Question 1
Which misconfiguration of a public cloud server can contribute to a security incident?
Leaving ports open
Encryption of all data
Privately storing data
Question 2
Which of the following would cause a device to report a red health status in Sophos Central?
No inactive malware has been detected
Inactive malware has been detected
Active malware has been detected
A PUA has been detected
Question 3
A malicious file has been detected on an endpoint and you want to prevent lateral
movement through your network.
From the threat case, which action do you take?
Isolate the malicious file
Delete the malicious file
Isolate the endpoint
Delete the endpoint
Question 4
In which endpoint protection policy can you enable device isolation?
Threat Protection
Application Control
Update Management
Data Loss Prevention
Question 5
TRUE or FALSE:The security VM installer is linked to your Sophos Central account.
FALSE
TRUE
Question 6
TRUE or FALSE:All server protection features are enabled by default.
TRUE
FALSE
Question 7
TRUE or FALSE:A user with the Help-Desk role can change MFA settings for all
administrators.
FALSE
TRUE
Question 8
Which of the following best descirbes the function of Web Control?
�To block specific applications from running on protected endpoints
To monitor and restrict file transfers containing sensitive data
To prevent the use of removable media on protected endpoints
To control access to websites based on the website category
Question 9
Complete the sentence.
Marking an alert as resolved _________ .
removes the threat from the endpoint
does not resolve the threat
removes the threat for all endpoints
Question 10
What is the recommended FIRST step you must take when deploying virtual environments?
Apply policies
Install the SVM
Check the system requirements
Uninstall other anti-virus products
Question 11
What is the minimum administrative role that will allow a user to create and edit policies?
Help Desk
Super Admin
Admin
Read-only
Question 12
Complete the sentence:
Malicious Traffic Detection monitors ____________ .
non-browser outbound network traffic
the category of a website being access
the reputation of a URL or IP address
Question 13 (M)
In which 2 of the following scenarios would the 'Installed Components' health status change
in the Endpoint Self Help tool?
When services are not running or missing for a component
If multiple versions of the same component are installed
If the deivce has not been updated for 24 hours
If a policy has not been received from Sophos Central
A componet is reported as not installed
Question 14
�Complete the sentence:
A content rule used in a Content Control List __________ .
controls the transfer of types of content
controls the transfer of file types or names
Question 15
What type of activity does CryptoGuard detect as a sign that ransomware may be active?
A process that matches the behaviour of known exploits
A process that communicates with known command and control servers
A process that opens and writes files in a short period of time
A process that changes the Windows file encryption settings
Question 16 (M)
Which 2 components are used for the protection of virtual environments (SVE)?
A Guest Virtual Machine Agent (GVM)
A Security Virtual Machine (SVM)
A Security Virtual Guest Agent (SVG)
A Security Virtual Agent (SVA)
Question 17
What functionality does Live Discover provide?
To isolate devices immediately following a detection
Direct command line access to a managed device
The ability to run remote searches across multiple devices
Monitor security across your estate
Question 18
What is the minimum administrative role that will allow a user to manage user roles and
role assignments?
Admin
Super Admin
Read-only
Help Desk
Question 19
Which TCP port does the endpoint use to get policies?
8290
8080
8191
8190
Question 20
Which endpoint protection policy do you edit to block users from visiting a specific website
category?
Peripheral Control
Web Control
�Threat Protection
Application Control
Question 21
TRUE or FALSE:Live Response uses Sophos' secure connection when connecting to devices.
FALSE
TRUE
Question 22
Which of the following features must be enabled in Global Settings before it can be used?
Threat Cases
Live Discover
Live Response
On-Access Scanning
Question 23
Web Control has been configured to block access to a website category. This is preventing
access to a desired website.
Which of the following methods can be used to allow access to the site without allowing
access to other websites in the same category?
Apply a website tag for the required website and allow that as an exception
Submit the site to Sophos to be re-categorized
Move the endpoint into a computer group that does not have web protection applied
Change the category setting to warn
Question 24
You want to check an endpoint has received the latest policy updates from Sophos Central.
Which tab do you select in the Endpoint Self-Help tool to view the last communication date
and time?
Management Communication
System
Installed components
Updates
Question 25
You have cloned a base policy.
Which tab do you select to enable the policy?
USERS
GROUPS
POLICY BYPASSED
SETTINGS
Question 26
Where can you download and run the endpoint protection installer from?
�Sophos Central
Sophos Website
Sophos Support
Question 27
Which of the following best describes the function of Peripheral Control?
To control access to websites based on the website category
To block specific applications from running on protected endpoints
To prevent the use of untrusted devices that may contain malware
To monitor and restrict file transfers containing sensitive data
Question 28
What is the first step you must take when removing Sophos Endpoint Protection from a
Windows endpoint?
Disable tamper protection in Sophos Central
Delete the endpoint in Sophos Central
Uninstall the Sophos protection agent from the endpoint
Question 29 (M)
Which 2 of the following are supported methods of bulk importing users into Sophos
Central?
Import via email
Adding users by protecting devices
Import using a CSV file
Import using a .xls file
Import from an Active Directory (Azure or Windows)
Adding users manually
Question 30 (M)
Which 2 of the following does tamper protection prevent users from doing?
Modifying protection settings
Perform a scan on the endpoint
Uninstalling the endpoint agent
Releasing quarantined items
Installing 3rd party applications
Question 31
Which log or report provides a record of all activities in Sophos Central?
Message history
Audit log
Computers report
Events report
Question 32
You are detecting low-reputation files and want to change the reputation level from
recommended to strict.
�Which policy do you edit to make this change?
Application Control
Threat Protection
Web Control
Data Loss Prevention
Question 33 (M)
To perform a malware health check which two items should be selected in the events
report?
Policy violations
Malware
Product updates
Web control
Runtime detections
Question 34
TRUE or FALSE: When protecting a MacOS endpoint, you must know the administrator
password for that endpoint.
FALSE
TRUE
Question 35
Which of the following best describes the function of Web Protection?
To block specific applications from running
To monitor and restrict file transfers containing sensitive data
To prevent the user of removable media on protected devices
To check the reputation of URL and IP addresses
Question 36
TRUE or FALSE:Deleting an endpoint in Sophos Central will remove the endpoint agent from
the endpoint.
TRUE
FALSE
Question 37 (M)
Which 2 places in Sophos Central do you add exclusions for servers?
The Threat Protection Server Policy X
Exclusions import
Exclusions tab
Global Settings
Question 38
TRUE or FALSE:Any report schedule will automatically stop after 6 months.
FALSE
TRUE
�Question 39
Which of the following best describes the function of Data Loss Prevention?
To monitor and restrict file transfers containing sensitive data
To control access to websites based on the website category
To block specific applications from running on protected endpoints
To prevent the use of removable media on protected endpoints
Question 40
What does Tamper Protection prevent?
Running a full system scan
Viewing identified threats on the endpoint
Updating the Sophos agent software
Uninstalling the Sophos agent software
