Et1 PDF

EXAM ET15 • SOPHOS CENTRAL ENDPOINT ANO SERVER V4.
0 • ENGINEER
Question l
Which 2 of the following statements is TRUE for detections on Linux servers?
Detections can only be automatically cleaned up if the users are logged in as root
Cleanup can be initiated from Sophos Centrai Admin
All detections must be manually cleaned up
Once cleaned up the alert must be resolved in Sophos Centrai Admin
Linux servers can only be cleaned up using the bootabl e AV

EXAM: ET15 • SOPHOS CENTRAL ENDPOINT ANO SERVER V4.0 • ENGINEER
Question 2
You have cloned a Base Policy. What do you need to do to ensure the policy is applied?
Piace the policy at the top of the policy list
Enforce the policy
Disable the base policy
Nothing, it will be applied automatically

Question 3
TRUE or FALSE: Allowed and blocked items in a Server Lockdown policy only apply to locked down servers.
True
False
EXAM ET15 • SOPHOS CENTRAL ENDPOINT ANO SERVER V4.0 • ENGINEER
Question 4
The Sophos Endpoint Agent is running and inactive malware has been detected, what is the expected health status of the device?
Yellow
Red
Green
Question 5
Which of the following is a credible reason for disabling Tamper Protection for a single device?
To remotely update the Sophos Endpoint Agent
To remove the Sophos Endpoint Agent
To remotely access a device
When a new user logs onto a protected device

Question 6
Which feature allows you to restrict applications that can run on a protected server?
Data Contrai
File lntegrity Monitoring
Tamper Protection
Server Lockdown
Question 7
Which of these steps should be compieteci first when adding a new application to a Locked Down server?
Remove the installer filename from the Lockdown Policy
v oownload the application's installer
X Add the installer filename to the Lockdown Policy
Run the installr on the Locked Down server

Question 8
Which 3 of these features are only available with lntercept X Advanced with XDR?
Root Cause Analysis
Data Lake
CryptoGuard
Endpoint lsolation
Live Response
Malicious Traffic Detection

Question 9
What is the benefit of installing Linux Server Protection in Sensor mode?
lt uses APls to integrate runtime threat detections
lt monitors cloud security posture to prevent security and compliance risks
lt provides a threat hunting and response service

Question l O
TRUE or FALSE. When you email a setup link to a user they must have administrator rights to successfully install the Sophos Agent.
True
False
Question 11
A Sophos Centrai XDR Detection has a risk level of zero; what does this indicate?
The risk level has not been determined
lt has been determined that it is not a threat

Question 12
Which Sophos tool provides a second opinion virus scanner?
X Bootable AV
e Sophos Scan & Clean
Virus Removal Tool

Question 13
Where can you specify security settings that apply to all users and devices?
Global Settings
People
Logs and Reports
Devices
Question 14
Which 2 of the following are benefits of running queries against the Data Lake?
Determine the devices to query
• Data Lake stores information for 90 days
e Cross-product querying
e Computers do not have to be online

Question 15
Which URL address do you use to login to the Sophos Centrai Admin console?
sophos.com/central
central.sophos.com
Partnerportal.sophos.com
central.sophos.com/manage/self-service
EXAM: ET15 • SOPHOS CENTRAL ENDPOINT ANO SERVERV4.0 • ENGINEER
Question 16
Which 2 of the following are prerequisites for installing an Update Cache?
A Windows Server
The device must be protected by Sophos Centrai
A Linux server
)C TCP port 8190 is available and accessible

TCP port 8191 is available and accessible
Question 17
TRUE or FALSE: You can add a license to your Centrai Trial account from Global Settings.
True
False
Question 18
TRUE or FALSE. Exclusions should be specific and target specific users or devices.
False
True
Question 19
Which of the following best describes peripheral control?
lt can prevent the use of untrusted devices that may conta in malware
To monitor and restrict file transfers containing sensitive data
To contro! access to websites based on the website category
lt can block specific applications from running on protected devices

Question 20
Which 2 of the following would allow a single user authorized access to change the Sophos Endpoint Agent settings?
Providing the Tamper Protection password for the device
Rebooting the device in safe mode
Providing administrator rights on the device
Disabling Tamper Protection for that device only

Question 21
By default, which detections are displayed in the Sophos Centrai XDR Detections list?
e Detections with a risk score of 7 and above
Detections with a risk score of 1O
- All detections are displayed by default
Detections with a risk score of 4 and above

