1 - When logged into Sophos Central Admin console, where can you manage your registered products? Licensing Early Access Programs About Account Details RESPOSTA: Licensing - CORRETO 2 - Exploit kits are typically engineered to complete which 2 actions? Exploit vulnerabilities to download malicious code Export sensitive files Encrypt all files on the system Scan the system for vulnerabilities Change admin passwords RESPOSTA: Exploit vulnerabilities to download malicious code e Change admin passwords ERRADO 3 - Which of these protection features provides protection against the delivery of malicious files or software via the Internet? Exploit protection Live protection Malicious Traffic Detection Web protection RESPOSTA: Web Protection – CORRETO 4 - TRUE or FALSE: In a large distributed organization, specific security rules can be applied to sub-estates. True False RESPOSTA: TRUE– CORRETO 5 -TRUE or FALSE: Synchronized security automates detection, isolation and remediation results for endpoints. True False RESPOSTA: TRUE– CORRETO 6 - Which protection feature can detect and prevent communication from suspicious or malicious servers? Behaviour analysis Live protection Anti-exploit detection Malicious Traffic Detection RESPOSTA: Malicious Traffic Detection – CORRETO 7 - Which 2 of these methods are supported for Sophos Central multi-factor authentication? Google/Sophos Authenticator Software Token SMS text message QR Code RESPOSTA: Google/Sophos Authenticator E SMS Text Message– CORRETO 8 - Which 2 forms of multi-factor authentication does Sophos Central support? Hardware tokens SMS Biometrics Authenticator app RESPOSTA: SMS E Authenticator APP – CORRETO 9 - How many API credentials can you have in Sophos Central? (enter a numerical value) RESPOSTA: 10 10 - What method can be used to change the devices that are able to connect to an Update Cache? Assign devices manually Remove the devices from those listed for the Cache Change the Update Management Policy Modify the scope setting of the firewall rule RESPOSTA: Modify the scope setting of the firewall rule 11 - What is the TCP port a Message Relay uses? (enter a numerical value) RESPOSTA: 8190 12 - TRUE or FALSE: Scripted deployment for virtual servers is independent of the underlying platform. True False RESPOSTA: TRUE 13 - TRUE or FALSE. Tamper Protection must be disabled to remove the Sophos Endpoint Agent RESPOSTA: TRUE 14 - TRUE or FALSE:All devices have unique Tamper Protection password. False True RESPOSTA: TRUE 15 - TRUE or FALSE: A server can only be a member of ONE server group. True False RESPOSTA: TRUE 16 - In which directory are the File Integrity Monitoring events logged? C:\Program Data\File Integrity Monitoring C:\\Sophos\File Integrity Monitoring\Export C:\ProgramData\Sophos\File Integrity Monitoring\Export C:\Program Files (x86)\Sophos\Monitoring RESPOSTA: C:\ProgramData\Sophos\File Integrity Monitoring\Export 17 - Which 2 of the following are monitored when File Integrity Monitoring is enabled? Applications Registry Values Files Processes RESPOSTA: FILES E REGISTRY VALUES 18 - TRUE or FALSE: Allowed and blocked items in a Server Lockdown policy only apply to locked down servers. False True RESPOSTA: TRUE 19 - In which Sophos Central policy can you enable device isolation? Threat Protection Data Loss Prevention Update Management Application control RESPOSTA: Threat Protection 20 - Which of the following best describes web control? To monitor and restrict file transfers containing sensitive data To prevent the use of removable media on protected devices To control access to websites based on the website category To block specific applications from running on protected devices RESPOSTA: To control access to websites based on the website category 21 - TRUE or FALSE: Deep learning relies on malware signatures. True False RESPOSTA: FALSE 22 - TRUE or FALSE: Base policies cannot be disabled. True False RESPOSTA: TRUE 23 - Which 2 of these file formats can a Sophos Central log or report be exported to? CSV HTML DOC PDF RESPOSTA: CSV E PDF 24 - Which log or report allows you to filter the event type returned? Events report Audit log Computer report User report RESPOSTA: Events Report 25 - What criteria will result in an outbreak detected alert? 