Explanation: By default, when the CPUSE Software Updates Policy is set to Automatic, updates are checked every three hours3. This means that the CPUSE agent will automatically download and install updates that match the policy settings every three hours. The other options are not the default values for the CPUSE Software Updates Policy. References: 3: Check Point Software, Getting Started, CPUSE Software Updates Policy.

Explanation: The verified answer is B. SmartConsole machine is not part of the domain.
The Identity Awareness wizard uses the SmartConsole machine to detect the windows domain by querying the Active Directory server using DCOM protocol1. If the SmartConsole machine is not part of the domain, the query will fail and the wizard will not automatically detect the domain. The user will have to manually enter the domain name and credentials to proceed with the configuration.
The Security Gateway, the Security Management Server, and the Identity Awareness global properties do not affect the domain detection by the wizard. However, they are required for other aspects of the Identity Awareness blade, such as AD Query, Identity Collector, and Browser-Based Authentication2.

Explanation: The multicast destination assigned by the Internet Assigned Numbers Authority (IANA) for VRRP is 224.0.0.18. This is a reserved multicast address that is used by VRRP routers to communicate with each other and announce their priority and state. Firewall policies must be configured to accept VRRP packets on the Gaia platform if it runs Firewall software. Otherwise, VRRP packets will be dropped by default.

Explanation: The verified answer is B. Automatic proxy ARP configuration can be enabled.
Proxy ARP is a feature that allows a gateway to respond to ARP requests on behalf of another IP address that is not on the same network segment. Proxy ARP is required for manual NAT rules when the NATed IP addresses are not routed to the gateway1.
By default, proxy ARP for manual NAT rules has to be configured manually by editing the local.arp file or using the CLISH commands on the gateway2. However, since R80.10, there is an option to enable automatic proxy ARP configuration for manual NAT rules by modifying the files $CPDIR/tmp/.CPprofile.sh and $CPDIR/tmp/.CPprofile.csh on the gateway3.
fw ctl proxy is a command that displays the proxy ARP table on the gateway, but it does not configure proxy ARP4.
Translate Destination on Client Side is a NAT option that determines whether the destination IP address is translated before or after the routing decision. It does not affect proxy ARP.

Explanation: The valid authentication methods for mutual authenticating the VPN gateways are Pre-shared Secret and PKI Certificates. Pre-shared Secret is a method that uses a secret key that is known only to the two VPN gateways. PKI Certificates is a method that uses digital certificates that are issued by a trusted Certificate Authority (CA) and contain the public key of each VPN gateway. Both methods ensure that the VPN gateways can verify each other’s identity before establishing a secure VPN tunnel.