






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
SOPHOS Certified Engineer Exam Questions with Correct Answers 2023
Typology: Exams
1 / 12
This page cannot be seen from the preview
Don't miss anything!
Which TCP port is used to communicate policies to endpoints? - Correct Answer- 8190 Which Sophos Central manage product protects the data on a lost or stolen laptop? - Correct Answer-Encryption The option to stop the AutoUpdate service is greyed out in Windows Services. What is the most likely reason for this? - Correct Answer-Tamper Protection is enabled Complete the sentence: Signature-based file scanning relies on... - Correct Answer- previously detected malware characteristics TRUE or FALSE: Tamper protection is enabled by default. - Correct Answer-TRUE You are unable to edit policies in Sophos Central. What do you check in Sophos Central? - Correct Answer-That you have the correct role assigned Which URL address do you use to login to Sophos Central Partner Dashboard? - Correct Answer-partnerportal.sophos.com You are detecting low-reputation files and want to change the reputation level from recommended to strict. Which policy do you edit to make this change? - Correct Answer-Threat Protection What is the FIRST step you must take when deploying virtual environments? - Correct Answer-Check the system requirements You want to prevent users from copying database files to USB drives without blocking the use of all USB devices. Which policy do you need to configure? - Correct Answer- Data Loss Prevention TRUE or FALSE: You can search for a malicious item across your network using EDR - Correct Answer-TRUE Which log provides a record of all activities? - Correct Answer-Audit log What is the function of anti-exploit technology? - Correct Answer-To detect and stop compromised vulnerable applications
Complete the sentence: The SAV32CLI clean-up tool is a... - Correct Answer-Command line tool included in Sophos Central installation When registering for a Sophos Central Trial, which of the following statements are TRUE? - Correct Answer-You must use an email address that has not been used with Sophos Central before Which tab on the device details page displays the tamper protection information? - Correct Answer-SUMMARY What is the function of Live Protection? - Correct Answer-Connects to a cloud server to check for the latest information about a file How long are activities stored for in the Enterprise Dashboard? - Correct Answer- 90 days What is the function of an Update Cache? - Correct Answer-To download updates from Sophos Central and store them on a dedicated server on your network What is the function of on-access scanning? - Correct Answer-Monitors running processes' behavior Which of the following alerts is categorized as a high alert? - Correct Answer-Failed to protect an endpoint Which dashboard allows you to manage and apply global settings to multiple Sophos Central accounts? - Correct Answer-The Partner Dashboard Which detection feature can prevent attacks on the master boot record? - Correct Answer-WipeGuard What is the function of a Message Relay? - Correct Answer-To enable all devices to communicate all policy and reporting data using a dedicated server on your network True or False: Marking an alert as acknowledge will resolve the threat on the endpoint. - Correct Answer-FALSE Which TCP port is used to communicate Updates on endpoints? - Correct Answer- 8191 TRUE or FALSE: The security VM installer is linked to your Sophos Central account. - Correct Answer-FALSE TRUE or FALSE: You can deploy an update cache without a Message Relay. - Correct Answer-TRUE
Protection
Which feature of Intercept X is designed to detect malware before it can execute? - Correct Answer-Exploit technique detection True or False: You can choose to send email alerts immediately, hourly, daily or never. - Correct Answer-True An endpoint is reporting that Sophos AutoUpdate is not installed. In the Self-Help Tool which tab do you check to view whether AutoUpdate is listed as installed? - Correct Answer-Installed components A Windows endpoint installation is failing. It is detecting competitor software. Which log file do you check to investigate this issue? - Correct Answer-avremove.log How do users view quarantined emails and manage device encryption for their protected endpoints? - Correct Answer-The Self-Service Portal Which 2 of the following are the methods for bulk importing users? - Correct Answer-(1) Using the Active Directory Sync Utility (2) Import using a CSV file You want to configure the login settings for all administrators to require two factors of authentication. Which global