When a RED is deployed in Standard/Unified mode, how do the computers on the

remote network get their IP adresss?

From a DHCP server running on the XG firewall

You are preparing a hardware XG Firewall for installation on a remote site. The order
for the license has not yet been processed. Which registration option do you select in
the Initial Setup wizard?
I do not want to register now

You have created a repot that displays data that you wish to check on a daily basis.
how can you make this data easily available in the WebAdmin interface??
Create a bookmark for the report

Which of the following best describes greylisting?

The first attempt to deliver a message is temporarily denied.

One computer has a red health status. ON which 2 of the networks can the
endpoints be protected from the computer with a a red health status?
A. C

Sophos XG hardware devices come pre-loaded with software.

True

Which 2 features are required if you want to make use of lateral movement
protection?
Server or endpoint protection. Intercept X

Which XG firewall feature is able to block access to command and control servers?
Advanced Threat Protection

Which 2 methods are supported for logoff detection when using STAS
PING, Workstation Polling

Type the name of the only zone that cannot have a physical port or interface
assigned to it
Vpn

DHCP can be used to override the magic IP if the XG Firewall is not the default
gateway.
False

Which web filtering method can offload traffic to the FastPath?

DPI

Which interface type is a virtual LAN created on an existing XG interface

VLAN

Which of the following statements about zero-touch deployment are TRUE

Zero-touch configuration rules can only be created for unregistered hardware serial
numbers
What is the clientless Access portal used for?
To provide access to internal resources without the need for a VPN client to be
installed

Which firewall icon represents a disabled user Rule?

C

Which page list all current applications that are connecting through the XG Firewall?
Live connections

How many days of data is available in Sophos Central?

7 days

What do you need to do in order to use NTLM and Kerberos for web authentication?
Enable AD SSO per zone on the Device Access page

The XG firewall's life implementation of Cloud Access security Broker blocks all
cloud applications by default
False

Below Below is an image of the XG Firewall Control Center. From here, what would
you click to access the Policy Test Simulator
Log Viewer

Which 4 of the following are supported external authentication servers on Sophos

XG firewall 18.0?
eDirectory. Radius, Active directory. LDAP

The option to create loopback and reflexive Nat rules is only when adding NEW NAT
rule, not when editing an existing NAT rule.
True

Which 3 options should be configured to ensure the most secure scanning settings
are in place to protect users as they browse the web?
Malware scan mode: Batch, Engine Selection, Dual engine. Content : Block

Which deployment mode can protect web servers from common attacks?
Web Application Firewall

What 2 of the following are methods that can be used to allow access to a wireless
hotspot on the XG Firewall
Voucher, Password of the Day

In Email Protection, where do you enable SPX Reply Portal

SPX Template

Which metric can be used to identify risky users who are responding to speak
phishing attempts?
User Threat Quotient
You have configured one-time passwords. John Smith is trying to login to the User
Portal; his password is 'xgfirewall' Below you can see the login screen and his token
xgfirewall396145

Whre can an end user download the SSL VPN client from to install on their
workstation?
User Portal

Which of the following DoS and spoof protection modes will drop packets if the
source MAC address is not configured as a trusted MAC?
Mac filter

Which 2 of the following statements correctly describe how firewall rules are applied?
Packets that don't math a firewall rule are dropped and logged Packets are tested
against firewall rules in order and the first match is used

The Sophos Chromebook User ID app is deployed to Chromebook from the XG

firewall
False

Which is the control port in RED connections?

TCP:3400

you are working with sensitive corporate data and want to ensure that traffic from
remote locations is monitored and blocked from leaving the corporate LAN. What
would be the most appropriate security mode to deploy the RED devices in
Standard/Unified
NAT rules require firewall rules to allow traffic
True

When creating a NAT rule which option allows you to select

Override source translation

When creating a NAT rule which option allows you to select different source NATs
based on the outbound interface within a single rule?
Override source translation

Which 2 methods can be used to generate one-time passwords for authenticating

with the XG Firewall
Bridge, transparent