Sophos ET80 - Intrusion Prevention On Sophos
Firewall: Questions With Proven Solutions
What are the three parts of Sophos Intrusion Prevention? Right Ans - IPS
Policies, Spoof protection and DoS protection
What are IPS policies used for? Right Ans - They are applied to firewall
rules and used to protect against exploits and malformed traffic
What is spoof protection used for? Right Ans - Drops traffic that pretends
its from a different MAC or IP address to bypass protection
What is denial-of-service protection used for? Right Ans - Drops traffic that
is maliciously trying to prevent genuine traffic trying to access services
How do IPS polices work? Right Ans - By using a collection of rules to
detect malicious and malformed data
What do you have to do in the Sophos firewall before you can configure IPS
rules? Right Ans - You have to enable IPS protection
Where can you enable IPS protection on a Sophos Firewall? Right Ans -
Protect > Intrusion prevention > IPS policies > IPS protection > On
What happens to the IPS signatures after disabling IPS on the firewall?
Right Ans - The signatures will be deleted after 30 days
What does the smart filter do in the configuration of an IPS policy rule?
Right Ans - It allows for the automatic additions of new patterns that match
the selected criteria.
What IPS signature library Does Sophos use as part of its IPS protection?
Right Ans - Talos commercial IPS signature library from Cisco
What happens if you use the selected individual signatures only option as part
of an IPS rule configuration? Right Ans - It will only use the Selected
signatures, and won't automatically update and use up to date ones
Firewall: Questions With Proven Solutions
What are the three parts of Sophos Intrusion Prevention? Right Ans - IPS
Policies, Spoof protection and DoS protection
What are IPS policies used for? Right Ans - They are applied to firewall
rules and used to protect against exploits and malformed traffic
What is spoof protection used for? Right Ans - Drops traffic that pretends
its from a different MAC or IP address to bypass protection
What is denial-of-service protection used for? Right Ans - Drops traffic that
is maliciously trying to prevent genuine traffic trying to access services
How do IPS polices work? Right Ans - By using a collection of rules to
detect malicious and malformed data
What do you have to do in the Sophos firewall before you can configure IPS
rules? Right Ans - You have to enable IPS protection
Where can you enable IPS protection on a Sophos Firewall? Right Ans -
Protect > Intrusion prevention > IPS policies > IPS protection > On
What happens to the IPS signatures after disabling IPS on the firewall?
Right Ans - The signatures will be deleted after 30 days
What does the smart filter do in the configuration of an IPS policy rule?
Right Ans - It allows for the automatic additions of new patterns that match
the selected criteria.
What IPS signature library Does Sophos use as part of its IPS protection?
Right Ans - Talos commercial IPS signature library from Cisco
What happens if you use the selected individual signatures only option as part
of an IPS rule configuration? Right Ans - It will only use the Selected
signatures, and won't automatically update and use up to date ones
