SOPHOS CERTIFIED ENGINEER EXAM(Reviewer for SOPHOS CERTIFIED ENGINEER EXAM)2023

SOPHOS CERTIFIED ENGINEER EXAM(Reviewer for SOPHOS CERTIFIED ENGINEER EXAM)2023 Which TCP port is used to communicate policies to endpoints? - Answer 8190 Which Sophos Central manage product protects the data on a lost or stolen laptop? - Answer Encryption The option to stop the AutoUpdate service is greyed out in Windows Services. What is the most likely reason for this? - Answer Tamper Protection is enabled Complete the sentence: Signature-based file scanning relies on... - Answer previously detected malware characteristics TRUE or FALSE: Tamper protection is enabled by default. - Answer TRUE You are unable to edit policies in Sophos Central. What do you check in Sophos Central? - Answer That you have the correct role assigned Which URL address do you use to login to Sophos Central Partner Dashboard? - Answer You are detecting low-reputation files and want to change the reputation level from recommended to strict. Which policy do you edit to make this change? - Answer Threat Protection What is the FIRST step you must take when deploying virtual environments? - Answer Check the system requirements You want to prevent users from copying database files to USB drives without blocking the use of all USB devices. Which policy do you need to configure? - Answer Data Loss Prevention TRUE or FALSE: You can search for a malicious item across your network using EDR - Answer TRUE Which log provides a record of all activities? - Answer Audit log What is the function of anti-exploit technology? - Answer To detect and stop compromised vulnerable applications Complete the sentence: The SAV32CLI clean-up tool is a... - Answer Command line tool included in Sophos Central installation When registering for a Sophos Central Trial, which of the following statements are TRUE? - Answer You must use an email address that has not been used with Sophos Central before Which tab on the device details page displays the tamper protection information? - Answer SUMMARY What is the function of Live Protection? - Answer Connects to a cloud server to check for the latest information about a file How long are activities stored for in the Enterprise Dashboard? - Answer 90 days What is the function of an Update Cache? - Answer To download updates from Sophos Central and store them on a dedicated server on your network What is the function of on-access scanning? - Answer Monitors running processes' behavior Which of the following alerts is categorized as a high alert? - Answer Failed to protect an endpoint Which dashboard allows you to manage and apply global settings to multiple Sophos Central accounts? - Answer The Partner Dashboard Which detection feature can prevent attacks on the master boot record? - Answer WipeGuard What is the function of a Message Relay? - Answer To enable all devices to communicate all policy and reporting data using a dedicated server on your network True or False: Marking an alert as acknowledge will resolve the threat on the endpoint. - Answer FALSE Which TCP port is used to communicate Updates on endpoints? - Answer 8191 TRUE or FALSE: The security VM installer is linked to your Sophos Central account. - Answer FALSE TRUE or FALSE: You can deploy an update cache without a Message Relay. - Answer TRUE You want to change an action for 'confidential' content. Where in Sophos Central do you make this change? - Answer In the Data Loss Prevention Rule What does HIPS do on a protected endpoint? - Answer Scans for potentially malicious behaviour You have cloned the threat protection base policy, applied the policy to a group and saved it. When checking the endpoint, the policy changes have not taken effect. What do you check in the policy? - Answer That the cloned policy has been enforced In which 2 ways can you license the Enterprise Dashboard? - Answer (1) Master Licensing (2) Individual Licensing What is the minimum administrative role that will allow a user to create and edit policies? - Answer Admin Complete the following sentence: The default protection base policy is configured with... - Answer Sophos' recommended settings Which section in the Self-Help tool should be checked to start investigating an updating issue on an endpoint - Answer System What does tamper protection prevent a user from doing on their endpoint with Sophos Central agent installed? - Answer Prevents a user from uninstalling the Sophos agent software TRUE or FALSE: All server protection features are enabled by default. - Answer FALSE Which endpoint protection policy protects users against malicious network traffic? - Answer Threat Protection Which is the minimum administrative role that will allow a user to view alerts, perform updates and scan endpoints? - Answer Help Desk Your Enterprise Dashboard has been configured with multiple sub-estates. In which 2 ways can you manage the licenses associated with the sub-estates? - Answer (1) In the sub-estate Central Admin Console (2) In the Enterprise Dashboard Threat search results are split into which 2 of the following. - Answer (1) Files (2) Network In which policy do you configure anti-virus scanning? - Answer Threat Protection Which feature of Intercept X is designed to detect malware before it can execute? - Answer Exploit technique detection True or False: You can choose to send email alerts immediately, hourly, daily or never. - Answer True An endpoint is reporting that Sophos AutoUpdate is not installed. In the Self-Help Tool which tab do you check to view whether AutoUpdate is listed as installed? - Answer Installed components A Windows endpoint installation is failing. It is detecting competitor software. Which log file do you check to investigate this issue? - Answer How do users view quarantined emails and manage device encryption for their protected endpoints? - Answer The Self-Service Portal Which 2 of the following are the methods for bulk importing users? - Answer (1) Using the Active Directory Sync Utility