Question 3 - Juniper JN0-231 Real Exam Questions [Jan 2026 Update]

Q: 3

Which two criteria should a zone-based security policy include? (Choose two.)

Options

Correct Answer:

C, D

Explanation

A Juniper zone-based security policy is fundamentally defined by its context and its resulting action. The zone context (C), specified by the from-zone and to-zone statements, is a mandatory component that defines the scope and direction of traffic the policy inspects. An action (D), such as permit or deny configured in the then clause, is also mandatory, as it dictates the final disposition of the matched traffic. A policy is incomplete and non-functional without both a defined zone context and a specified action.

Why Incorrect

A. a source port: This is an optional match criterion within a policy. A policy can be valid without specifying a source port, for instance, by matching on an application like junos-icmp.

B. a destination port: Similar to the source port, this is an optional match criterion. A policy can match traffic based on addresses or protocols alone, without specifying a destination port.

References

1. Juniper Networks TechLibrary

"Security Policies Overview": "Security policies are rules that control traffic flow from one zone to another zone... A policy consists of a set of match criteria and a set of actions." This establishes that the zone context (from-zone

to-zone) and the action are fundamental components.

URL: https://www.juniper.net/documentation/us/en/software/junos/security-policies/topics/concept/security-policy-overview.html

2. Juniper Networks TechLibrary

"Understanding Security Policies": "Each policy must include criteria for matching a connection and actions to be taken when a match occurs." This explicitly states that match criteria and actions are required. The context for the policy is always the from-zone and to-zone.

URL: https://www.juniper.net/documentation/us/en/software/junos/security-policies/topics/concept/security-policy-understanding.html

3. Juniper Networks TechLibrary

Configuration Hierarchy for security policies: The configuration structure [edit security policies from-zone to-zone policy then ] demonstrates that the zone context (from-zone

to-zone) and the action (then) are mandatory structural elements of any policy.

URL: https://www.juniper.net/documentation/us/en/software/junos/security-policies/topics/ref/statement/security-edit-policies.html

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE