CheckPoint 156-590 Exam - Topic 10 Question 4 Discussion

The correct answer is B. CPU Utilization. IPS protection selection and activation are based on protection metadata and profile criteria, not a direct CPU-utilization rating. The official Threat Prevention guide states that a Threat Prevention profile activates protections according to factors including performance impact of the protection, severity of the threat, confidence that a protection can correctly identify an attack, and settings specific to the Software Blade.

The same R81.20 guide shows how the Optimized profile uses these criteria: protections are set to Prevent or Detect based on Confidence Level, Performance Impact, and Severity thresholds. CPU utilization is certainly relevant in performance troubleshooting, capacity planning, and operational monitoring, but it is not one of the IPS protection-selection ratings. In practice, CPU usage is an observed runtime metric, while Performance Impact is the predefined protection attribute used by profiles to decide whether a protection should be active, detect-only, or prevented. This distinction matters in certification: IPS tuning is driven by profile attributes, while CPU utilization is reviewed afterward through monitoring tools such as CPView, logs, and performance diagnostics. Reference topics: IPS Protection ratings, Threat Prevention Profiles, Severity, Confidence Level, Performance Impact, activation criteria.