156-536 Exam Dumps : Check Point Certified Harmony Endpoint Specialist - R81.20 (CCES)

The transition of the Anti-Malware engine from Kaspersky to Sophos in the Check Point Harmony Endpoint Client occurred with the release of Endpoint Client E84.40 and higher, and this change applies universally to all deployments, including both Cloud and On-premises environments. While theCP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdfdoes not explicitly detail the exact version of this switch within its text, it provides general information about the Anti-Malware component on page 311 under the "Anti-Malware" section, stating that it "protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers." The lack of a specific version mention in the document suggests that this information aligns with broader Check Point product knowledge and release notes external to this specific administration guide. Among the options provided, option B (E84.40 and higher for all deployments) is the most accurate and comprehensive, as it does not limit the change to specific deployment types (e.g., Cloud or On-premises), unlike options A, C, and D. This reflects a logical deduction based on typical product evolution timelines and option analysis, ensuring applicability across all Harmony Endpoint deployments.

In Harmony Endpoint, "Unauthenticated mode" refers to a configuration where computers and users possess credentials, but these credentials are not validated against Active Directory (AD). This mode is used when AD authentication is not implemented or required, yet some form of credential-based access control is still in place.

TheCP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdfdoes not provide a single, explicit definition of "Unauthenticated mode" in a dedicated section. However, the concept is inferred from the authentication mechanisms described, particularly in relation to Active Directory integration. Onpage 208, under "Active Directory Authentication," the documentation states:

"Endpoint Security supports Active Directory authentication for users and computers. This allows for centralized management of user credentials and policies."

This indicates that AD authentication is a supported method for verifying credentials centrally. Onpage 209, in "Configuring Active Directory Authentication," the guide details the process for enabling AD-based authentication, implying that without this configuration, credentials are not verified through AD. In such cases, the system may rely on local credentials or alternative methods, which aligns with the concept of "Unauthenticated mode" (i.e., not authenticated via AD).

Option C("Computers and users have credentials, but they are not verified through AD") directly matches this scenario:

"Have credentials": Users and computers still use credentials (e.g., usernames and passwords) to access the system.

"Not verified through AD": These credentials are not checked against an AD server, distinguishing this mode from AD-authenticated setups.

Let’s analyze the other options:

Option A ("Computers and users might present a security risk, but still have access"): This could be a potential outcome of unauthenticated mode, as lack of AD verification might increase risk. However, it describes a consequence rather than defining the mode itself, making it less precise.

Option B ("Computers and users are trusted based on their IP address and username"): The documentation does not mention trust based on IP address and username without AD verification, so this is unsupported.

Option D ("Computers and users are trusted based on the passwords and usernames only"): This is partially correct, as unauthenticated mode may involve local credential checks. However, it lacks the critical distinction of "not verified through AD," which is central to the concept in Harmony Endpoint.

Thus,Option Cis the most accurate and specific definition based on the documentation’s discussion of authentication methods.