Sophos Certified Technician
Sophos Certified Technician Quiz
Test your knowledge and skills with our comprehensive quiz designed for IT professionals and technicians. This quiz covers various aspects of Sophos products, Active Directory synchronization, troubleshooting techniques, and best practices.
This quiz is perfect for:
- Certification preparation
- Enhancing your Sophos knowledge
- Understanding key troubleshooting methods
When configuring AD synchronization, what location was defined by default in filters under the User Discovery Filters tab?
DC=SOPHOS,DC=LOCAL
TRUE or FALSE: Only PE files can be restored from SafeStore through the user interface.
True
False
Enter the command you would use to resolve the IP address of srv.sophos.local and show the DNS server providing the resolution.
The option to stop the AutoUpdate service is greyed out in Windows Services. What is the most likely reason for this?
The service is corrupted
Tamper Protection is disabled
Tamper Protection is enabled
You do not the required permissions
When investigating an updating issue on one of your endpoints, you used the telnet command to connect to dci.sophosupd.com on port 443. This confirmed that there is a problem using a direct connection. What is most likely to be causing this?
Incorrectly configured proxy on the endpoint
Endpoint is awaiting a reboot after update
Windows client firewall blocking traffic
Program updates are running in the background
You wish to uninstall the Sophos Endpoint software from a Windows 10 computer. However, Tamper Protection is enabled, and the device is no longer present within Central Admin. Which 2 of following are supported methods of removal? Choose two (2).
Boot into Safe Mode and disable Tamper Protection via the Registry
Uninstall the Sophos Endpoint Agent from AppWiz.cpl
Retrieve the password for the deleted endpoint within Central so you can then enter this within the local Endpoint UI
Log in to the machine as an adminitrator and stop the Sophos Endpoint Defense Service
Which of the following Windows tools do you use to resolve IP addresses to hostnames and hostnames to IP addresses?
Ping
Ipconfig
Tracert
Nslookup
Telnet
TRUE or FALSE: C:\TEMP should never be whitelisted in Sophos Central.
True
False
You want to test the default SSL LDAP port for Active Directory synchronization. Enter the command you would use to verify connectivity to a domain controller named dc.sophos.local.
Where can you find the SafeStore quarantine folders on a Windows Endpoint? Choose two (2).
Program Data\Sophos\SafeStore
Program Data\Sophos\Sophos Anti-Virus\SafeStore
Program Data\Sophos\SafeStore
Program Data\Sophos\Sophos Anti-Virus\SafeStore
Program Data\Sophos\Sophos Anti-Virus\SafeStore
What step do you need to take before you bulk deploy Sophos Central to endpoints using a startup script in GPO?
Deploy and Update Cache
Test the deployment script
Disable Tamper Protection
Verify the endpoint can connect to the server on TCP port 389
What is the function of CryptoGuard?
To detect man-in-the-middle attacks
To detect malicious file encryption by ransomware
To prevent malicious behaviour in software
To prevent exploit methods
Where is the 'install.log' found on a Mac OS X endpoint?
/private/var/log
/private/sophos/sophos AV/log
/private/var/sophos/log
/private/sophos/log
Which of these cleanup tools will scan for root kits?
SAV32CLI
Source of Infection Tool
Virus removal tool
Why would the ‘Last time updated from cache’ status show as ‘in a year’?
Date and time are incorrect on the endpoint
Windows is not up to date on the server
Date and time is incorrect in Cenratl Dashboard
Date and time are incorrect on the Update Cache server
What is the function of Safe Browsing in Intercept X?
To detect man-in-the-middle attacks
To prevent malicious behaviour in software
To prevent exploit method
To detect malicious file encryption by ransomware
By default, computers get the latest Sophos product updates automatically, where can an admin change this to allow control over updates?
User setting>Controlled system update
Global settings > Controlled Updates
Settings>Global updates
Policies>Update Management
If the Windows Firewall service is stopped or disabled when the Update Cache is deployed, then the firewall rule to allow TCP 8191 will not have been created. How do you resolve this?
Restart the Update Cache service
Rebuild the update cache and reboot
Create the update cache service manually
Manually migrate the rules from another working machine
TRUE or FALSE: You can deploy an update cache without a Message Relay.
True
False
When setting up a new Sophos Central account, which 3 of the following are the datacentre locations you may select? Choose three (3).
Germany
United States
Ireland
Spain
Canada
United Kingdom
Which switch will prevent the installer from being displayed during a scripted deployment?
