1. XG Firewall Overview v17.

5
 1. Which feature of the XG Firewall helps prevent a computer infected by a trojan from transmitting
personal information out of their network?

2. Getting Started with XG Firewall v17.5

 1. The XG Firewall is configured to use your ISP for DNS. What needs to be configured on the XG
Firewall so that it can also resolve internal hostnames?
The answer can be found in Module 2: Getting Started with XG Firewall on slide 76.

 2. Which zone cannot have a physical port or interface assigned?

 3. You are preparing a hardware XG Firewall for installation on a remote site. The order for the license
has not yet been processed. Which device registration option do you select in the Initial Setup wizard?

3. Network Protection v17.5

 1. What security feature on the XG Firewall is designed to prevent compromised computers on the
internal network contacting command and control servers and becoming bots?

 2. Which security feature helps protect against attacks from the Internet?

4. Firewall Icons v17.5

 1. Which firewall icon shown would represent a disabled user rule? 

5. Heartbeat Configuration v17.5

 1. You are configuring Security Heartbeat in a firewall rule that allows computers connected on the LAN
to access intranet servers. You want to ensure that only computers that have a GREEN Security Heartbeat
have access. 
 Which configuration should you use?

6. NAT Rules v17.5

 1. You need to DNAT HTTPS and SSH from a WAN IP address on the XG Firewall to a server in the
DMZ zone. SSH is running on a non-standard port on the server in the DMZ. You need to change the port
from 22 to 2222 as part of the DNAT. Enter the number (in digits) of DNAT rules that you need to create.
The answer can be found in Module 3: Network Protection on slide 25.

7. Site-to-Site Connections v17.5

 1. Your XG Firewall has been replaced with a new XG Firewall and the previous device is no longer
available. There were several RED devices attached to the previous unit that you would like to re-provision
on the new firewall. These REDs were provisioned using the provisioning service. Where would you be
able to find the unlock codes to re-provision the REDs to the new XG Firewall?

 2. When a RED is deployed in Standard/Unified mode, how do the computers on the remote network
get their IP address?

 3. The company is preparing to deploy several RED devices at locations that deal with sensitive
corporate data. Management would like to ensure that traffic from those locations can be monitored and
blocked from leaving the corporate LAN. What would be the most appropriate security mode to deploy the
RED devices in?

8. Authentication v17.5
 1. You have many contractors that will be assisting with a project. What type of user can be created to
 allow these users temporary access to resources with the least amount of effort?

 2. Which 2 of the following statements are TRUE about how the XG Firewall uses authentication
servers?

 3. Which 4 of the following are supported external authentication servers on Sophos XG Firewall 17.5?

9. Web Protection and Application Control v17.5

 1. You have enabled the option to block potentially unwanted applications in Web Protection. Where
would you exclude an application that you use on the network from being blocked?
The answer can be found in Module 6: Web Protection and Application Control on slide 46.

 2. Below is an image of the XG Firewall Control Center. From here, what would you click to access the
Policy Test simulator? 
 3. Which 3 of the following are displayed by the Cloud Applications dashboard widget?
 The answer can be found in Module 6: Web Protection and Application Control on slide 78.

10. Surfing Quotas v17.5

 1. You have been asked to create a surfing quota for guests that allows access to the Internet for 20
hours in a week and then terminates the connection with no recurrence. 

Which image shows the best way to configure the surfing quota?

11. Email Protection v17.5

 1. Which of the following best describes greylisting?

 2. Which 3 of the following protocols can the XG Firewall scan when implementing email protection?

12. Wireless Protection v17.5

 1. Which of the following best describes the Bridge to AP LAN security mode for wireless networks?

 2. What security mode must be used to support Fast BSS?

 3. What 2 of the following are methods that can be used to allow access to a wireless hotspot on the
 XG Firewall?

13. Remote Access v17.5

 1. Which 2 operating systems is the Sophos Connect IPsec client available for?

 2. Where can an end user download the SSL VPN client from to install on their workstation?

14. Logging, Reporting and Troubleshooting v17.5

 1. When you click links to firewall rules and policies in the log viewer, where does it open?

 2. There are several important reports that need to be examined on a regular schedule from the XG
Firewall. You want to make these easily available when working with the WebAdmin interface. How can this
be accomplished?

 3. You get a call from another administrator who was looking at the XG Firewall reports and noticed the
application risk meter was at 4.2. They were not sure if this was a cause for concern, so they decided to
bring it to your attention. Which of the following should be the basis of your response?

15. Management, Sizing and Evaluation v17.5

 1. A client is asking about the features that can be used on an XG firewall without a separate license.
Which 3 of the following features are included in the Sophos XG Firewall base license?

 2. Which XG FIREWALL subscription is required to connect the XG firewall to Sophos Central?

 3. The XG Firewall can be deployed as a virtual appliance. Which 5 virtualization platforms is the XG
Firewall 17.5 supported on?

16. Labs v17.5
 1. You are configuring a new XG Firewall and have already forgotten your admin password. You have
not created any other administrator users yet. How can the admin password be reset to the default?

 2. You have created an SSL VPN Remote Access policy for your Active Directory users, but you are
unable to authenticate successfully to establish a VPN connection. What do you need to do to resolve the
issue?

 3. TRUE or FALSE: IPS policies can be applied to both User/Network rules and Business Application
rules.

 4. The diagram below shows a company with two sites, one in London and in New York. Each site has
an Internet connection and is also connected via an MPLS. 
You are configuring a static route on the London gateway to route traffic destined for the New York network
over the MPLS. 

What IP address would need to go into the Gateway field to complete the static rule shown above?

 5. The image below shows a NAT rule. 

Which 4 of the following statements about this NAT rule are TRUE?

 6. TRUE or FALSE: Hotspots can only be created for wireless networks using the separate zone
access method.

 7. In Email Protection, where do you enable the SPX Reply Portal?

 8. After enabling ATP on the XG Firewall, you test the ATP policy and cannot get the block page to
appear. You examine the configuration to see what is misconfigured. 
Select the item that is preventing the block page from appearing.