SOPHOS ENGINEER exam questions with correct answers
You have cloned the threat protection base policy, applied the policy to a group and saved it. When
checking the endpoint, the policy changes have not taken effect. What do you check in the policy -
Ans>>That the cloned policy has been enforced
Which TCP port is used to communicate policies to endpoint? -Ans>>8190
What is the function of an update cache? -Ans>>To download updates from Sophos Central and store
them on a dedicated server on your network
Which of the following is a method of deploying endpoint protection? -Ans>>Download and run the
installer from Sophos Central
Which TCP port is used to communicate Updates on endpoint? -Ans>>8191
A message relay can be configured on a Server without an Update Cache. -Ans>>False
When protecting a MAC client, you must know the password of the administrator. -Ans>>True
What is the function of live protection? -Ans>>Connects to a cloud server to check for the latest
information about a file
Which is the function of Application control? -Ans>>To block specific applications from running on
protected endpoints
What is the function of Sophos Synchronized Security? -Ans>>To connect Sophos security solutions in
real time
What is the function of Web Control? -Ans>>Control access to websites based on their category
What is the function of anti-exploit technology? -Ans>>To detect and stop compromised vulnerable
applications
Which feature of intercept X is designed to detect malware before it can execute? -Ans>>Exploit
technique detection
You want to change an action for 'confidential' content. Where in Sophos Central do you make this
change -Ans>>Data loss prevention rule
Base policies can be disabled in Sophos Central. -Ans>>False
You are detecting low-reputation files and want to change the reputation level from recommended to
strict. Which policy do you edit to make this change? -Ans>>Threat Protection
Which endpoint protection policy protects users against malicious network traffic? -Ans>>Threat
protection
TRUE or FALSE: Tamper protection must be disabled before removing Endpoint protection. -
Ans>>True
Which endpoint protection policy do you edit to block users from visiting a specific website category?
-Ans>>Web Control
Which endpoint protection policy block access to malicious websites? -Ans>>Threat Protection
, TRUE or FALSE: All Endpoints have the same endpoint password. -Ans>>False
Which feature allows you to restrict application? -Ans>>Application Control
What is the first step you must take when deploying virtual environments? -Ans>>Check system
requirement
Server policies are only applied to .... -Ans>>Servers or server group
Which 2 of the following are monitored when File Integrity Monitoring is enabled? -Ans>>Files and
registry entries
Which 2 components are required for protecting virtual environments? -Ans>>SVM (Security Virtual
Machine) & Guest Virtual Machine (GVM)
A Windows endpoint installation is failing. It is detecting competitor software. Which log file do you
check to investigate this issue? -Ans>>Avremove.log
Which log provides a record of all activities? -Ans>>Audit log
For most detections, which clean-up process is used to clean up the detection? -Ans>>Automatic
Clean up
A malicious file has been detected on an endpoint and you want to prevent lateral movement
through your network. From the threat case, which action do you take? -Ans>>Isolate the computer
You want to check an endpoint has received the latest policy updates from Sophos Central. Which tab
do you select in the Endpoint Self-Help tool to view the last communication date and time? -
Ans>>Management Communications
threat search results are split into which 2 of the following? -Ans>>Files, network
The source of infection clean up tool is.. -Ans>>Tool that identified where malicious files are written
from
Which 2 of the following does tamper protection prevent users from doing? -Ans>>Modifying
protection settings, uninstalling the endpoint agent
An endpoint is reporting that Sophos AutoUpdate is not installed. In the Self-Help Tool which tab do
you check to view whether AutoUpdate is listed as installed? -Ans>>Installed Components
What is the minimum administrative role that will allows a user to manage roles and role assignments?