100 detections in 24 hours on the same device Recurring infection within 24 hours 100 detections in 24 hours across the network RESPOSTA: 100 detections in 24 hours on the same device 26 - TRUE or FALSE: Detected items are restored to their original location if they are released from the Sophos SafeStore. False True RESPOSTA: TRUE 27 - The Sophos Endpoint Agent is not running on a device, what is the expected health status of the device? RESPOSTA: TRUE 28 - How can you review the commands that have been performed during a Live Response session? View the Audit Log Save the session whilst using Live Response Download the Live Response session audit log RESPOSTA: Download the Live Response session audit log 29 - TRUE or FALSE: Sophos Central XDR detections identify unusual and suspicious activities that have not been blocked. True False RESPOSTA: TRUE 30 - A Sophos customer has a Sophos Firewall with 100 users behind the firewall and 100 endpoints. How many XDR licenses are required? (enter a numerical value) RESPOSTA: 100 31- TRUE or FALSE: Sophos' canned Live Discover queries can be deleted. False True RESPOSTA: FALSE 32 - To view Sophos Central XDR detections, which setting must be enabled in Sophos Central? Synchronized Security Office 365 Security Live Response Data Lake uploads RESPOSTA: Data Lake uploads 33 - The expected performance of a Live Discover query is based on which 2 values? Query category Execution time Amount of data returned Supported OS RESPOSTA: EXECUTION TIME E Amount of data returned 34 - TRUE or FALSE: When running a Data Lake query, you must select the devices to run the query agains False True RESPOSTA: False 1 - Which of these steps should be completed first when adding a new application to a Locked Down server? Add the installer filename to the Lockdown Policy Run the installr on the Locked Down server Remove the installer filename from the Lockdown Policy Download the application's installer RESPOSTA : Download the application's installer 2 - Which 2 of the following are supported methods of bulk importing users into Sophos Central? Adding users manually Import using a CSV file Import from an Active Directory (Azure or Windows) Import using a .xls file Import via email RESPOSTA: Import from an Active Directory (Azure or Windows) E Import using a CSV file 3 - The Sophos Endpoint Agent is running and inactive malware has been detected, what is the expected health status of the device? Green Red Yellow RESPOSTA : YELLOW 4 Look at the network diagram below. RESPOSTA: B e C 5 - Which threat protection feature checks suspicious files during on-access scanning against the latest malware database? Live Protection Dynamic shell code protection Detect malicious behaviour Deep learning RESPOSTA : Live Protection 6 - Which policy is used to prevent users from launching Internet browsers that are controlled and blocked? Peripheral Control Data Loss Prevention Web Control Application Control RESPOSTA - Application Control 7 - Endpoint Live Discover queries will return live and historic data for how many days of activity? 90 30 60 RESPOSTA: 90 8 - Which 2 products can you select which components are installed when downloading the installer from Sophos Central? Server Protection for Linux Server Protection for Windows Endpoint Protection for Windows Endpoint Protection for Mac OS X Endpoint Protection for Linux RESPOSTA: Endpoint Protection for Mac OS X E Endpoint Protection for Windows 9 - TRUE or FALSE: Sophos Central is a web-based platform. RESPOSTA : TRUE 10 - Which 4 of these Sophos products can contribute information to the Data Lake? Sophos Phish Threat Sophos Email Sophos Cloud Optix Sophos Mobile Sophos Firewall Sophos Wireless RESPOSTA - Sophos Firewall , Sophos email, sophos cloud optix, sophos mobile 11 - What criteria will result in an outbreak detected alert? 