매달, 우리는 1000명 이상의 사람들이 시험 준비를 잘하고 시험을 잘 통과할 수 있도록 도와줍니다.
Check Point Certified Harmony Endpoint Specialist - R81.20 온라인 연습
최종 업데이트 시간: 2025년10월03일
당신은 온라인 연습 문제를 통해 Check Point 156-536 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.
시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 156-536 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 75개의 시험 문제와 답을 포함하십시오.
정답:
Explanation:
The Data Protection/General rule in Check Point Harmony Endpoint is a critical component of its Data Security Protection framework, encompassing settings that secure both hard disks and removable media while controlling port access. This rule integrates features from Full Disk Encryption (FDE) and Media Encryption & Port Protection (MEPP), as outlined in the CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf. On page 20, under the "Endpoint Security Client" section, the document details the components available on Windows:
"Full Disk Encryption: Combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops."
"Media Encryption and Media Encryption & Port Protection: Protects data stored on the computers by encrypting removable media devices and allowing tight control over computers' ports (USB, Bluetooth, and so on)."
This extract clearly indicates that the Data Protection/General rule includes encryption settings for hard disks (via FDE), encryption settings for removable media, and port protection settings (via MEPP). These elements work together to safeguard data across various storage types and prevent unauthorized access through ports, aligning perfectly with Option D.
Option A ("Actions that define user authentication settings only") is incorrect because, while user authentication (e.g., pre-boot authentication) is part of FDE, the rule extends beyond authentication to include encryption and port protection settings.
Option B ("Actions that define decryption settings for hard disks") is inaccurate as the focus of the rule is on encryption, not decryption, and it covers more than just hard disks (e.g., removable media and ports).
Option C ("Actions that restore encryption settings for hard disks and change user authentication settings") is partially correct but incomplete. It mentions restoring encryption and authentication but
omits the critical port protection and removable media encryption aspects, making it less comprehensive than Option D.
Reference: CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 20: "Endpoint Security Client"
(describes FDE and MEPP components).
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 217: "Check Point Full Disk
Encryption" (details encryption settings for hard disks).
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 280: "Media Encryption & Port
Protection" (covers port protection and removable media encryption settings).
정답:
Explanation:
Pre-boot protection in Check Point Harmony Endpoint requires users to authenticate before the computer's operating system (OS) starts. This ensures that the system remains secure before the OS loads, preventing unauthorized access to encrypted data. The CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf on page 223, under "Authentication before the Operating System Loads (Pre-boot)," explains:
"only authorized users are given access to information stored on desktops and laptops" by requiring authentication before the OS loads.
This pre-boot authentication process typically involves entering a password, using a smart card, or providing a token response in a pre-boot environment displayed by the Endpoint Client before the Windows or other OS boot sequence begins. This aligns with Option C ("To authenticate before the computer's OS starts").
Option A ("To authenticate before the computer will start") is misleading; the computer powers on and starts its hardware initialization, but the OS does not load until authentication occurs. "Before the computer will start" implies the hardware itself won’t power on, which is inaccurate.
Option B ("To answer a security question after login") is incorrect because pre-boot protection occurs before the OS login, not after.
Option D ("To regularly change passwords") relates to password policy (covered on page 264 under "Password Complexity and Security"), not the immediate requirement of pre-boot protection.
Reference: CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 223: "Authentication before the Operating System Loads (Pre-boot)" (describes the requirement for users to authenticate before the OS starts).
정답:
Explanation:
The Full Disk Encryption (FDE) software in Check Point Harmony Endpoint combines OS boot protection with pre-boot authentication and encryption to ensure that only authorized users can access data on desktop computers and laptops. This is detailed in the CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf on page 217, under "Check Point Full Disk Encryption," where it states:
"Combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops."
This extract highlights three key elements:
Pre-boot protection: Secures the system before the operating system loads, preventing unauthorized access at the earliest stage.
Boot authentication: Requires users to authenticate (e.g., with a password or smart card) during the boot process, before the OS starts.
Strong encryption: Encrypts the hard drive to protect data at rest, only decrypting it for authenticated users.
Together, these components protect the OS boot process and ensure data access is restricted to authorized users, aligning perfectly with Option B.
Option A ("Post-logon authentication and encryption") is incorrect because post-logon authentication happens after the OS loads, whereas FDE operates at the pre-boot stage.
