Sophos Technician

Ace your homework & exams now with Quizwiz!

SophosCloudInstaller_<time_and_date_stamp>.log

If an installation of Sophos Central failed on a Windows computer, which log file would you refer to first to help diagnose the problem?

False

TRUE or FALSE: AD sync needs to be installed on a DC?

Tamper Protection is enabled

The option to stop the AutoUpdate service is greyed out in Windows Services. What is the most likely reason for this?

Alerts are created when an action is required

Which of the following statements is TRUE about alerts?

389

AD Sync is not working, you have successfully pinged the DC by both name and IP address. Which port do you use with telnet to confirm the LDAP port is accessible?

True

TRUE or FALSE: All quarantined data is encrypted in SafeStore.

60 mins

AutoUpdate performs its first check 5 minutes after the service starts. At what interval does AutoUpdate then check for software, threat detection data and other available updates?

Global settings > Controlled Updates

By default, computers get the latest Sophos product updates automatically, where can an admin change this to allow control over updates?

netsh winhttp show proxy

Enter the command you would use to display the current configuration of the system proxy. _____

netsh winhttp reset proxy

Enter the command you would use to remove the currently configured system proxy.

ping 172.16.2.20

Enter the command you would use to test IP network connectivity to the address 172.16.2.20. _____

Restart the update cache service

If the Windows Firewall service is stopped or disabled when the Update Cache is deployed, then the firewall rule to allow TCP 8191 will not have been created. How do you resolve this?

From the device page From a threat case

In which 2 places can you create a forensic snapshot?

SHA-256 The file paths The certificate

In which 3 ways can you allow a quarantined file to be restored?

Sophos Intercept X

On a Windows computer, which component logs information to the 'Sophos.log' file?

True

TRUE or FALSE: A single instance of AD Sync can synchronise from multiple domains in a forest?

True

TRUE or FALSE: AD Sync will delete groups and users with no Central Admin role when they are no longer present in the search results?

True

TRUE or FALSE: C:\TEMP should never be whitelisted in Sophos Central.

True

TRUE or FALSE: Only PE files can be restored from SafeStore through the user interface.

True

TRUE or FALSE: Sophos recommends disabling HTTPS inspection for Sophos updating traffic.

True

TRUE or FALSE: Tamper Protection is enabled by default in Sophos Central.

False

TRUE or FALSE: The default Update Cache TCP port of 8191 can be modified.

True

TRUE or FALSE: You can deploy an update cache without a Message Relay.

True

TRUE or FALSE: You can recover the Tamper Protection password for a deleted endpoint in Sophos Central.

nslookup

The Central Admin Dashboard shows that none of your endpoints are using one of your update caches. When pinging the update cache by name it fails. What command do you use to investigate this further?

Use settings > website management to override the category for the website URL to one which is not blocked

Web Control has been configured to block access to a category, but this is preventing access to a desired location. Which of the following methods can be used to allow access to this site without allowing access to other sites in the same category?

To remove malware and PUA's To move all detected items to SafeStore

What are the 2 primary functions of Sophos Clean? Choose two (2).

ipconfig /flushdns

What command can be used to clear the DNS cache?

Define the issue

What is the first step of the troubleshooting process?

To detect malicious file encryption by ransomware

What is the function of CryptoGuard?

To detect man-in-the-middle attacks

What is the function of Safe Browsing in Intercept X?

To prevent malicious behavior in software

What is the function of application lockdown in Intercept X?

C:\ProgramData\Sophos\AutoUpdate\data\warehouse

What is the location of AutoUpdate's warehouse on a protected endpoint?

Domain user

What is the minimum type of user required to connect to AD to gather the user and group information?

Root Cause Analysis

What is the second step of the troubleshooting process?

zero-day threats

What is the term for an attack that uses techniques that anti-virus does not yet detect?

Resolve and verify

What is the third step of the troubleshooting process?

Read

What permissions does the user need to connect to AD to gather the user and group information?

