Exam JN0-635 topic 1 question 2 discussion

C. close-client-and-server if not terminate flagged then When traffic matches multiple rules, the most severe IP action of all matched rules is applied. The most severe IP action is the Close Session action, the next in severity is the Drop/Block Session action, and then the Notify action. (no-action)

Since traffic matches all rules it will be dropped by the first rule Answer - no action

Ignore-Connection means the traffic will be permitted, but also that the IPS engine will ignore the rest of the connection and will not process it at all. This is useful for identifying connections (e.g., custom applications) that you do not want to inspect. After a session has been marked Ignore-Connection, the IPS engine will not process it. It’s important to keep that in mind, because an attack could be present later in the connection, but the IPS would not see it. If you only want to ignore a specific attack, but not ignore the rest of the connection, either put that attack in the Exempt rulebase (recommended) or configure the rule with No-Action. Correct response is D

answer D is correct

steps after ignore-connection will not be matched

example: https://www.juniper.net/documentation/us/en/software/junos/idp-policy/topics/topic-map/security-idp-policies-overview.html#id-idp-policy-selection-for-unified-policies__d30629e398

"A rulebase is an ordered set of rules that use a specific detection method to identify and prevent attacks. When traffic matches multiple rules, the most severe IP action of all matched rules is applied. The most severe IP action is the Close Session action, the next in severity is the Drop/Block Session action, and then the Notify action."