JNCIP-SEC: Juniper Networks Certified Professional – Security (2021) — Question 4

Your network includes SRX Series devices at the headquarters location. The SRX Series devices at this location are part of a high availability chassis cluster and are configured for IPS. There has been a node failover.
In this scenario, which statement is true?

Answer options

• A. Existing sessions continue to be processed by IPS because of table synchronization.
• B. Existing sessions are no longer processed by IPS and become firewall sessions.
• C. Existing session continue to be processed by IPS as long as GRES is configured.
• D. Existing sessions are dropped and must be reestablished so IPS processing can occur.

Correct answer: A

Explanation

The correct answer is A because table synchronization allows existing sessions to continue being processed by IPS even after a node failover. Option B is incorrect since sessions do not automatically become firewall sessions. Option C is misleading because while GRES helps with session preservation, it is the table synchronization that primarily ensures IPS processing continues. Option D is wrong as sessions are not dropped during this process.