SOPHOS CERTIFIED ENGINEER EXAM QUESTIONS
WITH 100 % CORRECT ANSWERS
Which TCP port is used to communicate policies to endpoints? - Answer-8190
/.Which Sophos Central manage product protects the data on a lost or stolen laptop? -
Answer-Encryption
/.The option to stop the AutoUpdate service is greyed out in Windows Services. What is
the most likely reason for this? - Answer-Tamper Protection is enabled
/.Complete the sentence: Signature-based file scanning relies on... - Answer-previously
detected malware characteristics
/.TRUE or FALSE: Tamper protection is enabled by default. - Answer-TRUE
/.You are unable to edit policies in Sophos Central. What do you check in Sophos
Central? - Answer-That you have the correct role assigned
/.Which URL address do you use to login to Sophos Central Partner Dashboard? -
Answer-partnerportal.sophos.com
/.You are detecting low-reputation files and want to change the reputation level from
recommended to strict. Which policy do you edit to make this change? - Answer-Threat
Protection
/.What is the FIRST step you must take when deploying virtual environments? - Answer-
Check the system requirements
/.You want to prevent users from copying database files to USB drives without blocking
the use of all USB devices. Which policy do you need to configure? - Answer-Data Loss
Prevention
/.TRUE or FALSE: You can search for a malicious item across your network using EDR
- Answer-TRUE
/.Which log provides a record of all activities? - Answer-Audit log
/.What is the function of anti-exploit technology? - Answer-To detect and stop
compromised vulnerable applications
/.Complete the sentence: The SAV32CLI clean-up tool is a... - Answer-Command line
tool included in Sophos Central installation
, /.When registering for a Sophos Central Trial, which of the following statements are
TRUE? - Answer-You must use an email address that has not been used with Sophos
Central before
/.Which tab on the device details page displays the tamper protection information? -
Answer-SUMMARY
/.What is the function of Live Protection? - Answer-Connects to a cloud server to check
for the latest information about a file
/.How long are activities stored for in the Enterprise Dashboard? - Answer-90 days
/.What is the function of an Update Cache? - Answer-To download updates from
Sophos Central and store them on a dedicated server on your network
/.What is the function of on-access scanning? - Answer-Monitors running processes'
behavior
/.Which of the following alerts is categorized as a high alert? - Answer-Failed to protect
an endpoint
/.Which dashboard allows you to manage and apply global settings to multiple Sophos
Central accounts? - Answer-The Partner Dashboard
/.Which detection feature can prevent attacks on the master boot record? - Answer-
WipeGuard
/.What is the function of a Message Relay? - Answer-To enable all devices to
communicate all policy and reporting data using a dedicated server on your network
/.True or False: Marking an alert as acknowledge will resolve the threat on the endpoint.
- Answer-FALSE
/.Which TCP port is used to communicate Updates on endpoints? - Answer-8191
/.TRUE or FALSE: The security VM installer is linked to your Sophos Central account. -
Answer-FALSE
/.TRUE or FALSE: You can deploy an update cache without a Message Relay. -
Answer-TRUE
/.You want to change an action for 'confidential' content. Where in Sophos Central do
you make this change? - Answer-In the Data Loss Prevention Rule
/.What does HIPS do on a protected endpoint? - Answer-Scans for potentially malicious
behaviour
WITH 100 % CORRECT ANSWERS
Which TCP port is used to communicate policies to endpoints? - Answer-8190
/.Which Sophos Central manage product protects the data on a lost or stolen laptop? -
Answer-Encryption
/.The option to stop the AutoUpdate service is greyed out in Windows Services. What is
the most likely reason for this? - Answer-Tamper Protection is enabled
/.Complete the sentence: Signature-based file scanning relies on... - Answer-previously
detected malware characteristics
/.TRUE or FALSE: Tamper protection is enabled by default. - Answer-TRUE
/.You are unable to edit policies in Sophos Central. What do you check in Sophos
Central? - Answer-That you have the correct role assigned
/.Which URL address do you use to login to Sophos Central Partner Dashboard? -
Answer-partnerportal.sophos.com
/.You are detecting low-reputation files and want to change the reputation level from
recommended to strict. Which policy do you edit to make this change? - Answer-Threat
Protection
/.What is the FIRST step you must take when deploying virtual environments? - Answer-
Check the system requirements
/.You want to prevent users from copying database files to USB drives without blocking
the use of all USB devices. Which policy do you need to configure? - Answer-Data Loss
Prevention
/.TRUE or FALSE: You can search for a malicious item across your network using EDR
- Answer-TRUE
/.Which log provides a record of all activities? - Answer-Audit log
/.What is the function of anti-exploit technology? - Answer-To detect and stop
compromised vulnerable applications
/.Complete the sentence: The SAV32CLI clean-up tool is a... - Answer-Command line
tool included in Sophos Central installation
, /.When registering for a Sophos Central Trial, which of the following statements are
TRUE? - Answer-You must use an email address that has not been used with Sophos
Central before
/.Which tab on the device details page displays the tamper protection information? -
Answer-SUMMARY
/.What is the function of Live Protection? - Answer-Connects to a cloud server to check
for the latest information about a file
/.How long are activities stored for in the Enterprise Dashboard? - Answer-90 days
/.What is the function of an Update Cache? - Answer-To download updates from
Sophos Central and store them on a dedicated server on your network
/.What is the function of on-access scanning? - Answer-Monitors running processes'
behavior
/.Which of the following alerts is categorized as a high alert? - Answer-Failed to protect
an endpoint
/.Which dashboard allows you to manage and apply global settings to multiple Sophos
Central accounts? - Answer-The Partner Dashboard
/.Which detection feature can prevent attacks on the master boot record? - Answer-
WipeGuard
/.What is the function of a Message Relay? - Answer-To enable all devices to
communicate all policy and reporting data using a dedicated server on your network
/.True or False: Marking an alert as acknowledge will resolve the threat on the endpoint.
- Answer-FALSE
/.Which TCP port is used to communicate Updates on endpoints? - Answer-8191
/.TRUE or FALSE: The security VM installer is linked to your Sophos Central account. -
Answer-FALSE
/.TRUE or FALSE: You can deploy an update cache without a Message Relay. -
Answer-TRUE
/.You want to change an action for 'confidential' content. Where in Sophos Central do
you make this change? - Answer-In the Data Loss Prevention Rule
/.What does HIPS do on a protected endpoint? - Answer-Scans for potentially malicious
behaviour