Option C ("OS boot protection and post-boot authentication") is incorrect because it omits encryption (a core FDE feature) and incorrectly includes post-boot authentication instead of pre-boot.
Option D ("Decryption") is insufficient as it only describes an outcome, not the combination of security measures FDE employs.
Reference: CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 217: "Check Point Full Disk Encryption" (describes the integration of pre-boot protection, boot authentication, and encryption).
정답:
Explanation:
Full Disk Encryption (FDE) in Check Point Harmony Endpoint is designed to protect data at rest stored on the Hard Drive of desktops and laptops. This is explicitly outlined in the CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf on page 217, under the section "Check Point Full Disk Encryption," which states:
"Combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops."
This indicates that FDE encrypts the entire hard drive, securing all data stored on it when the device is powered off or in a resting state. Further clarification comes from page 220, under "Volume Encryption," where it discusses encrypting "volumes," referring to the hard drive partitions: "Volume Encryption - Enable this option to encrypt specified volumes on the endpoint computer." Since a hard drive is the primary local storage medium on endpoint devices, Option D ("Hard Drive") is the correct answer.
Option A ("RAM Drive") is incorrect because RAM (Random Access Memory) is volatile memory that does not store data at rest; it loses data when power is off, unlike a hard drive.
Option B ("SMB Share") and Option C ("NFS Share") are incorrect because these are network-based file shares (Server Message Block and Network File System, respectively), not local storage devices protected by FDE. FDE focuses on local hard drives, not network resources.
Reference: CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 217: "Check Point Full Disk Encryption" (describes protecting data stored on desktops and laptops).
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 220: "Volume Encryption" (confirms encryption targets hard drive volumes).
정답:
Explanation:
The Endpoint Client GUI in Check Point Harmony Endpoint provides either automatic or manual prompting to protect removable storage media usage, depending on how the administrator configures the system. This functionality is part of the Media Encryption & Port Protection component, which allows flexible control over removable media such as USB drives. According to the CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf on page 282, under the section "Working with Actions in a Media Encryption & Port Protection Rule," the documentation states:
"You can configure rules to automatically encrypt media or prompt users to encrypt or access media in a protected manner."
This extract confirms that administrators can set policies to either automatically apply encryption (automatic prompting) or require user interaction (manual prompting) when removable media is detected. For example, an automatic rule might encrypt a USB drive without user intervention, while a manual rule might display a prompt in the Endpoint Client GUI asking the user to confirm encryption or access permissions. This dual capability makes Option B ("Either automatic or manual")
the correct answer.
Option A ("Manual Only") is incorrect because the system supports automatic prompting, not just manual.
Option C ("Automatic Only") is incorrect because manual prompting is also an available option.
Option D ("Neither automatic nor manual") is false, as the documentation clearly describes both
methods.
Reference: CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 282: "Working with Actions in a Media Encryption & Port Protection Rule" (describes the ability to configure automatic encryption or user prompts for removable media).
정답:
Explanation:
Pre-boot authentication in Harmony Endpoint disables workarounds to computer security. This is explicitly stated in the CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf on page 223, under "Authentication before the Operating System Loads (Pre-boot)," which explains: "only authorized users are given access to information stored on desktops and laptops" by requiring authentication before the OS loads. This prevents unauthorized access attempts that might bypass OS-level security measures, such as booting from alternative media or exploiting OS vulnerabilities―effectively disabling "workarounds to computer security."
Option B ("Identity theft") is a broader security concern not specifically addressed by pre-boot authentication; it’s a potential outcome, not a direct mechanism disabled.
Option C ("Incorrect usernames") is a user error, not something pre-boot authentication disables; it simply rejects invalid credentials.
Option D ("Weak passwords") relates to password policy enforcement (covered on page 264), not the function of pre-boot authentication itself.
Option A ("Workarounds to computer security") is directly supported by the documentation, as pre-boot authentication ensures security at the earliest stage, blocking bypass attempts.
Reference: CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 223: "Authentication before the Operating System Loads (Pre-boot)" (describes the purpose of pre-boot authentication).
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 264: "Password Complexity and Security" (covers password policies, not pre-boot authentication’s role).
