1|Page
Sophos engineer exam (2026/2027) || Most Recent
Exam Actual Complete Real Verified Exam Questions
And Correct Answers (Verified Answers) Already
Graded A+ | Guaranteed Success!! Newest Exam!!!
You are detecting low-reputation files and want to change
the reputation level from recommended to strict. Which
policy do you edit to make this change? - Answer-Threat
Protection
What is the FIRST step you must take when deploying
virtual environments? - Answer-Check the system
requirements
You want to prevent users from copying database files to
USB drives without blocking the use of all USB devices.
Which policy do you need to configure? - Answer-Data
Loss Prevention
You have cloned the threat protection base policy, applied
the policy to a group and saved it. When checking the
endpoint, the policy changes have not taken effect. What
do you check in the policy - Answer-That the cloned policy
has been enforced
,2|Page
Which TCP port is used to communicate policies to
endpoint? - Answer-8190
What is the function of an update cache? - Answer-To
download updates from Sophos Central and store them on
a dedicated server on your network
Which of the following is a method of deploying endpoint
protection? - Answer-Download and run the installer from
Sophos Central
Which TCP port is used to communicate Updates on
endpoint? - Answer-8191
A message relay can be configured on a Server without an
Update Cache. - Answer-False
When protecting a MAC client, you must know the
password of the administrator. - Answer-True
What is the function of live protection? - Answer-Connects
to a cloud server to check for the latest information about
a file
,3|Page
Which is the function of Application control? - Answer-To
block specific applications from running on protected
endpoints
What is the function of Sophos Synchronized Security? -
Answer-To connect Sophos security solutions in real time
Which TCP port is used to communicate policies to
endpoints? - Answer-8190
Which Sophos Central manage product protects the data
on a lost or stolen laptop? - Answer-Encryption
The option to stop the AutoUpdate service is greyed out in
Windows Services. What is the most likely reason for this?
- Answer-Tamper Protection is enabled
Complete the sentence: Signature-based file scanning
relies on... - Answer-previously detected malware
characteristics
TRUE or FALSE: Tamper protection is enabled by default.
- Answer-TRUE
, 4|Page
You are unable to edit policies in Sophos Central. What do
you check in Sophos Central? - Answer-That you have the
correct role assigned
Which URL address do you use to login to Sophos Central
Partner Dashboard? - Answer-partnerportal.sophos.com
What is the function of Web Control? - Answer-Control
access to websites based on their category
What is the function of anti-exploit technology? - Answer-
To detect and stop compromised vulnerable applications
Which feature of intercept X is designed to detect malware
before it can execute? - Answer-Exploit technique
detection
You want to change an action for 'confidential' content.
Where in Sophos Central do you make this change -
Answer-Data loss prevention rule
Sophos engineer exam (2026/2027) || Most Recent
Exam Actual Complete Real Verified Exam Questions
And Correct Answers (Verified Answers) Already
Graded A+ | Guaranteed Success!! Newest Exam!!!
You are detecting low-reputation files and want to change
the reputation level from recommended to strict. Which
policy do you edit to make this change? - Answer-Threat
Protection
What is the FIRST step you must take when deploying
virtual environments? - Answer-Check the system
requirements
You want to prevent users from copying database files to
USB drives without blocking the use of all USB devices.
Which policy do you need to configure? - Answer-Data
Loss Prevention
You have cloned the threat protection base policy, applied
the policy to a group and saved it. When checking the
endpoint, the policy changes have not taken effect. What
do you check in the policy - Answer-That the cloned policy
has been enforced
,2|Page
Which TCP port is used to communicate policies to
endpoint? - Answer-8190
What is the function of an update cache? - Answer-To
download updates from Sophos Central and store them on
a dedicated server on your network
Which of the following is a method of deploying endpoint
protection? - Answer-Download and run the installer from
Sophos Central
Which TCP port is used to communicate Updates on
endpoint? - Answer-8191
A message relay can be configured on a Server without an
Update Cache. - Answer-False
When protecting a MAC client, you must know the
password of the administrator. - Answer-True
What is the function of live protection? - Answer-Connects
to a cloud server to check for the latest information about
a file
,3|Page
Which is the function of Application control? - Answer-To
block specific applications from running on protected
endpoints
What is the function of Sophos Synchronized Security? -
Answer-To connect Sophos security solutions in real time
Which TCP port is used to communicate policies to
endpoints? - Answer-8190
Which Sophos Central manage product protects the data
on a lost or stolen laptop? - Answer-Encryption
The option to stop the AutoUpdate service is greyed out in
Windows Services. What is the most likely reason for this?
- Answer-Tamper Protection is enabled
Complete the sentence: Signature-based file scanning
relies on... - Answer-previously detected malware
characteristics
TRUE or FALSE: Tamper protection is enabled by default.
- Answer-TRUE
, 4|Page
You are unable to edit policies in Sophos Central. What do
you check in Sophos Central? - Answer-That you have the
correct role assigned
Which URL address do you use to login to Sophos Central
Partner Dashboard? - Answer-partnerportal.sophos.com
What is the function of Web Control? - Answer-Control
access to websites based on their category
What is the function of anti-exploit technology? - Answer-
To detect and stop compromised vulnerable applications
Which feature of intercept X is designed to detect malware
before it can execute? - Answer-Exploit technique
detection
You want to change an action for 'confidential' content.
Where in Sophos Central do you make this change -
Answer-Data loss prevention rule
