Scribd Logo
Upload

Welcome to Scribd!

  • 833 views

    Second Attemp

    Uploaded by

    Ahmed Gadoo
    This document contains questions about configuring and using an XG Firewall. It covers topics like initial setup, network protection, authentication, wireless protection, remote access, logging and reporting. The questions are multiple choice or require referencing information in training modules to find the correct answer.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Second Attemp

    Uploaded by

    Ahmed Gadoo
    833 views9 pages
    This document contains questions about configuring and using an XG Firewall. It covers topics like initial setup, network protection, authentication, wireless protection, remote access, logging and reporting. The questions are multiple choice or require referencing information in training modules to find the correct answer.

    Original Title

    second attemp.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document contains questions about configuring and using an XG Firewall. It covers topics like initial setup, network protection, authentication, wireless protection, remote access, logging and reporting. The questions are multiple choice or require referencing information in training modules to find the correct answer.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    833 views9 pages

    Second Attemp

    Uploaded by

    Ahmed Gadoo
    This document contains questions about configuring and using an XG Firewall. It covers topics like initial setup, network protection, authentication, wireless protection, remote access, logging and reporting. The questions are multiple choice or require referencing information in training modules to find the correct answer.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 9
    At a glance
    Powered by AI
    The document discusses various configuration and security topics related to the Sophos XG Firewall including features like web filtering, email protection, VPN configurations, and more.

    Some of the main features covered include web and email protection, VPN configurations (SSL and IPsec), wireless protection, authentication, logging and reporting.

    Common configuration tasks mentioned include creating VPN connections, configuring firewall rules, enabling safe search, configuring surfing quotas and authentication methods.

    1. XG Firewall Overview v17.

    5
     1. Select the correct definition of an exploit kit.

    2. Getting Started with XG Firewall v17.5


     1. You are preparing a hardware XG Firewall for installation on a remote site. The order for the license
    has not yet been processed. Which device registration option do you select in the Initial Setup wizard?

     2. How do you reboot the XG Firewall?

     3. Below is an image from the Initial Setup wizard.

    With the above options selected, which 2 of the following will be enabled in the default outbound firewall
    rule once the Initial Setup wizard is complete?

    3. Network Protection v17.5


     1. Users complain that when working long hours, they often lose access to Internet resources.
    4. Firewall Icons v17.5
     1. Which firewall icon shown would represent a rule group?

    5. Heartbeat Configuration v17.5


     1. You are configuring Security Heartbeat in a firewall rule that allows computers connected on the LAN
    to access intranet servers. You want to ensure that only computers that have a GREEN Security Heartbeat
    have access.

    Which configuration should you use?

    6. NAT Rules v17.5


     1. You need to DNAT HTTPS and SSH from a WAN IP address on the XG Firewall to a server in the
    DMZ zone. SSH is running on a non-standard port on the server in the DMZ. You need to change the port
    from 22 to 2222 as part of the DNAT. Enter the number (in digits) of DNAT rules that you need to create.
    The answer can be found in Module 3: Network Protection on slide 25.

    7. Site-to-Site Connections v17.5


     1. You have a RED device deployed at a remote network in a standard/split configuration. When you
    connect a Sophos access point to the remote network it never appears in the pending access point list on
    the XG Firewall. What configuration change needs to be made for the RED connection?
    The answer can be found in Module 4: Site-to-Site Connections on slide 38 and Module 8: Wireless
    Protection slide 20.

     2. When creating a site-to-site VPN between an XG Firewall and another vendor’s firewall, what is the
    best protocol to use?
    The answer can be found in Module 4: Site-to-Site Connections on slide 5.

     3. You are in the process of deploying multiple RED devices. Due to bandwidth issues at the head
    office, which 2 modes of deployment could be used to so that only necessary traffic is routed back to the
    head office?
    The answer can be found in Module 4: Site-to-Site Connections on slide 38.

    8. Authentication v17.5
     1. TRUE or FALSE: The Sophos Chromebook User ID app is deployed to Chromebooks from the XG
    Firewall.
    The answer can be found in Module 5: Authentication on slide 49.

