1. v21.

0 Overview and Deployment

1. TRUE or FALSE. Sophos Firewall hardware devices come pre-

loaded with software.

2. What type of encryption does Sophos Firewall make use of for

one way message encryption?
This answer can be found in the Sophos Firewall Features and the
Attack Kill Chain chapter.

3. Which 2 of these are features of the Xstream architecture?

This answer can be found in the What is Sophos Firewall chapter.

4. Which Sophos Firewall Feature is able to identify and block

infected clients from being able to communicate with a command-
and-control server?

2. v21.0 Getting Started

1. Look at the image below.

What type of object is this?

2. Which 2 types of zone can be created on the Sophos Firewall?

3. Which zone is the most secure by default and is for your

internal networks
This answer can be found in the Getting Started with Zones and
Interfaces on Sophos Firewall chapter.
 4. You want to a certificate on Sophos Firewall that will be signed
by your domain registrar. Which option should you select?

3. v21.0 Base Firewall and Network Protection

1. TRUE or FALSE. NAT rules require firewall rules to allow
traffic.

2. Which of the following DoS and spoof protection modes will

drop packets if the IP and MAC do not match with any entry in the
IP-MAC trusted list?

3. What 2 ways can you register Sophos Firewall with Sophos

Central?

4. Which 2 of the following statements correctly describe how

firewall rules are applied?

5. Users complain that when working long hours, they often lose
access to Internet resources.
 Looking at the configuration of the rule above, what is causing this?

4. v21.0 Firewall Icons

1. Which firewall icon shown represents a rule group?
5. v21.0 Site-to-Site Connections
1. TRUE or FALSE. All IPsec and SSL site-to-site or remote
access VPN connections are automatically added to the VPN zone.

2. What is the default SSL VPN port?

3. You are in the process of deploying multiple RED devices. Due

to bandwidth issues at the head office, which 2 modes of
deployment could be used so that only necessary traffic is routed
back to the head office?

4. Which RED mode matches this description? All traffic

generated on the remote network is sent through the RED to
Sophos Firewall.

5. Which 2 VPN protocols does Sophos Firewall support for site-

to-site VPNs? (Excluding RED site-to-site VPN).

6. v21.0 Authentication
1. Which 2 methods are supported for logoff detection when using
STAS?

2. Which 2 of the following are methods of Sophos Firewall

authentication?

3. What type of user can be created to allow temporary access to

resources with the least amount of effort?
This answer can be found in the Getting Started with Sophos
Firewall Authentication chapter.

4. You need to create a user account to authenticate a VoIP

system that needs access to the Internet. The system does not
have the ability to authenticate with your directory service. What
type of user would you create to accomplish this?
This answer can be found in the Getting Started with Sophos
 Firewall Authentication chapter.

7. v21.0 Web Protection and Application Control

1. Which of these options IS supported when using the DPI
Engine for Web Protection?
This answer can be found in the Configuring Web Protection on
Sophos Firewall chapter.

2. Web policy rules apply to which 2 of the following?

3. Which 3 of the following features are provided by application

control?
This answer can be found in the Getting Started with Application
Control on Sophos Firewall chapter.

4. Which 3 of the following features are provided by Cloud

Applications on the Sophos Firewall?

5. Which web filtering method can offload traffic to the FastPath?

This answer can be found in the Sophos Firewall Web Protection
Overview chapter.

8. v21.0 Web Quota

1. You have been asked to create a surfing quota for guests that
allows access to the Internet for 20 hours in a week and then
terminates the connection with no recurrence.

Which image shows the best way to configure the surfing quota?

9. v21.0 Remote Access

1. Which 2 protocols does the Sophos Connect IPsec VPN client
support?
 2. Where can an end user download the Sophos Connect VPN
client from to install on their workstation?

3. Sophos Firewall hosts the SSL VPN on which port by default?

This answer can be found in the Getting Started with Remote
Access VPNs on Sophos Firewall chapter.

4. When you download the IPsec remote access configuration

you have two configuration files. Which file type includes the
advanced configuration?

10. v21.0 Wireless Protection

1. Which client traffic mode creates a VXLAN between the access
point and a wireless interface on the Sophos Firewall?

2. What 2 of the following are methods that can be used to allow

access to a wireless hotspot on the Sophos Firewall?

11. v21.0 Logs and Reports

1. You are checking the application risk meter which is reporting a
risk score of 4.2. Which of the following statements are true in this
circumstance?

2. What is the maximum number of external syslog servers you

can configure on Sophos Firewall?

12. v21.0 Central Management

1. Which 4 of the following statements are TRUE about SD-WAN
connection groups in Sophos Central?
This answer can be found in the Managing Sophos Firewall in
Sophos Central chapter.

2. Which of the following statements is TRUE about Firewall

Management in Sophos Central?

3. How much storage is included with each Central Firewall

Reporting Advanced license in GB? (enter a numerical value)