12/6/21, 9:19 AM SOPHOS TECHNICIAN Flashcards | Quizlet

GET IT NOW: 90% off Quizlet Plus

SOPHOS TECHNICIAN Ends in 14d 23h 23m 04s
Study

90% off Plus

Profi

SOPHOS TECHNICIAN

Get access to all your stats, your personal progress dashboard and smart study shortcuts with Quizlet Plus.
Unlock Progress

Terms in this set (74)

What permissions does the user need to connect to

Read
AD to gather the user and group information?

TRUE or FALSE: Only PE files can be restored from

True
SafeStore through the user interface.

What is the minimum type of user required to

Domain user connect to AD to gather the user and group
information?

By default, computers get the latest Sophos

Global settings > Controlled
product updates automatically, where can an admin
Updates
change this to allow control over updates?

You want to test the default SSL LDAP port for

Active Directory synchronization. Enter the
telnet dc.sophos.local 636
command you would use to verify connectivity to a
domain controller named dc.sophos.local. _____

https://quizlet.com/511844178/sophos-technician-flash-cards/ 1/9
12/6/21, 9:19 AM SOPHOS TECHNICIAN Flashcards | Quizlet

SOPHOS TECHNICIAN
%ProgramData%\sophos\sophos Where is the AD sync log location? Study

cloud AD sync\logs

The Central Admin Dashboard shows that none of

your endpoints are using one of your update
nslookup caches. When pinging the update cache by name it
fails. What command do you use to investigate this
further?

TRUE or FALSE: Tamper Protection is enabled by

True
default in Sophos Central.

Which 2 methods does Sophos provide that will

(1) Sophos Endpoint Self Help

display the status of all Sophos services on

(2) Sophos Central
Windows computers? Choose two (2).

The connection was blocked Which of the following statements is TRUE for a
but the root cause has NOT C2/Generic-C detection?
been cleaned up

Where do you check to see if the AD sync schedule

Active Directory Sync Utility
has been configured correctly?

Global Settings Where can the AD Sync tool be obtained from?

To detect man-in-the-middle What is the function of Safe Browsing in Intercept

attacks X?

(1) Program Where can you find the SafeStore quarantine

Data\Sophos\SafeStore
folders on a Windows Endpoint? Choose two (2).
(2) Program
Data\Sophos\Sophos Anti-
Virus\SafeStore

https://quizlet.com/511844178/sophos-technician-flash-cards/ 2/9
12/6/21, 9:19 AM SOPHOS TECHNICIAN Flashcards | Quizlet

SOPHOS TECHNICIAN What is the third step of the troubleshooting Study

Resolve and verify process?

(1) The threat was found in an Which 2 of the following are reasons why manual
archive
cleanup may be required? Choose two (2).
(2) The threat was found in a
mailbox

TRUE or FALSE: You can recover the Tamper

True Protection password for a deleted endpoint in
Sophos Central.

TRUE or FALSE: Sophos recommends disabling

True
HTTPS inspection for Sophos updating traffic.

AD Sync is not working, you have successfully

pinged the DC by both name and IP address. Which
389
port do you use with telnet to confirm the LDAP
port is accessible?

What is the location of AutoUpdate's warehouse on

amData\Sophos\AutoUpdate\data\warehouse
a protected endpoint?

(1) Germany
When setting up a new Sophos Central account,
(2) United States
which 3 of the following are the datacentre
(3) Ireland locations you may select? Choose three (3).

(1) Ability to disable Tamper Which 3 of the following are required to perform
Protection
troubleshooting on an endpoint? Choose three (3).
(2) Administrative rights to the
network and AD

(3) Administrative rights to the

endpoint

https://quizlet.com/511844178/sophos-technician-flash-cards/ 3/9
12/6/21, 9:19 AM SOPHOS TECHNICIAN Flashcards | Quizlet

SOPHOS TECHNICIAN Web Control has been configured to block access

Study
Use settings > website
to a category, but this is preventing access to a
management to override the
desired location. Which of the following methods
category for the website URL
can be used to allow access to this site without
to one which is not blocked
allowing access to other sites in the same category?

Where is the
ogramData%\Sophos\CloudInstaller\Logs 'SophosCloudInstaller_<time_and_date_stamp>.log'
found?

TRUE or FALSE: The default Update Cache TCP port

False
of 8191 can be modified.

Which of the following Windows tools do you use to

nslookup resolve IP addresses to hostnames and hostnames
to IP addresses?

Which of the following Windows tools do you use to

ping
test IP network connectivity?

Enter the command you would use to display the

netsh winhttp show proxy
current configuration of the system proxy. _____

On a Windows computer, which component logs

Sophos Intercept X
information to the 'Sophos.log' file?

In the Threat Protection policy Where is automatic self-isolation enabled?

(1) To remove malware and What are the 2 primary functions of Sophos Clean?
PUA's
Choose two (2).
(2) To move all detected items
to SafeStore

https://quizlet.com/511844178/sophos-technician-flash-cards/ 4/9
12/6/21, 9:19 AM SOPHOS TECHNICIAN Flashcards | Quizlet

SOPHOS TECHNICIAN Enter the command you would use to resolve the IP
Study

nslookup srv.sophos.local address of srv.sophos.local and show the DNS

server providing the resolution. _____

Date and time are incorrect on Why would the 'Last time updated from cache'
the Update Cache server status show as 'in a year'?

(1) From the device page

In which 2 places can you create a forensic
(2) From a threat case snapshot? Choose two (2).

