SOPHOS CERTIFIED ENGINEER EXAM

Which of the following is a method of deploying endpoint protection?

Download and run the installer from Sophos Central

In which 2 ways can you license the Enterprise Dashboard?

(1) Master Licensing (2) Individual Licensing

Where in Sophos Central Admin Console can you enable remote assistance?

Account Details

What is the recommended way to allow a new application to a locked down server?

Add the path of the application to the server lockdown policy

Which log provides a record of all activities?

Audit log

What is the FIRST step you must take when deploying virtual environments?

Check the system requirements

What is the minimum administrative role that will allow a user to scan endpoints?

Help Desk

What is the Sophos recommended Active Directory sync interval?

Once a day

TRUE or FALSE: Tamper protection is enabled by default.

TRUE

How do users view quarantined emails and manage device encryption for their protected endpoints?

The Self-Service Portal

You have a suspicious file on your endpoint. Which tool do you use to quickly scan the file?

The file info tab in the self-help tool

What is the minimum administrative role that will allow a user to create and edit policies?

Admin

Which is the minimum administrative role that will allow a user access to view and edit policies?

Admin

Where can an administrator view the license management types in the Enterprise Dashboard?

Licensing

Which section in the Self-Help tool should be checked to start investigating an updating issue on an endpoint

System

You need to give a user access to change their protection settings in an emergency. Which 2 of the following allow you to do this?

(1) Disable tamper protection for their endpoint (2) Provide the user with the tamper protection password

Threat search results are split into which 2 of the following.

(1) Files (2) Network

Which 2 of the following are monitored when File Integrity Monitoring is enabled?

(1) Files (2) Registry Entries

Which 2 places in Sophos Central do you add exclusions for servers?

(1) Global Settings (2) Server Policy

Your Enterprise Dashboard has been configured with multiple sub-estates. In which 2 ways can you manage the licenses associated with the sub-estates?

(1) In the sub-estate Central Admin Console (2) In the Enterprise Dashboard

Which 2 components are required for protecting virtual environments?

(1) Security Virtual Machine (SVM) (2) Guest Virtual Machine (GVM)

Which 2 of the following does tamper protection prevent users from doing?

(1) Uninstalling the endpoint agent (2) Modifying protection settings

Which TCP port is used to communicate policies to endpoints?

8190

Which TCP port is used to communicate Updates on endpoints?

8191

How long are activities stored for in the Enterprise Dashboard?

90 days

For most detections, which clean-up process is used to clean up the detection?

Automatic Clean Up

Complete the sentence: The SAV32CLI clean-up tool is a...

Command line tool included in Sophos Central installation

What is the function of Live Protection?

Connects to a cloud server to check for the latest information about a file

You want to prevent users from copying database files to USB drives without blocking the use of all USB devices. Which policy do you need to configure?

Data Loss Prevention

What is the first step you must take when removing Sophos Endpoint Protection from a Windows endpoint?

Disable tamper protection in Sophos Central

Which is the minimum administrative role that will allow a user to view alerts, perform updates and scan endpoints?

Help Desk

You want to change an action for 'confidential' content. Where in Sophos Central do you make this change?

In the Data Loss Prevention Rule

An endpoint is reporting that Sophos AutoUpdate is not installed. In the Self-Help Tool which tab do you check to view whether AutoUpdate is listed as installed?

Installed components

A malicious file has been detected on an endpoint and you want to prevent lateral movement through your network. From the threat case, which action do you take?

Isolate the computer

How do you access a managed Sophos Central account to resolve alerts for your customer?

Login using the Launch Sophos Central Admin button in the Partner Dashboard

Which of the following is a pre-execution check performed by Intercept X?

Machine learning

You want to check an endpoint has received the latest policy updates from Sophos Central. Which tab do you select in the Endpoint Self-Help tool to view the last communication date and time?

Management Communication

What is the function of on-access scanning?

Monitors running processes' behavior

You want to configure the login settings for all administrators to require two factors of authentication. Which global setting do you enable?

Multi-factor Authentication

You have created a new policy. Which tab do you select to enable the policy?

POLICY BYPASSED

Which security threat does Intercept X protect against?

Ransomware

Which dashboard allows you to view and apply global settings to multiple Sophos Central Accounts?

The Enterprise Dashboard

Which dashboard allows you to manage and apply global settings to multiple Sophos Central accounts?

The Partner Dashboard

In which policy do you configure anti-virus scanning?

Threat Protection

In which policy do you enable deep learning?

Threat Protection

In which policy do you enable device isolation?

Threat Protection

Which endpoint protection policy block access to malicious websites?

