Which two criteria should a zone-based security policy include? (Choose two.)
Which two criteria should a zone-based security policy include? (Choose two.)
Two essential criteria for a zone-based security policy are zone context and an action. The zone context defines the scope within which the rules are applied, specifying the movement of traffic between security zones. An action dictates what is to be done with the traffic that matches the defined criteria, such as allowing or blocking it. These components ensure that traffic is appropriately managed and secure as it traverses the network.
I think it should be the zone context (from zone to zone) and an action
I think it’s src and dst https://www.juniper.net/documentation/us/en/software/junos/security-policies/topics/topic-map/security-policy-configuration.html
In a Junos OS stateful firewall, the security policies enforce rules for transit traffic, in terms of what traffic can pass through the firewall, and the actions that need to take place on traffic as it passes through the firewall. From the perspective of security policies, the traffic enters one security zone and exits another security zone. This combination of a from-zone and to-zone is called a context. Each context contains an ordered list of policies. Each policy is processed in the order that it is defined within a context.
A security policy is a set of statements that controls traffic from a specified source to a specified destination using a specified service. A policy permits, denies, or tunnels specified types of traffic unidirectionally between two points. Each policy consists of: A unique name for the policy. A from-zone and a to-zone, for example: user@host# set security policies from-zone untrust to-zone untrust A set of match criteria defining the conditions that must be satisfied to apply the policy rule. The match criteria are based on a source IP address, destination IP address, and applications. The user identity firewall provides greater granularity by including an additional tuple, source-identity, as part of the policy statement. A set of actions to be performed in case of a match—permit, deny, or reject. Accounting and auditing elements—counting, logging, or structured system logging. ~~~~Action is not a match criteria https://www.juniper.net/documentation/us/en/software/junos/security-policies/topics/topic-map/security-policy-configuration.html
CD are the correct answers
no mention of port, does have application Security Policy Structure + Name + Context + From-zone & to-zone + Rules + Match criteria + Source address + Destination address + Application + Identity (user-based firewall) + Action
CD is the answer
no need source port and destination port but use application
C and D
Ports not required in zone based policies
CD is correct
YEP CD
C D is the answer