1. What is a Sophos Firewall? A comprehensive security device with a zone-
based firewall and identity-based policies at its core.
2. What is the primary purpose of Sophos Firewall? To expose hidden risks
(See it), stop unknown threats (Stop it), and isolate infected systems (Secure it).
3. How does Sophos Firewall provide protection? Protection is provided
through a single cloud-based platform, making day-to-day management of all
Sophos products easy and scalable.
4. What is Zero Trust? A security mindset of "don't trust anything, verify
everything."
5. What is ZTNA? Sophos's Zero Trust Network Access, which bolsters a
firewall by adding granular controls and security for networked applications, in
the cloud or on-premise.
6. What is network segmentation? Segmentation divides a computer network
into smaller pieces to improve network performance and security.
7. What is lateral movement protection? An adaptive micro-segmentation
solution where each individual endpoint is effectively its own segment, able to
be isolated in response to a threat.
8. What is Sophos Lateral Protection? A micro-segmentation solution that
isolates infected devices to stop attacks regardless of network topology.
9. What are the three key features of Sophos Firewall? Zone-based firewall,
identity-based policies, and support for ZTNA with network segmentation and
lateral movement protection.
10. What are the phases of the Attack Kill Chain?
1. Reconnaissance, 2. Weaponization, 3. Delivery, 4. Exploitation, 5.
Installation, 6. Command and Control, 7. Behavior.
,11. What happens in the Reconnaissance and Weaponization phases? The
attacker passively harvests email addresses and company information, then
actively scans the target environment using tools like port scanners.
12. What is Synchronized Security? A feature that enables lateral movement
protection through coordination between Sophos Firewall and Sophos
endpoints.
13. What does the "See it" principle mean in Sophos Firewall? The ability
to expose hidden risks by providing visibility into network traffic and threats.
14. What does the "Stop it" principle mean? The ability to stop unknown
threats using advanced protection mechanisms.
15. What does the "Secure it" principle mean? The ability to isolate infected
systems to prevent threat spread.
16. What is the default IP address and port for Sophos Firewall? Default IP
is 172.16.16.16 and the default port is 4444 (https://172.16.16.16:4444).
17. What is Sophos Web Protection? A feature that scans HTTP/HTTPS
traffic for unwanted content and malware.
18. What does Web Filtering do? Allows or blocks websites based on content
filters and categories.
19. What is Email Encryption and Control? Sophos Firewall can scan
incoming email for malicious content, with IP reputation filtering, file type
detection, and email encryption capabilities.
20. What is SPX? Sophos Secure PDF Exchange Encryption - a method to
encrypt emails for secure data transmission.
21. What is Sophos Zero-Day Protection? Protection that uses hash files
created when scanning attachments with executables, sending them to cloud
database for review.
22. How does the Zero-Day Protection sandbox work? Suspicious files are
sent to Sophos, opened in a sandbox environment, monitored, and then blocked
or allowed based on analysis.
23. How does Sophos Deep Learning work? Millions of samples of good and
bad files are fed to the model, features are defined and labeled (size, vendor,
printable settings), and the model predicts if files are malicious.
24. What is Application Control? A service used to reduce the attack surface
by restricting what applications are allowed.
, 25. What is Synchronized App Control? A feature that identifies unknown
applications through coordination between firewall and endpoints.
26. What feature identifies unknown applications? Synchronized App
Control.
27. What feature helps prevent infected computers from transmitting
personal information? Advanced Threat Protection.
28. What enables TLS 1.3 inspection on Sophos Firewall? Decryption and
Deep Packet Inspection capabilities.
29. Which cloud platforms support Sophos Firewall? AWS, Azure, and
Nutanix.
30. Can Sophos Firewall be installed on existing Intel-compatible
hardware? True.
31. How many wireless radios do XGS series models have? 1 radio.
32. Can the number of ports be expanded on Sophos Firewall? True -
additional modules can be used.
33. What is the Xstream architecture? A high-performance architecture that
provides fast packet processing and efficient resource utilization.
34. What are two features of the Xstream architecture? Hardware
acceleration and optimized traffic processing.
35. What is the purpose of zones in Sophos Firewall? To logically group
interfaces and apply security policies based on trust levels.
36. What types of zones are available? LAN, WAN, DMZ, VPN, WiFi, and
custom zones.
37. What is a DMZ zone used for? To host publicly accessible servers while
isolating them from the internal network.
38. What is the WAN zone? The zone where interfaces with gateway
configurations are placed, connecting to the internet.
39. What is identity-based policy? Security policies that apply based on user
or group identity rather than just IP addresses.
40. What authentication methods does Sophos Firewall support? Local
users, Active Directory, LDAP, RADIUS, TACACS+, and SAML.
based firewall and identity-based policies at its core.