Threat Protection

Which endpoint protection policy protects users against malicious network traffic?

Threat Protection

You are detecting low-reputation files and want to change the reputation level from recommended to strict. Which policy do you edit to make this change?

Threat Protection

You want to mitigate exploits in vulnerable applications. Which policy do you enable the features in?

Threat Protection

Which is the function of Application Control?

To block specific applications from running on protected endpoints

What is the function of Sophos Synchronized Security?

To connect Sophos security solutions in real time

What is the function of Web Control?

To control access to websites based on their category

What is the function of anti-exploit technology?

To detect and stop compromised vulnerable applications

What is the function of an Update Cache?

To download updates from Sophos Central and store them on a dedicated server on your network

Complete the sentence: The Source of Infection clean up tool is a...

Tool that identified where malicious files are written from

True or False: You can choose to send email alerts immediately, hourly, daily or never.

True

Which detection feature can prevent attacks on the master boot record?

WipeGuard

When registering for a Sophos Central Trial, which of the following statements are TRUE?

You must use an email address that has not been used with Sophos Central before

A Windows endpoint installation is failing. It is detecting competitor software. Which log file do you check to investigate this issue?

avremove.log

Which URL address do you use to login to Sophos Central Admin Console?

central.sophos.com

Which URL address do you use to login to Sophos Central Partner Dashboard?

partnerportal.sophos.com

Complete the sentence: Signature-based file scanning relies on...

previously detected malware characteristics

Which 2 of the following are the methods for bulk importing users?

(1) Using the Active Directory Sync Utility (2) Import using a CSV file

Which Sophos Central manage product protects the data on a lost or stolen laptop?

Encryption

Which report will give you information across all protected endpoints?

Events report

Which feature of Intercept X is designed to detect malware before it can execute?

Exploit technique detection

TRUE or FALSE: A Message Relay can be configured on a Server without an Update Cache.

FALSE

TRUE or FALSE: All Endpoints have the same endpo password.

FALSE

TRUE or FALSE: All Endpoints have the same tamper protection password.

FALSE

TRUE or FALSE: All server protection features are enabled by default.

FALSE

TRUE or FALSE: Base policies can be disabled in Sophos Central.

FALSE

TRUE or FALSE: Deleting an endpoint in Sophos Central will remove the Endpoint agent from the endpoint.

FALSE

TRUE or FALSE: The security VM installer is linked to your Sophos Central account.

FALSE

True or False: Marking an alert as acknowledge will resolve the threat on the endpoint.

FALSE

Which of the following alerts is categorized as a high alert?

Failed to protect an endpoint

What does tamper protection prevent a user from doing on their endpoint with Sophos Central agent installed?

Prevents a user from uninstalling the Sophos agent software

Which is the minimum administrative role that will allow a user to view alerts and logs?

Read Only

Which tab on the device details page displays the tamper protection information?

SUMMARY

What does HIPS do on a protected endpoint?

Scans for potentially malicious behaviour

Complete the sentence: The Virus Removal clean up tool is a...

Separate download that detects and removes malware

Which feature allows you to restrict applications on a server?

Server lockdown

Complete the sentence: Server policies are only applied to...

Servers or server groups

Complete the following sentence: The default protection base policy is configured with...

Sophos' recommended settings

Which Sophos support tool do you use to find out the latest information about security threats?

SophosLabs

What is the minimum administrative role that will allow a user to manage user roles and role assignments?

Super Admin

TRUE or FALSE: Tamper protection must be disabled before removing Endpoint Protection.

TRUE

TRUE or FALSE: You can deploy an update cache without a Message Relay.

TRUE

TRUE or FALSE: You can search for a malicious item across your network using EDR

TRUE

True or False: Multi-factor authentication is enabled by default for all Enterprise Administrators.

TRUE

True or False: The Sophos Central Partner Portal can be used to manage customers' XG Firewalls.

TRUE

When protecting a Mac client, you must know the password of the administrator.

TRUE

The option to stop the AutoUpdate service is greyed out in Windows Services. What is the most likely reason for this?

Tamper Protection is enabled

You have cloned the threat protection base policy, applied the policy to a group and saved it. When checking the endpoint, the policy changes have not taken effect. What do you check in the policy?

That the cloned policy has been enforced

You are unable to edit policies in Sophos Central. What do you check in Sophos Central?

That you have the correct role assigned

What is the function of a Message Relay?

To enable all devices to communicate all policy and reporting data using a dedicated server on your network

What is the function of Data Loss Prevention?

To monitor and restrict file transfers containing sensitive data

What is the function of Peripheral Control?

To prevent the use of removable media on protected endpoints