156-536: Check Point Certified Harmony Endpoint Specialist – R81.20 (CCES) Part 1
Question #: 1
Topic #: 1
What communication protocol does Harmony Endpoint management use to communicate with the management server?
A. SIC
B. CPCOM
C. TCP
D. UDP
Selected Answer: B
———————————————————————-
Question #: 2
Topic #: 1
What is the time interval of heartbeat messages between Harmony Endpoint Security clients and Harmony Endpoint Security Management?
A. 60 milli-seconds
B. 60 minutes
C. 60 seconds
D. 30 seconds
Selected Answer: C
———————————————————————-
Question #: 3
Topic #: 1
Which information can we find on the Operational Overview dashboard?
A. Active Attacks, Deployment status, Pre-boot status, Anti-Malware update, Harmony Endpoint Version and Operating system
B. Active Endpoints. Active Alerts, Deployment status, Pre-boot status, Encryption Status
C. Hosts under Attack, Active Attacks, Blocked Attacks
D. Desktops, Servers, Active Alerts, Anti-Malware update, Harmony Endpoint Version
Selected Answer: B
———————————————————————-
Question #: 4
Topic #: 1
Which of the following is TRUE about the functions of Harmony Endpoint components?
A. SmartEndpoint connects to the Check Point Security Management Server (SMS)
B. SmartEndpoint Console connects to and manages the Endpoint Management Server (EMS)
C. SmartConsole connects to and manages the Endpoint Management Server (EMS)
D. Web Management Console for Endpoint connects to the Check Point Security Management Server (SMS)
Selected Answer: B
———————————————————————-
Question #: 5
Topic #: 1
Which Harmony Endpoint environment is better choice for companies looking for more control when deploying the product?
A. On-premises environment, because offers more options for client deployments and features, same control over the operations as in Cloud environment but is more costly to support.
B. Both On-premises and Cloud environment is the right choice. Both offers same control over the operations, when deploying the product only difference is in support cost.
C. Cloud environment, because offers easier deployment of servers, offers same control over operations as in On-premises environments, but is not as costly to support.
D. On-premises environment, because offers more options for deployment, greater control over operations, but is also more costly to support.
Selected Answer: D
———————————————————————-
Question #: 6
Topic #: 1
Where are quarantined files stored?
A. On client computer, under C:\ProgramData\CheckPoint\Endpoint Security\Remediation\quarantine
B. On client computer, under C:\ProgramData\CheckPoint\Harmony Endpoint Security\quarantine
C. On Management server, under $FWDIR\sba\Remediation\quarantine
D. On client computer, under C:\Program Files\CheckPoint\Endpoint Security\Remediation\quarantine
Selected Answer: A
———————————————————————-
Question #: 7
Topic #: 1
Which option allows the Endpoint Security Management Server to modify client settings such as shutting down or restarting the client computers without installing policy?
A. Remote operations
B. Node Management
C. Remote Help
D. Push Operations
Selected Answer: D
———————————————————————-
Question #: 8
Topic #: 1
What connect options does the connection Awareness support?
A. There are two options: Connected and Disconnected.
B. Master and Slave Endpoint Security Management Server.
C. Client and Server model based on ldap model. The supported ports are 389 and 636.
D. There are two options: Connected to Management and Connected to a List of Specified Targets.
Selected Answer: D
———————————————————————-
Question #: 9
Topic #: 1
What is the command required to be run to start the Endpoint Web Interface for on-premises Harmony Endpoint Web Interface access?
A. start_web_mgmt – run in clish
B. start_web_mgmt – run in expert mode
C. web_mgmt_start – run in expert mode
D. web_mgmt_start – run in clish
Selected Answer: C
———————————————————————-
Question #: 10
Topic #: 1
What do Push Operations allow?
A. allows the Endpoint Security Management Server to operate independently of the Security Management Server
B. allow the Management Console to operate without installing policy
C. allow the Endpoint Security Management Server to push operations to client computers without installing policy
D. allow the Endpoint clients to push operations to other client computers without installing policy
Selected Answer: C
———————————————————————-
Question #: 11
Topic #: 1
With which release of Endpoint Client is the Anti-Malware engine based on Sophos instead to Kaspersky?
A. Endpoint Client release E86.26 and higher for Cloud deployments
B. Endpoint Client release E84.40 and higher for all deployments
C. Endpoint Client release E83.20 and higher for Cloud deployments
D. Endpoint Client release E81.20 and higher for On-premises deployments
Selected Answer: C
———————————————————————-
Question #: 12
Topic #: 1
What is the maximum time, that users can delay the installation of the Endpoint Security Client in a production environment?
A. 2 Hours
B. 30 minutes
C. 48 Hours
D. 8 Hours
Selected Answer: C
———————————————————————-
Question #: 13
Topic #: 1
The Endpoint administrator prepared deployment rules for remote deployment in a mixed desktop environment. Some of the Non-Windows machines could not install Harmony endpoint clients. What is the reason for this?
