SOPHOS ENGINEER ET80 FINAL PAPER 2025/2026 QUESTIONS WITH SOLUTION GRADED A+

SOPHOS ENGINEER ET80 FINAL PAPER 2025/2026
QUESTIONS WITH SOLUTION GRADED A+
✔✔What happens in the Reconnaissance and Weaponization phases of the Attack Kill
Chain? - ✔✔The attacker will passively harvest email addresses and company
information, before actively scanning the target environment using tools like port
Scanners

✔✔What happens in the Delivery phase of the Attack Kill Chain? - ✔✔The attacker will
access the estate to deliver the malicious payload via methods such as Email or social
engineering to direct the victim to a malicious site

✔✔What does Sophos Web Protection do? - ✔✔By scanning http/https traffic for
unwanted content and malware.

✔✔What does Web Filtering do? - ✔✔Web filtering can allow or block sites based on
content filters

✔✔What is Email Encryption and Control? - ✔✔Sophos Firewall can scan incoming
email for malicious content. IP reputation is enabled that allows you to
accept/drop/block emails from known Spam IP's. File type detection can scan and block
specific file types e.g any macro enabled files will be blocked. Email protection allows
you to encrypt emails so you can send data securely out of the network using SPX

✔✔What is SPX? - ✔✔Sophos Secure PDF Exchange Encryption

✔✔What is Sophos Zero-Day Protection? - ✔✔Sophos Zero Day protection uses Hash
files created when a Sophos Firewall scans an attachment with an executable. The
hash file is then sent to the cloud database for review, and Firewall will then either block
or allow it depending if it is deemed save or malicious. Zero-Day protection will also
send in depth reports on all attack events as configured.

✔✔What happens when Sophos Zero-Day Protection reviews a hash file it hasn't seen
before? - ✔✔The a copy of the suspicious file is sent to Sophos where it is opened in a
sandbox environment and monitored. Once analysed, the threat intelligence is sent to
the firewall where it is either blocked or allowed depending. A report is then created for
the threat incident.

✔✔How does Sophos Deep Learning work? - ✔✔Millions of samples of both good and
bad files are fed to the model, and each feature of the file is defined then labelled, such
as Size, Vendor and Printable settings. This model is then used to review the suspicious
file to recognise and predict if it is malicious or legitimate

, ✔✔What is Application control? - ✔✔This is a service used to reduce the attack surface
by restricting what applications are allowed

What are the 4 forms Sophos Firewall can be deployed in? - ✔✔Hardware device
(Sophos XGS and XG), Installed as software on Intel Compatible Hardware, as a Virtual
appliance or in the Cloud

✔✔What are the 5 variants of Sophos XGS? - ✔✔Desktop models (With or Without built
in Wireless), 1U Server rack models (Short or long) and 2U Server rack models

✔✔What model Sophos XGS has 2 Cores/2 Threads? - ✔✔87/87w and 107/107w

✔✔What model Sophos XGS has 4 Cores/4 Threads? - ✔✔116/116w

✔✔What model Sophos XGS has 2 Cores/4 Threads? - ✔✔126/126w and 136/136w

✔✔What Model Sophos XGS has 4GB of Memory? - ✔✔87/87w, 107/107w and
116/116w

✔✔What model Sophos XGS has 6GB of memory? - ✔✔126/126w

✔✔What Model Sophos XGS has 8GB of Memory? - ✔✔136/136w

✔✔What model Sophos XGS Desktop has 16GB of Storage? - ✔✔87/87w

✔✔What model of Sophos XGS Desktop has 64GB of storage? - ✔✔107/107w,
116/116w, 126/126w and 136/136w

✔✔What model Sophos XGS Desktop has 5 fixed ports? - ✔✔87/87w

✔✔What model Sophos XGS Desktop has 9 fixed ports? - ✔✔107/107w and 116/166w

✔✔What model Sophos XGS Desktop has 14 fixed ports? - ✔✔126/126w and
136/136w

✔✔What model Sophos XGS Desktop has the option for VDSL SFP Modem? - ✔✔All

✔✔What model Sophos XGS Desktop doesn't have support for a 3G/4G module? -
✔✔87/87w and 107/107w

✔✔What Model Sophos XGS Desktop uses a single PSU? - ✔✔87/87w