Sophos Switch practice Exam, Exams of Technology

The Sophos Switch Exam assesses knowledge of Sophos network switching solutions, including configuration, VLANs, monitoring, and integration with Sophos firewalls. Candidates demonstrate the ability to manage secure and efficient network infrastructure.

Typology: Exams

2025/2026

Available from 01/24/2026

shilpi-jain-2
shilpi-jain-2 🇮🇳

1

(1)

25K documents

1 / 14

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Sophos Switch Exam
**Question 213.** Which Sophos Switch model supports a 48port PoE+ configuration with a
total PoE budget of 740 W?
A) X10048P
B) X20048P
C) X100048P
D) X20024P
**Answer:** B
**Explanation:** The 200 Series 48port PoE+ model (X20048P) is rated for a 740 W PoE
budget, allowing full power for all ports.
**Question 214.** When initially connecting a Sophos Switch to a laptop for local configuration,
which cable type should be used?
A) Straightthrough Ethernet cable to any port
B) Crossover cable to port 1
C) Fiber optic cable to the SFP+ slot
D) USBC to console cable
**Answer:** A
**Explanation:** The switches have autoMDIX, so a standard straightthrough Ethernet cable
to any port provides linklocal access to the web GUI or CLI.
**Question 215.** After powering on a new switch, the registration window expires after
15 minutes. What is the recommended action if the window closes before you finish
registration?
A) Reboot the switch to restart the timer
B) Press the reset button on the front panel
C) Use the CLI command `registration start`
D) Wait for the switch to autoregister after 24 hours
**Answer:** A
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe

Partial preview of the text

Download Sophos Switch practice Exam and more Exams Technology in PDF only on Docsity!

Question 213. Which Sophos Switch model supports a 48‑port PoE+ configuration with a total PoE budget of 740 W? A) X‑ 100 ‑48P B) X‑ 200 ‑48P C) X‑ 1000 ‑48P D) X‑ 200 ‑24P Answer: B Explanation: The 200 Series 48‑port PoE+ model (X‑ 200 ‑48P) is rated for a 740 W PoE budget, allowing full power for all ports. Question 214. When initially connecting a Sophos Switch to a laptop for local configuration, which cable type should be used? A) Straight‑through Ethernet cable to any port B) Crossover cable to port 1 C) Fiber optic cable to the SFP+ slot D) USB‑C to console cable Answer: A Explanation: The switches have auto‑MDIX, so a standard straight‑through Ethernet cable to any port provides link‑local access to the web GUI or CLI. Question 215. After powering on a new switch, the registration window expires after 15 minutes. What is the recommended action if the window closes before you finish registration? A) Reboot the switch to restart the timer B) Press the reset button on the front panel C) Use the CLI command registration start D) Wait for the switch to auto‑register after 24 hours Answer: A

Explanation: Rebooting the switch restarts the 15‑minute registration window, allowing you to resend the registration request. Question 216. In Sophos Central, the “Task Queue” shows a task with status Failed. Which of the following is the most likely cause? A) The switch is offline or cannot reach the cloud B) The firmware version is newer than the policy allows C) PoE budget has been exceeded on the target ports D) The VLAN ID is out of range (1‑4094) Answer: A Explanation: Tasks fail primarily because the switch cannot communicate with Sophos Central (offline, DNS issue, or firewall block). Question 217. Which dashboard widget gives a quick view of the number of active stack members and their resiliency score? A) Stack Overview B) PoE Utilization C) Firmware Compliance D) Device Health Summary Answer: A Explanation: The Stack Overview widget displays member count, link status, and a resiliency percentage indicating stack health. Question 218. You need to schedule a firmware upgrade to occur at 02:00 AM on Saturdays. Which option must be configured first? A) Enable “Automatic Reboot” on the switch B) Create a Maintenance Window in Sophos Central covering that time C) Set the PoE budget to 0 W during the upgrade

