Which two criteria should a zone-based security policy include? (Choose two.)
Which two criteria should a zone-based security policy include? (Choose two.)
Two essential criteria for a zone-based security policy are zone context and an action. The zone context defines the scope within which the rules are applied, specifying the movement of traffic between security zones. An action dictates what is to be done with the traffic that matches the defined criteria, such as allowing or blocking it. These components ensure that traffic is appropriately managed and secure as it traverses the network.
I think it should be the zone context (from zone to zone) and an action
I think it’s src and dst https://www.juniper.net/documentation/us/en/software/junos/security-policies/topics/topic-map/security-policy-configuration.html
CD are the correct answers
A security policy is a set of statements that controls traffic from a specified source to a specified destination using a specified service. A policy permits, denies, or tunnels specified types of traffic unidirectionally between two points. Each policy consists of: A unique name for the policy. A from-zone and a to-zone, for example: user@host# set security policies from-zone untrust to-zone untrust A set of match criteria defining the conditions that must be satisfied to apply the policy rule. The match criteria are based on a source IP address, destination IP address, and applications. The user identity firewall provides greater granularity by including an additional tuple, source-identity, as part of the policy statement. A set of actions to be performed in case of a match—permit, deny, or reject. Accounting and auditing elements—counting, logging, or structured system logging. ~~~~Action is not a match criteria https://www.juniper.net/documentation/us/en/software/junos/security-policies/topics/topic-map/security-policy-configuration.html
In a Junos OS stateful firewall, the security policies enforce rules for transit traffic, in terms of what traffic can pass through the firewall, and the actions that need to take place on traffic as it passes through the firewall. From the perspective of security policies, the traffic enters one security zone and exits another security zone. This combination of a from-zone and to-zone is called a context. Each context contains an ordered list of policies. Each policy is processed in the order that it is defined within a context.
C D is the answer
YEP CD
CD is correct
Ports not required in zone based policies
C and D
no need source port and destination port but use application
CD is the answer
no mention of port, does have application Security Policy Structure + Name + Context + From-zone & to-zone + Rules + Match criteria + Source address + Destination address + Application + Identity (user-based firewall) + Action