SOPHOS CERTIFIED ENGINEER ACTUAL EXAM QUESTIONS
WITH ANSWERS 2025/2026 GRADED A+
What is the function of on-access scanning? - Monitors running processes' behavior
Which of the following alerts is categorized as a high alert? - Failed to protect an
endpoint
Which dashboard allows you to manage and apply global settings to multiple Sophos
Central accounts? - The Partner Dashboard
Which detection feature can prevent attacks on the master boot record? - WipeGuard
What is the function of a Message Relay? - To enable all devices to communicate all
policy and reporting data using a dedicated server on your network
True or False: Marking an alert as acknowledge will resolve the threat on the endpoint. -
FALSE
Which TCP port is used to communicate Updates on endpoints? - 8191
TRUE or FALSE: The security VM installer is linked to your Sophos Central account. -
FALSE
TRUE or FALSE: You can deploy an update cache without a Message Relay. - TRUE
You want to change an action for 'confidential' content. Where in Sophos Central do you
make this change? - In the Data Loss Prevention Rule
What does HIPS do on a protected endpoint? - Scans for potentially malicious
behaviour
You have cloned the threat protection base policy, applied the policy to a group and
saved it. When checking the endpoint, the policy changes have not taken effect. What
do you check in the policy? - That the cloned policy has been enforced
In which 2 ways can you license the Enterprise Dashboard? - (1) Master Licensing
(2) Individual Licensing
What is the minimum administrative role that will allow a user to create and edit
policies? - Admin
Complete the following sentence: The default protection base policy is configured with...
- Sophos' recommended settings
, Which section in the Self-Help tool should be checked to start investigating an updating
issue on an endpoint - System
What does tamper protection prevent a user from doing on their endpoint with Sophos
Central agent installed? - Prevents a user from uninstalling the Sophos agent software
TRUE or FALSE: All server protection features are enabled by default. - FALSE
Which endpoint protection policy protects users against malicious network traffic? -
Threat Protection
Which is the minimum administrative role that will allow a user to view alerts, perform
updates and scan endpoints? - Help Desk
Your Enterprise Dashboard has been configured with multiple sub-estates. In which 2
ways can you manage the licenses associated with the sub-estates? - (1) In the sub-
estate Central Admin Console
(2) In the Enterprise Dashboard
Threat search results are split into which 2 of the following. - (1) Files
(2) Network
In which policy do you configure anti-virus scanning? - Threat Protection
Which feature of Intercept X is designed to detect malware before it can execute? -
Exploit technique detection
True or False: You can choose to send email alerts immediately, hourly, daily or never. -
True
An endpoint is reporting that Sophos AutoUpdate is not installed. In the Self-Help Tool
which tab do you check to view whether AutoUpdate is listed as installed? - Installed
components
A Windows endpoint installation is failing. It is detecting competitor software. Which log
file do you check to investigate this issue? - avremove.log
How do users view quarantined emails and manage device encryption for their
protected endpoints? - The Self-Service Portal
Which 2 of the following are the methods for bulk importing users? - (1) Using the Active
Directory Sync Utility
(2) Import using a CSV file
You want to configure the login settings for all administrators to require two factors of
authentication. Which global setting do you enable? - Multi-factor Authentication
WITH ANSWERS 2025/2026 GRADED A+
What is the function of on-access scanning? - Monitors running processes' behavior
Which of the following alerts is categorized as a high alert? - Failed to protect an
endpoint
Which dashboard allows you to manage and apply global settings to multiple Sophos
Central accounts? - The Partner Dashboard
Which detection feature can prevent attacks on the master boot record? - WipeGuard
What is the function of a Message Relay? - To enable all devices to communicate all
policy and reporting data using a dedicated server on your network
True or False: Marking an alert as acknowledge will resolve the threat on the endpoint. -
FALSE
Which TCP port is used to communicate Updates on endpoints? - 8191
TRUE or FALSE: The security VM installer is linked to your Sophos Central account. -
FALSE
TRUE or FALSE: You can deploy an update cache without a Message Relay. - TRUE
You want to change an action for 'confidential' content. Where in Sophos Central do you
make this change? - In the Data Loss Prevention Rule
What does HIPS do on a protected endpoint? - Scans for potentially malicious
behaviour
You have cloned the threat protection base policy, applied the policy to a group and
saved it. When checking the endpoint, the policy changes have not taken effect. What
do you check in the policy? - That the cloned policy has been enforced
In which 2 ways can you license the Enterprise Dashboard? - (1) Master Licensing
(2) Individual Licensing
What is the minimum administrative role that will allow a user to create and edit
policies? - Admin
Complete the following sentence: The default protection base policy is configured with...
- Sophos' recommended settings
, Which section in the Self-Help tool should be checked to start investigating an updating
issue on an endpoint - System
What does tamper protection prevent a user from doing on their endpoint with Sophos
Central agent installed? - Prevents a user from uninstalling the Sophos agent software
TRUE or FALSE: All server protection features are enabled by default. - FALSE
Which endpoint protection policy protects users against malicious network traffic? -
Threat Protection
Which is the minimum administrative role that will allow a user to view alerts, perform
updates and scan endpoints? - Help Desk
Your Enterprise Dashboard has been configured with multiple sub-estates. In which 2
ways can you manage the licenses associated with the sub-estates? - (1) In the sub-
estate Central Admin Console
(2) In the Enterprise Dashboard
Threat search results are split into which 2 of the following. - (1) Files
(2) Network
In which policy do you configure anti-virus scanning? - Threat Protection
Which feature of Intercept X is designed to detect malware before it can execute? -
Exploit technique detection
True or False: You can choose to send email alerts immediately, hourly, daily or never. -
True
An endpoint is reporting that Sophos AutoUpdate is not installed. In the Self-Help Tool
which tab do you check to view whether AutoUpdate is listed as installed? - Installed
components
A Windows endpoint installation is failing. It is detecting competitor software. Which log
file do you check to investigate this issue? - avremove.log
How do users view quarantined emails and manage device encryption for their
protected endpoints? - The Self-Service Portal
Which 2 of the following are the methods for bulk importing users? - (1) Using the Active
Directory Sync Utility
(2) Import using a CSV file
You want to configure the login settings for all administrators to require two factors of
authentication. Which global setting do you enable? - Multi-factor Authentication
