Which two statements are correct about security zones and functional zones? (Choose two.)

1. A. Traffic entering an interface in a functional zone cannot exit any other transit interface.
2. B. Traffic entering transit interfaces can exit an interface in a functional zone.
3. C. Traffic entering an interface in a functional zone can exit any other transit interface.
4. D. Traffic entering transit interfaces cannot exit an interface in a functional zone.

Correct Answer: AD
Functional zones(e.g., junos-host, management, null) are not used for forwarding transit traffic. They are used to manage traffic destined to or from the SRX device itself.
Option A:Correct. If traffic enters through a functional zone interface, it is meant for the SRX, not for transit, so it cannot exit another interface.
Option D:Correct. Transit interfaces handle forwarding traffic, but they cannot send that traffic out through a functional zone interface.
Option B and C:Incorrect, because functional zones are strictly control-plane, not transit forwarding zones.
Correct Statements:A and D
[Reference:Juniper Networks –Security Zones vs. Functional Zones, Junos OS Security Fundamentals., ]

You are troubleshooting first path traffic not passing through an SRX Series Firewall. You have determined that the traffic is ingressing and egressing the correct interfaces using a route lookup.
In this scenario, what is the next step in troubleshooting why the device may be dropping the traffic?

1. A. Verify that the interfaces are in the correct security zones.
2. B. Verify the routing protocol being used.
3. C. Verify that source NAT is occurring.
4. D. Verify that the correct ALG is being used.

Correct Answer: A