Exam JN0-231 topic 1 question 1 discussion

C. zone context and D. an action Explanation: Zone context: A zone-based security policy defines rules based on zones, which group interfaces with similar security requirements. The policy needs to specify the source and destination zones to determine the flow of traffic between them. Action: Every security policy includes an action to specify what should happen when the traffic matches the policy. Actions typically include allow, deny, or log. Other options: Source port and destination port: While these can be part of a policy, they are not required criteria for a zone-based security policy. The primary elements of such a policy are zones and the action to take.

C D is the answer

YEP CD

CD is correct

Ports not required in zone based policies

C and D

no need source port and destination port but use application

CD is the answer

CD are the correct answers

no mention of port, does have application Security Policy Structure + Name + Context + From-zone & to-zone + Rules + Match criteria + Source address + Destination address + Application + Identity (user-based firewall) + Action

A security policy is a set of statements that controls traffic from a specified source to a specified destination using a specified service. A policy permits, denies, or tunnels specified types of traffic unidirectionally between two points. Each policy consists of: A unique name for the policy. A from-zone and a to-zone, for example: user@host# set security policies from-zone untrust to-zone untrust A set of match criteria defining the conditions that must be satisfied to apply the policy rule. The match criteria are based on a source IP address, destination IP address, and applications. The user identity firewall provides greater granularity by including an additional tuple, source-identity, as part of the policy statement. A set of actions to be performed in case of a match—permit, deny, or reject. Accounting and auditing elements—counting, logging, or structured system logging. ~~~~Action is not a match criteria https://www.juniper.net/documentation/us/en/software/junos/security-policies/topics/topic-map/security-policy-configuration.html

In a Junos OS stateful firewall, the security policies enforce rules for transit traffic, in terms of what traffic can pass through the firewall, and the actions that need to take place on traffic as it passes through the firewall. From the perspective of security policies, the traffic enters one security zone and exits another security zone. This combination of a from-zone and to-zone is called a context. Each context contains an ordered list of policies. Each policy is processed in the order that it is defined within a context.

I think it should be the zone context (from zone to zone) and an action