JNCIA-SEC: Juniper Networks Certified Associate – Security — Question 20

Which statement is correct about address books for security policies on SRX Series devices?

Answer options

• A. Address sets can contain addresses from different security zones.
• B. A zone can only use one address book at a time.
• C. NAT rules can use address objects only from the global address book.
• D. Addresses in the global address book are preferred over addresses in a zone-based address book.

Correct answer: C

Explanation

The correct answer is C because NAT rules are specifically designed to reference address objects only from the global address book. The other options are incorrect: A is false because address sets can include addresses from multiple zones, B is incorrect as a zone can actually reference more than one address book, and D is misleading since the global address book does not always take precedence over zone-based books.