--quiet
--batchinstall
--scripted
--noui
When clearing the local AutoUpdate cache prior to forcing an update, which 2 of the following folders do you need to rename? Choose two (2).
Warehouse
decoded
Update
Autoupdate
Where is the AD sync log location?
%ProgramData%\sophos\sophos cloud AD sync\logs
%temp%\sophos\logs
%ProgramData%\sophos cloud AD sync\data
%Program Files%\sophos\logs
AD Sync is not working, you have successfully pinged the DC by both name and IP address. Which port do you use with telnet to confirm the LDAP port is accessible?
8194
143
389
8192
Which 3 of the following are required to perform troubleshooting on an endpoint? Choose three (3).
Ability to disable Tamper Protection
Administrative rights to the network and AD
Administrative rights to the endpoint
The Super Admin role
Physical access to the endpoint
What is the term for an attack that uses techniques that anti-virus does not yet detect?
Zero-day threats
C2 threats
CXmail Threats
Trojan Threats
AutoUpdate performs its first check 5 minutes after the service starts. At what interval does AutoUpdate then check for software, threat detection data and other available updates?
60 mins
30mins
10mins
45mins
Which 2 of the following are malicious file indicators? Choose two (2).
An unknown file
A file that belongs to legitimate application
An executable file in a temporary file location
Enter the command you would use to resolve the IP address of srv.sophos.local and test network connectivity to the server at the same time. _____
TRUE or FALSE: AD sync needs to be installed on a DC?
True
False
TRUE or FALSE: AD Sync will delete groups and users with no Central Admin role when they are no longer present in the search results?
True
False
You suspect an issue with you Update Cache. Which 2 logs do you need to examine? Choose two (2).
Uc.log
Downloadin.log
Downloader.log
Sophos.log
Which of the following statements is TRUE for a C2/Generic-C detection?
The connection was blocked but the root cause has NOT been cleaned up
The connection was blocked, and the threat cleaned up
What is the minimum type of user required to connect to AD to gather the user and group information?
Enterprise Admin
Local admin
Power User
Domain admin
Domain user
What is the function of application lockdown in Intercept X?
To prevent malicious behavior in software
To prevent exploit method
To detect malicious file encryption by ransomware
To detect man-in-the-middle attacks
Which 2 of the following are reasons why manual cleanup may be required? Choose two (2).
The threat was found in an archive
The threat was found in a mailbox
The threath was found in a system process
The threat was found in registry
The Central Admin Dashboard shows that none of your endpoints are using one of your update caches. When pinging the update cache by name it fails. What command do you use to investigate this further?
Nslookup
Ping /all
Netsh winhttp
Ipconfig
Namelookup
What are the 2 primary functions of Sophos Clean? Choose two (2).
To remove malware and PUA’s
To move all detected items to SafeStore
To remove sophos endpoint agent software from an endpoint
To continually scan all files to determine if they are malicious
Where do you check to see if the AD sync schedule has been configured correctly?
Active Directory Sync Utility
Windows task scheduler
Central admin dashboard
Diagnostic Sync Tool
Where is automatic self-isolation enabled?
In Data Loss Prevention Policy
In Global Settings
On XG Firewall
In the Threat Protection policy
On a Windows computer, which component logs information to the ‘Sophos.log’ file?
Sophos Intercept X
Sophos Anti-Virus
Sophos Clean
Sophos Network Threat Protection
When troubleshooting an endpoint, how long can you override the Sophos Central policy for?
24hrs
12hrs
1hr
4hrs
In which 2 places can you create a forensic snapshot? Choose two (2).
From a threat case
From the device page
From the sophos endpoint
Form the device page
What is the third step of the troubleshooting process?
Define the issue
Root cause analysis
Resolve and verify
Web Control has been configured to block access to a category, but this is preventing access to a desired location. Which of the following methods can be used to allow access to this site without allowing access to other sites in the same category?
Use settings > website management to override the category for the website URL to one which is not blocked
Move the computer into another group that is not covered by the web control
Change the category setting to Warn
Which of the following statements is TRUE for a C2/Generic-B detection?
The connection was NOT blocked and the threat has NOT been clean up
The connected was blocked, and the threat clean up
The connection was NOT blocked and the threat has NOT been cleaned up
TRUE or FALSE: Tamper Protection is enabled by default in Sophos Central.
True
False
What permissions does the user need to connect to AD to gather the user and group information?
Read
Modify
Full
Read and Execute
Why is it important to apply updates and patches to all applications and operating systems across your network?
