Which of the following statements are TRUE about SD-WAN connection groups?

How many backups can you store on Sophos Central?

How many days of data are available in Sophos Central using free Central
Firewall Reporting?

How much storage is included with each Central Firewall Reporting Advanced
license?
You have created a report that displays data that you wish to check daily. How
can you make this data easily available in the WebAdmin interface?

Sophos Firewall can send notifications using which of the following protocols?

What is the maximum number of external syslog servers you can configure on
Sophos Firewall?
Match the client traffic mode with its description

What IP address do AP send discovery packets to?

What are the different types of hotspot that can be created on Sophos Firewall?
You can only create hotspots on wireless interfaces

Where can you download the IPsec VPN configuration?

What is the default port for SSL VPNs?

Which 5 protocols does clientless SSL VPN access support?

When using Sophos Firewall as a ZTNA gateway, how much bandwidth is
allowed per user per month in gigabytes?

When using ZTNA, how long is the Azure authentication token valid for by
default?

If a new application is added that matches an existing application control filter

rule, which of the following statements is TRUE?
Application filter rules are applied to users and groups

What can traffic shaping policies be associated with?

Is it possible to apply a default traffic shaping policy to all traffic?

What are the 2 ways web filtering can be deployed on the Sophos Firewall?

If you are using the Sophos Firewall as an explicit proxy, which web filtering
option will be used?

Which of these options IS supported when using the DPI Engine?

Web protection exceptions apply to all web protection policies no matter where
they are applied in the Sophos Firewall
Which method would you use to limit bandwidth for a single website?

Which type of server is used for wireless authentication

When are users who are not administrators able to login to the web admin
console?

A user is a member of multiple AD groups. What will happen when the user first
logs into Sophos Firewall?
If an authentication server is added to Sophos Firewall this will become the
default authentication method

When configuring Azure AD SSO in the Sophos Firewall web console, where can
you find the redirect URL that needs to be added to the app registration in Azure
AD?

Azure AD SSO for the web console on Sophos Firewall requires a paid tier of
Azure AD
You need to create a user account to authenticate a VoIP system that needs
access to the Internet. What type of user is best?

Which 3 of the following actions do you need to complete for Synchronized User
ID to work?

What port number is used by the Captive Portal?

You are installing STAS on a single domain controller. Which installation type do
you select?

Which 2 of the following are requirements for the secret when creating a token
manually?

A user has lost their phone with the Authenticator App. What is the most secure
way to allow authentication?
Which 2 VPN protocols does Sophos Firewall support for site-to-site VPNs?

RED connections are always automatically added to the VPN zone

Where do you select the remote networks?

What is the default SSL VPN port?

In which type of IPsec VPN do you need to define the local and remote
networks?

What types of authentication can be used for IPsec site-to-site VPNs?

Which 2 ports do Remote Ethernet Devices use?

RED

What 2 things do you need to do to use IPS policies?

Spoof, DoS, IPS

Which 2 actions can Active Threat Response be configured to perform when it
detects traffic to a command-and-control server?

You want to configure Security Heartbeat, what is the first thing you need to do?

What information does Sophos Firewall share about devices with a RED health
status to prevent lateral movement protection?
In which 2 ways can your register Sophos Firewall with Sophos Central?

NAT rules are processed in order from top to bottom

Which 3 of the following are matching criteria Sophos Firewall uses to

automatically assign firewall rules to groups?
When create a firewall rule for DNAT, you select the ____ destination zone

Match firewall icon

All firewall rules are evaluated, and the best match used
Where would you create a list of domains to exclude from a TLS inspection rule?

Where would you configure which cipher algorithms to block?

Sophos chromebook

FALSE!
How many radios do the wireless XGS series models have? 1
Which zone always require a default gateway to be configured? WAN interface
What are the two routing strategies that can be used in SD-WAN profiles?
First available gateway + Load balancing
Which of the following DoS and spoof protection modes will drop packets if the
source MAC address is not configured as a trusted MAC?
MAC Filter
Getting Started with Firewall and NAT Rules on Sophos Firewall chapter.

You have enabled active-active… Synchronize App control not support in active-
active high available deployment

Which option must be enabled before you can start managing your SF…
Sophos Firewall must be registered in Sophos Central > Accept management
service
Zero-touch …

Web Control
When testing a new web policy, you are still able to access pages that should be
blocked. What is the most likely reason for this?
IP spoofing, MAC filter, IP-MAC pair filter

Deployment… transparent… inline mode

Bridge mode
You have enabled the option to block potentially unwanted applications in Web
protection. Where would you exclude an application that you use on the
network from being blocked?
Proxy mode allow to apply web filtering without additional configuration
needed for mobile and guest devices?
Which 3 of the following features are provided by application control?

Which page lists all current applications that are connecting through the Sophos
Firewall?

Which 2 operating systems is the Sophos Connect VPN client available for?
Sophos Firewall hosts the SSL VPN on which port by default? 8443
When you download the IPsec remote access configuration you have two
configuration files. Which file type includes the advanced configuration?

Which 2 types of zone can be created on the Sophos Firewall? LAN & DMZ
You want a certificate to be signed by a third-party company. Which option
should you choose? Generate CSR
Sophos Firewall hardware devices come pre-loaded with software. True
You can install Sophos Firewall on existing Intel compatible hardware. True
Which Sophos Firewall Feature can harden forms, sign cookies, and prevent SQL
Injection? Web Server Protection
What information does Sophos Firewall share about devices with a RED health
status to prevent lateral movement protection? MAC
Which of the following protects against exploits and malformed traffic? IPS
How much storage is included with each Central Firewall Reporting Advanced
license in GB? (enter a numerical value) 100
When Central Firewall Management is in use, local rules on the Sophos Firewall
are only overwritten when a rule with the same name is created in Sophos
Central. TRUE
Which reporting metric can be used to identify risky users who are responding
to spear phishing attempts? User Threat Quotient (UTQ)

Application rules are applied to users and groups. FALSE

Bảo
TRUE or FALSE. You can install Sophos Firewall on existing Intel compatible
hardware.

Which of the following is an attack using a spoof email to persuade

users to provide sensitive information or credentials?
What are the 2 ways web filtering can be deployed on Sophos
Firewall?

Which 2 operating systems is the Sophos Connect IPsec VPN client

available for?
When creating a site-to-site VPN between a Sophos Firewall and
another vendor’s firewall, what is the best protocol to use?