Question 1

1 What is the maximum number of external syslog servers you can configure on XG Firewall?

5#####

10

Question 2

You have been asked to install STAS on your servers. Which 3 of the following are required for
the installation to be successful?

Active Directory

A SQL Server

An IIS ServerAn account with access to the Windows security log

An account with logon as a service rights

Question 3

When using Central Firewall Management, which of the following statements is TRUE?

Only 1 XG Firewall can be managed per Central account

XG Firewalls are not assigned a group be default

XG Firewalls are grouped by default

Only new XG Firewall groups can be created

Question 4

Which of the following DoS and spoof protection modes will drop packets if the source MAC
address is not configured as a trusted MAC?

IP Spoofing

IP-MAC

MAC filter

Question 5

As part of the initial setup wizard, XG Firewall will create a default rule for outbound traffic.
Which of the following options in the initial setup wizard will enable an IPS policy?

Send suspicious files to Sophos Sandstorm

Protect users from suspicious and malicious websites

Protect users from network threats

Scan files that were downloaded from the web for malware

Question 6

Where can an end user download the SSL VPN client from to install on their workstation?

User Portal

sophos.com

Sophos Central

WebAdmin

Question 7

Which option must be enabled before you can start managing your XG Firewall in Sophos
Central?
Manage Policy

Accept management services

Use Sophos Central management

Manage Firewall

Question 8

What is the Clientless Access Portal used for?

To provide access to internal resources without the need for a VPN client to be installed

To provide user access to the XG Firewall using mobile devices

To provide SSL VPN connections to 3rd party platforms

Question 9

Which of the following is an attack using a spoof email to persuade users to provide sensitive
information or credentials?

Phishing

Remote Access Trojan (RAT)

Cross Site Scripting

Spam

Bulk Email

Question 10

You have configured one-time passwords. John Smith is trying to login to the User Portal; his
password is 'xgfirewall'. Below you can see the login screen and his token.

xgfirewall396145

Question 11

Which 3 options should be configured to ensure the most secure scanning settings are in place
to protect users as they browse the web?

Unscannable content: Block

Unscannable content: Allow

Engine selection: Dual engine

Malware scan mode: Real-time

Malware scan mode: Batch

Engine selection: Single engine

Question 12

In Email Protection, which 3 methods can be used to define which internal mail servers incoming
emails are routed to?

DNS Host

Static Host

Policy Route

Dynamic Host

Static Route

MX

Question 13

Which of the following best describes greylisting?

The first attempt to deliver a message is temporarily denied

Emails received from servers that do not have an SPF record are referred to Sophos for
additional checks

The XG Firewall uses DNS to check the reputation of the sending server using real-time lists

The IP and hostname of the sending server are checked to ensure they resolve to each other
Question 14

Which 3 of the following can be configured as objects in XG Firewall?

Firewall rules

Hosts

SSL/TLS inspection rules

Services

NAT rules

Question 15

Which 2 features are required if you want to make use of lateral movement protection?

Sandstorm Sandboxing

Intrusion Prevention System (IPS)

Intercept X

Server or endpoint protection

Advanced Threat Protection (ATP)

Question 18

Which interface type is a virtual LAN interface created on an existing XG interface?

Bridge

Alias

LAG
RED

VLAN

Question 19

During troubleshooting you do not see as much information in the log files as you were
expecting. What setting needs to be changed to see all the traffic passing through a firewall rule?

Verbose logging

Log firewall traffic

Log all traffic

Debug logging

Audit firewall rule

Question 20

When a RED is deployed in Standard/Unified mode, how do the computers on the remote
network get their IP address?

From a DHCP server running on the XG Firewall

From a DHCP server running on the RED

From a DHCP server running on the router at the remote site

Não tem certeza? Marque esta questão para ser revisada antes de enviar o exame.

Question 21
TRUE or FALSE: The XG Firewall's lite implementation of Cloud Access Security Broker blocks all
cloud applications by default.

TRUE

FALSE

Question 22

Which feature can harden forms, sign cookies and scan for malware?

Advanced Threat Protection (ATP)

Web Server Protection

Intrusion Prevention (IPS)

Security Heartbeat

Question 25

Which is the most common deployment scenario for XG Firewall?

Bridge Mode

Web Application Firewall (WAF)

Discover Mode

Gateway Mode

Question 27

When creating a NAT rule which option allows you to select different source NATs based on the
outbound interface within a single rule?

Loopback policy

Override source translation (SNAT)

Reflexive policy

Outbound interface

Question 28

How do you enable and disable IPsec VPNs?

Using the ON/OFF toggle switch

By clicking on the status indicators

They are always enabled unless the connection is down

Through the Console

Não tem certeza? Marque esta questão para

Question 29

After creating various rules, you find that HTTP access is being blocked from the LAN to the
Internet.

The rule was created with a drop action instead of allow

The rule is turned of

There is no rule created to allow this traffic

The rule was created as a Business Application Rule instead of a Network Rule

The source and destination on the rule are reversed

Question 30

What 2 of the following are methods that can be used to allow access to a wireless hotspot on
the XG Firewall?
Token

Voucher

IP Address

Password of the Day

Encryption Key

Question 31

If a new application is added that matches an existing application control filter rule, which of the
following statements is TRUE?

The application is automatically included in the existing rule

A new application filter rule is created for that application

The application is blocked until it is checked against the existing rule

The application needs to be added to the existing rule

Question 32

TRUE or FALSE: Keyword libraries can be uploaded to XG Firewall and applied to any web filtering
policy as an added criteria with actions to log and monitor, or block search results or websites
containing the keywords of interest.

FALSE

TRUE

Não tem certeza? Marque esta questão para ser revisada antes de enviar o exame.

Question 33

You are working with sensitive corporate data and want to ensure that traffic from remote
locations is monitored and blocked from leaving the corporate LAN. What would be the most
appropriate security mode to deploy the RED devices in?
Standard/Split

Transparent/Split

Standard/Unified

Question 34

Which metric can be used to identify risky users who are responding to spear phishing attempts?

Compliance report

User Threat Quotient (UTQ)

Web Report

User Risk meter

Question 35

When creating a site-to-site VPN between an XG Firewall and another vendor’s firewall, what is
the best protocol to use?

SSL

L2TP

PPTP

IPsec

Question 36

Which of the following best describes the Bridge to AP LAN security mode for wireless networks?

Wireless traffic is routed from the AP directly onto the LAN

A bridge interface is created between the wireless network and LAN

Wireless traffic is routed through the XG Firewall to the LAN

The AP is configured on its own LAN segment and traffic is managed separately

Question 37

You need to create a user account to authenticate a VoIP system that needs access to the
Internet. The system does not have the ability to authenticate with your directory service.

What type of user would you create to accomplish this?

System User

Clientless User

Guest User

Directory Service User

Question 39

Which XG Firewall feature is able to block access to command and control servers?

SSL/TLS inspection

Advanced Threat Protection (ATP)

Application control

Intrusion Prevention (IPS)

Question 40

When using STAS, where in the network can the agent software be installed and configured?

On each computer connecting to the network

On a Microsoft Active Directory server in the network

On a Novell directory server on the network

On a server that is not a member of the domain

On the XG Firewall that will be authenticating users

Não tem certeza? Marque esta questão para ser revisada antes de enviar o exa