SOPHOS CERTIFIED ENGINEER REVIEW FILE
2026 TESTED QUESTIONS
◉ SophosUpdate.log. Answer: You are investigating a failed update
and suspect there is an issue with name resolution, what log would
you check to confirm that the endpoint is able to reach the update
cache?
◉ True. Answer: TRUE or FALSE: You can recover the Tamper
Protection password for a deleted endpoint in Sophos Central.
◉ Tamper Protection. Answer: Which feature would protect the
Sophos installation from becoming disabled by malware?
◉ The connection was blocked but but the root cause has NOT been
cleaned up. Answer: Which of the following statements is TRUE for a
C2/Generic-A detection?
◉ 1. Give them the Tamper Protection password for their device
from the Central console
2. Disable Tamper Protection for their device only. Answer: Which 2
of the following would allow a single user access to change
protection settings on their endpoint?
, ◉ Edit ProductCatalog.xml. Answer: How can the Competitor
Removal Tool be modified to remove software that has not been
detected?
◉ True. Answer: TRUE or FALSE: Sophos recommends disabling
HTTPS inspection for Sophos updating traffic.
◉ netsh winhttp show proxy. Answer: Enter the command you
would use to display the current configuration of the system proxy
_____
◉ In the Threat Protection policy. Answer: Where is automatic self-
isolation enabled?
◉ netsh winhttp reset proxy. Answer: Enter the command you
would use to remove the currently configured system proxy _____
◉ 1. From the device page
2. From a threat case. Answer: In which 2 places can you create a
forensic snapshot? Choose two (2).
◉ 1. Ability to disable Tamper Protection
2. Administrative rights to the network and AD
2026 TESTED QUESTIONS
◉ SophosUpdate.log. Answer: You are investigating a failed update
and suspect there is an issue with name resolution, what log would
you check to confirm that the endpoint is able to reach the update
cache?
◉ True. Answer: TRUE or FALSE: You can recover the Tamper
Protection password for a deleted endpoint in Sophos Central.
◉ Tamper Protection. Answer: Which feature would protect the
Sophos installation from becoming disabled by malware?
◉ The connection was blocked but but the root cause has NOT been
cleaned up. Answer: Which of the following statements is TRUE for a
C2/Generic-A detection?
◉ 1. Give them the Tamper Protection password for their device
from the Central console
2. Disable Tamper Protection for their device only. Answer: Which 2
of the following would allow a single user access to change
protection settings on their endpoint?
, ◉ Edit ProductCatalog.xml. Answer: How can the Competitor
Removal Tool be modified to remove software that has not been
detected?
◉ True. Answer: TRUE or FALSE: Sophos recommends disabling
HTTPS inspection for Sophos updating traffic.
◉ netsh winhttp show proxy. Answer: Enter the command you
would use to display the current configuration of the system proxy
_____
◉ In the Threat Protection policy. Answer: Where is automatic self-
isolation enabled?
◉ netsh winhttp reset proxy. Answer: Enter the command you
would use to remove the currently configured system proxy _____
◉ 1. From the device page
2. From a threat case. Answer: In which 2 places can you create a
forensic snapshot? Choose two (2).
◉ 1. Ability to disable Tamper Protection
2. Administrative rights to the network and AD
