As explained earlier, a single OPC-UA server may have multiple endpoints with the same functionality, but using different protocols, or different security settings (for example, an endpoint that provide message security may exist alongside with endpoint that does not provide message security). When OPC Data Client is given an endpoint URL, it does not yet (in general case) precisely determine the actual OPC UA server endpoint that the client wil lbe connecting to.
In order to influence which endpoint will get used, you can configure an OPC UA Endpoint Selection Policy. The policy can specifies various aspects of the endpoint you wish to connect to. Some of them are not related to security (for example, data encoding). Many aspects of the endpoint selection policy have, however, direct effect on the resulting security of the communication between the OPC UA client and the OPC UA server.
See OPC UA Server Endpoints for information about how to set the endpoint selection policy either globally, or just for a single endpoint descriptor. See OPC UA Endpoint Selection Policy for information about the contents of the policy, and meaning of its various parameters.