The correct answer is C. Install the Threat Prevention Policy . IPS Core Protections are part of the Threat Prevention policy domain, so changing them in SmartConsole is not enough by itself. The updated configuration must be compiled and installed to the relevant Security Gateways through the Threat Prevention Policy installation process. Check Point’s IPS Protections documentation shows the workflow for editing core protections: go to Security Policies > Threat Prevention > Custom Policy Tools > IPS Protections , filter for Type Core , edit the required core protection settings, and then Install the Threat Prevention policy .

This directly eliminates the other options. The setting is not immediately active because gateways enforce installed policy, not merely edited management configuration. Install Database updates the management database but does not push enforcement logic to the Security Gateway. Install Access Control Policy applies firewall/access-layer logic, but IPS Core Protections belong to the Threat Prevention policy. In operational terms, this separation allows administrators to install Threat Prevention changes without necessarily reinstalling Access Control, reducing disruption and keeping blade changes scoped to the correct policy package. Reference topics: IPS Protections, Core IPS Protections, Custom Policy Tools, Threat Prevention Policy installation, enforcement lifecycle.