정답:
Explanation:
For a client specializing in multimedia video editing, the recommended Full Disk Encryption (FDE) algorithm is XTS-AES 256 bit. The CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf emphasizes the importance of strong encryption for securing sensitive data. On page 217, under "Check Point Full Disk Encryption," it states: "Combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops." Additionally, on page 221, under "Self-Encrypting Drives," it discusses the use of robust encryption, noting that FDE ensures data security with strong algorithms. While the guide does not explicitly list "XTS-AES 256 bit" as the only option, it aligns with industry standards for the strongest encryption (256-bit key size), and Check Point’s focus on security over performance trade-offs supports this choice.
Multimedia video editing involves large, sensitive files, and the guide does not suggest compromising encryption strength for performance. Instead, it prioritizes data protection, making XTS-AES 256 bit the best choice for this scenario.
Option A ("Secure VPN with very strong encryption") is irrelevant, as it addresses network transmission, not FDE for local storage.
Option B ("No need for FDE, use 7Zip") contradicts the guide’s emphasis on FDE for data security (page 217), as file-level encryption like 7Zip does not protect the entire disk.
Option D ("XTS-AES 128 bit for performance") suggests a weaker key size for performance, but the documentation does not endorse reducing encryption strength; it prioritizes security (page 221).
Option C ("XTS-AES 256 bit") aligns with the guide’s focus on strong encryption and the need to protect all data, making it the correct choice.
Reference: CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 217: "Check Point Full Disk Encryption" (emphasizes strong encryption for data security).
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 221: "Self-Encrypting Drives" (discusses robust encryption for FDE).
정답:
정답:
Explanation:
Harmony Endpoint provides Endpoint Security Client packages for Windows, macOS, and Linux
operating systems. This is explicitly documented in the CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf. On page 19, under the section "Endpoint Security Client," it states: "The Endpoint Security client is available on Windows and Mac." This confirms support for Windows and macOS. Further clarification is provided on page 51, under "Supported Operating Systems for the Endpoint Client," which lists "macOS" and "Linux" as supported platforms, alongside detailed support for Microsoft Windows on page 49. Together, these references confirm that the client packages are offered for Windows, macOS, and Linux.
Option A ("Unix, WinLinux and macOS") is incorrect because "WinLinux" is not a recognized operating system, and Unix is not listed as a supported client OS in the documentation.
Option C ("macOS, iPadOS and Windows") is incorrect as iPadOS, an OS for mobile devices, is not mentioned as a supported platform for the Endpoint Security Client.
Option D ("Windows, AppleOS and Unix operating systems") is incorrect because "AppleOS" is not a standard term (the correct term is macOS), and Unix is not supported as a client OS. Thus, Option B is the only fully accurate choice based on the official documentation.
Reference: CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 19: "Endpoint Security Client" (mentions Windows and Mac).
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 49: "Microsoft Windows" (details Windows support).
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 51: "macOS" and "Linux" (confirms support for these OSes).
정답:
Explanation:
An administrator can confirm a successful macOS Harmony Endpoint client installation when the Endpoint icon appears in the computer's menu bar. This is stated on page 151 under "Deploying Mac Clients," noting that "After installation, the Endpoint Security icon appears in the menu bar." Options like automatic reboot (A) or pop-up messages (B, D) are not documented as standard indicators of successful installation in the guide.
정답:
Explanation:
There are two main package types: the Initial Client Package and Endpoint Security Client Packages. Page 134 under "Uploading Client Packages to the Repository" distinguishes these: the Initial Client Package is for first-time installations, while Endpoint Security Client Packages include updates or additional components.
Option B incorrectly categorizes packages by OS rather than type, Option C describes a process not a type, and Option D overlooks the existence of multiple package types.
정답:
정답:
Explanation:
The Endpoint Client provides end users with an overview summary of the protections deployed on their machines and the status of each protection. On page 19, under "Endpoint Security Client," the guide describes it as an application that monitors security status and enforces policies, with components like Anti-Malware and Firewall listed on page 20, visible to users through the client interface.
Option A is more relevant to administrators (page 63), Option C relates to forensic reports (page 346), and Option D pertains to network monitoring, not client-provided data.
정답:
Explanation:
Push Operations allow the Endpoint Security Management Server to modify client settings, such as shutting down or restarting computers, without requiring a policy installation. This is detailed on page 69 under "Performing Push Operations," where the guide states that administrators can perform immediate actions like "Restart Computer" and "Shutdown Computer" on selected clients. Options like Remote Operations (A) and Node Management (B) are not documented features for this purpose, while Remote Help (C) is intended for user assistance, such as password recovery (page 425), not direct client modifications.
정답: