Sophos Firewall UPDATED ACTUAL
Exam Questions and CORRECT Answers
When a RED is deployed in Standard/Unified mode, how do the computers on the remote
network get their IP adresss? - CORRECT ANSWER - From a DHCP server running on
the XG firewall
You are preparing a hardware XG Firewall for installation on a remote site. The order for the
license has not yet been processed. Which registration option do you select in the Initial Setup
wizard? - CORRECT ANSWER - I do not want to register now
You have created a repot that displays data that you wish to check on a daily basis. how can you
make this data easily available in the WebAdmin interface?? - CORRECT ANSWER -
Create a bookmark for the report
Which of the following best describes greylisting? - CORRECT ANSWER - The first
attempt to deliver a message is temporarily denied.
One computer has a red health status. ON which 2 of the networks can the endpoints be protected
from the computer with a a red health status? - CORRECT ANSWER - A. C
Sophos XG hardware devices come pre-loaded with software. - CORRECT ANSWER -
True
Which 2 features are required if you want to make use of lateral movement protection? -
CORRECT ANSWER - Server or endpoint protection. Intercept X
Which XG firewall feature is able to block access to command and control servers? - CORRECT
ANSWER - Advanced Threat Protection
Which 2 methods are supported for logoff detection when using STAS - CORRECT
ANSWER - PING, Workstation Polling
, Type the name of the only zone that cannot have a physical port or interface assigned to it -
CORRECT ANSWER - vpn
DHCP can be used to override the magic IP if the XG Firewall is not the default gateway. -
CORRECT ANSWER - False
Which web filtering method can offload traffic to the FastPath? - CORRECT ANSWER -
DPI
Which interface type is a virtual LAN created on an existing XG interface - CORRECT
ANSWER - VLAN
Which of the following statements about zero-touch deployment are TRUE - CORRECT
ANSWER - Zero-touch configuration rules can only be created for unregistered hardware
serial numbers
What is the clientless Access portal used for? - CORRECT ANSWER - To provide access
to internal resources without the need for a VPN client to be installed
Which firewall icon represents a disabled user Rule? - CORRECT ANSWER -C
Which page list all current applications that are connecting through the XG Firewall? -
CORRECT ANSWER - Live connections
How many days of data is available in Sophos Central? - CORRECT ANSWER - 7 days
What do you need to do in order to use NTLM and Kerberos for web authentication? -
CORRECT ANSWER - Enable AD SSO per zone on the Device Access page
Exam Questions and CORRECT Answers
When a RED is deployed in Standard/Unified mode, how do the computers on the remote
network get their IP adresss? - CORRECT ANSWER - From a DHCP server running on
the XG firewall
You are preparing a hardware XG Firewall for installation on a remote site. The order for the
license has not yet been processed. Which registration option do you select in the Initial Setup
wizard? - CORRECT ANSWER - I do not want to register now
You have created a repot that displays data that you wish to check on a daily basis. how can you
make this data easily available in the WebAdmin interface?? - CORRECT ANSWER -
Create a bookmark for the report
Which of the following best describes greylisting? - CORRECT ANSWER - The first
attempt to deliver a message is temporarily denied.
One computer has a red health status. ON which 2 of the networks can the endpoints be protected
from the computer with a a red health status? - CORRECT ANSWER - A. C
Sophos XG hardware devices come pre-loaded with software. - CORRECT ANSWER -
True
Which 2 features are required if you want to make use of lateral movement protection? -
CORRECT ANSWER - Server or endpoint protection. Intercept X
Which XG firewall feature is able to block access to command and control servers? - CORRECT
ANSWER - Advanced Threat Protection
Which 2 methods are supported for logoff detection when using STAS - CORRECT
ANSWER - PING, Workstation Polling
, Type the name of the only zone that cannot have a physical port or interface assigned to it -
CORRECT ANSWER - vpn
DHCP can be used to override the magic IP if the XG Firewall is not the default gateway. -
CORRECT ANSWER - False
Which web filtering method can offload traffic to the FastPath? - CORRECT ANSWER -
DPI
Which interface type is a virtual LAN created on an existing XG interface - CORRECT
ANSWER - VLAN
Which of the following statements about zero-touch deployment are TRUE - CORRECT
ANSWER - Zero-touch configuration rules can only be created for unregistered hardware
serial numbers
What is the clientless Access portal used for? - CORRECT ANSWER - To provide access
to internal resources without the need for a VPN client to be installed
Which firewall icon represents a disabled user Rule? - CORRECT ANSWER -C
Which page list all current applications that are connecting through the XG Firewall? -
CORRECT ANSWER - Live connections
How many days of data is available in Sophos Central? - CORRECT ANSWER - 7 days
What do you need to do in order to use NTLM and Kerberos for web authentication? -
CORRECT ANSWER - Enable AD SSO per zone on the Device Access page
