ExamTopics Logo
Mail Us[email protected]
Menu
Juniper Discussions
exam questions

Exam JN0-637 All Questions

View all questions & answers for the JN0-637 exam
Go to Exam

Exam JN0-637 topic 1 question 27 discussion

Actual exam question from Juniper's JN0-637
Question #: 27
Topic #: 1
[All JN0-637 Questions]

Which two statements are true about the procedures the Junos security device uses when handling traffic destined for the device itself? (Choose two.)

  • A. If the received packet is addressed to the ingress interface, then the device first performs a security policy evaluation for the junos-host zone.
  • B. If the received packet is addressed to the ingress interface, then the device first examines the host -inbound-traffic configuration for the ingress interface and zone.
  • C. If the received packet is destined for an interface other than the ingress interface, then the device performs a security policy evaluation based on the ingress and egress zone.
  • D. If the received packet is destined for an interface other than the ingress interface, then the device performs a security policy evaluation for the junos-host zone.
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
by inmymind84 at April 10, 2025, 1:57 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
e359166
3 weeks ago
Selected Answer: BC
B. If the received packet is addressed to the ingress interface, then the device first examines the host-inbound-traffic configuration for the ingress interface and zone. Correct — This is the proper process. When the packet is for the SRX itself, it checks whether the service (e.g., SSH, HTTPS, etc.) is permitted under the host-inbound-traffic configuration. C. If the received packet is destined for an interface other than the ingress interface, then the device performs a security policy evaluation based on the ingress and egress zone. Correct — This describes transit traffic, where packets pass through the SRX. In this case, the device performs a security policy lookup between ingress and egress zones.
upvoted 1 times
...
inmymind84
7 months, 3 weeks ago
Selected Answer: BC
A,B be are oposit, and first hostinbound is checked. C - non-inbound interface means that traffic must go through 2 zones (and then policies), next is host inbound and at the end junos host.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel