SOPHOS CERTIFIED ENGINEER EXAM QUESTIONS
WITH CORRECT ANSWERS |UPDATED VERSION|2025/2026|VERIFIED ANSWERS
Which log provides a record of all activities?:Correct Answer: Audit log
What is the function of anti-exploit technology?:Correct Answer: To detect and stop
compro- mised vulnerable applications
Complete the sentence;The SAV32CLI clean-up tool is a...:Correct
Answer: Command line tool included in Sophos Central installation 15. When registering
for a Sophos Central Trial, which of the following state- ments are TRUE?:Correct
Answer: You must use an email address that has not been used with Sophos Central
before
Which tab on the device details page displays the tamper protection infor-
mation?:Correct Answer: SUMMARY
What is the function of Live Protection?:Correct Answer: Connects to a cloud server to
check for the latest information about a file
How long are activities stored for in the Enterprise Dashboard?:Correct Answer: 90 days
What is the function of an Update Cache?:Correct Answer: To download updates from
Sophos Central and store them on a dedicated server on your network
What is the function of on-access scanning?:Correct Answer:
Monitors running processes' behavior
Which of the following alerts is categorized as a high alert?:Correct
Answer: Failed to protect an endpoint
Which dashboard allows you to manage and apply global settings to multiple Sophos
Central accounts?:Correct Answer: The Partner Dashboard
Which detection feature can prevent attacks on the master boot record?:Correct Answer:
-
1/
9
, WipeGuard
What is the function of a Message Relay?:Correct Answer: To enable all devices to
commu- nicate all policy and reporting data using a dedicated server on your network
True or False;Marking an alert as acknowledge will resolve the threat on the
endpoint.:Correct Answer: FALSE
Which TCP port is used to communicate Updates on endpoints?:Correct Answer: 8191
TRUE or FALSE;The security VM installer is linked to your Sophos
Central account.:Correct Answer: FALSE
TRUE or FALSE;You can deploy an update cache without a
Message Relay.:Correct Answer: TRUE
You want to change an action for 'confidential' content. Where in
Sophos Central do you make this change?:Correct Answer: In the Data
Loss Prevention Rule
What does HIPS do on a protected endpoint?:Correct Answer: Scans for potentially
malicious behaviour
You have cloned the threat protection base policy, applied the policy to a group and saved
it. When checking the endpoint, the policy changes have not taken effect. What do you
check in the policy?:Correct Answer:
That the cloned policy has been enforced
16. In which 2 ways can you license the Enterprise
Dashboard?:Correct Answer: (1) Master Licensing
(2) Individual Licensing
33. What is the minimum administrative role that will allow a user to create and edit
policies?:Correct Answer: Admin
34. Complete the following sentence;The default protection base policy is configured
with...:Correct Answer: Sophos' recommended settings
35. Which section in the Self-Help tool should be checked to start investigating an
updating issue on an endpoint:Correct Answer: System 36. What does tamper protection
2/
9
WITH CORRECT ANSWERS |UPDATED VERSION|2025/2026|VERIFIED ANSWERS
Which log provides a record of all activities?:Correct Answer: Audit log
What is the function of anti-exploit technology?:Correct Answer: To detect and stop
compro- mised vulnerable applications
Complete the sentence;The SAV32CLI clean-up tool is a...:Correct
Answer: Command line tool included in Sophos Central installation 15. When registering
for a Sophos Central Trial, which of the following state- ments are TRUE?:Correct
Answer: You must use an email address that has not been used with Sophos Central
before
Which tab on the device details page displays the tamper protection infor-
mation?:Correct Answer: SUMMARY
What is the function of Live Protection?:Correct Answer: Connects to a cloud server to
check for the latest information about a file
How long are activities stored for in the Enterprise Dashboard?:Correct Answer: 90 days
What is the function of an Update Cache?:Correct Answer: To download updates from
Sophos Central and store them on a dedicated server on your network
What is the function of on-access scanning?:Correct Answer:
Monitors running processes' behavior
Which of the following alerts is categorized as a high alert?:Correct
Answer: Failed to protect an endpoint
Which dashboard allows you to manage and apply global settings to multiple Sophos
Central accounts?:Correct Answer: The Partner Dashboard
Which detection feature can prevent attacks on the master boot record?:Correct Answer:
-
1/
9
, WipeGuard
What is the function of a Message Relay?:Correct Answer: To enable all devices to
commu- nicate all policy and reporting data using a dedicated server on your network
True or False;Marking an alert as acknowledge will resolve the threat on the
endpoint.:Correct Answer: FALSE
Which TCP port is used to communicate Updates on endpoints?:Correct Answer: 8191
TRUE or FALSE;The security VM installer is linked to your Sophos
Central account.:Correct Answer: FALSE
TRUE or FALSE;You can deploy an update cache without a
Message Relay.:Correct Answer: TRUE
You want to change an action for 'confidential' content. Where in
Sophos Central do you make this change?:Correct Answer: In the Data
Loss Prevention Rule
What does HIPS do on a protected endpoint?:Correct Answer: Scans for potentially
malicious behaviour
You have cloned the threat protection base policy, applied the policy to a group and saved
it. When checking the endpoint, the policy changes have not taken effect. What do you
check in the policy?:Correct Answer:
That the cloned policy has been enforced
16. In which 2 ways can you license the Enterprise
Dashboard?:Correct Answer: (1) Master Licensing
(2) Individual Licensing
33. What is the minimum administrative role that will allow a user to create and edit
policies?:Correct Answer: Admin
34. Complete the following sentence;The default protection base policy is configured
with...:Correct Answer: Sophos' recommended settings
35. Which section in the Self-Help tool should be checked to start investigating an
updating issue on an endpoint:Correct Answer: System 36. What does tamper protection
2/
9
