SOPHOS ENGINEER 2026 REVISION NOTES
AND STRUCTURED SOPHOS SYSTEM
ADMINISTRATION OVERVIEW GUIDE
◉ Exploit technique detection. Answer: Which feature of Intercept X
is designed to detect malware before it can execute?
◉ Policy Enforced. Answer: You have created a new policy
Which tab do you select to enable the policy?
◉ Ransomware. Answer: Which security threat does Intercept X
protect against?
◉ Admin. Answer: What is the minimum administrative role that
will allow a user to create and edit policies
◉ True. Answer: When protecting a Mac client, you must know the
password of the administrator
◉ Check the system requirements. Answer: What is the first step you
must take when deploying virtual environments?
, ◉ 8190. Answer: Which TCP port is used to communicate policies to
endpoints?
◉ True. Answer: Tamper protection must be disabled before
removing Endpoint Protection.
◉ Files and Registry Entries. Answer: Two of the following are
monitored when File Integrity Monitoring is enabled
◉ Web control. Answer: Which endpoint protection policy do you
edit to block users from visiting a specific website category
◉ Give the user administrator rights to the endpoint and provide the
user with the tamper protection password. Answer: You need to give
a user access to change their protection settings in an emergency
Which 2 of the following allow you to do this?
◉ To prevent the use of removable media on protected endpoints.
Answer: What is the function of Peripheral Control?
◉ False. Answer: Deleting an endpoint Sophos Central will remove
the Endpoint agent from the endpoint.
AND STRUCTURED SOPHOS SYSTEM
ADMINISTRATION OVERVIEW GUIDE
◉ Exploit technique detection. Answer: Which feature of Intercept X
is designed to detect malware before it can execute?
◉ Policy Enforced. Answer: You have created a new policy
Which tab do you select to enable the policy?
◉ Ransomware. Answer: Which security threat does Intercept X
protect against?
◉ Admin. Answer: What is the minimum administrative role that
will allow a user to create and edit policies
◉ True. Answer: When protecting a Mac client, you must know the
password of the administrator
◉ Check the system requirements. Answer: What is the first step you
must take when deploying virtual environments?
, ◉ 8190. Answer: Which TCP port is used to communicate policies to
endpoints?
◉ True. Answer: Tamper protection must be disabled before
removing Endpoint Protection.
◉ Files and Registry Entries. Answer: Two of the following are
monitored when File Integrity Monitoring is enabled
◉ Web control. Answer: Which endpoint protection policy do you
edit to block users from visiting a specific website category
◉ Give the user administrator rights to the endpoint and provide the
user with the tamper protection password. Answer: You need to give
a user access to change their protection settings in an emergency
Which 2 of the following allow you to do this?
◉ To prevent the use of removable media on protected endpoints.
Answer: What is the function of Peripheral Control?
◉ False. Answer: Deleting an endpoint Sophos Central will remove
the Endpoint agent from the endpoint.
