1. Sophos Central Overview v5.

0
1. Which of these protection features are not configured by default?

2. Which of the following statements describes Data Loss Prevention?

3. TRUE or FALSE. Synchronized security automates detection, isolation, and remediation results for
endpoints.

4. TRUE or FALSE. Intercept X Essentials only provides access to threat protection base policies in
Sophos Central.

2. Sophos Central User Management v5.0

1. How often does Sophos recommend to schedule the Windows Active Directory Synchronization
Utility tool to synchronize with Sophos Central?
This answer can be found in the Getting Started with Directory Synchronization in Sophos Central chapter.

2. Which 2 primary forms of multi-factor authentication does Sophos Central support?

3. Sophos Central Agent Deployment v5.0

1. Which of the following commands can be used to download the Sophos installer on a Linux server?

4. Sophos Central Updating v5.0

1. TRUE or FALSE: You can install a Message Relay without an Update Cache.

2. TRUE or FALSE: If an Update Cache is deployed, devices do not need direct access to Sophos
Central.
This answer can be found in the Introduction to Update Caches and Message Relays chapter.

5. Sophos Central Device Management v5.0

1. Which 2 of the following does Tamper Protection prevent unauthorized users from doing?
This answer can be found in the Sophos Central Tamper Protection chapter.

2. Which Sophos service cannot be running when attempting to remove the Sophos Endpoint Agent
from a Windows device?

3. TRUE or FALSE. Tamper Protection must be disabled to remove the Sophos Endpoint Agent from
protected devices.

4. TRUE or FALSE: A server can only be a member of ONE server group.

6. Sophos Central Policies v5.0

1. In which of the following circumstances would a scheduled scan be required?
 2. TRUE or FALSE. Exclusions should be specific and target specific users or devices.

3. Which policy is used to prevent users from launching Internet browsers that are controlled and
blocked?
This answer can be found in the Getting Started with the Sophos Central Application Control Policy
chapter.

4. TRUE or FALSE. Sophos defined Content Control Lists cannot be edited.

5. Complete the sentence: A content rule used in a Content Control List to…

6. Which threat protection feature checks suspicious files during on-access scanning against the latest
malware database?

7. You have created a new policy for testing. Which setting can you use to disable the policy after
testing?

8. Which of the following statements best describes website management?

9. Which of the following statements best describes web control?

7. Sophos Central Remediation and Reports v5.0

1. After what time period will an alert be created showing that real-time protection has been disabled for
a computer?

2. Which log or report allows you to filter the event type returned?

3. TRUE or FALSE: When you mark an alert as resolved, Sophos Central verifies that the threat to the
endpoint or server has been resolved.

4. Which Sophos tool provides a second opinion virus scanner?

5. Which of the following exclusions is considered the most secure?

6. The Sophos Endpoint Agent is running and inactive malware has been detected, what is the
expected health status of the device?

7. When configuring the frequency of email alerts, which 3 of the following can you choose to base the
frequency on?

8. TRUE or FALSE: Detected items are restored to their original location if they are released from the
Sophos SafeStore.

9. Complete the sentence.Marking an alert as resolved...

8. Sophos Central Detection and Response v5.0

 1. TRUE or FALSE. You can only connect to the Sophos Appliance Manager from a device on the
same network as the appliance.
This answer can be found in the Getting Started with the Sophos Central Appliance Manager chapter.

2. What VLAN ID must be used when configuring the SPAN ports on a virtual machine? (enter a
numerical value)

3. Which 2 of the following are benefits of running queries against the Data Lake?

4. Which 2 of the following actions can be selected from a Live Discover query pivot result?

5. Where is Live Response enabled in Sophos Central?

6. TRUE or FALSE. When running a Data Lake query, you must select the devices to run the query
against.
The answer can be found in the Getting Started with Sophos Central XDR Data Lake chapter.

7. What must be enabled to edit a Live Discover query?

This answer can be found in the Sophos Central XDR Live Discover Query Scheduling and Editing
chapter.

8. TRUE or FALSE. Only metadata is sent to the Sophos Data Lake from the NDR sensor.
This answer can be found in the Getting Started with Sophos NDR chapter.

9. Which type of integration requires authentication information from the product for configuration?