JNCIP-SEC: Juniper Networks Certified Professional – Security (2024) — Question 20

Which two statements are true about the procedures the Junos security device uses when handling traffic destined for the device itself? (Choose two.)

Answer options

• A. If the received packet is addressed to the ingress interface, then the device first performs a security policy evaluation for the junos-host zone.
• B. If the received packet is addressed to the ingress interface, then the device first examines the host -inbound-traffic configuration for the ingress interface and zone.
• C. If the received packet is destined for an interface other than the ingress interface, then the device performs a security policy evaluation based on the ingress and egress zone.
• D. If the received packet is destined for an interface other than the ingress interface, then the device performs a security policy evaluation for the junos-host zone.

Correct answer: B, C

Explanation

Option B is correct because the Junos device first checks the host-inbound-traffic configuration for packets addressed to the ingress interface. Option C is also correct as it describes how the device evaluates security policies for packets going to interfaces other than the ingress interface. Options A and D are incorrect because they misrepresent the order and criteria of security evaluations for packets directed to the ingress interface and other interfaces respectively.