In the R81 exam context, nat templates are enabled by default and disabled by default in a R80 context.

CCSE Page 325 “NAT Templates - Generated to achieve high session rate for NAT. These templates store the NAT attributes of connections matched by rule base so that similar new connections can take advantage of this information and do NAT without the expensive rule base lookup. These are enabled by default and work only if Accept Templates are enabled”

NAT Templates- Enabled by default and work only if Accept Templates is enabled. CCSE Guide

NAT templates are enabled by default from at least R80.40. CCSE R80.40 manual page 242.

Correct, asnwer "A"

NAT templates are not enabled by default. I will go with C.

sing SecureXL Templates for NAT traffic is critical to achieve high session rate for NAT. SecureXL Templates are supported for Static NAT and Hide NAT using the existing SecureXL Templates mechanism. SecureXL NAT Templates are supported in cluster in High Availability / VRRP, and Load Sharing modes. SecureXL Templates are supported by VSX Virtual Systems. SecureXL NAT Templates feature in SecureXL is disabled by default on Check Point Security Gateway R80.10 and below. All template handling in versions R80.20 and above has moved to the Firewall, and is not relevant to SecureXL . SecureXL implements NAT Templates only once these templates are offloaded by FireWall kernel.

I would say C, as they're disabled by default. However this is seemingly a legacy question, as after R80.20 template handling happens on the firewall, not relevant to SecureXL - likely won't see this question on an R81 exam. "SecureXL NAT Templates feature in SecureXL is disabled by default on Check Point Security Gateway R80.10 and below. All template handling in versions R80.20 and above has moved to the Firewall, and is not relevant to SecureXL ." https://support.checkpoint.com/results/sk/sk71200