JNCIA-SEC: Juniper Networks Certified Associate – Security — Question 26

You have created a zone-based security policy that permits traffic to a specific webserver for the marketing team. Other groups in the company are not permitted to access the webserver. When marketing users attempt to access the server they are unable to do so.
What are two reasons for this access failure? (Choose two.)

Answer options

• A. You failed to position the policy before the policy that denies access to the webserver.
• B. You failed to position the policy after the policy that denies access to the webserver.
• C. You failed to commit the policy change.
• D. You failed to change the source zone to include any source zone.

Correct answer: A, C

Explanation

The correct answer A indicates that the policy must be prioritized before any denial policies for it to take effect. Answer C is also correct because failing to commit the policy means that the changes were never applied. Options B and D do not directly address the reasons for access failure in this scenario.