SOPHOS CERTIFIED ENGINEER EXAM
Study online at https://quizlet.com/_8g40xr
1. Which TCP port is used to communicate policies to endpoints?: 8190
2. Which Sophos Central manage product protects the data on a lost or stolen
laptop?: Encryption
3. The option to stop the AutoUpdate service is greyed out in Windows Ser-
vices. What is the most likely reason for this?: Tamper Protection is enabled
4. Complete the sentence: Signature-based file scanning relies on...: previously
detected malware characteristics
5. TRUE or FALSE: Tamper protection is enabled by default.: TRUE
6. You are unable to edit policies in Sophos Central. What do you check in
Sophos Central?: That you have the correct role assigned
7. Which URL address do you use to login to Sophos Central Partner Dash-
board?: partnerportal.sophos.com
8. You are detecting low-reputation files and want to change the reputation
level from recommended to strict. Which policy do you edit to make this
change?: Threat Protection
9. What is the FIRST step you must take when deploying virtual environ-
ments?: Check the system requirements
10. You want to prevent users from copying database files to USB drives
without blocking the use of all USB devices. Which policy do you need to
configure?: Data Loss Prevention
11. TRUE or FALSE: You can search for a malicious item across your network
using EDR: TRUE
12. Which log provides a record of all activities?: Audit log
13. What is the function of anti-exploit technology?: To detect and stop compro-
mised vulnerable applications
14. Complete the sentence: The SAV32CLI clean-up tool is a...: Command line
tool included in Sophos Central installation
15. When registering for a Sophos Central Trial, which of the following state-
ments are TRUE?: You must use an email address that has not been used with
Sophos Central before
16. Which tab on the device details page displays the tamper protection infor-
mation?: SUMMARY
17. What is the function of Live Protection?: Connects to a cloud server to check
for the latest information about a file
18. How long are activities stored for in the Enterprise Dashboard?: 90 days
19. What is the function of an Update Cache?: To download updates from Sophos
Central and store them on a dedicated server on your network
20. What is the function of on-access scanning?: Monitors running processes'
behavior
1/6
, SOPHOS CERTIFIED ENGINEER EXAM
Study online at https://quizlet.com/_8g40xr
21. Which of the following alerts is categorized as a high alert?: Failed to protect
an endpoint
22. Which dashboard allows you to manage and apply global settings to
multiple Sophos Central accounts?: The Partner Dashboard
23. Which detection feature can prevent attacks on the master boot record?: -
WipeGuard
24. What is the function of a Message Relay?: To enable all devices to commu-
nicate all policy and reporting data using a dedicated server on your network
25. True or False: Marking an alert as acknowledge will resolve the threat on
the endpoint.: FALSE
26. Which TCP port is used to communicate Updates on endpoints?: 8191
27. TRUE or FALSE: The security VM installer is linked to your Sophos Central
account.: FALSE
28. TRUE or FALSE: You can deploy an update cache without a Message
Relay.: TRUE
29. You want to change an action for 'confidential' content. Where in Sophos
Central do you make this change?: In the Data Loss Prevention Rule
30. What does HIPS do on a protected endpoint?: Scans for potentially malicious
behaviour
31. You have cloned the threat protection base policy, applied the policy to a
group and saved it. When checking the endpoint, the policy changes have not
taken effect. What do you check in the policy?: That the cloned policy has been
enforced
32. In which 2 ways can you license the Enterprise Dashboard?: (1) Master
Licensing
(2) Individual Licensing
33. What is the minimum administrative role that will allow a user to create and
edit policies?: Admin
34. Complete the following sentence: The default protection base policy is
configured with...: Sophos' recommended settings
35. Which section in the Self-Help tool should be checked to start investigating
an updating issue on an endpoint: System
36. What does tamper protection prevent a user from doing on their endpoint
with Sophos Central agent installed?: Prevents a user from uninstalling the
Sophos agent software
37. TRUE or FALSE: All server protection features are enabled by default.: -
FALSE
38. Which endpoint protection policy protects users against malicious net-
work traffic?: Threat Protection
