
[2025年12月03日] 最新更新されたのは156-536試験問題2025年更新
無料更新されたCheckPoint 156-536テストエンジン問題には100問題と解答
質問 # 49
Full Disk Encryption (FDE) protects data at rest stored on a Hard Drive.
- A. NFS Share
- B. Hard Drive
- C. SMB Share
- D. RAM Drive
正解:B
解説:
Full Disk Encryption (FDE) in Check Point Harmony Endpoint is designed to protectdata at reststored on the Hard Driveof desktops and laptops. This is explicitly outlined in theCP_R81.
20_Harmony_Endpoint_Server_AdminGuide.pdfonpage 217, under the section "Check Point Full Disk Encryption," which states:
"Combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops." This indicates that FDE encrypts the entire hard drive, securing all data stored on it when the device is powered off or in a resting state. Further clarification comes frompage 220, under "Volume Encryption," where it discusses encrypting "volumes," referring to the hard drive partitions:
"Volume Encryption - Enable this option to encrypt specified volumes on the endpoint computer." Since a hard drive is the primary local storage medium on endpoint devices,Option D ("Hard Drive")is the correct answer.
* Option A ("RAM Drive")is incorrect because RAM (Random Access Memory) is volatile memory that does not store data at rest; it loses data when power is off, unlike a hard drive.
* Option B ("SMB Share")andOption C ("NFS Share")are incorrect because these are network-based file shares (Server Message Block and Network File System, respectively), not local storage devices protected by FDE. FDE focuses on local hard drives, not network resources.
References:
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 217: "Check Point Full Disk Encryption" (describes protecting data stored on desktops and laptops).
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 220: "Volume Encryption" (confirms encryption targets hard drive volumes).
質問 # 50
You are facing a lot of CPU usage and high bandwidth consumption on your Endpoint Security Server. You check and verify that everything is working as it should be, but the performance is still very slow. What can you do to decrease your bandwidth and CPU usage?
- A. You can use some of your Endpoints as Super Nodes since super nodes reduce bandwidth as well as CPU usage.
- B. Your company's size is not large enough to have a valid need for Endpoint Solution.
- C. Your company needs more bandwidth. You have to increase your bandwidth by 300%.
- D. The management High Availability sizing is not correct. You have to purchase more servers and add them to the cluster.
正解:A
質問 # 51
What does pre-boot protection require of users?
- A. To authenticate before the computer will start
- B. To answer a security question after login
- C. To regularly change passwords
- D. To authenticate before the computer's OS starts
正解:D
解説:
Pre-boot protection in Check Point Harmony Endpoint requires usersto authenticate before the computer's operating system (OS) starts. This ensures that the system remains secure before the OS loads, preventing unauthorized access to encrypted data. TheCP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdfonpage
223, under "Authentication before the Operating System Loads (Pre-boot)," explains:
"only authorized users are given access to information stored on desktops and laptops" by requiring authentication before the OS loads.
This pre-boot authentication process typically involves entering a password, using a smart card, or providing a token response in a pre-boot environment displayed by the Endpoint Client before the Windows or other OS boot sequence begins. This aligns withOption C ("To authenticate before the computer's OS starts").
* Option A ("To authenticate before the computer will start")is misleading; the computer powers on and starts its hardware initialization, but the OS does not load until authentication occurs. "Before the computer will start" implies the hardware itself won't power on, which is inaccurate.
* Option B ("To answer a security question after login")is incorrect because pre-boot protection occurs before the OS login, not after.
* Option D ("To regularly change passwords")relates to password policy (covered on page 264 under
"Password Complexity and Security"), not the immediate requirement of pre-boot protection.
References:
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 223: "Authentication before the Operating System Loads (Pre-boot)" (describes the requirement for users to authenticate before the OS starts).
質問 # 52
What is the default Agent Uninstall Password, which protects the client from unauthorized removal?
- A. Chkp1234
- B. secret
- C. Secret
- D. RemoveMe
正解:B
質問 # 53
In a Standalone installation, the EMS is installed on the same computer or a different one than the NMS?
- A. Both
- B. Different
- C. Same
- D. Half on one and half on another computer
正解:C
解説:
According to the official Check Point Harmony Endpoint documentation, in a Standalone installation, the Endpoint Security Management Server (EMS) and the Network Management Server (NMS) are installed together on the same computer. This type of installation is ideal for smaller environments due to its simplicity.
Exact Extract from Official Document:
"In a Standalone installation, the EMS and NMS are installed on the same computer." Reference:Check Point Harmony Endpoint Specialist R81.20 Administration Guide.
