Sophos Firewall Questions
Which interface type is a virtual LAN created on an existing XG interface
- ✔ ✔ VLAN
you are working with sensitive corporate data and want to ensure that
traffic from remote locations is monitored and blocked from leaving the
corporate LAN. What would be the most appropriate security mode to
deploy the RED devices in - ✔ ✔ Standard/Unified
NAT rules require firewall rules to allow traffic - ✔ ✔ True
When creating a NAT rule which option allows you to select - ✔ ✔
Override source translation
When creating a NAT rule which option allows you to select different
source NATs based on the outbound interface within a single rule? - ✔
✔ Override source translation
Which 2 methods can be used to generate one-time passwords for
authenticating with the XG Firewall - ✔ ✔ Bridge, transparent
Which of the following statements about zero-touch deployment are
TRUE - ✔ ✔ Zero-touch configuration rules can only be created for
unregistered hardware serial numbers
What is the clientless Access portal used for? - ✔ ✔ To provide
access to internal resources without the need for a VPN client to be
installed
Which firewall icon represents a disabled user Rule? - ✔ ✔ C
, Which page list all current applications that are connecting through the
XG Firewall? - ✔ ✔ Live connections
How many days of data is available in Sophos Central? - ✔ ✔ 7 days
What do you need to do in order to use NTLM and Kerberos for web
authentication? - ✔ ✔ Enable AD SSO per zone on the Device Access
page
The XG firewall's life implementation of Cloud Access security Broker
blocks all cloud applications by default - ✔ ✔ False
Below Below is an image of the XG Firewall Control Center. From here,
what would you click to access the Policy Test Simulator - ✔ ✔ Log
Viewer
Which 4 of the following are supported external authentication servers
on Sophos XG firewall 18.0? - ✔ ✔ eDirectory. Radius, Active
directory. LDAP
The option to create loopback and reflexive Nat rules is only when
adding NEW NAT rule, not when editing an existing NAT rule. - ✔ ✔
True
Which 3 options should be configured to ensure the most secure
scanning settings are in place to protect users as they browse the web?
- ✔ ✔ Malware scan mode: Batch, Engine Selection, Dual engine.
Content : Block
Which deployment mode can protect web servers from common
attacks? - ✔ ✔ Web Application Firewall
Which interface type is a virtual LAN created on an existing XG interface
- ✔ ✔ VLAN
you are working with sensitive corporate data and want to ensure that
traffic from remote locations is monitored and blocked from leaving the
corporate LAN. What would be the most appropriate security mode to
deploy the RED devices in - ✔ ✔ Standard/Unified
NAT rules require firewall rules to allow traffic - ✔ ✔ True
When creating a NAT rule which option allows you to select - ✔ ✔
Override source translation
When creating a NAT rule which option allows you to select different
source NATs based on the outbound interface within a single rule? - ✔
✔ Override source translation
Which 2 methods can be used to generate one-time passwords for
authenticating with the XG Firewall - ✔ ✔ Bridge, transparent
Which of the following statements about zero-touch deployment are
TRUE - ✔ ✔ Zero-touch configuration rules can only be created for
unregistered hardware serial numbers
What is the clientless Access portal used for? - ✔ ✔ To provide
access to internal resources without the need for a VPN client to be
installed
Which firewall icon represents a disabled user Rule? - ✔ ✔ C
, Which page list all current applications that are connecting through the
XG Firewall? - ✔ ✔ Live connections
How many days of data is available in Sophos Central? - ✔ ✔ 7 days
What do you need to do in order to use NTLM and Kerberos for web
authentication? - ✔ ✔ Enable AD SSO per zone on the Device Access
page
The XG firewall's life implementation of Cloud Access security Broker
blocks all cloud applications by default - ✔ ✔ False
Below Below is an image of the XG Firewall Control Center. From here,
what would you click to access the Policy Test Simulator - ✔ ✔ Log
Viewer
Which 4 of the following are supported external authentication servers
on Sophos XG firewall 18.0? - ✔ ✔ eDirectory. Radius, Active
directory. LDAP
The option to create loopback and reflexive Nat rules is only when
adding NEW NAT rule, not when editing an existing NAT rule. - ✔ ✔
True
Which 3 options should be configured to ensure the most secure
scanning settings are in place to protect users as they browse the web?
- ✔ ✔ Malware scan mode: Batch, Engine Selection, Dual engine.
Content : Block
Which deployment mode can protect web servers from common
attacks? - ✔ ✔ Web Application Firewall
