Question 1

Complete the sentence

The Source of Infection clean up tool is a…

Bootable anti-virus scanning and removal tool

Separate download that detects and removes malware
Command line tool included in Sophos Central installation
Tool that identified where malicious files are written from
Question 2
What is the function of Sophos Synchronized Security?

To remove any detected malware files

To connect Sophos security solutions in real time
To generate threat cases for investigation
To quarantine detected malicious files
Question 3
You have cloned the threat protection base policy, applied the policy to a group and
saved it.

When checking the endpoint, the policy changes have not taken effect. What do you
check in the policy?

That the base policy is bypassed

That the base policy has been disabled
That the group has been removed from the base policy
That the cloned policy has been enforced
Question 4
Complete the following sentence

The default protection base policy is configured with…

All features disabled

Sophos' strict settings
Sophos' recommended settings
All features enable
Question 5
What is the function of Web Control?

To control access to websites based on their category

To block specific applications from running on protected endpoints
To prevent the use of removable media on protected endpoints
To monitor and restrict file transfers containing sensitive data
Question 6
Threat search results are split into which 2 of the following?

Registry keys
Endpoints
Folders
Network
Files
Question 7
What is the function of a Message Relay?

To deploy and receive updates from all protected endpoints

To enable all devices to communicate all policy and reporting data using a dedicated server
on your network
To update Sophos Central automatically
To download updates from Sophos Central and store them on a dedicated server on your
network

Question 8
Complete the sentence

The SAV32CLI clean up tool is a…

Bootable anti-virus scanning and removal tool

Tool that identified where malicious files are written from
Command line tool included in Sophos Central installation
Separate download that detects and removes malware
Question 9
In which policy do you configure anti-virus scanning?

Threat Protection
Web Control
Application Control
Peripheral Control
Question 10
What is the minimum administrative role that will allow a user to manage user roles
and role assignments?

Help Desk
Read Only
Admin
Super Admin
Question 11
In which policy do you enable device isolation?

Threat Protection
Data Loss Prevention
Application Control
Update Management
Question 12
TRUE or FALSE

You can search for a malicious item across your network using EDR

TRUE
FALSE

Question 13
An endpoint is reporting that Sophos AutoUpdate is not installed.

In the Self-Help Tool which tab do you check to view whether AutoUpdate is listed as
installed?

Installed components
Management Communication
Update
System

Question 14
What is the FIRST step you must take when deploying virtual environments?

Install the SVM

Check the system requirements
Uninstall other anti-virus products
Apply policies

Question 15
What is the minimum administrative role that will allow a user to scan endpoints?

Super Admin
Admin
Read Only
Help Desk

Question 16
What is the function of Live Protection?

Lists all the official email servers that may send email for your domain
Blocks Denial of Server (DDoS) attacks
Connects to a cloud server to check for the latest information about a
file
Monitors running processes' behaviour

Question 17
What is the function of Peripheral Control?

To block specific applications from running on protected endpoints

To monitor and restrict file transfers containing sensitive data
To prevent the use of removable media on protected endpoints
To control access to websites based on their category

Question 18
TRUE or FALSE

The security VM installer is linked to your Sophos Central account.

FALSE
TRUE

Question 19
Which detection feature can prevent attacks on the master boot record?

CryptoGuard
WipeGuard
Malicious Traffic Detection
Anti-exploit

Question 20
For most detections, which clean up process is used to clean up the detection?

Automatic Clean Up
Bootable AV
 Source of Infection Tool
Virus Removal Tool

Question 21
Which Sophos support tool do you use to find out the latest information about
security threats?

Sophos Support
SophosLabs
Sophos Community

Question 22
You want to prevent users from copying database files to USB drives without
blocking the use of all USB devices.

Which policy do you need to configure?

Application Control
Data Loss Prevention
Threat Protection
Peripheral Control

Question 23
Which TCP port is used to communicate Updates on endpoints?

