Sophos engineer exam 2024 WITH ANS
That the cloned policy has been enforced - Answer- You have cloned the threat
protection base policy, applied the policy to a group and saved it. When checking the
endpoint, the policy changes have not taken effect. What do you check in the policy
8190 - Answer- Which TCP port is used to communicate policies to endpoint?
To download updates from Sophos Central and store them on a dedicated server on
your network - Answer- What is the function of an update cache?
Download and run the installer from Sophos Central - Answer- Which of the following is
a method of deploying endpoint protection?
8191 - Answer- Which TCP port is used to communicate Updates on endpoint?
False - Answer- A message relay can be configured on a Server without an Update
Cache.
True - Answer- When protecting a MAC client, you must know the password of the
administrator.
Connects to a cloud server to check for the latest information about a file - Answer-
What is the function of live protection?
To block specific applications from running on protected endpoints - Answer- Which is
the function of Application control?
To connect Sophos security solutions in real time - Answer- What is the function of
Sophos Synchronized Security?
Control access to websites based on their category - Answer- What is the function of
Web Control?
To detect and stop compromised vulnerable applications - Answer- What is the function
of anti-exploit technology?
Exploit technique detection - Answer- Which feature of intercept X is designed to detect
malware before it can execute?
Data loss prevention rule - Answer- You want to change an action for 'confidential'
content. Where in Sophos Central do you make this change
False - Answer- Base policies can be disabled in Sophos Central.
, Threat Protection - Answer- You are detecting low-reputation files and want to change
the reputation level from recommended to strict. Which policy do you edit to make this
change?
Threat protection - Answer- Which endpoint protection policy protects users against
malicious network traffic?
True - Answer- TRUE or FALSE: Tamper protection must be disabled before removing
Endpoint protection.
Web Control - Answer- Which endpoint protection policy do you edit to block users from
visiting a specific website category?
Threat Protection - Answer- Which endpoint protection policy block access to malicious
websites?
False - Answer- TRUE or FALSE: All Endpoints have the same endpoint password.
Application Control - Answer- Which feature allows you to restrict application?
Check system requirement - Answer- What is the first step you must take when
deploying virtual environments?
Servers or server group - Answer- Server policies are only applied to ....
Files and registry entries - Answer- Which 2 of the following are monitored when File
Integrity Monitoring is enabled?
SVM (Security Virtual Machine) & Guest Virtual Machine (GVM) - Answer- Which 2
components are required for protecting virtual environments?
Avremove.log - Answer- A Windows endpoint installation is failing. It is detecting
competitor software. Which log file do you check to investigate this issue?
Audit log - Answer- Which log provides a record of all activities?
Automatic Clean up - Answer- For most detections, which clean-up process is used to
clean up the detection?
Isolate the computer - Answer- A malicious file has been detected on an endpoint and
you want to prevent lateral movement through your network. From the threat case,
which action do you take?
Management Communications - Answer- You want to check an endpoint has received
the latest policy updates from Sophos Central. Which tab do you select in the Endpoint
Self-Help tool to view the last communication date and time?
That the cloned policy has been enforced - Answer- You have cloned the threat
protection base policy, applied the policy to a group and saved it. When checking the
endpoint, the policy changes have not taken effect. What do you check in the policy
8190 - Answer- Which TCP port is used to communicate policies to endpoint?
To download updates from Sophos Central and store them on a dedicated server on
your network - Answer- What is the function of an update cache?
Download and run the installer from Sophos Central - Answer- Which of the following is
a method of deploying endpoint protection?
8191 - Answer- Which TCP port is used to communicate Updates on endpoint?
False - Answer- A message relay can be configured on a Server without an Update
Cache.
True - Answer- When protecting a MAC client, you must know the password of the
administrator.
Connects to a cloud server to check for the latest information about a file - Answer-
What is the function of live protection?
To block specific applications from running on protected endpoints - Answer- Which is
the function of Application control?
To connect Sophos security solutions in real time - Answer- What is the function of
Sophos Synchronized Security?
Control access to websites based on their category - Answer- What is the function of
Web Control?
To detect and stop compromised vulnerable applications - Answer- What is the function
of anti-exploit technology?
Exploit technique detection - Answer- Which feature of intercept X is designed to detect
malware before it can execute?
Data loss prevention rule - Answer- You want to change an action for 'confidential'
content. Where in Sophos Central do you make this change
False - Answer- Base policies can be disabled in Sophos Central.
, Threat Protection - Answer- You are detecting low-reputation files and want to change
the reputation level from recommended to strict. Which policy do you edit to make this
change?
Threat protection - Answer- Which endpoint protection policy protects users against
malicious network traffic?
True - Answer- TRUE or FALSE: Tamper protection must be disabled before removing
Endpoint protection.
Web Control - Answer- Which endpoint protection policy do you edit to block users from
visiting a specific website category?
Threat Protection - Answer- Which endpoint protection policy block access to malicious
websites?
False - Answer- TRUE or FALSE: All Endpoints have the same endpoint password.
Application Control - Answer- Which feature allows you to restrict application?
Check system requirement - Answer- What is the first step you must take when
deploying virtual environments?
Servers or server group - Answer- Server policies are only applied to ....
Files and registry entries - Answer- Which 2 of the following are monitored when File
Integrity Monitoring is enabled?
SVM (Security Virtual Machine) & Guest Virtual Machine (GVM) - Answer- Which 2
components are required for protecting virtual environments?
Avremove.log - Answer- A Windows endpoint installation is failing. It is detecting
competitor software. Which log file do you check to investigate this issue?
Audit log - Answer- Which log provides a record of all activities?
Automatic Clean up - Answer- For most detections, which clean-up process is used to
clean up the detection?
Isolate the computer - Answer- A malicious file has been detected on an endpoint and
you want to prevent lateral movement through your network. From the threat case,
which action do you take?
Management Communications - Answer- You want to check an endpoint has received
the latest policy updates from Sophos Central. Which tab do you select in the Endpoint
Self-Help tool to view the last communication date and time?