質問 # 54
Which User Roles are on the Endpoint Security Management Server for On-Premises servers?
- A. Super Admin, Read-Write All, Read-Only
- B. Primary Administrator and Read-Only
- C. Super Admin, Primary Administrator, User Admin, Read-Only
- D. Admin and Read-Only
正解:D
解説:
On-premises servers have only two user roles: "Admin" & "Read-only".
These are the roles:
Admin - Full Read & Write access to all system aspects.
Read-Only User - Has access to all system aspects, but cannot make any changes.
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN
/CP_R81_EndpointWebManagement_AdminGuide/Topics-HEPWM-R81
/Managing_Users_in_Harmony_Endpoint.htm
質問 # 55
Where are the Endpoint Policy Servers located?
- A. Between the Endpoint clients and the NMS
- B. Between the Endpoint clients and the EPS
- C. Between the Endpoint clients and the EMS
- D. Between the Endpoint clients and the SMS
正解:C
解説:
Endpoint Policy Servers (EPS) are integral to the Harmony Endpoint architecture, designed to optimize communication between Endpoint clients and the Endpoint Security Management Server (EMS). TheCP_R81.
20_Harmony_Endpoint_Server_AdminGuide.pdfexplicitly defines their placement.
Onpage 25, under "Optional Endpoint Security Elements," the documentation states:
"Endpoint Policy Servers improve performance in large environments by managing most communication with the Endpoint Security clients. Managing the Endpoint Security client communication decreases the load on the Endpoint Security Management Server, and reduces the bandwidth required between sites." This confirms that EPS are positionedbetween the Endpoint clients and the EMS, handling tasks like policy downloads, heartbeats, and updates to offload the EMS.Option Baccurately reflects this architecture.
Evaluating the other options:
* Option A: "Between the Endpoint clients and the EPS" is nonsensical, as EPS (Endpoint Policy Servers) cannot be between themselves and clients-it's a self-referential error.
* Option C: "Between the Endpoint clients and the NMS" introduces "NMS," likely a typo for Network Management System, which isn't part of Harmony Endpoint's architecture per the document.
* Option D: "Between the Endpoint clients and the SMS" refers to the Security Management Server (SMS), which manages gateways in Check Point's broader ecosystem, not the EMS specific to Harmony Endpoint (seepage 23for EMS definition).
Thus,Option Bis directly supported by the documentation as the correct placement of EPS.
References:
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 25: "Optional Endpoint Security Elements" (EPS placement and role).
質問 # 56
The CISO office evaluates Check Point Harmony Endpoint and needs to know what kind of post-infection capabilities exist. Which post-infection capabilities does the Harmony Endpoint Suite include?
- A. IPS Attack Analysis (Forensics), Detect and Prevent, and Isolation
- B. Automated Attack Analysis (Forensics), Remediation and Response, and Quarantine
- C. IPS Attack Analysis (Forensics), Deploy and Destroy, and Isolation
- D. FW Attack Analysis (Forensics), Detect and Prevent, and Isolation
正解:B
解説:
Harmony Endpoint offers advanced post-infection capabilities to analyze and mitigate threats after they occur.
These features are detailed in theCP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdfunder its threat prevention sections.
Onpage 346, under "Forensics," the guide states:
"Forensics provides automated attack analysis, helping to understand the nature and impact of threats." Onpage 336, under "Quarantine Settings and Attack Remediation," it notes:
"Quarantine Settings and Attack Remediation allow for isolating infected files and systems." Additionally, onpage 329, under "Harmony Endpoint Anti-Ransomware, Behavioral Guard and Forensics," it mentions:
"Analyzes incidents reported by other components."
These extracts collectively confirm that Harmony Endpoint includes:
* Automated Attack Analysis (Forensics)- Automatically analyzing threats post-infection.
* Remediation and Response- Addressing and repairing the damage (implied in attack remediation).
* Quarantine- Isolating infected elements to prevent further spread.
This matchesOption Bperfectly.
Evaluating the other options:
* Option A: IPS Attack Analysis (Forensics), Deploy and Destroy, and Isolation- "IPS" is a network feature, not endpoint-specific, and "Deploy and Destroy" is not a documented term.
* Option C: FW Attack Analysis (Forensics), Detect and Prevent, and Isolation- "FW" (Firewall) is unrelated to endpoint post-infection, and "Detect and Prevent" are pre-infection actions.
* Option D: IPS Attack Analysis (Forensics), Detect and Prevent, and Isolation- Again, "IPS" is incorrect, and "Detect and Prevent" is not post-infection-focused.
