Professional Documents
Culture Documents
Documento
Documento
Documento
1 What is the maximum number of external syslog servers you can configure on XG Firewall?
5#####
10
Question 2
You have been asked to install STAS on your servers. Which 3 of the following are required for
the installation to be successful?
Active Directory
A SQL Server
Question 3
When using Central Firewall Management, which of the following statements is TRUE?
Question 4
Which of the following DoS and spoof protection modes will drop packets if the source MAC
address is not configured as a trusted MAC?
IP Spoofing
IP-MAC
MAC filter
Question 5
As part of the initial setup wizard, XG Firewall will create a default rule for outbound traffic.
Which of the following options in the initial setup wizard will enable an IPS policy?
Scan files that were downloaded from the web for malware
Question 6
Where can an end user download the SSL VPN client from to install on their workstation?
User Portal
sophos.com
Sophos Central
WebAdmin
Question 7
Which option must be enabled before you can start managing your XG Firewall in Sophos
Central?
Manage Policy
Manage Firewall
Question 8
To provide access to internal resources without the need for a VPN client to be installed
Question 9
Which of the following is an attack using a spoof email to persuade users to provide sensitive
information or credentials?
Phishing
Spam
Bulk Email
Question 10
You have configured one-time passwords. John Smith is trying to login to the User Portal; his
password is 'xgfirewall'. Below you can see the login screen and his token.
xgfirewall396145
Question 11
Which 3 options should be configured to ensure the most secure scanning settings are in place
to protect users as they browse the web?
Question 12
In Email Protection, which 3 methods can be used to define which internal mail servers incoming
emails are routed to?
DNS Host
Static Host
Policy Route
Dynamic Host
Static Route
MX
Question 13
Emails received from servers that do not have an SPF record are referred to Sophos for
additional checks
The XG Firewall uses DNS to check the reputation of the sending server using real-time lists
The IP and hostname of the sending server are checked to ensure they resolve to each other
Question 14
Firewall rules
Hosts
Services
NAT rules
Question 15
Which 2 features are required if you want to make use of lateral movement protection?
Sandstorm Sandboxing
Intercept X
Question 18
Bridge
Alias
LAG
RED
VLAN
Question 19
During troubleshooting you do not see as much information in the log files as you were
expecting. What setting needs to be changed to see all the traffic passing through a firewall rule?
Verbose logging
Debug logging
Question 20
When a RED is deployed in Standard/Unified mode, how do the computers on the remote
network get their IP address?
Não tem certeza? Marque esta questão para ser revisada antes de enviar o exame.
Question 21
TRUE or FALSE: The XG Firewall's lite implementation of Cloud Access Security Broker blocks all
cloud applications by default.
TRUE
FALSE
Question 22
Which feature can harden forms, sign cookies and scan for malware?
Security Heartbeat
Question 25
Bridge Mode
Discover Mode
Gateway Mode
Question 27
When creating a NAT rule which option allows you to select different source NATs based on the
outbound interface within a single rule?
Loopback policy
Outbound interface
Question 28
Question 29
After creating various rules, you find that HTTP access is being blocked from the LAN to the
Internet.
The rule was created as a Business Application Rule instead of a Network Rule
Question 30
What 2 of the following are methods that can be used to allow access to a wireless hotspot on
the XG Firewall?
Token
Voucher
IP Address
Encryption Key
Question 31
If a new application is added that matches an existing application control filter rule, which of the
following statements is TRUE?
Question 32
TRUE or FALSE: Keyword libraries can be uploaded to XG Firewall and applied to any web filtering
policy as an added criteria with actions to log and monitor, or block search results or websites
containing the keywords of interest.
FALSE
TRUE
Não tem certeza? Marque esta questão para ser revisada antes de enviar o exame.
Question 33
You are working with sensitive corporate data and want to ensure that traffic from remote
locations is monitored and blocked from leaving the corporate LAN. What would be the most
appropriate security mode to deploy the RED devices in?
Standard/Split
Transparent/Split
Standard/Unified
Question 34
Which metric can be used to identify risky users who are responding to spear phishing attempts?
Compliance report
Web Report
Question 35
When creating a site-to-site VPN between an XG Firewall and another vendor’s firewall, what is
the best protocol to use?
SSL
L2TP
PPTP
IPsec
Question 36
Which of the following best describes the Bridge to AP LAN security mode for wireless networks?
Question 37
You need to create a user account to authenticate a VoIP system that needs access to the
Internet. The system does not have the ability to authenticate with your directory service.
System User
Clientless User
Guest User
Question 39
Which XG Firewall feature is able to block access to command and control servers?
SSL/TLS inspection
Application control
Question 40
When using STAS, where in the network can the agent software be installed and configured?
Não tem certeza? Marque esta questão para ser revisada antes de enviar o exa