Question 22
TRUE or FALSE: A computer can be a member of multiple computer groups.
True
False
Il Question 23
S I hh lh f .d d.
I
True
False
Il Question 24
What is the daily data allowance in megabytes per device to the Data Lake? (enter the numerica! value only)
250
r
Il Question 25
h I d. S h C I?
I
Only for selected event types
For all high-level events
- For ali medium and high-level events
• When an action is required
Only for detections

Question 26
Which of the following statements describes Data Loss Prevention?
Controls removable media devices
Blocks specific applications from running
Controls access to websites based on their category
Monitors and restricts file transfers

Question 27
TRUE or FALSE: Data Lake uploads must be enabled to for Data Lake queries to return data.
e True
• False
Il Question 28
h . h b h df .d. I . d . h b . Il I . . d C h ?
I
X Change the Update Management Policy
e Assign devices manually
Change the IP address of the device
Change the firewa ll rules to block the device

Question 29
Which 2 of the following statements are TRUE about the Sophos Centrai XDR Sensor?
e lt will not run the competitive removal tool
e lt operates in a detection and response-only mode
• The XDR Sensor Windows component can be selected for installation
X lt is compatible with the Sophos Endpoint Agent

Realmente no sé si solo hay
que poner nomenclatura o
nombre completo. Management Communication System (MCS)
r
Il Question 31
h d 11 · s h e 1 d h · fd r h · h s T I?
I
Assign the AD users to the devices and delete the manually created users
e Ensure email addresses of manually created users are identica! to AD
Remove the duplicates after the first synchronization
X Select the option to overwrite duplicates in the AD Sync Utility

6
Question 33
Which 2 of these methods are supported for Sophos Centrai multi-factor authentication?
Google/Sophos Authenticator
SMS text message
OR Code
Software Token
Overview > Logs & Reports > Events
Events
'
Il Question 35
S f . . bi d h. ·11 I Il d . d b d f I
I
9 True
M False
Question 36
Enter the user role an administrator must have to use Live Response?
Super Admin
Question 37
Where can users view quarantined emails and manage device encryption for their protected endpoints?
Sophos Centrai Endpoint Agent
Sophos self-service portai
Sophos Centrai Security Agent
Sophos Centrai Admin console

Question 38
Which Sophos service is used to update devices?
Live Query
Health
Protection
AutoUpdate
Question 39
TRUE or FALSE. You can enable and disable MFA for selected administrators?
e False
X True
Question 40
Which 2 of these Cloud platforms support integrateci features such as dynamic licensing ?
Oracle Cloud
Azure
Google Cloud
AWS

Et1 PDF

Uploaded by

Copyright:

Available Formats

Et1 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Et1 PDF

Uploaded by

Copyright:

Available Formats

EXAM ET15 • SOPHOS CENTRAL ENDPOINT ANO SERVER V4.

Cleanup can be initiated from Sophos Centrai Admin

All detections must be manually cleaned up

Once cleaned up the alert must be resolved in Sophos Centrai Admin

Linux servers can only be cleaned up using the bootabl e AV

Piace the policy at the top of the policy list

Enforce the policy

Disable the base policy

Nothing, it will be applied automatically

To remotely update the Sophos Endpoint Agent

To remove the Sophos Endpoint Agent

To remotely access a device

When a new user logs onto a protected device

File lntegrity Monitoring

Remove the installer filename from the Lockdown Policy

v oownload the application's installer

X Add the installer filename to the Lockdown Policy

Run the installr on the Locked Down server

Root Cause Analysis

Malicious Traffic Detection

lt uses APls to integrate runtime threat detections

lt monitors cloud security posture to prevent security and compliance risks

lt provides a threat hunting and response service

The risk level has not been determined

lt has been determined that it is not a threat

e Sophos Scan & Clean

Virus Removal Tool

Logs and Reports

Determine the devices to query

• Data Lake stores information for 90 days

e Computers do not have to be online

The device must be protected by Sophos Centrai

)C TCP port 8190 is available and accessible

To monitor and restrict file transfers containing sensitive data

To contro! access to websites based on the website category

lt can block specific applications from running on protected devices

Providing the Tamper Protection password for the device

Rebooting the device in safe mode

Providing administrator rights on the device

Disabling Tamper Protection for that device only

e Detections with a risk score of 7 and above

Detections with a risk score of 1O

- All detections are displayed by default

Detections with a risk score of 4 and above

Only for selected event types

For all high-level events

- For ali medium and high-level events

• When an action is required

Only for detections

Controls removable media devices

Blocks specific applications from running

Controls access to websites based on their category

Monitors and restricts file transfers

X Change the Update Management Policy

e Assign devices manually

Change the IP address of the device

Change the firewa ll rules to block the device

e lt will not run the competitive removal tool

e lt operates in a detection and response-only mode