1. XG Firewall Overview v17.

5
1. Which feature of the XG Firewall helps prevent a computer infected by a trojan from transmitting
personal information out of their network?
The answer can be found in Module 1: XG Firewall Overview on slide 21.

2. Getting Started with XG Firewall v17.5

1. How do you reboot the XG Firewall?

2. What 2 types of zone can be created on the XG Firewall?

3. Which zone is typically used for Internet services?

3. Network Protection v17.5

1. TRUE or FALSE: An IPS detection on the XG Firewall can cause an endpoint to be notified to
change its health status to red.

2. Look at the network diagram below.

One computer has a red health status. On which 2 of the networks can the endpoints be protected from the
computer with a red health status?
The answer can be found in Module 3: Network Protection on slide 47.

4. Firewall Icons v17.5

This study source was downloaded by 100000840805068 from CourseHero.com on 01-27-2022 08:57:17 GMT -06:00

https://www.coursehero.com/file/59693235/Cevaplardocx/
 1. Which firewall icon shown would represent a network rule that will drop or reject traffic?

5. Heartbeat Configuration v17.5

1. You are configuring Security Heartbeat in a firewall rule that allows computers connected on the LAN
to access intranet servers. You want to ensure that only computers that have a GREEN Security Heartbeat
have access.

Which configuration should you use?

6. NAT Rules v17.5

1. You need to DNAT for HTTPS and SSH from a WAN IP address on the XG Firewall to a server in the
DMZ zone. SSH is running on a non-standard port on the server in the DMZ. You will configure the DNAT

This study source was downloaded by 100000840805068 from CourseHero.com on 01-27-2022 08:57:17 GMT -06:00

https://www.coursehero.com/file/59693235/Cevaplardocx/
 rule to listen on 2222 to match the port on the server in the DMZ. Enter the number (in digits) of DNAT rules
that you need to create.
The answer can be found in Module 3: Network Protection on slide 25.

7. Site-to-Site Connections v17.5

1. You have a RED device deployed at a remote network in a standard/split configuration. When you
connect a Sophos access point to the remote network it never appears in the pending access point list on
the XG Firewall. What configuration change needs to be made for the RED connection?

2. You are in the process of deploying multiple RED devices. Due to bandwidth issues at the head
office, which 2 modes of deployment could be used to so that only necessary traffic is routed back to the
head office?

3. When creating a site-to-site VPN between an XG Firewall and another vendor’s firewall, what is the
best protocol to use?

8. Authentication v17.5
1. TRUE or FALSE: The Sophos Chromebook User ID app is deployed to Chromebooks from the XG
Firewall.

2. When using STAS, where in the network can the agent software installed and configured?

3. You have been asked to install STAS on your servers. Which 3 of the following are required for the
installation to be successful?

9. Web Protection and Application Control v17.5

1. TRUE or FALSE: The XG Firewall's light implementation of Cloud Access Security Broker blocks all
cloud applications by default.

2. You would like to restrict users from logging into Google services that are not tied to company
approved domains. Where in a web policy can you find the option to enforce that only certain domains are
available for Google Apps?

3. When testing a new web policy, you are still able to access pages that should be blocked. What is
the most likely reason for this?
The answer can be found in Module 6: Web Protection and Application Control on slide 6.

10. Surfing Quotas v17.5

1. You have been asked to create a surfing quota for guests that allows access to the Internet for 20
hours in a week and then terminates the connection with no recurrence.

This study source was downloaded by 100000840805068 from CourseHero.com on 01-27-2022 08:57:17 GMT -06:00

https://www.coursehero.com/file/59693235/Cevaplardocx/
 Which image shows the best way to configure the surfing quota?

11. Email Protection v17.5

1. You need to enable recipient verification, where would you do this?

2. In Email Protection, which 2 methods can be used to define which internal mail servers incoming
emails are routed to?

12. Wireless Protection v17.5

1. You configure a printer on the wireless guest network but when you go to test the device, you cannot
find it. What wireless setting may be the cause of this?

2. Which of the following best describes the Bridge to AP LAN security mode for wireless networks?

3. In Wireless Protection, which 2 of the following are ways that MAC filtering can be configured?

13. Remote Access v17.5

1. Which 2 operating systems is the Sophos Connect IPsec client available for?

This study source was downloaded by 100000840805068 from CourseHero.com on 01-27-2022 08:57:17 GMT -06:00

https://www.coursehero.com/file/59693235/Cevaplardocx/
 2. You are configuring Clientless VPN Portal access for users of a specific application. The application
supports HTTPS, SSH, DCOM, and RPC connections. Which 2 of these would be available to use in the
clientless VPN portal?

14. Logging, Reporting and Troubleshooting v17.5

1. Which 4 of the following reports would be useful for detecting data leakage?

2. There are several important reports that need to be examined on a regular schedule from the XG
Firewall. You want to make these easily available when working with the WebAdmin interface. How can this
be accomplished?

3. When you click links to firewall rules and policies in the log viewer, where does it open?

15. Management, Sizing and Evaluation v17.5

1. A client is asking about the features that can be used on an XG firewall without a separate license.
Which 3 of the following features are included in the Sophos XG Firewall base license?

2. Which 2 of the following deployment methods require you to purchase a separate Sophos XG
Firewall base license?
The answer can be found in Module 11: Sizing and Evaluation on slide 8.

3. The XG Firewall can be deployed as a virtual appliance. Which 5 virtualization platforms is the XG
Firewall 17.5 supported on?

16. Labs v17.5

1. You are configuring a new XG Firewall and have already forgotten your admin password. You have
not created any other administrator users yet. How can the admin password be reset to the default?

2. The image below shows a NAT rule.

This study source was downloaded by 100000840805068 from CourseHero.com on 01-27-2022 08:57:17 GMT -06:00

https://www.coursehero.com/file/59693235/Cevaplardocx/
 Which 4 of the following statements about this NAT rule are TRUE?

3. After enabling ATP on the XG Firewall, you test the ATP policy and cannot get the block page to
appear. You examine the configuration to see what is misconfigured.

This study source was downloaded by 100000840805068 from CourseHero.com on 01-27-2022 08:57:17 GMT -06:00

https://www.coursehero.com/file/59693235/Cevaplardocx/
 Select the item that is preventing the block page from appearing.

4. You have created an SSL VPN Remote Access policy for your Active Directory users, but you are
unable to authenticate successfully to establish a VPN connection. What do you need to do to resolve the
issue?

5. TRUE or FALSE: IPS policies can be applied to both User/Network rules and Business Application
rules.
The answer can be found in lab task 3.7.

6. TRUE or FALSE: Hotspots can only be created for wireless networks using the separate zone
access method.

7. In Email Protection, where do you enable the SPX Reply Portal?

8. How do you enable and disable IPsec VPNs?

The answer can be found in lab task 4.2

This study source was downloaded by 100000840805068 from CourseHero.com on 01-27-2022 08:57:17 GMT -06:00

https://www.coursehero.com/file/59693235/Cevaplardocx/
Powered by TCPDF (www.tcpdf.org)