Option Baccurately represents Harmony Endpoint's post-infection capabilities as per the documentation.
References:
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 329: "Harmony Endpoint Anti-Ransomware, Behavioral Guard and Forensics" (incident analysis).
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 346: "Forensics" (automated attack analysis).
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 336: "Quarantine Settings and Attack Remediation" (quarantine and remediation).
質問 # 57
The Endpoint administrator prepared deployment rules for remote deployment in a mixed desktop environment. Some of the non-Windows machines could not install Harmony Endpoint clients. What is the reason for this?
- A. Deployment rules are not supported on macOS clients
- B. Administrator doesn't run chmod command, to allow execution permission to the deployment script
- C. Deployment rules were assigned to users not to machines
- D. macOS clients are not supported by Harmony Endpoint
正解:A
解説:
The official Check Point Harmony Endpoint documentation clearly states that deployment rules (automatic deployment) are not supported for macOS clients. macOS client deployments must instead be performed manually using exported packages or third-party deployment methods.
Exact Extract from Official Document:
"Deploy New Endpoints... macOS: No" (indicating that deployment rules cannot automatically deploy endpoints for macOS) Reference:Check Point Harmony Endpoint Specialist R81.20 Administration Guide.
質問 # 58
"Heartbeat" refers to what?
- A. A periodic client connection to the server
- B. A client connection that happens every 60 seconds
- C. A random server connection
- D. A server connection that happens every 5 minutes
正解:A
解説:
In Check Point's Harmony Endpoint, the "heartbeat" refers to a periodic connection initiated by the endpoint client to the Endpoint Security Management Server. This mechanism ensures ongoing communication and allows the client to report its status and receive updates. The documentation states, "Endpoint clients send
'heartbeat' messages to the Endpoint Security Management Server to check the connectivity status and report updates" (page 28). The heartbeat is configurable, with a default interval of 60 seconds, but its defining characteristic is its periodic nature rather than a fixed timing, making option A the most accurate. Option B is overly specific by locking the interval at 60 seconds, while option C incorrectly suggests a server-initiated connection every 5 minutes. Option D is incorrect, as the heartbeat is not random but scheduled. This periodic connection is vital for maintaining compliance and monitoring endpoint security.
References:
"CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf," Page 28: The Heartbeat Interval
質問 # 59
What are the benefits of the Check Point Consolidated Cyber Security Architecture?
- A. Decentralized management
- B. Single policy
- C. Consolidated network functions
- D. Consolidated security functions
正解:D
解説:
The Check Point Consolidated Cyber Security Architecture is designed to integrate multiple security functions into a unified platform. This architecture provides "consolidated security functions," which is its primary benefit. This means it combines endpoint protection, data security, and threat prevention into a single, manageable system, improving efficiency and simplifying security administration for organizations. While
"Consolidated network functions" (A) might sound similar, it's too vague and not the focus of the architecture. "Single policy" (B) is not highlighted as a standalone benefit, and "Decentralized management" (C) contradicts the centralized approach of this architecture. Thus, "Consolidated security functions" (D) is the correct answer, as it aligns directly with the documented advantages.
質問 # 60
What does the Data protection/General rule contain?
- A. Actions that restore encryption settings for hard disks and change user authentication settings
- B. Actions that define port protection settings and encryption settings for hard disks and removable media
- C. Actions that define decryption settings for hard disks
- D. Actions that define user authentication settings only
正解:B
質問 # 61
In addition to passwords, what else does the pre-boot environment also support?
- A. Options for single-factor authentication method
- B. Options for multi-factor authentication methods
- C. Options for double-factor authentication method
- D. Options for remote authentication method
正解:B
解説:
The Check Point Harmony Endpoint documentation clearly specifies that the pre-boot environment supports multi-factor authentication methods. These methods combine different authentication mechanisms to enhance security significantly beyond traditional password-based authentication alone.
Exact Extract from Official Document:
"You can also use TPM in addition to Pre-boot authentication for two-factor authentication." Reference:Check Point Harmony Endpoint Specialist R81.20 Administration Guide, Section: "Authentication before the Operating System Loads (Pre-boot)."
質問 # 62
The CEO of the company uses the latest Check Point Endpoint client on his laptop. All capabilities are enabled, and FDE has been applied. The CEO is on a business trip and remembers that he needs to send some important emails, so he is forced to boot up his laptop in a public area. However, he suddenly needs to leave and forgets to lock or shut down his computer. The laptop remains unattended. Is the CEO's data secured?
- A. The laptop is using the latest technology for Full Disk Encryption. Anyone who finds the laptop can't access its data due to the data encryption used.