(1) The certificate

In which 3 ways can you allow a quarantined file to
(2) SHA-256
be restored? Choose three (3).
(3) The file paths

When investigating an updating issue on one of

your endpoints, you used the telnet command to
Windows client firewall
connect to dci.sophosupd.com on port 443. This
blocking traffic
confirmed that there is a problem using a direct
connection. What is most likely to be causing this?

TRUE or FALSE: A single instance of AD Sync can

True
synchronise from multiple domains in a forest?

What command can be used to clear the DNS

ipconfig /flushdns
cache?

What step do you need to take before you bulk

Test the deployment script deploy Sophos Central to endpoints using a startup
script in GPO?

Which installer runs the Competitor Removal Tool

Sophos Anti-Virus
(CRT)?

https://quizlet.com/511844178/sophos-technician-flash-cards/ 5/9
12/6/21, 9:19 AM SOPHOS TECHNICIAN Flashcards | Quizlet

SOPHOS TECHNICIAN
Root Cause Analysis
What is the second step of the troubleshootingStudy
process?

Where in the Endpoint Self Help Tool will show if an

Update > Update configuration
endpoint is using a proxy for updating?

If the Windows Firewall service is stopped or

Restart the Update Cache disabled when the Update Cache is deployed, then
service the firewall rule to allow TCP 8191 will not have been
created. How do you resolve this?

TRUE or FALSE: All quarantined data is encrypted in

True
SafeStore.

When clearing the local AutoUpdate cache prior to

(1) Warehouse

forcing an update, which 2 of the following folders

(2) Decoded
do you need to rename? Choose two (2).

Where is the 'install.log' found on a Mac OS X

/private/var/log
endpoint?

What is the term for an attack that uses techniques

zero-day threats
that anti-virus does not yet detect?

Virus Removal tool Which of these cleanup tools will scan for root kits?

You see the following error in the

SophosUpdate.log:

WARN [WARN] copy from upstream failed: Cannot

The Update Cache server has
write resource:
run out of disc space
C:/Programdata/sophos/autoupdate/data/warehou
se/9548-885

What could this indicate?

https://quizlet.com/511844178/sophos-technician-flash-cards/ 6/9
12/6/21, 9:19 AM SOPHOS TECHNICIAN Flashcards | Quizlet

SOPHOS TECHNICIAN TRUE or FALSE: AD sync needs to be installed on a

Study
False DC?

The option to stop the AutoUpdate service is

Tamper Protection is enabled greyed out in Windows Services. What is the most
likely reason for this?

Which of the following Windows tools do you use to

ipconfig
display the network configuration?

Enter the command you would use to resolve the IP

ping srv.sophos.local address of srv.sophos.local and test network
connectivity to the server at the same time. _____

Enter the command you would use to test IP

ping 172.16.2.20
network connectivity to the address 172.16.2.20. _____

Enter the command you would use to remove the

netsh winhttp reset proxy
currently configured system proxy. _____

When troubleshooting an endpoint, how long can

4 hours
you override the Sophos Central policy for?

(1) Boot into Safe Mode and You wish to uninstall the Sophos Endpoint software
disable Tamper Protection via from a Windows 10 computer. However, Tamper
the Registry
Protection is enabled, and the device is no longer
(2) Retrieve the password for present within Central Admin. Which 2 of following
the deleted endpoint within are supported methods of removal? Choose two
Central so you can then enter (2).
this within the local Endpoint
UI

https://quizlet.com/511844178/sophos-technician-flash-cards/ 7/9
12/6/21, 9:19 AM SOPHOS TECHNICIAN Flashcards | Quizlet

SOPHOS TECHNICIAN
To protect against
Why is it important to apply updates and patches to
Study

all applications and operating systems across your

vulnerabilities in software
network?

AutoUpdate performs its first check 5 minutes after

the service starts. At what interval does AutoUpdate
60 mins
then check for software, threat detection data and
other available updates?

Alerts are created when an Which of the following statements is TRUE about
action is required alerts?

To detect malicious file What is the function of CryptoGuard?

encryption by ransomware

TRUE or FALSE: AD Sync will delete groups and

True users with no Central Admin role when they are no
longer present in the search results?

(1) An unknown file

Which 2 of the following are malicious file
(2) An executable file in a indicators? Choose two (2).
temporary file location

Where can you find more information about a

The Threat Library
specific threat?

TRUE or FALSE: C:\TEMP should never be

True
whitelisted in Sophos Central.

(1) uc.log
You suspect an issue with you Update Cache. Which
(2) downloader.log 2 logs do you need to examine? Choose two (2).

https://quizlet.com/511844178/sophos-technician-flash-cards/ 8/9
12/6/21, 9:19 AM SOPHOS TECHNICIAN Flashcards | Quizlet

SOPHOS TECHNICIAN Which feature would protect the Sophos installation

Study
Tamper Protection
from becoming disabled by malware?

The connection was NOT Which of the following statements is TRUE for a
blocked and the threat has C2/Generic-B detection?
NOT been cleaned up

What is the first step of the troubleshooting

Define the issue
process?

To prevent malicious behavior What is the function of application lockdown in

in software Intercept X?

If an installation of Sophos Central failed on a

osCloudInstaller_<time_and_date_stamp>.log Windows computer, which log file would you refer
to first to help diagnose the problem?

When configuring AD synchronization, what

DC=SOPHOS,DC=LOCAL location was defined by default in filters under the
User Discovery Filters tab?

TRUE or FALSE: You can deploy an update cache

True
without a Message Relay.

Which switch will prevent the installer from being

--quiet
displayed during a scripted deployment?

https://quizlet.com/511844178/sophos-technician-flash-cards/ 9/9