A is correct, page 324 CCSE student and lab manual

I think the correct answer is A. As we have seen in the packet acceleration, the first packet of each connection has to go through the F2F path and then the connection gets offloaded to the SecureXL. The connection rate acceleration works by processing the first packet of a connection within SecureXL and not sending it to the Firewall. This is possible with help of templates (explained below) which identifies the allowable connections by 4 attributes: Source address Destination address Destination port Protocol If a connection with these four attributes has been allowed by the Firewall previously, then it will continue to allow more connections with the same four attributes. unless: The policy has been updated The policy includes source port restriction The service uses dynamically mapped ports. e.g. RPC-DCOM

I would say C (CCSE kortext site 323) A would be for Connection/Session Rate Accleration. But not absolutly sure

A is correct, because Templates resource.

I think the keywords here are "AFTER the connection is allowed.." which I'm assuming means the traffic matches a SecureXL "Accept Template" Looking at the default output of the command "fwaccel templates" in the below link, you can see that Source IP, Dest IP, DPort, and PR (protocol?) are listed. SPort has a * value. https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/PTG/SecureXL/fwaccel-templates.htm