Test the deployment script

What step do you need to take before you bulk deploy Sophos Central to endpoints using a startup script in GPO?

decoded warehouse

When clearing the local AutoUpdate cache prior to forcing an update, which 2 of the following folders do you need to rename? Choose two

DC=SOPHOS,DC=LOCAL

When configuring AD synchronization, what location was defined by default in filters under the User Discovery Filters tab?

Windows client firewall blocking traffic

When investigating an updating issue on one of your endpoints, you used the telnet command to connect to dci.sophosupd.com on port 443. This confirmed that there is a problem using a direct connection. What is most likely to be causing this?

Germany United States Ireland

When setting up a new Sophos Central account, which 3 of the following are the datacentre locations you may select? Choose three (3).

4 hours

When troubleshooting an endpoint, how long can you override the Sophos Central policy for?

Global Settings

Where can the AD Sync tool be obtained from?

The Threat Library

Where can you find more information about a specific threat?

Program Data\Sophos\SafeStore Program Data\Sophos\Sophos Anti-Virus\SafeStore

Where can you find the SafeStore quarantine folders on a Windows Endpoint? Choose two (2).

Active Directory Sync Utility

Where do you check to see if the AD sync schedule has been configured correctly?

Update > Update configuration

Where in the Endpoint Self Help Tool will show if an endpoint is using a proxy for updating?

In the Threat Protection policy

Where is automatic self-isolation enabled?

%ProgramData%\Sophos\CloudInstaller\Logs

Where is the 'SophosCloudInstaller_<time_and_date_stamp>.log' found?

/private/var/log

Where is the 'install.log' found on a Mac OS X endpoint?

%ProgramData%\sophos\sophos cloud AD sync\logs

Where is the AD sync log location?

Sophos Endpoint Self Help Sophos Central

Which 2 methods does Sophos provide that will display the status of all Sophos services on Windows computers? Choose two (2).

An unknown file An executable file in a temporary file location

Which 2 of the following are malicious file indicators? Choose two (2).

The threat was found in an archive The threat was found in a mailbox

Which 2 of the following are reasons why manual cleanup may be required? Choose two (2).

Ability to disable Tamper Protection Administrative rights to the network and AD Administrative rights to the endpoint

Which 3 of the following are required to perform troubleshooting on an endpoint? Choose three (3).

Tamper Protection

Which feature would protect the Sophos installation from becoming disabled by malware?

Sophos Anti-Virus

Which installer runs the Competitor Removal Tool (CRT)?

ipconfig

Which of the following Windows tools do you use to display the network configuration?

nslookup

Which of the following Windows tools do you use to resolve IP addresses to hostnames and hostnames to IP addresses?

Ping

Which of the following Windows tools do you use to test IP network connectivity?

The connection was NOT blocked and the threat has NOT been cleaned up

Which of the following statements is TRUE for a C2/Generic-B detection?

The connection was blocked but the root cause has NOT been cleaned up

Which of the following statements is TRUE for a C2/Generic-C detection?

Virus Removal tool

Which of these cleanup tools will scan for root kits?

--quiet

Which switch will prevent the installer from being displayed during a scripted deployment?

To protect against vulnerabilities in software

Why is it important to apply updates and patches to all applications and operating systems across your network?

Date and time are incorrect on the Update Cache server

Why would the 'Last time updated from cache' status show as 'in a year'?

The Update Cache server has run out of disc space

You see the following error in the SophosUpdate.log:WARN [WARN] copy from upstream failed: Cannot write resource: C:/Programdata/sophos/autoupdate/data/warehouse/9548-885What could this indicate?

Boot into Safe Mode and disable Tamper Protection via the Registry Retrieve the password for the deleted endpoint within Central so you can then enter this within the local Endpoint UI

You wish to uninstall the Sophos Endpoint software from a Windows 10 computer. However, Tamper Protection is enabled, and the device is no longer present within Central Admin. Which 2 of following are supported methods of removal? Choose two (2).


Related study sets

Consumer Surplus, Producer Surplus, and the Gains from Trade Chap 4

View Set

Exam 4 Intro Stats Reading Quizzes

View Set