SOPHOS CERTIFIED ENGINEER PRACTICE SET
2026 FULL SOLUTION
◉ 1. The certificate
2. SHA-256
3. The file paths. Answer: In which 3 ways can you allow a
quarantined file to be restored? Choose three (3).
◉ --crtcatalogpath. Answer: Which switch can be used with
SophosSetup.exe to point to the name and location of a custom
catalog file?
◉ POLICY ENFORCED. Answer: You have added a new Threat
Protection policy that will apply to all Windows endpoints but want
to disable it until you can test the settings. Which tab should you use
to disable it?
◉ False. Answer: TRUE or FALSE: The Sophos Diagnostic Utility is
available for Windows endpoints only.
◉ Date and time are incorrect on the Update Cache server. Answer:
Why would the 'Last time updated from cache' status show as 'in a
year'?
,◉ 1. Isolate an endpoint
2. Clean and block
3. Generate a threat case. Answer: Which 3 of the following actions
are available following a threat search?
◉ Domain user. Answer: What is the minimum type of user required
to connect to AD to gather the user and group information?
◉ /private/var/log. Answer: Where is the 'install.log' found on a
Mac OS X endpoint?
◉ DC=SOPHOS,DC=LOCAL. Answer: When configuring AD
synchronization, what location was defined by default in filters
under the User Discovery Filters tab?
◉ 8190. Answer: Enter the port number that a Message Relay will
use. _____
◉ True. Answer: TRUE or FALSE: C:\TEMP should never be
whitelisted in Sophos Central.
◉ True. Answer: TRUE or FALSE: All quarantined data is encrypted
in SafeStore.
, ◉ Tamper Protection is enabled. Answer: The option to stop the
AutoUpdate service is greyed out in Windows Services. What is the
most likely reason for this?
◉ Root Cause Analysis. Answer: What is the second step of the
troubleshooting process?
◉ False. Answer: TRUE or FALSE: All the default policies in Sophos
Central can be disabled.
◉ Read. Answer: What permissions does the user need to connect to
AD to gather the user and group information?
◉ True. Answer: TRUE or FALSE: You can deploy an update cache
without a Message Relay.
◉ Telnet. Answer: Which of the following Windows tools do you use
to test connectivity to a specific port or service?
◉ Sophos Anti-Virus. Answer: Which Windows service must be
disabled when recovering a tamper protected endpoint?
◉ To detect malicious file encryption by ransomware. Answer: What
is the function of CryptoGuard?
2026 FULL SOLUTION
◉ 1. The certificate
2. SHA-256
3. The file paths. Answer: In which 3 ways can you allow a
quarantined file to be restored? Choose three (3).
◉ --crtcatalogpath. Answer: Which switch can be used with
SophosSetup.exe to point to the name and location of a custom
catalog file?
◉ POLICY ENFORCED. Answer: You have added a new Threat
Protection policy that will apply to all Windows endpoints but want
to disable it until you can test the settings. Which tab should you use
to disable it?
◉ False. Answer: TRUE or FALSE: The Sophos Diagnostic Utility is
available for Windows endpoints only.
◉ Date and time are incorrect on the Update Cache server. Answer:
Why would the 'Last time updated from cache' status show as 'in a
year'?
,◉ 1. Isolate an endpoint
2. Clean and block
3. Generate a threat case. Answer: Which 3 of the following actions
are available following a threat search?
◉ Domain user. Answer: What is the minimum type of user required
to connect to AD to gather the user and group information?
◉ /private/var/log. Answer: Where is the 'install.log' found on a
Mac OS X endpoint?
◉ DC=SOPHOS,DC=LOCAL. Answer: When configuring AD
synchronization, what location was defined by default in filters
under the User Discovery Filters tab?
◉ 8190. Answer: Enter the port number that a Message Relay will
use. _____
◉ True. Answer: TRUE or FALSE: C:\TEMP should never be
whitelisted in Sophos Central.
◉ True. Answer: TRUE or FALSE: All quarantined data is encrypted
in SafeStore.
, ◉ Tamper Protection is enabled. Answer: The option to stop the
AutoUpdate service is greyed out in Windows Services. What is the
most likely reason for this?
◉ Root Cause Analysis. Answer: What is the second step of the
troubleshooting process?
◉ False. Answer: TRUE or FALSE: All the default policies in Sophos
Central can be disabled.
◉ Read. Answer: What permissions does the user need to connect to
AD to gather the user and group information?
◉ True. Answer: TRUE or FALSE: You can deploy an update cache
without a Message Relay.
◉ Telnet. Answer: Which of the following Windows tools do you use
to test connectivity to a specific port or service?
◉ Sophos Anti-Virus. Answer: Which Windows service must be
disabled when recovering a tamper protected endpoint?
◉ To detect malicious file encryption by ransomware. Answer: What
is the function of CryptoGuard?
