SOPHOS ENGINEER CERTIFICATION PRACTICE EXAM:
200 MULTIPLE-CHOICE QUESTIONS WITH VERIFIED
ANSWERS & DETAILED RATIONALES – LATEST EDITION
2026/2027
1. When registering for a Sophos Central Trial, which of the following statements
is TRUE?
A) Any email address can be used
B) You must use an email address that has not been used with Sophos Central
before
C) You need a valid credit card immediately
D) Trial lasts only 7 days
Answer: B
Rationale: Sophos Central requires a unique email not previously registered to
prevent duplicate trials.
2. Which tab on the device details page displays the tamper protection
information?
A) Alerts
B) Policies
C) SUMMARY
D) Logs
Answer: C
Rationale: The SUMMARY tab shows tamper protection status and password
information.
1|Page
,3. What is the function of Live Protection?
A) Blocks all internet traffic
B) Connects to a cloud server to check for the latest information about a file
C) Backs up user files
D) Encrypts local drives
Answer: B
Rationale: Live Protection queries Sophos cloud servers in real time for file
reputation.
4. How long are activities stored for in the Enterprise Dashboard?
A) 30 days
B) 60 days
C) 90 days
D) 180 days
Answer: C
Rationale: Enterprise Dashboard retains activity logs for 90 days by default.
5. What is the function of an Update Cache?
A) To store user passwords
B) To download updates from Sophos Central and store them on a dedicated
server on your network
C) To cache web pages for faster browsing
D) To backup endpoint configurations
Answer: B
Rationale: Update Cache reduces internet bandwidth by locally storing updates.
2|Page
,6. What is the function of on-access scanning?
A) Scans files when they are opened or executed
B) Scans the entire disk once a day
C) Monitors network traffic only
D) Performs a full scan at login
Answer: A
Rationale: On-access scanning checks files in real time when accessed.
7. Which of the following alerts is categorized as a high alert?
A) Update succeeded
B) User logged in
C) Failed to protect an endpoint
D) Policy applied
Answer: C
Rationale: Failure to protect an endpoint indicates a critical security gap.
8. Which dashboard allows you to manage and apply global settings to multiple
Sophos Central accounts?
A) User Dashboard
B) Partner Dashboard
C) Local Dashboard
D) Audit Dashboard
Answer: B
Rationale: Partner Dashboard provides multi-tenant management for MSPs.
3|Page
, 9. Which detection feature can prevent attacks on the master boot record?
A) Live Protection
B) WipeGuard
C) HIPS
D) Web Control
Answer: B
Rationale: WipeGuard specifically protects MBR from ransomware overwrites.
10. What is the function of a Message Relay?
A) To enable all devices to communicate all policy and reporting data using a
dedicated server on your network
B) To send email alerts
C) To relay DNS queries
D) To load balance web traffic
Answer: A
Rationale: Message Relay acts as a local communication hub for endpoints.
11. True or False: Marking an alert as acknowledged will resolve the threat on the
endpoint.
A) True
B) False
Answer: B
Rationale: Acknowledgment only clears the alert; the threat must be cleaned
separately.
4|Page
200 MULTIPLE-CHOICE QUESTIONS WITH VERIFIED
ANSWERS & DETAILED RATIONALES – LATEST EDITION
2026/2027
1. When registering for a Sophos Central Trial, which of the following statements
is TRUE?
A) Any email address can be used
B) You must use an email address that has not been used with Sophos Central
before
C) You need a valid credit card immediately
D) Trial lasts only 7 days
Answer: B
Rationale: Sophos Central requires a unique email not previously registered to
prevent duplicate trials.
2. Which tab on the device details page displays the tamper protection
information?
A) Alerts
B) Policies
C) SUMMARY
D) Logs
Answer: C
Rationale: The SUMMARY tab shows tamper protection status and password
information.
1|Page
,3. What is the function of Live Protection?
A) Blocks all internet traffic
B) Connects to a cloud server to check for the latest information about a file
C) Backs up user files
D) Encrypts local drives
Answer: B
Rationale: Live Protection queries Sophos cloud servers in real time for file
reputation.
4. How long are activities stored for in the Enterprise Dashboard?
A) 30 days
B) 60 days
C) 90 days
D) 180 days
Answer: C
Rationale: Enterprise Dashboard retains activity logs for 90 days by default.
5. What is the function of an Update Cache?
A) To store user passwords
B) To download updates from Sophos Central and store them on a dedicated
server on your network
C) To cache web pages for faster browsing
D) To backup endpoint configurations
Answer: B
Rationale: Update Cache reduces internet bandwidth by locally storing updates.
2|Page
,6. What is the function of on-access scanning?
A) Scans files when they are opened or executed
B) Scans the entire disk once a day
C) Monitors network traffic only
D) Performs a full scan at login
Answer: A
Rationale: On-access scanning checks files in real time when accessed.
7. Which of the following alerts is categorized as a high alert?
A) Update succeeded
B) User logged in
C) Failed to protect an endpoint
D) Policy applied
Answer: C
Rationale: Failure to protect an endpoint indicates a critical security gap.
8. Which dashboard allows you to manage and apply global settings to multiple
Sophos Central accounts?
A) User Dashboard
B) Partner Dashboard
C) Local Dashboard
D) Audit Dashboard
Answer: B
Rationale: Partner Dashboard provides multi-tenant management for MSPs.
3|Page
, 9. Which detection feature can prevent attacks on the master boot record?
A) Live Protection
B) WipeGuard
C) HIPS
D) Web Control
Answer: B
Rationale: WipeGuard specifically protects MBR from ransomware overwrites.
10. What is the function of a Message Relay?
A) To enable all devices to communicate all policy and reporting data using a
dedicated server on your network
B) To send email alerts
C) To relay DNS queries
D) To load balance web traffic
Answer: A
Rationale: Message Relay acts as a local communication hub for endpoints.
11. True or False: Marking an alert as acknowledged will resolve the threat on the
endpoint.
A) True
B) False
Answer: B
Rationale: Acknowledgment only clears the alert; the threat must be cleaned
separately.
4|Page
