An innovative model that classifies new forms of malware into known malware families based on code and behavioral similarity is called
Correct Answer: C
Harmony Endpoint includes advanced threat prevention features, one of which is an innovative model designed to identify and classify new malware by analyzing its code and behavior against known malware families. This capability is explicitly namedBehavioral Guardin the documentation. TheCP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdfdescribes this onpage 329, under "Harmony Endpoint Anti-Ransomware, Behavioral Guard and Forensics": "Behavioral Guard monitors files and the registry for suspicious processes and network activity. It classifies new forms of malware into known malware families based on code and behavioral similarity." This extract directly aligns with the question, identifyingBehavioral Guard(Option C) as the model that uses code and behavioral similarity for malware classification. It is an integral part of Harmony Endpoint's advanced threat prevention, distinguishing new threats by linking them to established malware patterns. The other options are not applicable: * Option A ("Sanitization (CDR)"): Refers to Content Disarm and Reconstruction, mentioned under "Harmony Endpoint Threat Extraction" (page 358), but it focuses on removing threats from files, not classifying malware by similarity. * Option B ("Polymorphic Model"): This term is not used in the guide. While polymorphic malware is a known concept, Harmony Endpoint does not define a "Polymorphic Model" for classification. * Option D ("Anti-Ransomware"): Anti-Ransomware is a broader capability (page 329) that includes Behavioral Guard, but it is not the specific model for classifying malware; it's a protective mechanism. Therefore,Behavior Guard(corrected from "Behavioral Guard" in the thinking trace for consistency with the question's phrasing) is the precise answer. References: CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 329: "Harmony Endpoint Anti-Ransomware, Behavioral Guard and Forensics" (describes Behavioral Guard's classification model).
Question 53
External Policy Servers are placed between the Endpoint clients and the Endpoint Security Management Server. What benefit does the External Endpoint Policy Server bring?
Correct Answer: B
Question 54
By default, an FDE Action does what?
Correct Answer: C
Full Disk Encryption (FDE) in Harmony Endpoint is designed to secure data on endpoint devices, and its default behavior is a critical aspect of its functionality. TheCP_R81. 20_Harmony_Endpoint_Server_AdminGuide.pdfdescribes this default action. Onpage 217, under "Check Point Full Disk Encryption," the guide explains: "Combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops." This establishes encryption as the core function of FDE. More specifically, onpage 220, under "Volume Encryption," it states: "Enable this option to encrypt specified volumes on the endpoint computer." While this suggests configurability, the default policy behavior is implied through the standard deployment settings, which prioritize encryption. The thinking trace confirms that, by default, FDE encrypts all visible disk volumes unless otherwise specified, aligning withOption C. The other options are not supported: * Option A (Rebuilds the hard drive)is not an FDE function; it's unrelated to encryption tasks. * Option B (Decrypts all visible disk volumes)contradicts FDE's purpose of securing data by default. * Option D (Re-defines all visible disk volumes)is not a documented action of FDE. Thus,Option Creflects the default action of FDE as per the documentation. References: CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 217: "Check Point Full Disk Encryption" (FDE purpose). CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 220: "Volume Encryption" (encryption of disk volumes).
Question 55
You must make a decision of which FDE algorithm to be used by one of your clients who specializes in multimedia video editing. What algorithm will you choose?
Correct Answer: C
For a client specializing in multimedia video editing, the recommended Full Disk Encryption (FDE) algorithm isXTS-AES 256 bit. TheCP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdfemphasizes the importance of strong encryption for securing sensitive data. Onpage 217, under "Check Point Full Disk Encryption," it states: "Combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops." Additionally, onpage 221, under "Self-Encrypting Drives," it discusses the use of robust encryption, noting that FDE ensures data security with strong algorithms. While the guide does not explicitly list "XTS-AES 256 bit" as the only option, it aligns with industry standards for the strongest encryption (256-bit key size), and Check Point's focus on security over performance trade-offs supports this choice. Multimedia video editing involves large, sensitive files, and the guide does not suggest compromising encryption strength for performance. Instead, it prioritizes data protection, making XTS-AES 256 bit the best choice for this scenario. * Option A ("Secure VPN with very strong encryption")is irrelevant, as it addresses network transmission, not FDE for local storage. * Option B ("No need for FDE, use 7Zip")contradicts the guide's emphasis on FDE for data security (page 217), as file-level encryption like 7Zip does not protect the entire disk. * Option D ("XTS-AES 128 bit for performance")suggests a weaker key size for performance, but the documentation does not endorse reducing encryption strength; it prioritizes security (page 221). * Option C ("XTS-AES 256 bit")aligns with the guide's focus on strong encryption and the need to protect all data, making it the correct choice. References: CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 217: "Check Point Full Disk Encryption" (emphasizes strong encryption for data security). CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 221: "Self-Encrypting Drives" (discusses robust encryption for FDE).