- B. The data is not secured. The laptop was left unlocked in the email client window. Everyone who accesses the laptop, before it automatically locks, has access to all data.
- C. The laptop is totally secure since the Endpoint client will automatically detect the emergency and has set the OS in hibernate mode.
- D. The laptop is not secure because anyone in the local connected Wi-Fi can access the CEO's corporate data.
正解:B
解説:
Full Disk Encryption (FDE) primarily protects data when the computer is turned off or locked. If the laptop is booted and left unattended without being locked or shut down, the encryption does not actively protect data at the moment. Anyone who gains physical access to the device during this time can view and access all open data and applications until the computer auto-locks or is manually locked.
Exact Extract from Official Document:
"Pre-boot Protection requires users to authenticate to their computers before the computer boots. This prevents unauthorized access to the operating system using authentication bypass tools at the operating system level or alternative boot media to bypass boot protection." This implies that once booted and logged in, the data is accessible if the laptop is left unattended and unlocked.
Reference:Check Point Harmony Endpoint Specialist R81.20 Administration Guide, Section: "Pre-boot Protection".
質問 # 63
What is the command required to be run to start the Endpoint Web Interface for on-premises Harmony Endpoint Web Interface access?
- A. start_web_mgmt - run in dish
- B. web_mgmt_start - run in dish
- C. start_web_mgmt - run in expert mode
- D. web_mgmt_start - run in expert mode
正解:D
質問 # 64
Which Endpoint capability ensures that protected computers comply with your organization's requirements and allows you to assign different security levels according to the compliance state of the endpoint computer?
- A. Compliance Check
- B. Capsule Cloud Compliance
- C. Full Disk Encryption
- D. Forensics and Anti-Ransomware
正解:A
解説:
The Harmony Endpoint solution includes a capability calledCompliancethat ensures endpoint computers meet organizational security standards and allows administrators to assign varying security levels based on their compliance status. This is detailed in theCP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdfon page 20, under "Endpoint Security Client":
"Compliance: Allows you to enforce endpoint compliance on multiple checks before users log into the network. You can check that the appropriate endpoint security components are installed, correct OS service pack are installed on the endpoint, only approved applications are able to run on the endpoint, appropriate anti- malware product and version is running on the endpoint." Further clarification is provided onpage 377, under "Compliance":
"The Compliance blade ensures that protected computers comply with your organization's requirements. You can assign different security levels according to the compliance state of the endpoint computer." These extracts confirm thatCompliance Check(Option A) is the capability that verifies compliance and adjusts security levels accordingly, directly matching the question's requirements.
The other options do not fit:
* Option B ("Capsule Cloud Compliance"): "Capsule Cloud" is not referenced in the guide; it may be a misnomer or unrelated to this context.
* Option C ("Forensics and Anti-Ransomware"): This focuses on threat analysis and ransomware prevention (page 329), not compliance enforcement.
* Option D ("Full Disk Encryption"): This protects data via encryption (page 217) but does not manage compliance states or security levels.
Thus,Compliance Checkis the correct answer.
References:
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 20: "Endpoint Security Client" (describes Compliance capability).
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 377: "Compliance" (details compliance enforcement and security levels).
質問 # 65
The Endpoint administrator prepared deployment rules for remote deployment in a mixed desktop environment. Some of the non-Windows machines could not install Harmony Endpoint clients. What is the reason for this?
- A. Deployment rules are not supported on macOS clients
- B. Administrator doesn't run chmod command, to allow execution permission to the deployment script
- C. Deployment rules were assigned to users not to machines
- D. macOS clients are not supported by Harmony Endpoint
正解:A
質問 # 66
The Push Operation Wizard allows users to select which three topics for Push Operations?
- A. Anti-Malware, Forensics and Remediation, Agent Settings
- B. Anti-Malware, Analysis, Agent Deployment
- C. Anti-Ransomware, Forensics and Analysis, Agent Configurations
- D. Anti-Virus, Remediation, Agent Settings
正解:A
解説:
As detailed in the official Check Point Harmony Endpoint documentation, the Push Operation Wizard supports various push operations categorized specifically into Anti-Malware, Forensics and Remediation, and Agent Settings. These operations allow administrators to remotely manage security actions such as malware scans, forensic data collection, remediation tasks, and settings related to endpoint agents.
Exact Extract from Official Document:
"Push operations supported include Anti-Malware, Forensics and Remediation, and Agent Settings." Reference:Check Point Harmony Endpoint Specialist R81.20 Administration Guide.
質問 # 67
Before installing FDE on a client machine, what should administrators make sure of?
