Sophos
Which 4 of the following are tested and supported virtualization platforms for XG
Firewall? - answersSelect one or more:
a.Hyper-V
b.KVM
c.VMWare
d.Xen
e.Virtual Box
f.Oracle VM
g.Qemu
What feature is required if you want to make use of lateral movement protection? -
answersa.Intercept X
b.Advanced Threat Protection (ATP)
c.Intrusion Prevention System (IPS)
d.Sandstorm Sandboxing
When configuring a route, which of the following allows you to select traffic for routing
based on user and application? - answersSelect one:
a.SD-WAN Policy Route
b.Static Route
c.BGP
d.OSPF
e.RIP
You have received a new hardware XG Firewall and are preparing to connect to it for
the first time. What is the default IP address and port that is used to access the
WebAdmin of the device? - answersSelect one:
a.HTTPS://172.16.16.16:4444
b.HTTPS://172.16.16.16:443
c.HTTPS://172.16.16.254:18080
d.HTTPS://192.168.0.1:4444
e.HTTPS://192.168.0.254:443
Which deployment mode is also known as transparent or inline mode? - answersSelect
one:
a.Gateway Mode
b.Bridge Mode
c.Web Application Firewall (WAF)
d.Discover Mode
Which interface type allows standard routing to be used to send traffic over the VPN? -
answersSelect one:
, a.Bridge
b.Alias
c.VLAN
d.Tunnel
e.WIFI
Which XG Firewall feature is able to block access to command and control servers? -
answersSelect one:
a.Advanced Threat Protection (ATP)
b.SSL/TLS inspection
c.Application control
d.Intrusion Prevention (IPS)
Which feature can harden forms, sign cookies and scan for malware? - answersSelect
one:
a.Web Server Protection
b.Intrusion Prevention (IPS)
c.Advanced Threat Protection (ATP)
d.Security Heartbeat
Which additional controls available through the ellipses menu for firewall rules, can be
useful when troubleshooting? - answersSelect one:
a.Detaching the rule from a group
b.Resetting the data counter for the rule
c.Moving the rule to a specific position
d.Delete the rule
Which XG Firewall feature sends decrypted packets to IPS, application control, web
filtering and antivirus for checking? - answersSelect one:
a.SSL/TLS inspection
b.Advanced Threat Protection (ATP)
c.Application control
d.Sandstorm sandboxing
Which 2 of the following statements correctly describe how firewall rules are applie -
answersSelect one or more:
a.All firewall rules are applied to all packets
b.Packets are tested against all firewall rules and the best match is used
c.Packets are tested against firewall rules in order and the first match is used
d.Packets which match a DNAT rule are ignored by the firewall
e.Packets that don't match a firewall rule are dropped and logged
Which of the following DoS and spoof protection modes will drop packets if the source
IP address does not match an entry on the firewall's routing table? - answersSelect one:
a.IP Spoofing
b.MAC filter
Which 4 of the following are tested and supported virtualization platforms for XG
Firewall? - answersSelect one or more:
a.Hyper-V
b.KVM
c.VMWare
d.Xen
e.Virtual Box
f.Oracle VM
g.Qemu
What feature is required if you want to make use of lateral movement protection? -
answersa.Intercept X
b.Advanced Threat Protection (ATP)
c.Intrusion Prevention System (IPS)
d.Sandstorm Sandboxing
When configuring a route, which of the following allows you to select traffic for routing
based on user and application? - answersSelect one:
a.SD-WAN Policy Route
b.Static Route
c.BGP
d.OSPF
e.RIP
You have received a new hardware XG Firewall and are preparing to connect to it for
the first time. What is the default IP address and port that is used to access the
WebAdmin of the device? - answersSelect one:
a.HTTPS://172.16.16.16:4444
b.HTTPS://172.16.16.16:443
c.HTTPS://172.16.16.254:18080
d.HTTPS://192.168.0.1:4444
e.HTTPS://192.168.0.254:443
Which deployment mode is also known as transparent or inline mode? - answersSelect
one:
a.Gateway Mode
b.Bridge Mode
c.Web Application Firewall (WAF)
d.Discover Mode
Which interface type allows standard routing to be used to send traffic over the VPN? -
answersSelect one:
, a.Bridge
b.Alias
c.VLAN
d.Tunnel
e.WIFI
Which XG Firewall feature is able to block access to command and control servers? -
answersSelect one:
a.Advanced Threat Protection (ATP)
b.SSL/TLS inspection
c.Application control
d.Intrusion Prevention (IPS)
Which feature can harden forms, sign cookies and scan for malware? - answersSelect
one:
a.Web Server Protection
b.Intrusion Prevention (IPS)
c.Advanced Threat Protection (ATP)
d.Security Heartbeat
Which additional controls available through the ellipses menu for firewall rules, can be
useful when troubleshooting? - answersSelect one:
a.Detaching the rule from a group
b.Resetting the data counter for the rule
c.Moving the rule to a specific position
d.Delete the rule
Which XG Firewall feature sends decrypted packets to IPS, application control, web
filtering and antivirus for checking? - answersSelect one:
a.SSL/TLS inspection
b.Advanced Threat Protection (ATP)
c.Application control
d.Sandstorm sandboxing
Which 2 of the following statements correctly describe how firewall rules are applie -
answersSelect one or more:
a.All firewall rules are applied to all packets
b.Packets are tested against all firewall rules and the best match is used
c.Packets are tested against firewall rules in order and the first match is used
d.Packets which match a DNAT rule are ignored by the firewall
e.Packets that don't match a firewall rule are dropped and logged
Which of the following DoS and spoof protection modes will drop packets if the source
IP address does not match an entry on the firewall's routing table? - answersSelect one:
a.IP Spoofing
b.MAC filter
