The correct answer is A. Detect . IPS Staging Mode is designed to introduce newly updated protections safely by observing their effect before enforcing active prevention. Check Point documentation states that when newly updated protections are set to Staging Mode , they remain in staging until the administrator changes their configuration. The default action for protections in staging mode is Detect , and this can be changed manually in the IPS Protections page. The R81.20 guide states the same behavior: newly updated protections in staging mode remain there until changed, and their default action is Detect.

This behavior is important during IPS lifecycle management because new signatures can introduce unexpected matches in production traffic. Detect mode allows the gateway to log and expose what the protection would have matched while avoiding immediate blocking. That gives administrators time to validate logs, tune exceptions, confirm confidence level, and assess business impact before switching to Prevent. Bypass would skip inspection and is not the staging default. None is not the default action. Prevent may be the final desired enforcement state, but staging intentionally avoids immediate prevention until analysis is complete. Reference topics: IPS Updates Policy, Staging Mode, Newly Updated Protections, Detect action, IPS protection rollout.