Career upgrade: Learn practical AI skills for better jobs and higher pay.
Level up
PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free Sophos Firewall Technician (FT80) Practice Questions

Pass your Sophos Certified Technician — Sophos Firewall (FT80) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
Sophos does not publicly report FT80 pass rates Pass Rate
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0

An administrator wants policy-based routing so all 10.10.20.0/24 traffic destined to a particular partner network egresses WAN2. Which feature implements this?

A
B
C
D
to track
Same family resources

Explore More Sophos Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

Sophos Certified Architect — Central Endpoint, Intercept X & Server (AT15)

Practice Questions

Sophos Certified Architect — Central XDR / MDR (AT12)

Practice Questions

Sophos Certified Architect — Sophos Firewall

Practice Questions

Sophos Certified Engineer — Central Endpoint Protection

Practice Questions

Sophos Certified Engineer — Central XDR Detection and Response (ET12)

Practice Questions

Sophos Certified Engineer — Sophos Firewall

Practice Questions
2026 Statistics

Key Facts: Sophos Firewall Technician (FT80) Exam

50

Exam Questions

Sophos FT80

60 min

Time Limit

Sophos FT80

80%

Passing Score

Sophos FT80

Free

Exam Fee

With course / partner enablement

SFOS v20+

Platform

Sophos Firewall (XGS)

NetExam

Test Delivery

Sophos Training Portal

The Sophos Certified Technician — Sophos Firewall (FT80) exam is a support-tier credential with 50 multiple-choice questions in 60 minutes and an 80% passing score, delivered free with course/partner enablement through the Sophos Training Portal (NetExam). It validates hands-on troubleshooting of Sophos Firewall (XGS, SFOS v20+) including Log Viewer, packet capture, IPsec/SSL VPN debugging, SD-WAN, AD/STAS/SATC authentication, HA, firmware rollback, and SDU-based escalation to Sophos Support. The Technician tier runs parallel to Architect (AT80) and follows the Engineer (ET80) certification. Sophos refreshes the FT80 track when the Sophos Firewall (SFOS) major version changes.

Sample Sophos Firewall Technician (FT80) Practice Questions

Try these sample questions to test your Sophos Firewall Technician (FT80) exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1A Sophos Firewall technician is following the structured troubleshooting methodology. Which step comes FIRST when a customer reports an issue?
A.Apply the most likely fix and observe the result
B.Identify and clearly define the problem, including scope and impact
C.Open a Sophos Support case and upload an SDU log
D.Roll back to the last working firmware version
Explanation: Sophos's structured troubleshooting methodology starts with problem identification: defining what is failing, who is affected, when it started, and the business impact. Skipping this step leads to wasted effort fixing the wrong thing or losing audit trail.
2After identifying a Sophos Firewall issue, what is the technician's next action in the recommended methodology?
A.Document the resolution
B.Determine the scope and try to reproduce the issue
C.Reboot the firewall
D.Restore from the last config backup
Explanation: Once the problem is defined, the next step is to determine scope (one user, one site, all traffic) and reproduce it on demand. A reproducible issue is dramatically easier to diagnose because logs and packet captures can be tied to a known trigger.
3A user complains that 'the internet is broken.' What is the BEST clarifying action for a Sophos Firewall technician?
A.Reset all firewall rules to defaults
B.Ask which destinations, applications, and time window are affected, and from which source
C.Replace the WAN interface cable
D.Disable web filtering globally
Explanation: Vague complaints must be narrowed to actionable facts. Asking for source, destination, application, and timeframe lets you correlate Log Viewer entries, packet captures, and rule hits. It also separates 'all traffic broken' from 'one app broken,' which leads to completely different diagnostic paths.
4Which combination of artifacts should a Sophos Firewall technician collect BEFORE escalating an issue to Sophos Support?
A.Only a screenshot of the GUI
B.SDU/consolidated log bundle, relevant Log Viewer time window, and a clear problem statement
C.The admin password and an unredacted backup
D.A copy of the customer's Active Directory dump
Explanation: Sophos Support expects a Sophos Diagnostic Utility (SDU) bundle, the affected time window from Log Viewer, and a written problem statement (symptom, scope, when it started, what was changed). This lets the support engineer reproduce context without round-trips.
5A change made yesterday is suspected of causing a current outage. Which Sophos Firewall feature lets a technician quickly review what was changed?
A.Connection Tracker
B.Audit Log under Log Viewer
C.VPN status page
D.Sophos Central inventory
Explanation: The Audit Log inside Log Viewer records administrative changes — who logged in, what was edited, when, and from which IP. It is the canonical source for 'what changed' investigations and is far faster than diffing backup configs.
6When documenting a resolved Sophos Firewall incident, which detail is MOST important to capture for future technicians?
A.The exact wording the customer used in the original ticket
B.Root cause, change applied, validation evidence, and rollback steps
C.Only the final working configuration export
D.A timeline of every Sophos KB article searched
Explanation: Useful runbooks record root cause, the specific change that fixed it, evidence proving the fix worked (logs, captures, screenshots), and how to roll back if it regresses. This makes the next occurrence solvable by anyone, not just the original engineer.
7A customer cannot reproduce a transient issue on demand. What is the recommended next step for a Sophos Firewall technician?
A.Mark the case as not reproducible and close it
B.Configure proactive logging and packet capture filters so data is captured on the next occurrence
C.Replace the firewall under RMA
D.Disable IPS and IDS to remove variables
Explanation: When you cannot reproduce the issue, set up the firewall to capture evidence the next time it happens: targeted Log Viewer filters, a running packet capture with a tight BPF, and increased syslog retention. This converts an intermittent failure into actionable data.
8Which artifact should accompany a Sophos Support case where users intermittently cannot reach a SaaS application through the Sophos Firewall?
A.Only the SaaS vendor's status page screenshot
B.Time-correlated Log Viewer export, packet capture from both LAN and WAN, and SDU bundle
C.An AD trust diagram
D.A copy of the customer's incident ticket without firewall data
Explanation: Bidirectional packet captures bracketed around a known failure window, plus the matching Log Viewer slice and an SDU bundle, give Sophos Support everything they need to correlate the failure with policy lookups, web filtering, IPS, or routing. SDU also includes config and system state.
9Two changes were deployed simultaneously and the firewall now fails. What troubleshooting principle should the technician apply?
A.Roll back both changes immediately and document later
B.Isolate variables: revert one change at a time and retest after each
C.Wait 24 hours to see if the issue resolves itself
D.Apply a third change to compensate
Explanation: Isolation of variables is the core diagnostic principle. Reverting one change at a time and retesting between each tells you which change caused the regression. Reverting both at once gets you back to working but you never learn the root cause, and the issue will return.
10A Sophos Firewall technician verifies a fix in production. Which evidence MOST strongly proves the issue is resolved?
A.The customer's verbal confirmation alone
B.Successful reproduction of the original failure scenario with the issue no longer occurring, captured in logs
C.Absence of new tickets within five minutes of the fix
D.A green status indicator on the dashboard
Explanation: Validation requires running the failing scenario again and confirming, in Log Viewer or packet capture, that traffic now succeeds. Subjective signals such as 'it feels fine' or a green dashboard are not proof, since the path under test may not exercise the affected feature.

About the Sophos Firewall Technician (FT80) Exam

The Sophos Certified Technician — Sophos Firewall (FT80) certification validates support-tier skills for troubleshooting Sophos Firewall (XGS series, SFOS v20+) deployments. The exam covers structured troubleshooting methodology; Log Viewer and syslog forwarding; on-box and advanced-shell packet capture (BPF, tcpdump); the Connection list; IPsec Phase 1/Phase 2 debugging via the charon log; SSL VPN, Sophos Connect, route-based VPN with VTI, and RED tunnels; routing table inspection, policy-based routing, SD-WAN failover, NAT, and multi-WAN; AD/LDAP/RADIUS authentication, STAS, SATC, NTLM, captive portal, and MFA; firmware upgrade and rollback; factory reset and configuration recovery; HA failover triggers; SDU/consolidated diagnostic report generation and escalation to Sophos Support; and common failure scenarios in HTTPS decryption, application control, performance, hardware, and subscriptions. The Technician (FT80) tier sits parallel to the Architect (AT80) certification.

Assessment

50 multiple-choice questions covering troubleshooting methodology, log analysis and diagnostics, VPN troubleshooting, network and routing issues, authentication, firmware/recovery/escalation, and common failure scenarios on Sophos Firewall (SFOS v20+).

Time Limit

60 minutes

Passing Score

80%

Exam Fee

Free with course / partner enablement (Sophos / NetExam Training Portal)

Sophos Firewall Technician (FT80) Exam Content Outline

15%

Troubleshooting Methodology

Structured Sophos approach: identify, scope, reproduce, remediate, document; information gathering; working with Sophos Support; and evidence collection (SDU/consolidated reports).

20%

Log Analysis & Diagnostics

Log Viewer (live and historical) under Monitor & analyze, syslog forwarding (TCP/UDP, multiple servers, per-category), Diagnostics → Packet capture with BPF, advanced-shell tcpdump, Connection list, and dropped-packet analysis.

15%

VPN Troubleshooting

IPsec site-to-site debugging (IKEv2 Phase 1 SA, Phase 2 child SA, proposal mismatches, NAT-T on UDP/4500), charon (strongSwan) log, SSL VPN client and portal certs, route-based VPN with VTI, Sophos Connect, and RED tunnels.

15%

Network & Routing Issues

Routing table inspection (show route), policy-based routing, SD-WAN profiles with SLA probes and failover, NAT (SNAT, DNAT, NAT exclusion order), and multi-WAN active-active or active-passive.

