JNCIP-SEC: Juniper Networks Certified Professional – Security (2024) — Question 49

You configure two Ethernet interfaces on your SRX Series device as Layer 2 interfaces and add them to the same VLAN. The SRx is using the default 12-learning setting. You do not add the interfaces to a security zone.
Which two statements are true in this scenario? (Choose two.)

Answer options

• A. You cannot add Layer 2 interfaces to a security zone.
• B. You are unable to apply stateful security features to traffic that is switched between the two interfaces.
• C. The interfaces will not forward traffic by default.
• D. You are able to apply stateful security features to traffic that enters and exits the VLAN.

Correct answer: B, C

Explanation

The correct answer is B because stateful security features cannot be applied to traffic switched between Layer 2 interfaces that are not part of a security zone. C is also correct as the interfaces will not forward traffic by default without being configured to do so. A is incorrect because while Layer 2 interfaces are typically not added to security zones, the statement is misleading in this context. D is incorrect since stateful features cannot be applied if the interfaces are not in a security zone.