     2. Which 2 methods are supported for logoff detection when using STAS?

     3. Which 2 of the following are TRUE about the hostname for user facing links?

    9. Web Protection and Application Control v17.5


     1. Which 3 of the following statements about web content filtering are TRUE?
    The answer can be found in Module 6: Web Protection and Application Control on slides 16-39.

     2. What 3 options should be configured to ensure that the most secure scanning settings are in place to
    protect users as they browse the web?
    The answer can be found in Module 6: Web Protection and Application Control on slide 46.

     3. You want to enable SafeSearch in a web protection policy on the XG Firewall, but some coworkers
    are worried about the additional load this may put on the XG Firewall. What can you tell them to ease their
    minds?

    10. Surfing Quotas v17.5


     1. You have been asked to create a surfing quota for guests that allows access to the Internet for 20
    hours in a week and then terminates the connection with no recurrence.
    Which image shows the best way to configure the surfing quota?

    11. Email Protection v17.5


     1. Which feature in Email Protection can help protect emails containing sensitive content such as bank
    details, phone numbers, addresses, social security numbers?

     2. Which 4 actions can be taken for an email that is classified as SPAM?


    The answer can be found in Module 7: Email Protection on slide 17.

    12. Wireless Protection v17.5


     1. You configure a printer on the wireless guest network but when you go to test the device, you cannot
    find it. What wireless setting may be the cause of this?
    The answer can be found in Module 8: Wireless Protection on slide 12.

     2. Your network has no existing VLANs and everything is connected using basic layer 2 switches. You
    are configuring a secure wireless guest network that needs to have its traffic isolated. What security mode
    would allow this to be done without any additional changes to the network configuration?

     3. What 2 of the following are methods that can be used to allow access to a wireless hotspot on the
    XG Firewall?
    13. Remote Access v17.5
     1. Where can an end user download the SSL VPN client from to install on their workstation?

     2. Which 2 operating systems is the Sophos Connect IPsec client available for?

    14. Logging, Reporting and Troubleshooting v17.5


     1. You get a call from another administrator who was looking at the XG Firewall reports and noticed the
    application risk meter was at 4.2. They were not sure if this was a cause for concern, so they decided to
    bring it to your attention. Which of the following should be the basis of your response?

     2. There are several important reports that need to be examined on a regular schedule from the XG
    Firewall. You want to make these easily available when working with the WebAdmin interface. How can this
    be accomplished?

     3. Where would you view information on files being processed by Sandstorm for Web Protection?

    15. Management, Sizing and Evaluation v17.5


     1. The XG Firewall can be deployed as a virtual appliance. Which 5 virtualization platforms is the XG
    Firewall 17.5 supported on?

     2. A client is asking about the features that can be used on an XG firewall without a separate license.
    Which 3 of the following features are included in the Sophos XG Firewall base license?

     3. Which XG FIREWALL subscription is required to connect the XG firewall to Sophos Central?

    16. Labs v17.5
     1. In Email Protection, where do you enable the SPX Reply Portal?
    The answer can be found in lab task 7.3.

     2. You have created an SSL VPN Remote Access policy for your Active Directory users, but you are
    unable to authenticate successfully to establish a VPN connection. What do you need to do to resolve the
    issue?

     3. How do you enable and disable IPsec VPNs?


    The answer can be found in lab task 4.2.

     4. TRUE or FALSE: IPS policies can be applied to both User/Network rules and Business Application
    rules.

     5. The image below shows a NAT rule.


    Which 4 of the following statements about this NAT rule are TRUE?

     6. TRUE or FALSE: Hotspots can only be created for wireless networks using the separate zone
    access method.
    The answer can be found in lab task 8.1.

     7. The diagram below shows a company with two sites, one in London and in New York. Each site has
    an Internet connection and is also connected via an MPLS.
    You are configuring a static route on the London gateway to route traffic destined for the New York network
    over the MPLS.

    What IP address would need to go into the Gateway field to complete the static rule shown above?

     8. You have configured one-time passwords. John Smith is trying to login to the User Portal; his
    password is 'xgfirewall'. Below you can see the login screen and his token.
    What does John Smith need to enter as the password to login?

    You might also like