C) Setting the port speed to 10 GbE D) Disabling STP on the trunk port Answer: A Explanation: If a VLAN is not in the trunk’s allowed list, its frames are dropped. Question 222. To force a port to operate at 1 GbE full‑duplex regardless of the device on the other end, which command sequence is correct? A) speed 1000 duplex full B) speed auto duplex auto C) speed 100 duplex half D) speed 2500 duplex full Answer: A Explanation: Explicitly setting speed 1000 Mbps and duplex full disables auto‑negotiation. Question 223. In MSTP, you want VLAN 10 and VLAN 20 to use the same instance while VLAN 30 uses a different instance. Which action achieves this? A) Map VLAN 10 and VLAN 20 to MST Instance 1, VLAN 30 to Instance 2 B) Set bridge priority for VLAN 30 lower than VLAN 10/ C) Disable MSTP on VLAN 30 D) Assign VLAN 30 to the default MST Instance 0 Answer: A Explanation: MST allows explicit VLAN‑to‑instance mapping; grouping VLAN 10/20 under the same instance keeps them on the same spanning‑tree. Question 224. What determines the root bridge selection for a particular MST instance? A) The lowest bridge priority, then the lowest MAC address if priorities tie B) The highest PoE budget of the switch

C) The number of ports in the switch D) The VLAN ID of the instance’s native VLAN Answer: A Explanation: Bridge priority (lower wins) is the primary factor; MAC address breaks ties. Question 225. You need to assign the IP address 10.1.1.1/24 to the interface of VLAN 100. Which command is correct? A) interface vlan 100 ip address 10.1.1.1/24 B) vlan 100 ip 10.1.1.1/24 C) set vlan 100 ip 10.1.1.1 mask 255.255.255.0 D) ip vlan 100 address 10.1.1.1/24 Answer: A Explanation: You first enter the VLAN interface context, then assign the IP address with CIDR notation. Question 226. A static route is required to forward traffic destined for 172.16.20.0/24 to next‑hop 10.1.1.254. Which command adds this route? A) ip route 172.16.20.0/24 10.1.1.254 B) static-route add 172.16.20.0 255.255.255.0 10.1.1.254 C) route add 172.16.20.0/24 via 10.1.1.254 D) set ip route destination 172.16.20.0/24 next-hop 10.1.1.254 Answer: A Explanation: The ip route syntax expects destination network with CIDR and the next‑hop IP. Question 227. Which feature must be enabled to allow a device on VLAN 30 to obtain an IP address from a DHCP server located in VLAN 10?

Question 230. DHCP Snooping must be configured as trusted on which type of port? A) The port that connects to the legitimate DHCP server B) All access ports that receive client DHCP requests C) Any port that carries PoE devices D) Ports configured as VLAN trunks only Answer: A Explanation: Only the uplink to the genuine DHCP server should be trusted; all other ports remain untrusted. Question 231. What is the primary security benefit of enabling IGMP Snooping on a VLAN that carries multicast video streams? A) It forwards multicast only to ports with interested receivers, reducing unnecessary traffic B) It encrypts multicast packets automatically C) It assigns a higher PoE budget to multicast devices D) It forces all multicast traffic to be untagged Answer: A Explanation: IGMP Snooping builds a receiver list and restricts multicast forwarding to those ports. Question 232. Sophos Synchronized Security’s Active Threat Response (ATR) isolates a compromised endpoint by: A) Shutting down the switch port to which the endpoint is connected B) Reducing PoE power to the endpoint to 0 W C) Changing the endpoint’s VLAN to a quarantine VLAN automatically D. Disabling DHCP on the endpoint’s VLAN Answer: A

