Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Juniper Discussions
exam questions

Exam JN0-335 All Questions

View all questions & answers for the JN0-335 exam
Go to Exam

Exam JN0-335 topic 1 question 11 discussion

Actual exam question from Juniper's JN0-335
Question #: 11
Topic #: 1
[All JN0-335 Questions]

When a security policy is deleted, which statement is correct about the default behavior for active sessions allowed by that policy?

  • A. The active sessions allowed by the policy will be dropped.
  • B. The active sessions allowed by the policy will be marked as a legacy flow and will continue to be forwarded.
  • C. The active sessions allowed by the policy will be reevaluated by the cached policy rules.
  • D. The active sessions allowed by the policy will continue unchanged.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by gondaliya at Oct. 22, 2023, 11:18 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
quraitulain
6 months ago
A is the right answer
upvoted 1 times
...
masterkingkhan
8 months ago
sorry bit confused now- if you deactivate/rename/DELETE a policy that has an existing session the default behaviour is to drop, even if you have the policy re-match enabled it still drops the active session if you change the src/dest/app default behaviour is "continue to open session" with policy re-match it re-evaluates if you change action from permit to deny - default behaviour is "continue to open session" with policy re-match it drops the active session
upvoted 2 times
...
masterkingkhan
8 months ago
The details of the session flow are placed in a session table which is a real time list of current sessions on the srx. Only connections that are active or havent timed out show up in the session table. which means if the policy is deleted the active sessions are still in the session table and eventually will time out
upvoted 3 times
...
masterkingkhan
8 months, 1 week ago
B is correct - To solve this you have to enable "policy-rematch" under security policies... otherwise existing sessions are kept open until they time out. Enabling policy-rematch existing sessions will be reevaluated with the newly updated ruleset.
upvoted 1 times
...
66dc178
8 months, 3 weeks ago
Selected Answer: B
When a security policy is deleted in a Juniper SRX device, the default behavior for active sessions that were allowed by that policy is that they continue to flow as long as the session remains active. New flows will not be created under the deleted policy, but existing flows stay active until they age out. The "policy-rematch" feature can be configured to cause all active sessions to be re-evaluated against the security policies upon a commit, and sessions will be torn down if they are no longer permitted
upvoted 2 times
...
RickyB
8 months, 4 weeks ago
B is correct as flows will timeout eventually but are not immediately dropped. Need re-match enabled for that.
upvoted 1 times
...
OkoJun
10 months, 1 week ago
sorry my mistake. A is correct If the rule is deleted all sessions are dropped.
upvoted 1 times
...
OkoJun
10 months, 3 weeks ago
D is Correct Traffic matching an established session will continue to flow as long as that session remains active. You need to configure "set security policies policy-rematch" if you want to delete the active sessions. see : https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/security-edit-policy-rematch.html
upvoted 1 times
TECH3K3
10 months, 2 weeks ago
The link you provided does not support your claim, If anything it supports answer A
upvoted 1 times
...
...
longanghi
1 year ago
Selected Answer: A
A correct
upvoted 1 times
...
ChillingAgain
1 year ago
Selected Answer: A
A is correct. Deleted policy always immideately drops current sessions. Does not matter if policy rematch is enabled or not.
upvoted 1 times
...
gondaliya
1 year, 1 month ago
Selected Answer: A
A is correct
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel