We should really know how the exam is being administered.
If it is a browser-based exam and the PCs should be able to access the resources outside to run it, we cannot simply block HTTP/HTTPS. You should define custom site and permit access to it using URLF/App Control in the rule above that preventing HTTP(S) access to other sites.
Remote administration of PCs could be accomplished by either configuring a mobile access for the teacher, to connect tot the gateway via VPN and running RDP to the PCs, or by deploying a jump host, like Apache Guacamole™ ,configuring it to run on custom port not conflicting with any of Check Point services.
For example:
1. Create custom HTTPS service:
2. Create these objects:
a dummy object with Gateway's external IP:
and a real object for the JumpHost:
students's network:
custom Site:
and Test Time(s):
3. Configure NAT rules:
4. Enable "Time" column in the Policy view:
5. And configure the access rules:
This should do it.