JNCIP-SEC: Juniper Networks Certified Professional – Security (2022) — Question 22

You correctly configured a security policy to deny certain traffic, but logs reveal that traffic is still allowed.
Which specific traceoption flag will help you troubleshoot this problem?

Answer options

• A. lookup
• B. configuration
• C. routing-socket
• D. rules

Correct answer: D

Explanation

The 'rules' traceoption flag is essential for diagnosing security policy issues, as it allows you to see how rules are applied to traffic. The other options, while useful for different purposes, do not provide insight into the rule evaluation process that affects traffic denial.