Explanation: ATR issues a command to the switch to disable the offending port, instantly isolating the host. Question 233. Which QoS marking is typically used for high‑priority video streams? A) DSCP 34 (AF41) B) DSCP 46 (EF) C) DSCP 0 (Best Effort) D) DSCP 8 (CS1) Answer: A Explanation: AF41 (DSCP 34) is commonly assigned to high‑priority video, providing assured forwarding with some protection against loss. Question 234. In the Sophos Central UI, a port shown in Red indicates: A) Link down or hardware failure on that port B) Utilization above 70 % C) PoE budget exceeded D) Successful firmware upgrade Answer: A Explanation: Red status flags a critical condition such as loss of link or a hardware fault. Question 235. Which SNMP version provides authentication and encryption, making it the most secure choice for monitoring Sophos Switches? A) SNMPv B) SNMPv2c C) SNMPv D) SNMPv2u Answer: C

D) It automatically becomes a trunk for all VLANs Answer: B Explanation: The destination port may be any type, but it cannot be part of the source group; otherwise a loop would occur. Question 239. A log entry reads “STP – BPDU Guard triggered on port 4”. What immediate action does the switch take? A) Places port 4 into error‑disable state to prevent loops B) Increases the port’s PoE power to maximum C) Changes the port to trunk mode automatically D. Sends a DHCP offer on that port Answer: A Explanation: BPDU Guard disables the port when an unexpected BPDU is received, protecting the network from loops. Question 240. Which of the following is NOT a valid reason to enable “Portfast Edge” on a port? A) The port connects to an end‑station that never sends BPDUs B) The port connects to another switch that participates in STP C) Reducing the time for a VoIP phone to become operational after power‑on D) Preventing STP‑related delays for a server that does not run STP Answer: B Explanation: Enabling Portfast on a port that connects to another STP‑aware switch can create loops; it should only be used on edge ports. Question 241. When configuring a static MAC entry, the switch will forward frames destined for that MAC out:** A) Only the specified port(s) listed in the entry

B) All ports in the same VLAN C) The uplink port only D. Any port that is in PoE mode Answer: A Explanation: Static MAC entries bind a MAC address to particular ports, limiting forwarding to those ports. Question 242. Which QoS mechanism drops excess traffic that exceeds the configured rate limit? A) Policing B) Shaping C) Queuing D. Scheduling Answer: A Explanation: Policing enforces a hard rate limit and discards traffic exceeding it; shaping buffers instead. Question 243. In a stacked switch environment, the “virtual MAC” address is derived from:** A) The lowest MAC address among all stack members B) The MAC address of the master’s first uplink port C) A random address generated at boot D. The PoE budget identifier Answer: A Explanation: The stack’s virtual MAC is based on the lowest physical MAC address, ensuring a consistent identifier.

Question 247. A port shows “Link Up” but no traffic is observed in the utilization graph. Which troubleshooting step is most appropriate first? A) Verify that the correct VLAN is assigned to the port (access vs. trunk) B) Increase the PoE budget on the port C. Disable STP on the port D. Change the port speed to 10 GbE Answer: A Explanation: Mis‑configured VLAN membership often results in a physically up link with no usable traffic. Question 248. Which of the following log severity levels indicates a non‑critical warning that should be reviewed but does not require immediate action? A) Critical B) Error C) Warning D. Info Answer: C Explanation: “Warning” denotes an issue that may affect performance but is not immediately fatal. Question 249. When configuring a QoS policy to give VoIP traffic the highest priority, which two DSCP values are most appropriate to use together? A) 46 (EF) for voice, 0 (BE) for best‑effort B) 34 (AF41) for video, 0 (BE) for data C) 46 (EF) for voice, 34 (AF41) for video D. 0 (BE) for all traffic Answer: C

Explanation: EF (46) is reserved for latency‑sensitive voice, while AF41 (34) is commonly used for high‑priority video; together they prioritize both real‑time streams. Question 250. After a firmware upgrade, a switch fails to re‑register with Sophos Central. Which action should be taken first? A) Verify that the switch can resolve *.central.sophos.com via DNS B) Reset the PoE budget to default C. Change the switch’s management IP address D. Delete all VLANs and recreate them Answer: A Explanation: Registration failures after an upgrade are most often caused by DNS resolution problems; confirming name resolution is the first step.