A. MacOS clients are not supported by Harmony Endpoint
B. Administrator doesn’t run chmod command, to allow execution permission to the deployment script
C. Deployment rules are not supported on MacOS clients
D. Deployment rules was assigned to users not to machines
Selected Answer: B
———————————————————————-
Question #: 14
Topic #: 1
The CEO of the company uses the latest Check Point Endpoint client on his laptop. All capabilities are enabled and FDE has been applied. The CEO is on a business trip and remembers that he needs to send some important emails, so he is forced to boot up his laptop in a public area. However, he suddenly needs to leave and forgets to lock or shut down his computer. The laptop remains unattended. Is the CEO’s data secured?
A. The data is not secured. The laptop was left unlocked in the email client window. Everyone who accesses the laptop, before it automatic locks, has access to all data.
B. The laptop is not secure because anyone in the local connected Wi-Fi can access the CEOs corporate data.
C. The laptop is totally secure since the Endpoint client will automatically detect the emergency and has set the OS in hibernate mode.
D. The laptop is using the latest technology for Full Disk encryption. Anyone who finds the laptop can’t access its data due to the data encryption used.
Selected Answer: A
———————————————————————-
Question #: 15
Topic #: 1
How does FDE add another layer of security?
A. By offering media encryption
B. By offering pre-boot protection
C. By offering port protection
D. By offering encryption
Selected Answer: B
———————————————————————-
Question #: 16
Topic #: 1
Does the Endpoint Client GUI provide automatic or manual prompting to protect removable storage media usage?
A. Manual Only
B. Either automatic or manual
C. Automatic Only
D. Neither automatic or manual
Selected Answer: B
———————————————————————-
Question #: 17
Topic #: 1
What does Endpoint’s Media Encryption (ME) Software Capability requiring authorization accomplish?
A. Protects sensitive data and encrypts storage media
B. Controls ports and encrypts storage media
C. Controls ports and manages ports
D. Decrypts and blocks access to specific ports
Selected Answer: A
———————————————————————-
Question #: 18
Topic #: 1
You’re going to prepare a Deployment Scenario of an Endpoint Security Client on a Windows machine in an On-Prem environment. You choose one of two basic deployments – which is typical for a local deployment?
A. Agent (Initial Client) package only
B. Agent (Initial Client) and Software Blades packages
C. Agent-less (no Client) and Software Blades packages
D. Agent (free Client) package only
Selected Answer: B
———————————————————————-
Question #: 19
Topic #: 1
On which desktop operating systems are Harmony Endpoint Clients supported?
A. Windows, MacOS, Linux and Unix
B. Only Windows and MacOS
C. Windows Servers and Clients, MacOS and Linux
D. Windows Client, MacOS and Linux
Selected Answer: D
———————————————————————-
Question #: 20
Topic #: 1
What does pre-boot authentication disable?
A. Workarounds to computer security
B. Identity theft
C. Incorrect usernames
D. Weak passwords
Selected Answer: A
———————————————————————-
Question #: 21
Topic #: 1
The Remote Help tool can be used to assist users in password recovery. What type of assistance does this tool provide?
A. The Remote Help only provides procedural information and FAQs about the Endpoint Security Client including procedure to reset password
B. The Remote Help tool provides –
a) User Logon Pre-boot Remote Help
b) Media Encryption Remote Help
C. The Remote Help tool provides –
a) Link to the secret location of encrypted password file
b) Key to decrypt the password file
D. The Remote Help tool unlocks admin accounts on SmartEndpoint
Selected Answer: B
———————————————————————-
Question #: 22
Topic #: 1
Which of the following is not protected by the Full Disk Encryption (FDE) software?
1) Client’s user data
2) Operating system files
3) Temporary files
4) Erased files
A. Temporary and erased files
B. All of these are protected with FDE
C. Erased files
D. Temporary files
Selected Answer: C
———————————————————————-
Question #: 23
Topic #: 1
An Innovative model that classifies new forms of malware into known malware families based on code and behavioral similarity is called:
A. Sanitization (CDR)
B. Polymorphic Model
C. Behavior Guard
D. Anti-Ransomware
Selected Answer: C
———————————————————————-
Question #: 24
Topic #: 1
One of the Data Security Software Capability protections included in the Harmony Endpoint solution is:
A. Data Leak Firewall
B. Memory Encryption
C. Dynamic Data Protection
D. Remote Access VPN
Selected Answer: D
———————————————————————-
Question #: 25
Topic #: 1
In the POLICY Tab of the Harmony Endpoint portal for each software Capability (Threat Prevention, Data Protection etc.) rules can be created to protect endpoint machines. Choose the true statement.
A. The default rule is a global rule that only applies to Computers. Rules for Users must be added manually by the administrator.
B. There are no rules to start with and administrators must create rules in order to deploy the capability policies, actions and behavior.
C. There are only rules for the Harmony Endpoint Firewall Capability. All other Capabilities only include Actions.
D. The default rule is a global rule which applies to all users and computers in the organization.
Selected Answer: D
———————————————————————-
Question #: 26
Topic #: 1
When deploying a policy server, which is important?
