JNCIP-SEC: Juniper Networks Certified Professional – Security (2022) — Question 6

You are asked to configure a new SRX Series CPE device at a remote office. The device must participate in forwarding MPLS and IPsec traffic.
Which two statements are true regarding this implementation? (Choose two.)

Answer options

• A. Host inbound traffic must not be processed by the flow module
• B. Host inbound traffic must be processed by the flow module
• C. The SRX Series device can process both MPLS and IPsec with default traffic handling
• D. A firewall filter must be configured to enable packet mode forwarding

Correct answer: A, D

Explanation

Option A is correct because it indicates that host inbound traffic should bypass the flow module to efficiently handle MPLS and IPsec. Option D is also correct as a firewall filter is necessary for enabling packet mode forwarding. Options B and C are incorrect; B contradicts the requirement, while C does not account for the specific needs of MPLS and IPsec traffic processing.