10%

Authentication & User Identity

AD/LDAP/RADIUS server config and Test Connection, STAS for transparent SSO, SATC for thin-client (RDS/Citrix), NTLM and Kerberos clock-skew, captive portal, and MFA (Sophos ID, TOTP, hardware tokens).

15%

Firmware, Recovery & Escalation

Firmware upgrade and rollback, configuration backup and restore, factory reset (GUI and console boot menu), HA failover triggers (Active-Passive Stateful and Active-Active), advanced shell, and SDU/consolidated diagnostic report generation.

10%

Common Failure Scenarios

HTTPS decryption / SSL inspection issues with cert authority distribution, application control allow rules, performance (top, CPU/memory), hardware diagnostics and PSU RMA, and subscription expiration affecting Web/Network/Email Protection.

How to Pass the Sophos Firewall Technician (FT80) Exam

What You Need to Know

  • Passing score: 80%
  • Assessment: 50 multiple-choice questions covering troubleshooting methodology, log analysis and diagnostics, VPN troubleshooting, network and routing issues, authentication, firmware/recovery/escalation, and common failure scenarios on Sophos Firewall (SFOS v20+).
  • Time limit: 60 minutes
  • Exam fee: Free with course / partner enablement

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

Sophos Firewall Technician (FT80) Study Tips from Top Performers

1Memorize Sophos's structured methodology — Identify, Scope, Reproduce, Remediate, Document — and apply it to every practice scenario before jumping to a fix.
2Practice Diagnostics → Packet capture with realistic BPF filters ('host x.x.x.x and tcp port 443', 'udp port 500 or udp port 4500') so you can isolate flows under time pressure.
3Drill the IPsec failure tree: Phase 1 vs Phase 2, proposal mismatch vs PSK/ID mismatch vs NAT-T blocked, and how to read the charon (strongSwan) log.
4Know the on-box recovery toolbox cold — firmware rollback, factory reset from the device console, configuration backup/restore, and SDU/consolidated diagnostic report generation.
5Understand HA modes (Active-Passive Stateful, Active-Active Load Balancing), what triggers failover (heartbeat loss, monitored interface failure, health check), and what a 'Faulty' state means.
6Be ready to choose between STAS (per-IP SSO), SATC (shared-IP RDS/Citrix), NTLM, and captive portal based on the user environment described in the question.

Frequently Asked Questions

What is the Sophos Certified Technician — Sophos Firewall (FT80) exam?

The FT80 is a support-tier Sophos certification that validates troubleshooting skills on Sophos Firewall (XGS series, SFOS v20+). It covers troubleshooting methodology, Log Viewer and packet capture, IPsec/SSL VPN debugging, routing and SD-WAN, authentication, firmware/HA/recovery, SDU-based escalation to Sophos Support, and common failure scenarios. It runs parallel to the Architect (AT80) certification and is typically taken after the Engineer (ET80) credential.

How many questions are on the Sophos FT80 exam?

The FT80 exam has 50 multiple-choice questions with a 60-minute time limit. A passing score of 80% is required (40 of 50 correct). It is delivered online through the Sophos Training Portal (NetExam).

How much does the FT80 exam cost?

The FT80 exam is free with the FT80 Technician training course or via Sophos partner enablement. Most partners take the course and exam at no charge through the Sophos Partner Portal. Always confirm current pricing on training.sophos.com.

What is the difference between FT80 (Technician), ET80 (Engineer), and AT80 (Architect)?

ET80 (Engineer) is the foundational deployment and administration certification — zones, rules, NAT, basic VPN, IPS. AT80 (Architect) focuses on advanced design — HA, BGP/OSPF, ZTNA, SD-WAN, WAF, Sandstorm. FT80 (Technician) is parallel to AT80 but support-focused — troubleshooting, log analysis, packet capture, VPN debug, HA failover, SDU escalation. Most candidates complete ET80 first, then choose AT80 (design) or FT80 (support).

Which Sophos Firewall version does FT80 cover?

FT80 currently aligns to Sophos Firewall SFOS v20+ on XGS hardware. Sophos refreshes the FT80 track when the SFOS major version changes; recertification is required when objectives are updated. Always check training.sophos.com for the active track and recertification window.

What troubleshooting tools should I master for FT80?

Focus on the Log Viewer (Monitor & analyze → Logs → Log viewer), Diagnostics → Packet capture with BPF filters, Connection list, syslog forwarding, advanced-shell tcpdump and ipsec statusall, the charon log for IPsec, SD-WAN performance metrics, and the consolidated/SDU diagnostic report generator. Be comfortable correlating Log Viewer entries with packet captures during a single failure window.

How should I study for the Sophos FT80 exam?

Complete the FT80 Technician training course on the Sophos Partner Portal, then practice on a real or virtual Sophos Firewall (XGS or SF VM): generate SDU reports, run packet captures, debug IPsec from the charon log, force HA failovers, and roll firmware back. Pair that hands-on practice with these 100 free FT80 practice questions and review weak domains.