SOPHOS CERTIFIED ENGINEER EXAM QUESTIONS
WITH 100 % CORRECT ANSWERS
Which URL address do you use to login to Sophos Central Partner Dashboard? -
ANSWER -partnerportal.sophos.com
You are detecting low-reputation files and want to change the reputation level from
recommended to strict. Which policy do you edit to make this change? - ANSWER -
Threat Protection
What is the FIRST step you must take when deploying virtual environments? -
ANSWER -Check the system requirements
You want to prevent users from copying database files to USB drives without blocking
the use of all USB devices. Which policy do you need to configure? - ANSWER -Data
Loss Prevention
TRUE or FALSE: You can search for a malicious item across your network using EDR -
ANSWER -TRUE
Which log provides a record of all activities? - ANSWER -Audit log
What is the function of anti-exploit technology? - ANSWER -To detect and stop
compromised vulnerable applications
Complete the sentence: The SAV32CLI clean-up tool is a... - ANSWER -Command line
tool included in Sophos Central installation
When registering for a Sophos Central Trial, which of the following statements are
TRUE? - ANSWER -You must use an email address that has not been used with
Sophos Central before
Which tab on the device details page displays the tamper protection information? -
ANSWER -SUMMARY
What is the function of Live Protection? - ANSWER -Connects to a cloud server to
check for the latest information about a file
How long are activities stored for in the Enterprise Dashboard? - ANSWER -90 days
What is the function of an Update Cache? - ANSWER -To download updates from
Sophos Central and store them on a dedicated server on your network
What is the function of on-access scanning? - ANSWER -Monitors running processes'
behavior
, Which of the following alerts is categorized as a high alert? - ANSWER -Failed to
protect an endpoint
Which dashboard allows you to manage and apply global settings to multiple Sophos
Central accounts? - ANSWER -The Partner Dashboard
Which detection feature can prevent attacks on the master boot record? - ANSWER -
WipeGuard
What is the function of a Message Relay? - ANSWER -To enable all devices to
communicate all policy and reporting data using a dedicated server on your network
True or False: Marking an alert as acknowledge will resolve the threat on the endpoint. -
ANSWER -FALSE
Which TCP port is used to communicate Updates on endpoints? - ANSWER -8191
TRUE or FALSE: The security VM installer is linked to your Sophos Central account. -
ANSWER -FALSE
TRUE or FALSE: You can deploy an update cache without a Message Relay. -
ANSWER -TRUE
You want to change an action for 'confidential' content. Where in Sophos Central do you
make this change? - ANSWER -In the Data Loss Prevention Rule
What does HIPS do on a protected endpoint? - ANSWER -Scans for potentially
malicious behaviour
You have cloned the threat protection base policy, applied the policy to a group and
saved it. When checking the endpoint, the policy changes have not taken effect. What
do you check in the policy? - ANSWER -That the cloned policy has been enforced
In which 2 ways can you license the Enterprise Dashboard? - ANSWER -(1) Master
Licensing
(2) Individual Licensing
Which TCP port is used to communicate policies to endpoints? - ANSWER -8190
Which Sophos Central manage product protects the data on a lost or stolen laptop? -
ANSWER -Encryption
The option to stop the AutoUpdate service is greyed out in Windows Services. What is
the most likely reason for this? - ANSWER -Tamper Protection is enabled
WITH 100 % CORRECT ANSWERS
Which URL address do you use to login to Sophos Central Partner Dashboard? -
ANSWER -partnerportal.sophos.com
You are detecting low-reputation files and want to change the reputation level from
recommended to strict. Which policy do you edit to make this change? - ANSWER -
Threat Protection
What is the FIRST step you must take when deploying virtual environments? -
ANSWER -Check the system requirements
You want to prevent users from copying database files to USB drives without blocking
the use of all USB devices. Which policy do you need to configure? - ANSWER -Data
Loss Prevention
TRUE or FALSE: You can search for a malicious item across your network using EDR -
ANSWER -TRUE
Which log provides a record of all activities? - ANSWER -Audit log
What is the function of anti-exploit technology? - ANSWER -To detect and stop
compromised vulnerable applications
Complete the sentence: The SAV32CLI clean-up tool is a... - ANSWER -Command line
tool included in Sophos Central installation
When registering for a Sophos Central Trial, which of the following statements are
TRUE? - ANSWER -You must use an email address that has not been used with
Sophos Central before
Which tab on the device details page displays the tamper protection information? -
ANSWER -SUMMARY
What is the function of Live Protection? - ANSWER -Connects to a cloud server to
check for the latest information about a file
How long are activities stored for in the Enterprise Dashboard? - ANSWER -90 days
What is the function of an Update Cache? - ANSWER -To download updates from
Sophos Central and store them on a dedicated server on your network
What is the function of on-access scanning? - ANSWER -Monitors running processes'
behavior
, Which of the following alerts is categorized as a high alert? - ANSWER -Failed to
protect an endpoint
Which dashboard allows you to manage and apply global settings to multiple Sophos
Central accounts? - ANSWER -The Partner Dashboard
Which detection feature can prevent attacks on the master boot record? - ANSWER -
WipeGuard
What is the function of a Message Relay? - ANSWER -To enable all devices to
communicate all policy and reporting data using a dedicated server on your network
True or False: Marking an alert as acknowledge will resolve the threat on the endpoint. -
ANSWER -FALSE
Which TCP port is used to communicate Updates on endpoints? - ANSWER -8191
TRUE or FALSE: The security VM installer is linked to your Sophos Central account. -
ANSWER -FALSE
TRUE or FALSE: You can deploy an update cache without a Message Relay. -
ANSWER -TRUE
You want to change an action for 'confidential' content. Where in Sophos Central do you
make this change? - ANSWER -In the Data Loss Prevention Rule
What does HIPS do on a protected endpoint? - ANSWER -Scans for potentially
malicious behaviour
You have cloned the threat protection base policy, applied the policy to a group and
saved it. When checking the endpoint, the policy changes have not taken effect. What
do you check in the policy? - ANSWER -That the cloned policy has been enforced
In which 2 ways can you license the Enterprise Dashboard? - ANSWER -(1) Master
Licensing
(2) Individual Licensing
Which TCP port is used to communicate policies to endpoints? - ANSWER -8190
Which Sophos Central manage product protects the data on a lost or stolen laptop? -
ANSWER -Encryption
The option to stop the AutoUpdate service is greyed out in Windows Services. What is
the most likely reason for this? - ANSWER -Tamper Protection is enabled