-Ans>>Super Admin
Signature-based file scanning relies on... -Ans>>previously detected malware characteristics
Which is the minimum administrative role that will allow a user to view alerts, perform updates and
scan endpoints -Ans>>Help Desk
Tamper protection is enabled by default? -Ans>>True
You want to mitigate exploits in vulnerable applications. Which policy do you enable the features in? -
Ans>>Threat Protection
Which of the following is a pre-execution check performed by intercept X -Ans>>Machine learning
You have cloned the threat protection base policy, applied the policy to a group and saved it. When
checking the endpoint, the policy changes have not taken effect. What do you check in the policy -
Ans>>That the cloned policy has been enforced
Which TCP port is used to communicate policies to endpoint? -Ans>>8190
What is the function of an update cache? -Ans>>To download updates from Sophos Central and store
them on a dedicated server on your network
Which of the following is a method of deploying endpoint protection? -Ans>>Download and run the
installer from Sophos Central
Which TCP port is used to communicate Updates on endpoint? -Ans>>8191
A message relay can be configured on a Server without an Update Cache. -Ans>>False
When protecting a MAC client, you must know the password of the administrator. -Ans>>True
What is the function of live protection? -Ans>>Connects to a cloud server to check for the latest
information about a file
Which is the function of Application control? -Ans>>To block specific applications from running on
protected endpoints
What is the function of Sophos Synchronized Security? -Ans>>To connect Sophos security solutions in
real time
What is the function of Web Control? -Ans>>Control access to websites based on their category
What is the function of anti-exploit technology? -Ans>>To detect and stop compromised vulnerable
applications
Which feature of intercept X is designed to detect malware before it can execute? -Ans>>Exploit
technique detection
You want to change an action for 'confidential' content. Where in Sophos Central do you make this
change -Ans>>Data loss prevention rule
Base policies can be disabled in Sophos Central. -Ans>>False
You are detecting low-reputation files and want to change the reputation level from recommended to
strict. Which policy do you edit to make this change? -Ans>>Threat Protection
Which endpoint protection policy protects users against malicious network traffic? -Ans>>Threat
protection
TRUE or FALSE: Tamper protection must be disabled before removing Endpoint protection. -
Ans>>True
Which endpoint protection policy do you edit to block users from visiting a specific website category?
-Ans>>Web Control
Which endpoint protection policy block access to malicious websites? -Ans>>Threat Protection
, TRUE or FALSE: All Endpoints have the same endpoint password. -Ans>>False
Which feature allows you to restrict application? -Ans>>Application Control
What is the first step you must take when deploying virtual environments? -Ans>>Check system
requirement
Server policies are only applied to .... -Ans>>Servers or server group
Which 2 of the following are monitored when File Integrity Monitoring is enabled? -Ans>>Files and
registry entries
Which 2 components are required for protecting virtual environments? -Ans>>SVM (Security Virtual
Machine) & Guest Virtual Machine (GVM)
A Windows endpoint installation is failing. It is detecting competitor software. Which log file do you
check to investigate this issue? -Ans>>Avremove.log
Which log provides a record of all activities? -Ans>>Audit log
For most detections, which clean-up process is used to clean up the detection? -Ans>>Automatic
Clean up
A malicious file has been detected on an endpoint and you want to prevent lateral movement
through your network. From the threat case, which action do you take? -Ans>>Isolate the computer
You want to check an endpoint has received the latest policy updates from Sophos Central. Which tab
do you select in the Endpoint Self-Help tool to view the last communication date and time? -
Ans>>Management Communications
threat search results are split into which 2 of the following? -Ans>>Files, network
The source of infection clean up tool is.. -Ans>>Tool that identified where malicious files are written
from
Which 2 of the following does tamper protection prevent users from doing? -Ans>>Modifying
protection settings, uninstalling the endpoint agent
An endpoint is reporting that Sophos AutoUpdate is not installed. In the Self-Help Tool which tab do
you check to view whether AutoUpdate is listed as installed? -Ans>>Installed Components
What is the minimum administrative role that will allows a user to manage roles and role assignments?
-Ans>>Super Admin
Signature-based file scanning relies on... -Ans>>previously detected malware characteristics
Which is the minimum administrative role that will allow a user to view alerts, perform updates and
scan endpoints -Ans>>Help Desk
Tamper protection is enabled by default? -Ans>>True
You want to mitigate exploits in vulnerable applications. Which policy do you enable the features in? -
Ans>>Threat Protection
Which of the following is a pre-execution check performed by intercept X -Ans>>Machine learning