A. To have policies in place
B. To configure the heartbeat interval and define the amount of time that the client is allowed to connect to the server
C. To configure the EPS and define the amount of time that the client is allowed to connect to the SMS
D. To install the heartbeat server first
Selected Answer: B
———————————————————————-
Question #: 27
Topic #: 1
What does Unauthenticated mode mean?
A. Computers and users might present a security risk, but still have access.
B. Computers and users are trusted based on their IP address and username.
C. Computers and users have credentials, but they are not verified through AD.
D. Computers and users are trusted based on the passwords and usernames only.
Selected Answer: B
———————————————————————-
Question #: 28
Topic #: 1
When in the Strong Authentication workflow is the database installed on the secondary server?
A. After Endpoint security is enabled
B. Before Endpoint security is enabled
C. Exactly when Endpoint security is enabled
D. After synchronization and before Endpoint security has been enabled
Selected Answer: D
———————————————————————-
Question #: 29
Topic #: 1
What blades have to be enabled on the Management Server in order for the Endpoint Security Management Server to operate?
A. You can enable all gateway related blades.
B. The administrator has to enable compliance and Network Policy Management.
C. Logging & Status, SmartEvent Server, and SmartEvent Correlation unit must be enabled.
D. The SmartEndPoint super Node on the Management.
Selected Answer: B
———————————————————————-
Question #: 30
Topic #: 1
The Harmony Endpoint solution includes which three Data Security Software Capability protections?
A. Full Disk Encryption –
Media Encryption –
Anti-Malware
B. Passwords and Usernames –
Port Protection (MEPP)
Security Questions
C. Media Encryption –
Media Decryption –
Remote Access VPN
D. Full Disk Encryption –
Media Encryption & Port Protection (MEPP)
Remote Access VPN
Selected Answer: D
———————————————————————-
Question #: 31
Topic #: 1
What is the default encryption algorithm in Full Disk Encryption tab under Advanced Settings?
A. AES-CBC 128 bit
B. AES-CBC 256 bit
C. XTS-AES 256 bit
D. XTS-AES 128 bit
Selected Answer: B
———————————————————————-
Question #: 32
Topic #: 1
As an Endpoint Administrator you are facing with some errors related to AD Strong Authentication in Endpoint Management server. Where is the right place to look when you are troubleshooting these issues?
A. $FWDIR/log/Authentication.log
B. $FWDIR/logs/Auth.log
C. $UEPMDIR/logs/Authentication.log
D. $UEPMDIR/log/Authentication.elg
Selected Answer: C
———————————————————————-
Question #: 33
Topic #: 1
Before installing the Endpoint Security Management Server, it is necessary to consider this:
A. A Network Security Management Server must be installed
B. A Network Security Management Server must NOT be installed on the same machine
C. An Endpoint Security Gateway must be installed
D. MS SQL Server must be available with full admin access
Selected Answer: A
———————————————————————-
Question #: 34
Topic #: 1
How many security levels can you set when enabling Remote help on pre-boot?
A. Four levels – Low security, Medium security, High security, Very High security
B. Two levels – Low and High security
C. Three levels – Low security, Medium security, High security
D. One and only level – enable or disable security
Selected Answer: C
———————————————————————-
Question #: 35
Topic #: 1
What capabilities does the Harmony Endpoint NGAV include?
A. Anti-Ransomware, Anti-Exploit & Behavioral Guard
B. Anti-IPS, Anti-Firewall & Anti-Guard
C. Zero-Phishing, Anti-Bot & Anti-Virus
D. Threat Extraction, Threat-Emulation & Zero-Phishing
Selected Answer: A
———————————————————————-
Question #: 36
Topic #: 1
Which User Roles are on the Endpoint Security Management Server for On-Premises servers?
A. Primary Administrator and Read-Only
B. Super Admin, Primary Administrator, User Admin, Read-Only
C. Admin and Read-Only
D. Super Admin, Read-Write All, Read-only
Selected Answer: C
———————————————————————-
Question #: 37
Topic #: 1
External Endpoint policy servers (EPS) decrease X and reduce X between sites?
A. Decrease policies and reduce traffic between sites
B. Decrease power and reduce accidents between sites
C. Decrease clients and reduce device agents between sites
D. External Endpoint policy servers (EPS) decrease the load of the EMS and reduce the bandwidth required between sites
Selected Answer: D
———————————————————————-
Question #: 38
Topic #: 1
How many digits are required in the FDE policy settings to enable a Very High-Security level for remote help on pre-boot?
A. 40 digits
B. Maximum 30 digits
C. 24 digits
D. Minimum 20 digits
Selected Answer: D
———————————————————————-
Question #: 39
Topic #: 1
Endpoint’s Media Encryption (ME) Software Capability protects sensitive data on what, and how?
A. Storage devices, removable media, and other input/output devices by requiring authorization before a user accesses the device
B. Input/output devices using Anti-Malware
C. Removable media and other input/output devices by using encryption methods
D. Storage devices by requiring multi-factor authorization
Selected Answer: A
———————————————————————-
Question #: 40
Topic #: 1
How often does the AD scanner poll the server database for the current configuration settings?
A. Every 60 minutes
B. Every 150 minutes
C. Every 120 minutes
D. Every 30 minutes
Selected Answer: C
