Sophos Technician Exam 2023
Global Settings - Answer Where can the AD Sync tool be obtained from?
The connection was blocked but the root cause has NOT been cleaned up - Answer
Which of the following statements is TRUE for a C2/Generic-C detection?
Update > Update configuration - Answer Where in the Endpoint Self Help Tool will
show if an endpoint is using a proxy for updating?
DC=SOPHOS,DC=LOCAL - Answer When configuring AD synchronization, what
location was defined by default in filters under the User Discovery Filters tab?
ping 172.16.2.20 - Answer Enter the command you would use to test IP network
connectivity to the address 172.16.2.20. _____
Tamper Protection - Answer Which feature would protect the Sophos installation
from becoming disabled by malware?
389 - Answer AD Sync is not working, you have successfully pinged the DC by both
name and IP address. Which port do you use with telnet to confirm the LDAP port is
accessible?
netsh winhttp reset proxy - Answer Enter the command you would use to remove the
currently configured system proxy.
%ProgramData%\Sophos\CloudInstaller\Logs - Answer Where is the
'SophosCloudInstaller_<time_and_date_stamp>.log' found?
To prevent malicious behavior in software - Answer What is the function of
application lockdown in Intercept X?
Virus Removal tool - Answer Which of these cleanup tools will scan for root kits?
Domain user - Answer What is the minimum type of user required to connect to AD
to gather the user and group information?
True - Answer TRUE or FALSE: Sophos recommends disabling HTTPS inspection
for Sophos updating traffic.
Sophos Intercept X - Answer On a Windows computer, which component logs
information to the 'Sophos.log' file?
nslookup - Answer The Central Admin Dashboard shows that none of your endpoints
are using one of your update caches. When pinging the update cache by name it
fails. What command do you use to investigate this further?
Resolve and verify - Answer What is the third step of the troubleshooting process?
Global settings > Controlled Updates - Answer By default, computers get the latest
Sophos product updates automatically, where can an admin change this to allow
control over updates?
, Sophos Technician Exam 2023
SHA-256
The file paths
The certificate - Answer In which 3 ways can you allow a quarantined file to be
restored?
Windows client firewall blocking traffic - Answer When investigating an updating
issue on one of your endpoints, you used the telnet command to connect to
dci.sophosupd.com on port 443. This confirmed that there is a problem using a direct
connection. What is most likely to be causing this?
Ability to disable Tamper Protection
Administrative rights to the network and AD
Administrative rights to the endpoint - Answer Which 3 of the following are required
to perform troubleshooting on an endpoint? Choose three (3).
Read - Answer What permissions does the user need to connect to AD to gather the
user and group information?
60 mins - Answer AutoUpdate performs its first check 5 minutes after the service
starts. At what interval does AutoUpdate then check for software, threat detection
data and other available updates?
True - Answer TRUE or FALSE: Only PE files can be restored from SafeStore
through the user interface.
- Answer Enter the command you would use to resolve the IP address of
srv.sophos.local and test network connectivity to the server at the same time. _____
Date and time are incorrect on the Update Cache server - Answer Why would the
'Last time updated from cache' status show as 'in a year'?
The threat was found in an archive
The threat was found in a mailbox - Answer Which 2 of the following are reasons
why manual cleanup may be required? Choose two (2).
%ProgramData%\sophos\sophos cloud AD sync\logs - Answer Where is the AD
sync log location?
False - Answer TRUE or FALSE: The default Update Cache TCP port of 8191 can
be modified.
True - Answer TRUE or FALSE: Tamper Protection is enabled by default in Sophos
Central.
An unknown file
An executable file in a temporary file location - Answer Which 2 of the following are
malicious file indicators? Choose two (2).
Global Settings - Answer Where can the AD Sync tool be obtained from?
The connection was blocked but the root cause has NOT been cleaned up - Answer
Which of the following statements is TRUE for a C2/Generic-C detection?
Update > Update configuration - Answer Where in the Endpoint Self Help Tool will
show if an endpoint is using a proxy for updating?
DC=SOPHOS,DC=LOCAL - Answer When configuring AD synchronization, what
location was defined by default in filters under the User Discovery Filters tab?
ping 172.16.2.20 - Answer Enter the command you would use to test IP network
connectivity to the address 172.16.2.20. _____
Tamper Protection - Answer Which feature would protect the Sophos installation
from becoming disabled by malware?
389 - Answer AD Sync is not working, you have successfully pinged the DC by both
name and IP address. Which port do you use with telnet to confirm the LDAP port is
accessible?
netsh winhttp reset proxy - Answer Enter the command you would use to remove the
currently configured system proxy.
%ProgramData%\Sophos\CloudInstaller\Logs - Answer Where is the
'SophosCloudInstaller_<time_and_date_stamp>.log' found?
To prevent malicious behavior in software - Answer What is the function of
application lockdown in Intercept X?
Virus Removal tool - Answer Which of these cleanup tools will scan for root kits?
Domain user - Answer What is the minimum type of user required to connect to AD
to gather the user and group information?
True - Answer TRUE or FALSE: Sophos recommends disabling HTTPS inspection
for Sophos updating traffic.
Sophos Intercept X - Answer On a Windows computer, which component logs
information to the 'Sophos.log' file?
nslookup - Answer The Central Admin Dashboard shows that none of your endpoints
are using one of your update caches. When pinging the update cache by name it
fails. What command do you use to investigate this further?
Resolve and verify - Answer What is the third step of the troubleshooting process?
Global settings > Controlled Updates - Answer By default, computers get the latest
Sophos product updates automatically, where can an admin change this to allow
control over updates?
, Sophos Technician Exam 2023
SHA-256
The file paths
The certificate - Answer In which 3 ways can you allow a quarantined file to be
restored?
Windows client firewall blocking traffic - Answer When investigating an updating
issue on one of your endpoints, you used the telnet command to connect to
dci.sophosupd.com on port 443. This confirmed that there is a problem using a direct
connection. What is most likely to be causing this?
Ability to disable Tamper Protection
Administrative rights to the network and AD
Administrative rights to the endpoint - Answer Which 3 of the following are required
to perform troubleshooting on an endpoint? Choose three (3).
Read - Answer What permissions does the user need to connect to AD to gather the
user and group information?
60 mins - Answer AutoUpdate performs its first check 5 minutes after the service
starts. At what interval does AutoUpdate then check for software, threat detection
data and other available updates?
True - Answer TRUE or FALSE: Only PE files can be restored from SafeStore
through the user interface.
- Answer Enter the command you would use to resolve the IP address of
srv.sophos.local and test network connectivity to the server at the same time. _____
Date and time are incorrect on the Update Cache server - Answer Why would the
'Last time updated from cache' status show as 'in a year'?
The threat was found in an archive
The threat was found in a mailbox - Answer Which 2 of the following are reasons
why manual cleanup may be required? Choose two (2).
%ProgramData%\sophos\sophos cloud AD sync\logs - Answer Where is the AD
sync log location?
False - Answer TRUE or FALSE: The default Update Cache TCP port of 8191 can
be modified.
True - Answer TRUE or FALSE: Tamper Protection is enabled by default in Sophos
Central.
An unknown file
An executable file in a temporary file location - Answer Which 2 of the following are
malicious file indicators? Choose two (2).
