In the Data Loss Prevention Rule
You want to change an action for 'confidential' content.
Where in Sophos Central do you make this
... [Show More] change?
Modifying protection settings and uninstalling the endpoint agent
Two of the following that tamper protection prevent users from doing
Installed components
An endpoint is reporting that Sophos Autoupdate is not installed.
In the Self-Help Tool which tab do you check to view whether AutoUpdate is listed as Installed?
Threat Protection
In which policy do you enable device isolation?
To connect Sophos security solutions in real time
What is the function of Sophos Synchronized Security?
Super Admin
What is the minimum administrative role that will allow a user to manage user roles and role assignments
previously detected malware characteristics
Signature-based file scanning relies on....
Help desk
Minimum administrative role that will allow a user to scan endpoints
True
Tamper protection is enabled by default
Exclusions tab and global settings
2 places in Sophos Central do you add exclusions for servers?
Threat Protection
You want to mitigate exploits in vulnerable applications.
Which policy do you enable the features in?
Download and run the installer from Sophos Central
A method of deploying endpoint protection?
Machine learning
Is a pre-execution check performed by Intercept X?
Exploit technique detection
Which feature of Intercept X is designed to detect malware before it can execute?
Policy Enforced
You have created a new policy
Which tab do you select to enable the policy?
Ransomware
Which security threat does Intercept X protect against?
Admin
What is the minimum administrative role that will allow a user to create and edit policies
True
When protecting a Mac client, you must know the password of the administrator
Check the system requirements
What is the first step you must take when deploying virtual environments?
8190
Which TCP port is used to communicate policies to endpoints?
True
Tamper protection must be disabled before removing Endpoint Protection.
Files and Registry Entries
Two of the following are monitored when File Integrity Monitoring is enabled
Web control
Which endpoint protection policy do you edit to block users from visiting a specific website category
Give the user administrator rights to the endpoint and provide the user with the tamper protection password
You need to give a user access to change their protection settings in an emergency
Which 2 of the following allow you to do this?
To prevent the use of removable media on protected endpoints
What is the function of Peripheral Control?
False
Deleting an endpoint Sophos Central will remove the Endpoint agent from the endpoint.
To detect and stop compromised vulnerable applications
What is the function of anti-exploit technology?
Command line tool included in Sophos Central installation
The SAV32CLI clean up tool is a....
Add the path of the application to the server lockdown policy
What is the recommended way to allow a new application to a locked down server?
Update
Which section in the self-help tool should be chhecked to starting investigating an updating issue on an endpoint
False
All Endpoints have the same tamper protection password.
Isolate the computer
A malicious file has been detected on an endpoint and you want to prevent lateral movement through your network.
From the threat case, which action do you take?
Servers or server groups
Server policies are only applied to....
The base policy is bypassed
You have cloned the threat protection base policy, applied the policy to a group and saved it.
When checking the endpoint, the policy changes have not taken effect. What do you check in policy?
Separate download that detects and removes malware
The virus removal clean up tool is a...
Management Communication
You want to check an endpoint has received the latest policy updates from Sophos Central.
Which tab do you select in the Endpoint Self-Help Tool to view the last communication date and time?
avremove log
A Windows endpoint installation is falling. It is detecting competitor software.
Which log file do you check to investigate this issue?
Management Communications System
All endpoints communicate with the Sophos Central Console via?
Manage endpoint software
Components can be assisned to or removed from endpoints by selecting the endpoint(s) from the list and selecting
Policies
Are used in Sophos Central to define the security measures that will be applied to protected endpoints.
Users tab
Tab where you can apply the policy to the required users
Groups tab
If your are creating a policy to be deployed to multiple users, you can use____ to apply to it specific groups.
Settings tab
Where you will see an Active Adversary Mitigation drop down menu.
Live protection
Checks suspicious files against the latest information in Sophos Labs.
You can select to enable this during scheduled scans and automatically submit samples to Sophos.
Deep learning
Uses advance machine learning to detect threats. It can identify known and previously unknown malware and potentially unwanted applications without using signatures.
Real time scanning
Scans files as users attempt to access them, denies access unless the file is clean.
Remediation
Sophos Central will attempt to clean up detected malware automatically. If this is successful, the alert in Sophos Central against the compromised endpoint is deleted. The detection and clean up are displayed in the events list.
Runtime Protection
Protects threats by detecting suspicious or malicious behaviour or traffic
Device Isolation
when enabled, allows computers to isolate themselves if they have a red health status.
Peripheral control policies
Policy that let you both monitor and block the use of removable devices and other peripherals on your endpoints
Application Control
lets you monitor and manage the applications that your users have access to.
Data loss prevention
is part of endpoint protection and controls accidental data loss by monitoring and restricting the transfer of files containing sensitive date.
Update Management Policies
Policy that can be used to specify when product updates become available to devices.
Monitor Only
Level of monitoring
This is the default option that enables devices to report their firewall status to sophos central
Monitor and Configure Network Profiles
Level of monitoring
This reports their firewall status, you can choose whether to block or allow inbound connections on Domain, Private and Public networks.
Tamper Protection
can be used to prevent users from uninstalling the Sophos Agent or modifying their protection settings
Content Control Lists
Data Loss Prevention Policies use this to define a set of conditions that specify the file content.
Allow transfer, allow transfer if user confirms, block transfer
Creating file content rules follows the same process as content rules.
The actions that can be defined for a rule are:
Server protection and intercept X advanced for servers
Two server protection licenses
Server protection
Includes all of the standard real-time scanning protection, web protection, detection of command and control traffic and Sophos Security Heartbeat
Intercept X advanced for servers
includes all of the server protection features and adds significant real-time protection, including machine learning.
Server policies
define the security measures that will be used for you servers.
Server lockdown
feature that allows you to restrict the applications that can run on your servers, and also which of them can interact with each other.
endpoint agent and sophos security virtual machines
Sophos two approached to protect virtual machines
Endpoint and Server Protection
will detect a number of threats in your environment, these will be recorded as events and will be listed with a detection type
SUS detection
Type of detection that based on properties of the file which make it likely that is malware, however, there is less certainty because it does not match the definition of a known piece of malwar. [Show Less]