Sophos Firewall v19.5
Study online at https://quizlet.com/_d23nip
1. Lateral movement protection is made possible by which of the following?-
: Synchronized Security
2. Which 2 of these are features of the Xstream achitecture?: TLS 1.3 Decryp-
tion und Deep packet inspection
3. Which feature of the Sophjos Firewall helps prevent a computer infected
by a trojan from transmitting personal information out of theri network?: Ad-
vanced Threat Protection
4. Which feature of the Sophos firewall identifies unknown applications?: Syn-
chronized App Controll
5. What cloud platfroms is Sophos Firewall supported on?: AWS, Azure und
Nutanix
6. How many radios do the wireless XGS series models have?: 1
7. True or False: The number of ports can be expanded using additional mod-
ules.: True
8. You have received a new hardware Sophos Firewall. What is the default IP
addres and port that is used to access the device?: 172.16.16.16:4444
9. You are preparing a Sophos Firewall for installation on a remote site. The
order for the license hat not yet been processed. Which device registration
oprion do you select in the Initial Suetup wizard?: I do not want to register now.
10. Servic objects can be created for which of the following?: TCP/UDP Ports,
IP Protocol Number, ICMP Type and Code
11. In which of these zones is an interface conffigured with a gateway?: WAN
12. How many gateways can you include in an SD-WAN profile?: 8
13. Place the route types in the correct default order of precedence: 1. Static;
2. SD-WAN; 3. VPN; 4. Default
14. How many servers does Sophos Firewall suport for static DNS?: 3
15. You have an existing DHCP server. What configuration allows Sophos
firewall to forward lease requests to this?: Relay
16. Which of these are defined as Admin services in Device access?: HTTPS
and SSH
17. You want a certificate to be signed by a third-party company. which option
should you choose?: Generate CSR
18. What are the different types of traffic shaping policy you can create?: -
Users, Web categories, Rules, Applications
19. What do you need to configure before you can start using traffic shaping?-
: Total WAN bandwidth
20. True of False: NAT rules are processed in order from top to bottom: True
21. True or False: All firewall rules are evaluated and the best match is used.-
: false
1/8
, Sophos Firewall v19.5
Study online at https://quizlet.com/_d23nip
22. Which 3 of the following are matching criteria Sophos Firewall uses to au-
tomatically assign firewall rules to groups?: Destination ZONE, Source ZONE,
Rule type
23. complete the sentence below:
When creating a firewall rule for DNAT, you select the ________ destination
zone.: Post NAT
24. Where would you exclude a website from TLS inspection?: WEB -> URL
Groups
25. Where would you configure which chiper algorithms to block?: Decryption
profile
26. What 2 things do you need to do to use IPS policies: Select an IPS policy in
a firewall rule; Enable IPS using the switch
27. Spoof Protection: Drops traffic that is trying to pretend to come from a different
MAC of IP address to bypass protection
28. DoS Protection: Drops traffic that is maliciously trying to prevent legitimate
traffic from being able to accsess services.
29. IPS Policies: Protectes against exploits and malfromed traffic.
30. Which 2 actions can ATP be configured to perform when it detects traffic
to a command-and-control server?: Log; Log and Drop
31. You want to configure Security Heartbeat, what is the first thing you need
to do?: Register your Sophos Firewall with you Sophos Central account
32. What information deas Sophos Firewall share about devices with a RED
health status to prevent lateral movement protection?: MAC Adress
33. What 2 way can you register Sophos Firewall with Sophos Central: OTP;
Username and passwort
34. Which 2 VPN protocols does Sophos Firewall suport for Site to Site: SSL
;IPSEC
35. True of False: RED connections are alway automatically added to the VPN
Zone: false
36. What is the default SSL VPN port?: 8443
37. Where do you select the remote networks?: Server configuration
38. What types of authentication can be used for IPsec Site to Site VPNs?: Dig-
ital certificate; RSA Key; PSK
39. In wich type of IPsec VPN do you need to define the local and remote
network: policy based
40. Which 2 ports do Remote Ethernet Devices use? REDs: TCP 3400; UDP
3410
41. Standard/Split: Sophos Firewall is the DHCP server and default gateway for the
remote network. Only defined traffic is sent through the RED
2/8
Study online at https://quizlet.com/_d23nip
1. Lateral movement protection is made possible by which of the following?-
: Synchronized Security
2. Which 2 of these are features of the Xstream achitecture?: TLS 1.3 Decryp-
tion und Deep packet inspection
3. Which feature of the Sophjos Firewall helps prevent a computer infected
by a trojan from transmitting personal information out of theri network?: Ad-
vanced Threat Protection
4. Which feature of the Sophos firewall identifies unknown applications?: Syn-
chronized App Controll
5. What cloud platfroms is Sophos Firewall supported on?: AWS, Azure und
Nutanix
6. How many radios do the wireless XGS series models have?: 1
7. True or False: The number of ports can be expanded using additional mod-
ules.: True
8. You have received a new hardware Sophos Firewall. What is the default IP
addres and port that is used to access the device?: 172.16.16.16:4444
9. You are preparing a Sophos Firewall for installation on a remote site. The
order for the license hat not yet been processed. Which device registration
oprion do you select in the Initial Suetup wizard?: I do not want to register now.
