The correct answer is C. Check Point Identity Awareness relies on two key functional roles: Policy Decision Point (PDP) and Policy Enforcement Point (PEP). The PDP is responsible for acquiring identity information from configured identity sources and sharing identity data as required. The PEP is responsible for enforcing network access restrictions based on identity information. This architecture lets Check Point map users, computers, and groups to network activity, then use that identity context inside Access Control rules. Option A invents process names that are not official Identity Awareness process names. Option B incorrectly expands PDP and PEP as “Pre-Deployment” and “Pre-Enforcement”; those are not Check Point terms. Option D refers to generic communication concepts and not the Identity Awareness blade’s main decision/enforcement model. This question is foundational because Identity Awareness is not merely authentication; it is the bridge between identity acquisition and firewall enforcement. Reference topics: Identity Awareness, Policy Decision Point, Policy Enforcement Point, identity-based enforcement.