Exam 156-536 Topic 5 Question 42 Discussion

The default encryption algorithm for Full Disk Encryption (FDE) in Check Point Harmony Endpoint, as configured in the Advanced Settings tab, isXTS-AES 256 bit. This is explicitly stated in theCP_R81.
20_Harmony_Endpoint_Server_AdminGuide.pdfonpage 221, under the "Custom Disk Encryption Settings" section:
"The default encryption algorithm is XTS-AES 256 bit."
This extract confirms thatOption Cis correct. The document further notes that administrators can choose between XTS-AES 256 bit and XTS-AES 128 bit, but 256 bit is the default, reflecting a preference for stronger encryption. XTS (XEX-based tweaked-codebook mode with ciphertext stealing) is specifically designed for disk encryption, providing better security than CBC (Cipher Block Chaining) modes.
* Option A ("AES-CBC 128 bit")andOption B ("AES-CBC 256 bit")are incorrect because FDE uses XTS mode, not CBC, which is less suited for disk encryption due to its vulnerabilities in this context.
* Option D ("XTS-AES 128 bit")is a configurable option but not the default, as the guide specifies 256 bit as the standard setting.
References:
CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 221: "Custom Disk Encryption Settings" (confirms XTS-AES 256 bit as the default algorithm).