To protect against vulnerabilities in software
To protect against guest endpoints on your network
To ensure that sophos endpoint agent is running
You see the following error in the SophosUpdate.log: WARN [WARN] copy from upstream failed: Cannot write resource: C:/Programdata/sophos/autoupdate/data/warehouse/9548-885 What could this indicate?
The Update Cache server has run out of disc space
There is no internet connection to the Update Cache server
The SophosUpdate service has stopped and will not start
TRUE or FALSE: A single instance of AD Sync can synchronise from multiple domains in a forest?
True
False
In which 3 ways can you allow a quarantined file to be restored? Choose three (3).
SHA-256
The certificate
The file paths
Which feature would protect the Sophos installation from becoming disabled by malware?
Tamper Protection
MTD
Lockdown
Intercept X
Which of the following Windows tools do you use to test IP network connectivity?
Ping
Tracert
Telnet
Ipconfig
Nslookup
TRUE or FALSE: The default Update Cache TCP port of 8191 can be modified.
True
False
TRUE or FALSE: Sophos recommends disabling HTTPS inspection for Sophos updating traffic.
True
False
TRUE or FALSE: You can recover the Tamper Protection password for a deleted endpoint in Sophos Central.
True
False
Where in the Endpoint Self Help Tool will show if an endpoint is using a proxy for updating?
Update > Update configuration
Policy > Proxy
Proxy config & location
Services > Update Configuration
If an installation of Sophos Central failed on a Windows computer, which log file would you refer to first to help diagnose the problem?
SophosCloudInstaller_.log
Alc.log
Sophos.txt
Sophos Anti-Virus Install Log_.txt
Which installer runs the Competitor Removal Tool (CRT)?
Sophos Anti-Virus
Sophos Health
Sophos Clean
Sophos File Scanner
Where can the AD Sync tool be obtained from?
Global Settings
Sophos website
Extracted from the server insatller
Sophos' Git hub channel
Where is the 'SophosCloudInstaller_.log' found?
%ProgramData%\Sophos\CloudInstaller\Logs
C:\\Windows\Temp
%temp%
%temp%\sophoscloudinstaller\Logs
Enter the command you would use to test IP network connectivity to the address 172.16.2.20
Ping 172.16.2.20
telnet 17.16.2.20
Nslookup 172.16.2.20
Where can you find more information about a specific threat?
The Threat Library
The threat analysis index
The threat remediation tool
The Threat Intelligence Service
What is the first step of the troubleshooting process?
Define the issue
Resolve and verify
Root cause analysis
What is the location of AutoUpdate’s warehouse on a protected endpoint?
C:\ProgramData\Sophos\AutoUpdate\data\warehouse
C:\ProgramData\SophosUpdate\data\warehouse
C:\ProgramFiles\Sophos\AutoUpdate\cache
What command can be used to clear the DNS cache?
Ping \cleardns
Telnet \cache
Ipconfig /flushdns
Config \dnsflush
Which 2 methods does Sophos provide that will display the status of all Sophos services on Windows computers? Choose two (2).
Sophos Endpoint Self Help
Sophos Central
Task Manager
SophosHealth.exe
Which of the following statements is TRUE about alerts?
Alerts are created when an action is required
Alerts are created for all Intercept X detection
Alerts are created for all malware detection
What is the second step of the troubleshooting process?
Root cause analysis
Define the issue
Resolve and verify
Which of the following Windows tools do you use to display the network configuration?
Telnet
Tracert
Ipconfig
Nslookup
TRUE or FALSE: All quarantined data is encrypted in SafeStore.
True
False
{"name":"Sophos Certified Technician", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge and skills with our comprehensive quiz designed for IT professionals and technicians. This quiz covers various aspects of Sophos products, Active Directory synchronization, troubleshooting techniques, and best practices.This quiz is perfect for:Certification preparationEnhancing your Sophos knowledgeUnderstanding key troubleshooting methods","img":"https:/images/course2.png"}
More Quizzes
Unmanaged endpoints - take the quiz
5236
Test 2 Part 1(revisit)
1586
Ransomware Protection
10535
WFBS-SVC Admin quiz
740
Thycotic - PAM
14750
Security Malware
105113
Security Plus 10q Part 2
10524
Fortigate 4 questions
4229
NHDOE PCI Compliance Training Quiz
11615
MW Security QUIZZ
11622
Cryptography and Security Fundamentals Quiz
6327
20744 MOC
753831