2/6
Study online at https://quizlet.com/_8g40xr
1. Which TCP port is used to communicate policies to endpoints?: 8190
2. Which Sophos Central manage product protects the data on a lost or stolen
laptop?: Encryption
3. The option to stop the AutoUpdate service is greyed out in Windows Ser-
vices. What is the most likely reason for this?: Tamper Protection is enabled
4. Complete the sentence: Signature-based file scanning relies on...: previously
detected malware characteristics
5. TRUE or FALSE: Tamper protection is enabled by default.: TRUE
6. You are unable to edit policies in Sophos Central. What do you check in
Sophos Central?: That you have the correct role assigned
7. Which URL address do you use to login to Sophos Central Partner Dash-
board?: partnerportal.sophos.com
8. You are detecting low-reputation files and want to change the reputation
level from recommended to strict. Which policy do you edit to make this
change?: Threat Protection
9. What is the FIRST step you must take when deploying virtual environ-
ments?: Check the system requirements
10. You want to prevent users from copying database files to USB drives
without blocking the use of all USB devices. Which policy do you need to
configure?: Data Loss Prevention
11. TRUE or FALSE: You can search for a malicious item across your network
using EDR: TRUE
12. Which log provides a record of all activities?: Audit log
13. What is the function of anti-exploit technology?: To detect and stop compro-
mised vulnerable applications
14. Complete the sentence: The SAV32CLI clean-up tool is a...: Command line
tool included in Sophos Central installation
15. When registering for a Sophos Central Trial, which of the following state-
ments are TRUE?: You must use an email address that has not been used with
Sophos Central before
16. Which tab on the device details page displays the tamper protection infor-
mation?: SUMMARY
17. What is the function of Live Protection?: Connects to a cloud server to check
for the latest information about a file
18. How long are activities stored for in the Enterprise Dashboard?: 90 days
19. What is the function of an Update Cache?: To download updates from Sophos
Central and store them on a dedicated server on your network
20. What is the function of on-access scanning?: Monitors running processes'
behavior
1/6
, SOPHOS CERTIFIED ENGINEER EXAM
Study online at https://quizlet.com/_8g40xr
21. Which of the following alerts is categorized as a high alert?: Failed to protect
an endpoint
22. Which dashboard allows you to manage and apply global settings to
multiple Sophos Central accounts?: The Partner Dashboard
23. Which detection feature can prevent attacks on the master boot record?: -
WipeGuard
24. What is the function of a Message Relay?: To enable all devices to commu-
nicate all policy and reporting data using a dedicated server on your network
25. True or False: Marking an alert as acknowledge will resolve the threat on
the endpoint.: FALSE
26. Which TCP port is used to communicate Updates on endpoints?: 8191
27. TRUE or FALSE: The security VM installer is linked to your Sophos Central
account.: FALSE
28. TRUE or FALSE: You can deploy an update cache without a Message
Relay.: TRUE
29. You want to change an action for 'confidential' content. Where in Sophos
Central do you make this change?: In the Data Loss Prevention Rule
30. What does HIPS do on a protected endpoint?: Scans for potentially malicious
behaviour
31. You have cloned the threat protection base policy, applied the policy to a
group and saved it. When checking the endpoint, the policy changes have not
taken effect. What do you check in the policy?: That the cloned policy has been
enforced
32. In which 2 ways can you license the Enterprise Dashboard?: (1) Master
Licensing
(2) Individual Licensing
33. What is the minimum administrative role that will allow a user to create and
edit policies?: Admin
34. Complete the following sentence: The default protection base policy is
configured with...: Sophos' recommended settings
35. Which section in the Self-Help tool should be checked to start investigating
an updating issue on an endpoint: System
36. What does tamper protection prevent a user from doing on their endpoint
with Sophos Central agent installed?: Prevents a user from uninstalling the
Sophos agent software
37. TRUE or FALSE: All server protection features are enabled by default.: -
FALSE
38. Which endpoint protection policy protects users against malicious net-
work traffic?: Threat Protection
2/6