8191
8190
8080
8290

Question 24
A malicious file has been detected on an endpoint and you want to prevent lateral
movement through your network.

From the threat case, which action do you take?

Isolate the malicious file

Delete the computer
Delete the malicious file
Isolate the computer

Question 25
TRUE or FALSE

A Message Relay can be configured on a Server without an Update Cache.

FALSE
TRUE

Question 26
Complete the sentence.

Signature-based file scanning relies on…

previously detected malware characteristics

deep neural networks identifying specific characteristics
specific malware techniques being identified

Question 27
What is the function of anti-exploit
technology?

To monitor HTTP traffic and detect communication in C2 servers

To protect the disk and boot record of a protected endpoint
To detect and stop compromised vulnerable applications

Question 28
TRUE or FALSE

When protecting a Mac client, you must know the password of the administrator.

TRUE
FALSE

Question 29
You have a suspicious file on your endpoint.

Which tool do you use to quickly scan the file?

The bootable anti-virus scan tool

The file info tab in the self-help tool
The Source of Infection tool
The full scan option on an endpoint

Question 30
What is the first step you must take when removing Sophos Endpoint Protection
from a Windows endpoint?

Remove the endpoint agent from the endpoint

Disable tamper protection in Sophos Central
Delete the endpoint from Sophos Central

Question 31
TRUE or FALSE

Base policies can be disabled in Sophos Central.

FALSE
TRUE

Question 32
Which TCP port is used to communicate policies to endpoints?

8080
8191
8290
8190

Question 33
What is the recommended way to allow a new application to a locked down server?

Add the path of the application to the server lockdown policy

Turn off server lockdown to install the application
Pause server lockdown to install the application
Question 34
You have created a new policy

Which tab do you select to enable the policy?

GROUPS
POLICY ENFORCED
USERS
SETTINGS
POLICY BYPASSED

Question 35
Which feature allows you to restrict applications on a server?

Server protection
Tamper protection
Endpoint protection
Server lockdown

Question 36
Which 2 of the following does tamper protection prevent users from doing?

Modifying protection settings

Uninstalling the endpoint agent
Installing and uninstalling 3rd party applications
Running a manual scan
Releasing quarantined items

Question 37
In which policy do you enable deep learning?

Web Control
Data Loss Prevention
Threat Protection
Application Control

Question 38
You are detecting low-reputation files and want to change the reputation level from
recommended to strict.
br>Which policy do you edit to make this change?
Web Control
Application Control
Data Loss Prevention
Threat Protection

Question 39
TRUE or FALSE

Deleting an endpoint in Sophos Central will remove the Endpoint agent from the
endpoint.

FALSE
TRUE

Question 40
Which 2 places in Sophos Central do you add exclusions for servers?

Global Settings
Exclusions tab
Exclusions import
Server Policy

Question 4
You want to mitigate exploits in vulnerable applications.

Which policy do you enable the features in?

Data Loss Prevention

Web Control
Application Control
Threat Protection

Question 6
Which is the function of Application Control?

To monitor and restrict file transfers containing sensitive data

To control access to websites based on their category
To block specific applications from running on protected endpoints
To prevent the use of removable media on protected endpoint

Question 7
What is the function of an Update
Cache?

To update Sophos Central automatically

To download updates from Sophos Central and store them on a dedicated server on your
network
To enable all devices to communicate all policy and reporting data using a dedicated server
on your network
To deploy and receive updates from all protected endpoints

Question 8
A Windows endpoint installation is failing. It is detecting competitor software.

Which log file do you check to investigate this issue?

avremove.log
Sophos standalone installer.txt
Sophos extract log.txt
Sophos MCS install log.txt

Question 10
TRUE or FALSE

All server protection features are enabled by default.

TRUE
FALSE

Question 11
Complete the sentence

Server policies are only applied to…

Users and User Groups

Servers or server groups
Question 13
Which endpoint protection policy block access to malicious websites?