- A. That system volumes include at least 32 MB of continuous space
- B. That system volumes include at least 50 MB of continuous space
- C. That system volumes include at least 25 MB of continuous space
- D. That system volumes include at least 36 MB of continuous space
正解:A
解説:
Installing Full Disk Encryption (FDE) on a client machine requires specific conditions to be met, including sufficient disk space on system volumes. TheCP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf provides an exact specification for this requirement.
Onpage 249, under "Client Requirements for Full Disk Encryption Deployment," the guide explicitly states:
"Ensure that the system volumes have at least 32 MB of continuous free space." This precise requirement confirms that administrators must ensure the system volumes have at least32 MB of continuous space, makingOption Athe correct answer. The other options (B, C, and D) list different space values (50 MB, 36 MB, and 25 MB, respectively), none of which are supported by the documentation. The use of "continuous" space emphasizes the need for an uninterrupted block, critical for FDE's operation, further solidifying Option A's accuracy.
References:
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 249: "Client Requirements for Full Disk Encryption Deployment" (space requirement).
質問 # 68
Which of the following is TRUE about the functions of Harmony Endpoint components?
- A. SmartEndpoint Console connects to and manages the Endpoint Management Server (EMS)
- B. Web Management Console for Endpoint connects to the Check Point Security Management Server (SMS)
- C. SmartConsole connects to and manages the Endpoint Management Server (EMS)
- D. SmartEndpoint connects to the Check Point Security Management Server (SMS)
正解:A
解説:
The SmartEndpoint Console is a key component in the Harmony Endpoint architecture, specifically designed to connect to and manage the Endpoint Management Server (EMS). It is a Check Point SmartConsole application used to deploy, monitor, and configure endpoint security clients and policies, communicating directly with the EMS. In contrast, SmartEndpoint does not connect to the Security Management Server (SMS) as stated in option A. SmartConsole (C) is a broader management tool for Check Point gateways, not specifically for the EMS. Option D, regarding the Web Management Console, is not supported by the documentation as connecting to the SMS. Therefore, "SmartEndpoint Console connects to and manages the Endpoint Management Server (EMS)" (B) is the true statement.
質問 # 69
What does Endpoint's Media Encryption (ME) Software Capability requiring authorization accomplish?
- A. Controls ports and encrypts storage media
- B. Decrypts and blocks access to specific ports
- C. Controls ports and manages ports
- D. Protects sensitive data and encrypts storage media
正解:D
解説:
The Media Encryption (ME) capability in Check Point Harmony Endpoint focuses on securing data on removable media by encrypting it and controlling access, often requiring user authorization as a key feature.
TheCP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdfdetails this functionality explicitly.
Onpage 280, under "Media Encryption & Port Protection," it states:
"Protects data stored on the computers by encrypting removable media devices and allowing tight control over computers' ports (USB, Bluetooth, and so on)." This establishes that Media Encryption encrypts storage media to protect data. Additionally, onpage 283, in
"Configuring the Read Action," the documentation elaborates:
"You can configure the read action to require user authorization before allowing access to encrypted media.
Require Authorization: Users must enter a password to access the media." The "requiring authorization" aspect means that users must authenticate (e.g., via a password) to access the encrypted media, directly contributing to the protection of sensitive data by ensuring only authorized individuals can read it.Option A("Protects sensitive data and encrypts storage media") captures the primary accomplishment of this capability, with authorization being a mechanism to achieve that protection.
* Option B("Controls ports and encrypts storage media") is partially correct, as port control is part of the broader "Media Encryption & Port Protection" component (page 280). However, the question specifies
"Media Encryption (ME)," focusing on the encryption aspect, and port control is not directly tied to the authorization requirement for media access.
* Option C("Controls ports and manages ports") omits encryption entirely, which is the core of ME, making it incorrect.
* Option D("Decrypts and blocks access to specific ports") misrepresents ME's purpose, which is to encrypt and secure data, not decrypt it, nor does it primarily block ports (that's Port Protection's role).
Thus,Option Aaligns best with the accomplishment of Media Encryption requiring authorization, emphasizing data protection through encryption and access control.
References:
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 280: "Media Encryption & Port Protection" (encryption of removable media).
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 283: "Configuring the Read Action" (authorization requirement for accessing encrypted media).
質問 # 70
......
100%の合格率を試そう!更新されたのは156-536試験問題 [2025年更新]:https://jp.fast2test.com/156-536-premium-file.html
ベストな問題集を使おうCCES 156-536専門試験問題:https://drive.google.com/open?id=1CBjAKy4S-D_yoxFjBY-Mh7mpHQUtwsoE