setting do you enable? - Correct Answer-Multi-factor Authentication When protecting a Mac client, you must know the password of the administrator. - Correct Answer-TRUE What is the function of Data Loss Prevention? - Correct Answer-To monitor and restrict file transfers containing sensitive data For most detections, which clean-up process is used to clean up the detection? - Correct Answer-Automatic Clean Up Which endpoint protection policy block access to malicious websites? - Correct Answer- Threat Protection What is the recommended way to allow a new application to a locked down server? - Correct Answer-Add the path of the application to the server lockdown policy Which security threat does Intercept X protect against? - Correct Answer-Ransomware You want to mitigate exploits in vulnerable applications. Which policy do you enable the features in? - Correct Answer-Threat Protection
Which is the function of Application Control? - Correct Answer-To block specific applications from running on protected endpoints Which 2 of the following are monitored when File Integrity Monitoring is enabled? - Correct Answer-(1) Files (2) Registry Entries Which report will give you information across all protected endpoints? - Correct Answer- Events report Where can an administrator view the license management types in the Enterprise Dashboard? - Correct Answer-Licensing Which Sophos support tool do you use to find out the latest information about security threats? - Correct Answer-SophosLabs True or False: Multi-factor authentication is enabled by default for all Enterprise Administrators. - Correct Answer-TRUE Which of the following is a pre-execution check performed by Intercept X? - Correct Answer-Machine learning What is the function of Web Control? - Correct Answer-To control access to websites based on their category Where in Sophos Central Admin Console can you enable remote assistance? - Correct Answer-Account Details Complete the sentence: The Source of Infection clean up tool is a... - Correct Answer- Tool that identified where malicious files are written from TRUE or FALSE: All Endpoints have the same tamper protection password. - Correct Answer-FALSE Which dashboard allows you to view and apply global settings to multiple Sophos Central Accounts? - Correct Answer-The Enterprise Dashboard In which policy do you enable deep learning? - Correct Answer-Threat Protection What is the minimum administrative role that will allow a user to manage user roles and role assignments? - Correct Answer-Super Admin You need to give a user access to change their protection settings in an emergency. Which 2 of the following allow you to do this? - Correct Answer-(1) Disable tamper
(2) Provide the user with the tamper protection password Complete the sentence: The Virus Removal clean up tool is a... - Correct Answer- Separate download that detects and removes malware Which feature allows you to restrict applications on a server? - Correct Answer-Server lockdown How do you access a managed Sophos Central account to resolve alerts for your customer? - Correct Answer-Login using the Launch Sophos Central Admin button in the Partner Dashboard Which is the minimum administrative role that will allow a user access to view and edit policies? - Correct Answer-Admin You want to check an endpoint has received the latest policy updates from Sophos Central. Which tab do you select in the Endpoint Self-Help tool to view the last communication date and time? - Correct Answer-Management Communication Which 2 components are required for protecting virtual environments? - Correct Answer-(1) Security Virtual Machine (SVM) (2) Guest Virtual Machine (GVM) In which policy do you enable device isolation? - Correct Answer-Threat Protection Complete the sentence: Server policies are only applied to... - Correct Answer-Servers or server groups Which of the following is a method of deploying endpoint protection? - Correct Answer- Download and run the installer from Sophos Central Which URL address do you use to login to Sophos Central Admin Console? - Correct Answer-central.sophos.com You have a suspicious file on your endpoint. Which tool do you use to quickly scan the file? - Correct Answer-The file info tab in the self-help tool What is the first step you must take when removing Sophos Endpoint Protection from a Windows endpoint? - Correct Answer-Disable tamper protection in Sophos Central TRUE or FALSE: All Endpoints have the same endpo password. - Correct Answer- FALSE Which 2 of the following does tamper protection prevent users from doing? - Correct Answer-(1) Uninstalling the endpoint agent
(2) Modifying protection settings