10. Servic objects can be created for which of the following?: TCP/UDP Ports,
IP Protocol Number, ICMP Type and Code
11. In which of these zones is an interface conffigured with a gateway?: WAN
12. How many gateways can you include in an SD-WAN profile?: 8
13. Place the route types in the correct default order of precedence: 1. Static;
2. SD-WAN; 3. VPN; 4. Default
14. How many servers does Sophos Firewall suport for static DNS?: 3
15. You have an existing DHCP server. What configuration allows Sophos
firewall to forward lease requests to this?: Relay
16. Which of these are defined as Admin services in Device access?: HTTPS
and SSH
17. You want a certificate to be signed by a third-party company. which option
should you choose?: Generate CSR
18. What are the different types of traffic shaping policy you can create?: -
Users, Web categories, Rules, Applications
19. What do you need to configure before you can start using traffic shaping?-
: Total WAN bandwidth
20. True of False: NAT rules are processed in order from top to bottom: True
21. True or False: All firewall rules are evaluated and the best match is used.-
: false
1/8
, Sophos Firewall v19.5
Study online at https://quizlet.com/_d23nip
22. Which 3 of the following are matching criteria Sophos Firewall uses to au-
tomatically assign firewall rules to groups?: Destination ZONE, Source ZONE,
Rule type
23. complete the sentence below:
When creating a firewall rule for DNAT, you select the ________ destination
zone.: Post NAT
24. Where would you exclude a website from TLS inspection?: WEB -> URL
Groups
25. Where would you configure which chiper algorithms to block?: Decryption
profile
26. What 2 things do you need to do to use IPS policies: Select an IPS policy in
a firewall rule; Enable IPS using the switch
27. Spoof Protection: Drops traffic that is trying to pretend to come from a different
MAC of IP address to bypass protection
28. DoS Protection: Drops traffic that is maliciously trying to prevent legitimate
traffic from being able to accsess services.
29. IPS Policies: Protectes against exploits and malfromed traffic.
30. Which 2 actions can ATP be configured to perform when it detects traffic
to a command-and-control server?: Log; Log and Drop
31. You want to configure Security Heartbeat, what is the first thing you need
to do?: Register your Sophos Firewall with you Sophos Central account
32. What information deas Sophos Firewall share about devices with a RED
health status to prevent lateral movement protection?: MAC Adress
33. What 2 way can you register Sophos Firewall with Sophos Central: OTP;
Username and passwort
34. Which 2 VPN protocols does Sophos Firewall suport for Site to Site: SSL
;IPSEC
35. True of False: RED connections are alway automatically added to the VPN
Zone: false
36. What is the default SSL VPN port?: 8443
37. Where do you select the remote networks?: Server configuration
38. What types of authentication can be used for IPsec Site to Site VPNs?: Dig-
ital certificate; RSA Key; PSK
39. In wich type of IPsec VPN do you need to define the local and remote
network: policy based
40. Which 2 ports do Remote Ethernet Devices use? REDs: TCP 3400; UDP
3410
41. Standard/Split: Sophos Firewall is the DHCP server and default gateway for the
remote network. Only defined traffic is sent through the RED
2/8
