Core Activation Exceptions are applied to what?

The correct answer is D. Individual Protections . Core Activation Exceptions are used to override activation behavior at the protection level, not at a broad ThreatCloud, inspection-engine, or protection-group abstraction. The official IPS profile settings documentation explains that the Additional Activation section gives administrators granular control to select IPS protections to activate or deactivate. It states that activated protections are enforced by gateways, while deactivated protections are not enforced, regardless of the general profile protection settings.

Check Point’s IPS Protections documentation reinforces this object-level model: each profile is a set of activated protections plus instructions for what IPS does if traffic matches an activated protection, and administrators can change the action for a specified protection. Therefore, a Core Activation Exception is not a general tuning category and does not apply to the entire ThreatCloud or to engine-wide inspection settings. It is used when a specific protection requires a different activation state than the profile would normally produce. This is common during false-positive handling, staged rollout, exception tuning, or targeted hardening for a specific vulnerability. Reference topics: IPS Protections, Additional Activation, activation overrides, individual protection enforcement, profile-based IPS tuning.