2. What is the primary purpose of Sophos Firewall? To expose hidden risks
(See it), stop unknown threats (Stop it), and isolate infected systems (Secure it).
3. How does Sophos Firewall provide protection? Protection is provided
through a single cloud-based platform, making day-to-day management of all
Sophos products easy and scalable.
4. What is Zero Trust? A security mindset of "don't trust anything, verify
everything."
5. What is ZTNA? Sophos's Zero Trust Network Access, which bolsters a
firewall by adding granular controls and security for networked applications, in
the cloud or on-premise.
6. What is network segmentation? Segmentation divides a computer network
into smaller pieces to improve network performance and security.
7. What is lateral movement protection? An adaptive micro-segmentation
solution where each individual endpoint is effectively its own segment, able to
be isolated in response to a threat.
8. What is Sophos Lateral Protection? A micro-segmentation solution that
isolates infected devices to stop attacks regardless of network topology.
9. What are the three key features of Sophos Firewall? Zone-based firewall,
identity-based policies, and support for ZTNA with network segmentation and
lateral movement protection.
10. What are the phases of the Attack Kill Chain?
1. Reconnaissance, 2. Weaponization, 3. Delivery, 4. Exploitation, 5.
Installation, 6. Command and Control, 7. Behavior.
,11. What happens in the Reconnaissance and Weaponization phases? The
attacker passively harvests email addresses and company information, then
actively scans the target environment using tools like port scanners.
12. What is Synchronized Security? A feature that enables lateral movement
protection through coordination between Sophos Firewall and Sophos
endpoints.
13. What does the "See it" principle mean in Sophos Firewall? The ability
to expose hidden risks by providing visibility into network traffic and threats.
14. What does the "Stop it" principle mean? The ability to stop unknown
threats using advanced protection mechanisms.
15. What does the "Secure it" principle mean? The ability to isolate infected
systems to prevent threat spread.
16. What is the default IP address and port for Sophos Firewall? Default IP
is 172.16.16.16 and the default port is 4444 (https://172.16.16.16:4444).
17. What is Sophos Web Protection? A feature that scans HTTP/HTTPS
traffic for unwanted content and malware.
18. What does Web Filtering do? Allows or blocks websites based on content
filters and categories.
19. What is Email Encryption and Control? Sophos Firewall can scan
incoming email for malicious content, with IP reputation filtering, file type
detection, and email encryption capabilities.
20. What is SPX? Sophos Secure PDF Exchange Encryption - a method to
encrypt emails for secure data transmission.
21. What is Sophos Zero-Day Protection? Protection that uses hash files
created when scanning attachments with executables, sending them to cloud
database for review.
22. How does the Zero-Day Protection sandbox work? Suspicious files are
sent to Sophos, opened in a sandbox environment, monitored, and then blocked
or allowed based on analysis.
23. How does Sophos Deep Learning work? Millions of samples of good and
bad files are fed to the model, features are defined and labeled (size, vendor,
printable settings), and the model predicts if files are malicious.
24. What is Application Control? A service used to reduce the attack surface
by restricting what applications are allowed.
, 25. What is Synchronized App Control? A feature that identifies unknown
applications through coordination between firewall and endpoints.
26. What feature identifies unknown applications? Synchronized App
Control.
27. What feature helps prevent infected computers from transmitting
personal information? Advanced Threat Protection.
28. What enables TLS 1.3 inspection on Sophos Firewall? Decryption and
Deep Packet Inspection capabilities.
29. Which cloud platforms support Sophos Firewall? AWS, Azure, and
Nutanix.
30. Can Sophos Firewall be installed on existing Intel-compatible
hardware? True.
31. How many wireless radios do XGS series models have? 1 radio.
32. Can the number of ports be expanded on Sophos Firewall? True -
additional modules can be used.
33. What is the Xstream architecture? A high-performance architecture that
provides fast packet processing and efficient resource utilization.
34. What are two features of the Xstream architecture? Hardware
acceleration and optimized traffic processing.
35. What is the purpose of zones in Sophos Firewall? To logically group
interfaces and apply security policies based on trust levels.
36. What types of zones are available? LAN, WAN, DMZ, VPN, WiFi, and
custom zones.
37. What is a DMZ zone used for? To host publicly accessible servers while
isolating them from the internal network.
38. What is the WAN zone? The zone where interfaces with gateway
configurations are placed, connecting to the internet.
39. What is identity-based policy? Security policies that apply based on user
or group identity rather than just IP addresses.
40. What authentication methods does Sophos Firewall support? Local
users, Active Directory, LDAP, RADIUS, TACACS+, and SAML.