100 detections in 24 hours on the same device Recurring infection within 24 hours 100 detections in 24 hours across the network RESPOSTA - 100 detections in 24 hours on the same device 19 - TRUE or FALSE: A different version of the installer must be used for servers hosted in the Cloud. TRUE FALSE RESPOSTA – FALSE 20 - TRUE or FALSE: You can install a Message Relay without an Update Cache. False True RESPOSTA – False 21 - TRUE or FALSE: Devices can be configured to use a different Message Relay from their Update Cache. False True RESPOSTA – FALSE 12 - Which URL address do you use to login to the Sophos Central Admin console? Partnerportal.sophos.com sophos.com/central central.sophos.com/manage/self-service central.sophos.com RESPOSTA - central.sophos.com 14 - You have selected devices for an Endpoint Live Discover query. The Run Query button is not available. Which of the following could be a solution for this issue? Check the device operating system is supported Click the 'Update selected device list' button Reduce the number of devices selected Confirm that you want to run an untested query RESPOSTA - Click the 'Update selected device list' button 15 - After what time period will an alert be created showing that real-time protection has been disabled for a computer? 4 hours 2.5 hours 24 hours 1 hour RESPOSTA - 2.5 hours 16 - Which of the following statements describes Data Loss Prevention? Blocks specific applications from running Controls access to websites based on their category Monitors and restricts file transfers Controls removable media devices RESPOSTA - Monitors and restricts file transfers 21 - What feature allows administrators to remotely connect to a protected device? Investigations Live Response Endpoint Self Help Live Discover RESPOSTA – LIVE RESPONSE 28 - Complete the sentence. The threat protection base policy is configured with… All security features disabled Sophos' recommended settings All security features enabled Sophos' strict settings RESPOSTA - Sophos' recommended settings 25 - Complete the sentence: A content rule used in a Content Control List to… c ontrol the transfer of file types or names control the transfer of types of content RESPOSTA - control the transfer of types of contente 29 - Which Sophos Central policy protects users against malicious network traffic? Application control Peripheral control Threat Protection Web control RESPOSTA : Threat protection 31 - Which 2 of the following would allow a single user authorized access to change the Sophos Endpoint Agent settings? Disabling Tamper Protection for that device only Providing the Tamper Protection password for the device Providing administrator rights on the device Rebooting the device in safe mode RESPOSTA - Disabling Tamper Protection for that device only , Providing the Tamper Protection password for the device 32 - Which is the first step when deploying an Update Cache? Change the Update Management Policy Download the warehouse package from Sophos Identify a cache capable server or computer Download the installation package RESPOSTA - Identify a cache capable server or computer 33 - Where can you find information about any Live Discover queries that have been run? Audit logs Event report Message history Hero report RESPOSTA – AUDIT LOGS 34 - TRUE or FALSE. Tamper Protection must be disabled to remove the Sophos Endpoint Agent. TRUE FALSE RESPOSTA – TRUE 35 - TRUE or FALSE: When you mark an alert as resolved, Sophos Central verifies that the threat to the end False True RESPOSTA – FALSE 36 - Where can you view detailed information about all threats that have been detected on protected endpoints? Device Summary page Central Admin dashboard Device Details page Threat Analysis Center RESPOSTA - Threat Analysis Center 37 - What is the benefit of installing Linux Server Protection in Sensor mode? It uses APIs to integrate runtime threat detections It monitors cloud security posture to prevent security and compliance risks It provides a threat hunting and response service RESPOSTA - It uses APIs to integrate runtime threat detections 38 - A user has included confidential data in an email and sent it. The email was not blocked by the DLP policy. Why was the data not detected by the DLP policy? DLP cannot scan the body of the email The user was not included in the policy The policy did not include a scan email rule The user was using an unsupported email cliente RESPOSTA - DLP cannot scan the body of the email 39 - What must be enabled to view and edit a Live Discover query? SQL Editor Designer mode Live Response RESPOSTA – Designer mode TRUE or FALSE: A mixture of Intercept X Essentials and Advanced XDR licenses can be used within the same estate to provided different levels of protection. RESPOSTA: False Which of these protection features are not enabled by default? RESPOSTA: By default, the peripheral control policy is disabled in Sophos Central.
