156-536 Exam Dumps : Check Point Certified Harmony Endpoint Specialist - R81.20 (CCES)

The default encryption algorithm for Full Disk Encryption (FDE) in Check Point Harmony Endpoint, as configured in the Advanced Settings tab, isXTS-AES 256 bit. This is explicitly stated in theCP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdfonpage 221, under the "Custom Disk Encryption Settings" section:

"The default encryption algorithm is XTS-AES 256 bit."

This extract confirms thatOption Cis correct. The document further notes that administrators can choose between XTS-AES 256 bit and XTS-AES 128 bit, but 256 bit is the default, reflecting a preference for stronger encryption. XTS (XEX-based tweaked-codebook mode with ciphertext stealing) is specifically designed for disk encryption, providing better security than CBC (Cipher Block Chaining) modes.

Option A ("AES-CBC 128 bit")andOption B ("AES-CBC 256 bit")are incorrect because FDE uses XTS mode, not CBC, which is less suited for disk encryption due to its vulnerabilities in this context.

Option D ("XTS-AES 128 bit")is a configurable option but not the default, as the guide specifies 256 bit as the standard setting.

Endpoint Security Clients are essential components of the Harmony Endpoint solution, installed on end-user devices such as desktops and laptops to provide security features and maintain communication with the centralized management infrastructure. TheCP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdfclearly defines their composition and functionality.

Onpage 19, under the section "Endpoint Security Client," the document states:

"The Endpoint Security client is available on Windows and Mac. These are the Endpoint Security components that are available on Windows:"

This is followed by a table onpage 20listing components such as Compliance, Anti-Malware, Full Disk Encryption, and others, indicating that the client includes various security capabilities. However, the structural definition of the client is further clarified onpage 24, under "Endpoint Security Clients":

"Application installed on end-user computers to monitor security status and enforce security policies."

This description highlights that the client encompasses security software capabilities. Additionally, onpage 27, under "Client to Server Communication," the guide elaborates:

"The client is always the initiator of the connections. Most communication is over HTTPS (TCP/443), including Policy downloads and Heartbeat."

This confirms that the client includes a device agent responsible for communication with the Endpoint Security Management Server, acting as a container for the security capabilities (e.g., Anti-Malware, Full Disk Encryption) and facilitating policy enforcement and status updates. Thus,Option Aaccurately captures this dual role: "Endpoint security software Capabilities" (the security components) and "a device agent" (the communication layer) that interacts with the server.

The other options do not align with the documentation:

Option B: Describes a GUI client for management, which aligns more with SmartEndpoint (seepage 24, item 3), not the Endpoint Security Client installed on end-user devices.

Option C: Suggests a GUI within the client for managing policies, but policy management is centralized via SmartEndpoint or the Web Management Console, not the client itself (seepage 19).

Option D: Implies local policy management, which contradicts the centralized architecture where policies are downloaded from the server (seepage 27).

Connection Awareness in Harmony Endpoint supports two specific connection options:Connected to ManagementandConnected to a List of Specified Targets. This is detailed in theCP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdfon page 27 under the "Client to Server Communication" section. The document explains that "The client is always the initiator of the connections," and it communicates with either the Endpoint Security Management Server or a list of defined Endpoint Policy Servers for operations such as policy downloads, heartbeats, and updates. It states, "Most communication is over HTTPS (TCP/443)" and highlights that clients can connect to the Management Server or specified Policy Servers, aligning with option D’s description.

Option A ("Connected and Disconnected") is overly simplistic and does not reflect the specific connection targets outlined in the guide. Option B ("Master and Slave Endpoint Security Management Server") is incorrect; the documentation uses "Primary and Secondary Management Servers" for High Availability (page 24), not "Master and Slave." Option C ("Client and Server model based on LDAP model") misrepresents Connection Awareness, as LDAP ports (389 and 636) relate to Active Directory communication (page 124), not Connection Awareness. Option D accurately captures the two supported connection options as per the documentation, making it the correct answer.