?
CORRECT ANSWER Server or endpoint protection. Intercept X
Which XG firewall feature is able to block access to command and control servers? CORRECT
ANSWER Advanced Threat Protection
Which 2 methods are supported for logoff detection when using STAS CORRECT ANSWER PING,
Workstation Polling
Sophos Central Overview questions with correct
answers
Cloud based centralized management platform. It is a console for managing your Sophos
products using a single interface with an intuitive dashboard. CORRECT ANSWER Sophos Central
A communication channel which can warn or alert centrally linked Sophos products when there
has been an attack or suspected attack. CORRECT ANSWER Sophos Security Heartbeat
provides a detailed look into Sophos Central, it’s development, deployment and maintenance as
well as what data is collected, where it is stored and how data is protected. CORRECT ANSWER
Sophos Central Security Framework
integrates anti-ransomware, application whitelisting, server lockdown and provides centralized
management and security of your servers. CORRECT ANSWER Server protection
provides anti-malware protection to your endpoints across your network. It uses Intercept X.
CORRECT ANSWER Endpoint protection
Endpoint three layers of security CORRECT ANSWER Control, Pre-execution, Code execution
is a unified endpoint management (UEM) and security solution that helps businesses spend less
time and effort managing and securing traditional endpoint and mobile endpoints CORRECT
ANSWER Sophos mobile
encrypts the data on the hard disk of an endpoint so that when the endpoint is stolen, the thief
will not be able to access the data on the device. CORRECT ANSWER Sophos data protection
provides security and manageability for public cloud. CORRECT ANSWER Sophos Cloud Optix
· Full disk encryption
· Prevent data loss
· Configure encryption policy CORRECT ANSWER Sophos Encryption
allows you to see which traffic is using your bandwidth to optimize the performance of your WiFi and alert you to potential unwanted use of your resources. CORRECT ANSWER Sophos
Wireless
is an advanced and comprehensive network security device that helps expose hidden risks,
block unknown threats and will automatically respond to incidents.
· Provides visibility of activities on your network
· Detects risky activities and suspicious traffic CORRECT ANSWER XG Firewall
protects devices from malicious attacks that re able to bypass traditional anti-virus solutions.
Typically, these threats are zero-day and ransomware. CORRECT ANSWER Intercept X
educates and test your end users through automated attack simulations, quality security
awareness training and actionable reporting metrics. CORRECT ANSWER Sophos Phish Threat
keeps your users and business safe with instant protection from advanced threats. Our default
setting provides anti-spam and anti-malware protection. CORRECT ANSWER Sophos Email
Gateway
display info. For user and endpoints, detailing whether they have the Sophos agent installed or
the user is associated with a protected endpoint. CORRECT ANSWER Devices and users:
summary
provides an overview of your web control statistics. Split into four categories of Web threats
blocked, Policy violations blocked, Policy warnings issued and Policy warnings proceeded
CORRECT ANSWER Endpoint and server web control
SOPHOS ENGINEER exam questions with
correct answers
That the cloned policy has been enforced CORRECT ANSWER You have cloned the threat
protection base policy, applied the policy to a group and saved it. When checking the endpoint,
the policy changes have not taken effect. What do you check in the policy
8190 CORRECT ANSWER Which TCP port is used to communicate policies to endpoint?
To download updates from Sophos Central and store them on a dedicated server on your
network CORRECT ANSWER What is the function of an update cache?
Download and run the installer from Sophos Central CORRECT ANSWER Which of the following
is a method of deploying endpoint protection?
8191 CORRECT ANSWER Which TCP port is used to communicate Updates on endpoint?
False CORRECT ANSWER A message relay can be configured on a Server without an Update
Cache.
True CORRECT ANSWER When protecting a MAC client, you must know the password of the
administrator.
Connects to a cloud server to check for the latest information about a file CORRECT ANSWER
What is the function of live protection?
To block specific applications from running on protected endpoints CORRECT ANSWER Which is
the function of Application control?
To connect Sophos security solutions in real time CORRECT ANSWER What is the function of
Sophos Synchronized Security?
Control access to websites based on their category CORRECT ANSWER What is the function of
Web Control?
To detect and stop compromised vulnerable applications CORRECT ANSWER What is the
function of anti-exploit technology?
Exploit technique detection CORRECT ANSWER Which feature of intercept X is designed to
detect malware before it can execute?
Data loss prevention rule CORRECT ANSWER You want to change an action for ‘confidential’
content. Where in Sophos Central do you make this change
False CORRECT ANSWER Base policies can be disabled in Sophos Central.
Threat Protection CORRECT ANSWER You are detecting low-reputation files and want to change
the reputation level from recommended to strict. Which policy do you edit to make this
change?
Threat protection CORRECT ANSWER Which endpoint protection policy protects users against
malicious network traffic?
True CORRECT ANSWER TRUE or FALSE: Tamper protection must be disabled before removing
Endpoint protection.
Web Control CORRECT ANSWER Which endpoint protection policy do you edit to block users
from visiting a specific website category?