Data Loss Prevention

Web Control
Application Control
Threat Protection

Which 2 of the following are monitored when File Integrity Monitoring is enabled?

Registry Entries
Files
Processes
Applications

Question 15
You are unable to edit policies in Sophos Central.

What do you check in Sophos Central?

That you have been configured for SSP

That you have an exchange login
That you are in the right group
That you have the correct role assigned

Question 16
Which 2 components are required for protecting virtual environments?

Security Virtual Agent (SVA)

Security Virtual Machine (SVM)
Security Virtual Guest (SVG)
Guest Virtual Machine (GVM)

Question 17
Which security threat does Intercept X protect against?

Denial of Service (DDoS) attacks

Phishing emails
Ransomware
Web malware
Question 18
Which of the following is a pre-execution check performed by Intercept X?

Signature-based scanning
Live Lookups
HIPS
Machine learning

Question 20
You need to give a user access to change their protection settings in an emergency.

Which 2 of the following allow you to do this?

Make the user an administrator in Sophos Central

Disable tamper protection for their endpoint
Provide the user with the tamper protection password
Give the user administrator rights to the endpoint
Question 21
You want to change an action for 'confidential' content.

Where in Sophos Central do you make this change?

In the Web Control policy

In the Content Control List
In the Data Loss Prevention policy
In the Data Loss Prevention Rule

Question 23
What is the function of Data Loss Prevention?

To block specific applications from running on protected endpoints

To control access to websites based on their category
To monitor and restrict file transfers containing sensitive data
To prevent the use of removable media on protected endpoints

Question 24
>b>What is the minimum administrative role that will allow a user to create and edit
policies?

Read Only
Admin
Super Admin
Help Desk

Question 26
Complete the sentence

The Virus Removal clean up tool is a…

Command line tool included in Sophos Central installation

Separate download that detects and removes malware
Tool that identified where malicious files are written from
Bootable anti-virus scanning and removal tool

Question 28
Which section in the Self-Help tool should be checked to starting investigating an
updating issue on an endpoint?

System
Services
Policy
Update

Question 29
Which endpoint protection policy do you edit to block users from visiting a specific
website category?

Threat Protection
Peripheral Control
Web Control
Application Control

Question 30
What is the function of on-access scanning

Lists all the official email servers that may send email for your domain
Connects to a cloud server to check for the latest information about a
file
Monitors running processes' behaviour
Blocks Denial of Server (DDoS) attacks

Question 31
TRUE or FALSE

Tamper protection is enabled by default.

TRUE
FALSE

Question 32
Which endpoint protection policy protects users against malicious network traffic?

Threat Protection
Peripheral Control
Web Control
Application Control

Question 33
Which log provides a record of all activities?

Event log
Audit log
Data Loss Prevention
Message history

Question 34
Which of the following is a method of deploying endpoint protection?

Download and run the installer from the Sophos website

Download and run the installer from your My Sophos account
Download and run the installer from Sophos Central

uestion 35
TRUE or FALSE

All Endpoints have the same tamper protection password.

TRUE
FALSE

Question 36
Which feature of Intercept X is designed to detect malware before it can execute?

Security Heartbeat
Malicious traffic detection
CyrptoGuard ransomware detection
Exploit technique detection

Question 37
TRUE or FALSE

Tamper protection must be disabled before removing Endpoint Protection.

TRUE
FALSE

Question 38
You want to check an endpoint has received the latest policy updates from Sophos
Central.

Which tab do you select in the Endpoint Self-Help tool to view the last communication
date and time?

System
Management Communication
Update
Installed components

Question 39
Which report will give you information across all protected endpoints?

Endpoint report
Server report
Events report
Users report
Question 40
What does HIPS do on a protected endpoint?

Scans files based on the reputation score

Scans any file being read, opened or written to
Scans for potentially malicious behaviour
Checks a file against Sophos Servers