JNCIS-ENT: Juniper Networks Certified Specialist – Enterprise Routing and Switching (2021) — Question 44

Which two statements are correct about security policy changes when using the policy rematch feature? (Choose two.)

Answer options

• A. When a policy change includes changing the policy's action from permit to deny, all existing sessions are maintained.
• B. When a policy change includes changing the policy's source or destination address match condition, all existing sessions are dropped.
• C. When a policy change includes changing the policy's action from permit to deny, all existing sessions are dropped.
• D. When a policy change includes changing the policy's source or destination address match condition, all existing sessions are reevaluated.

Correct answer: C, D

Explanation

The correct answers are C and D because changing a policy's action from permit to deny results in the termination of all existing sessions, while modifying the source or destination address match condition causes all current sessions to be reevaluated. Options A and B are incorrect as they misrepresent the effects of these policy changes.