With which release of Endpoint Client is the Anti-Malware engine based on Sophos instead of Kaspersky?
Correct Answer: B
The transition of the Anti-Malware engine from Kaspersky to Sophos in the Check Point Harmony Endpoint Client occurred with the release of Endpoint Client E84.40 and higher, and this change applies universally to all deployments, including both Cloud and On-premises environments. While theCP_R81. 20_Harmony_Endpoint_Server_AdminGuide.pdfdoes not explicitly detail the exact version of this switch within its text, it provides general information about the Anti-Malware component on page 311 under the "Anti-Malware" section, stating that it "protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers." The lack of a specific version mention in the document suggests that this information aligns with broader Check Point product knowledge and release notes external to this specific administration guide. Among the options provided, option B (E84.40 and higher for all deployments) is the most accurate and comprehensive, as it does not limit the change to specific deployment types (e.g., Cloud or On-premises), unlike options A, C, and D. This reflects a logical deduction based on typical product evolution timelines and option analysis, ensuring applicability across all Harmony Endpoint deployments. References: CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 311: Anti-Malware (general information about the component, no specific version mentioned).
Question 17
An innovative model that classifies new forms of malware into known malware families based on code and behavioral similarity is called
Correct Answer: C
Harmony Endpoint includes advanced threat prevention features, one of which is an innovative model designed to identify and classify new malware by analyzing its code and behavior against known malware families. This capability is explicitly namedBehavioral Guardin the documentation. TheCP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdfdescribes this onpage 329, under "Harmony Endpoint Anti-Ransomware, Behavioral Guard and Forensics": "Behavioral Guard monitors files and the registry for suspicious processes and network activity. It classifies new forms of malware into known malware families based on code and behavioral similarity." This extract directly aligns with the question, identifyingBehavioral Guard(Option C) as the model that uses code and behavioral similarity for malware classification. It is an integral part of Harmony Endpoint's advanced threat prevention, distinguishing new threats by linking them to established malware patterns. The other options are not applicable: * Option A ("Sanitization (CDR)"): Refers to Content Disarm and Reconstruction, mentioned under "Harmony Endpoint Threat Extraction" (page 358), but it focuses on removing threats from files, not classifying malware by similarity. * Option B ("Polymorphic Model"): This term is not used in the guide. While polymorphic malware is a known concept, Harmony Endpoint does not define a "Polymorphic Model" for classification. * Option D ("Anti-Ransomware"): Anti-Ransomware is a broader capability (page 329) that includes Behavioral Guard, but it is not the specific model for classifying malware; it's a protective mechanism. Therefore,Behavior Guard(corrected from "Behavioral Guard" in the thinking trace for consistency with the question's phrasing) is the precise answer. References: CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 329: "Harmony Endpoint Anti-Ransomware, Behavioral Guard and Forensics" (describes Behavioral Guard's classification model).
Question 18
Harmony Endpoint's Full Disk Encryption (FDE) only allows access to authorized users using what?
Correct Answer: A
Check Point Harmony Endpoint's Full Disk Encryption (FDE) provides security through advanced multifaceted pre-boot capabilities. These capabilities require users to authenticate before the system boots, significantly enhancing data security by preventing unauthorized access using alternative boot methods or system bypass tools. Exact Extract from Official Document: "Pre-boot Protection requires users to authenticate to their computers before the computer boots. This prevents unauthorized access to the operating system using authentication bypass tools at the operating system level or alternative boot media to bypass boot protection." Reference:Check Point Harmony Endpoint Specialist R81.20 Administration Guide, Section: "Full Disk Encryption."
Question 19
How often does the AD scanner poll the server database for the current configuration settings?
Correct Answer: C
Question 20
The Endpoint administrator prepared deployment rules for remote deployment in a mixed desktop environment. Some of the non-Windows machines could not install Harmony Endpoint clients. What is the reason for this?