In the Data Loss Prevention Rule - ANSWER-You want to change an action for 'confidential' content.
Where in Sophos Central do you make this
... [Show More] change?
Modifying protection settings and uninstalling the endpoint agent - ANSWER-Two of the following that tamper protection prevent users from doing
Installed components - ANSWER-An endpoint is reporting that Sophos Autoupdate is not installed.
In the Self-Help Tool which tab do you check to view whether AutoUpdate is listed as Installed?
Threat Protection - ANSWER-In which policy do you enable device isolation?
To connect Sophos security solutions in real time - ANSWER-What is the function of Sophos Synchronized Security?
Super Admin - ANSWER-What is the minimum administrative role that will allow a user to manage user roles and role assignments
previously detected malware characteristics - ANSWER-Signature-based file scanning relies on....
Help desk - ANSWER-Minimum administrative role that will allow a user to scan endpoints
True - ANSWER-Tamper protection is enabled by default
Exclusions tab and global settings - ANSWER-2 places in Sophos Central do you add exclusions for servers?
Threat Protection - ANSWER-You want to mitigate exploits in vulnerable applications.
Which policy do you enable the features in?
Download and run the installer from Sophos Central - ANSWER-A method of deploying endpoint protection?
Machine learning - ANSWER-Is a pre-execution check performed by Intercept X?
Exploit technique detection - ANSWER-Which feature of Intercept X is designed to detect malware before it can execute?
Policy Enforced - ANSWER-You have created a new policy
Which tab do you select to enable the policy?
Ransomware - ANSWER-Which security threat does Intercept X protect against?
Admin - ANSWER-What is the minimum administrative role that will allow a user to create and edit policies
True - ANSWER-When protecting a Mac client, you must know the password of the administrator
Check the system requirements - ANSWER-What is the first step you must take when deploying virtual environments?
8190 - ANSWER-Which TCP port is used to communicate policies to endpoints?
True - ANSWER-Tamper protection must be disabled before removing Endpoint Protection.
Files and Registry Entries - ANSWER-Two of the following are monitored when File Integrity Monitoring is enabled
Web control - ANSWER-Which endpoint protection policy do you edit to block users from visiting a specific website category
Give the user administrator rights to the endpoint and provide the user with the tamper protection password - ANSWER-You need to give a user access to change their protection settings in an emergency
Which 2 of the following allow you to do this?
To prevent the use of removable media on protected endpoints - ANSWER-What is the function of Peripheral Control?
False - ANSWER-Deleting an endpoint Sophos Central will remove the Endpoint agent from the endpoint.
To detect and stop compromised vulnerable applications - ANSWER-What is the function of anti-exploit technology?
Command line tool included in Sophos Central installation - ANSWER-The SAV32CLI clean up tool is a....
Add the path of the application to the server lockdown policy - ANSWER-What is the recommended way to allow a new application to a locked down server?
Update - ANSWER-Which section in the self-help tool should be chhecked to starting investigating an updating issue on an endpoint
False - ANSWER-All Endpoints have the same tamper protection password.
Isolate the computer - ANSWER-A malicious file has been detected on an endpoint and you want to prevent lateral movement through your network.
From the threat case, which action do you take?
Servers or server groups - ANSWER-Server policies are only applied to....
The base policy is bypassed - ANSWER-You have cloned the threat protection base policy, applied the policy to a group and saved it.
When checking the endpoint, the policy changes have not taken effect. What do you check in policy?
Separate download that detects and removes malware - ANSWER-The virus removal clean up tool is a...
Management Communication - ANSWER-You want to check an endpoint has received the latest policy updates from Sophos Central.
Which tab do you select in the Endpoint Self-Help Tool to view the last communication date and time?
avremove log - ANSWER-A Windows endpoint installation is falling. It is detecting competitor software.
Which log file do you check to investigate this issue?
Management Communications System - ANSWER-All endpoints communicate with the Sophos Central Console via?
Manage endpoint software - ANSWER-Components can be assisned to or removed from endpoints by selecting the endpoint(s) from the list and selecting
Policies - ANSWER-Are used in Sophos Central to define the security measures that will be applied to protected endpoints.
Users tab - ANSWER-Tab where you can apply the policy to the required users
Groups tab - ANSWER-If your are creating a policy to be deployed to multiple users, you can use____ to apply to it specific groups.
Settings tab - ANSWER-Where you will see an Active Adversary Mitigation drop down menu.
Live protection - ANSWER-Checks suspicious files against the latest information in Sophos Labs.
You can select to enable this during scheduled scans and automatically submit samples to Sophos.
Deep learning - ANSWER-Uses advance machine learning to detect threats. It can identify known and previously unknown malware and potentially unwanted applications without using signatures.
Real time scanning - ANSWER-Scans files as users attempt to access them, denies access unless the file is clean.
Remediation - ANSWER-Sophos Central will attempt to clean up detected malware automatically. If this is successful, the alert in Sophos Central against the compromised endpoint is deleted. The detection and clean up are displayed in the events list.
Runtime Protection - ANSWER-Protects threats by detecting suspicious or malicious behaviour or traffic
Device Isolation - ANSWER-when enabled, allows computers to isolate themselves if they have a red health status.
Peripheral control policies - ANSWER-Policy that let you both monitor and block the use of removable devices and other peripherals on your endpoints
Application Control - ANSWER-lets you monitor and manage the applications that your users have access to.
Data loss prevention - ANSWER-is part of endpoint protection and controls accidental data loss by monitoring and restricting the transfer of files containing sensitive date.
Update Management Policies - ANSWER-Policy that can be used to specify when product updates become available to devices.
Monitor Only - ANSWER-Level of monitoring
This is the default option that enables devices to report their firewall status to sophos central
Monitor and Configure Network Profiles - ANSWER-Level of monitoring
This reports their firewall status, you can choose whether to block or allow inbound connections on Domain, Private and Public networks.
Tamper Protection - ANSWER-can be used to prevent users from uninstalling the Sophos Agent or modifying their protection settings
Content Control Lists - ANSWER-Data Loss Prevention Policies use this to define a set of conditions that specify the file content.
Allow transfer, allow transfer if user confirms, block transfer - ANSWER-Creating file content rules follows the same process as content rules.
The actions that can be defined for a rule are:
Server protection and intercept X advanced for servers - ANSWER-Two server protection licenses
Server protection - ANSWER-Includes all of the standard real-time scanning protection, web protection, detection of command and control traffic and Sophos Security Heartbeat
Intercept X advanced for servers - ANSWER-includes all of the server protection features and adds significant real-time protection, including machine learning.
Server policies - ANSWER-define the security measures that will be used for you servers.
Server lockdown - ANSWER-feature that allows you to restrict the applications that can run on your servers, and also which of them can interact with each other.
endpoint agent and sophos security virtual machines - ANSWER-Sophos two approached to protect virtual machines
Endpoint and Server Protection - ANSWER-will detect a number of threats in your environment, these will be recorded as events and will be listed with a detection type
SUS detection - ANSWER-Type of detection that based on properties of the file which make it likely that is malware, however, there is less certainty because it does not match the definition of a known piece of malwar.
HIPS detection - ANSWER-Type of detection that are triggered when an application performs action that are classed as malicious.
CXmail - ANSWER-are email-born threats, and are detected pre-execution
CXweb - ANSWER-are malicious files detected before the download take place.
ADware - ANSWER-are applications that may be legitimate but can post a risk to your network. blocked in pre-execution
Pre execution and post execution - ANSWER-Types of detection
Endpoint Detection and Response - ANSWER-provides greater visibility of data that is relevant for detecting, investigating and mitigating advanced threats and suspicious activities.
Event and incident detection - ANSWER-provides visibility to changes on the endpoint
Incident response - ANSWER-is the process of determining if an incident is malicious, how it occurred and how to respond.
Threat hunting - ANSWER-is a proactive exercise that seeks to determine the presence of an ongoing or persistent intrusion or attack
Forensic investigation - ANSWER-is an evidentiary process that seeks to re-create as much relevant data associated with a security incident as possible.
Threat cases - ANSWER-are created when suspicious activity is detected on an endpoint, and generally take around 2-3 mins to be created.
Machine learning scan - ANSWER-Is a type of scan that is looking for the technique used in exploits rather than the specific characteristics of a malicious file. [Show Less]