CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Juniper
  5. JN0-636

Free JN0-636 Exam Braindumps (page: 11)

Page 10 of 29
PDF with 115 Questions

Exhibit



Referring to the exhibit, which two statements are true? (Choose two.)

  1. The SRX-1 device can use the Proxy__Nodes feed in another security policy.
  2. You can use the Proxy_Nodes feed as the source-address and destination-address match criteria of another security policy on a different SRX Series device.
  3. The SRX-1 device creates the Proxy_wodes feed, so it cannot use it in another security policy.
  4. You can only use the Proxy_Node3 feed as the destination-address match criteria of another security policy on a different SRX Series device.

Answer(s): C,D

Explanation:

The exhibit shows the output of the show security intelligence category summary command on the

SRX-1 device. This command displays the status of the security intelligence categories configured on the device. In the output, we can see that there are two categories configured - Proxy_Nodes and Proxy_Node. The Proxy_Nodes category is a custom category that is created by the SRX-1 device using the adaptive threat profiling feature. The Proxy_Node3 category is a third-party category that is downloaded from the Juniper ATP Cloud service. The Proxy_Nodes category contains the IP addresses that match the security policy named Proxy-ATP on the SRX-1 device. The Proxy_Node3 category contains the IP addresses that are associated with the Tor network. The two statements that are true based on the exhibit are:
The SRX-1 device creates the Proxy_Nodes feed, so it cannot use it in another security policy. This is because the adaptive threat profiling feature does not allow the device that creates the feed to use it in another security policy. The feed is intended to be shared with other devices in the same realm through the Juniper ATP Cloud service. The SRX-1 device can only use the feeds that are created by other devices or downloaded from third-party sources.
You can only use the Proxy_Node3 feed as the destination-address match criteria of another security policy on a different SRX Series device. This is because the Proxy_Node3 feed is a third-party feed that is downloaded from the Juniper ATP Cloud service. The SRX-1 device can use this feed as a dynamic address object in its security policies. However, the feed is configured with the destination- only option, which means that it can only be used as the destination-address match criteria of a security policy. The source-address match criteria of a security policy cannot use this feed.


Reference:

Juniper Security, Professional (JNCIP-SEC) Reference Materials source and documents:
https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show- security-intelligence-category-summary.html https://www.juniper.net/documentation/en_US/junos/topics/concept/security-intelligence-third- party-feed-configuring.html https://www.juniper.net/documentation/en_US/junos/topics/concept/security-adaptive-threat- profiling-overview.html



Exhibit



An administrator wants to configure an SRX Series device to log binary security events for tenant systems.
Referring to the exhibit, which statement would complete the configuration?

  1. Configure the tenant as TSYS1 for the pi security profile.
  2. Configure the tenant as root for the pi security profile.
  3. Configure the tenant as master for the pi security profile.
  4. Configure the tenant as local for the pi security profile

Answer(s): D

Explanation:

According to the Juniper documentation, a tenant system is a logical system that supports routing, services, and security features. A tenant system can be configured to log binary security events to a remote server using the pi security profile. The pi security profile specifies the tenant name, the server address, the server port, and the protocol for logging binary security events. In the exhibit, the pi security profile is configured with the server address 10.0.0.1, the server port 514, and the protocol UDP. However, the tenant name is missing from the configuration. To complete the configuration, the tenant name must be configured as local for the pi security profile. This is because the local tenant name is used to identify the tenant system that is sending the binary security events to the remote server. Therefore, the correct statement to complete the configuration is D. Configure the tenant as local for the pi security profile.


Reference:

[Tenant Systems Overview] 1, [Configuring Binary Security Event Logging for Tenant Systems] 2
1: https://www.juniper.net/documentation/us/en/software/junos/logical-system- security/topics/topic-map/tenant-systems-overview.html 2:
https://www.juniper.net/documentation/us/en/software/junos/logical-system- security/topics/task/security-tenant-systems-binary-logging-configuring.html



What is the purpose of the Switch Microservice of Policy Enforcer?

  1. to isolate infected hosts
  2. to enroll SRX Series devices with Juniper ATP Cloud
  3. to inspect traffic for malware
  4. to synchronize security policies to SRX Series devices

Answer(s): A

Explanation:

The purpose of the Switch Microservice of Policy Enforcer is to isolate infected hosts. The Switch Microservice is a component of Policy Enforcer that runs on EX Series and QFX Series switches. It communicates with Policy Enforcer and Juniper ATP Cloud to receive threat intelligence and quarantine commands.
When an infected host is detected by Juniper ATP Cloud, Policy Enforcer sends a command to the Switch Microservice to isolate the host by applying an access control list (ACL) on the switch port where the host is connected. The ACL blocks all traffic from or to the host except for the traffic that is required for remediation. The Switch Microservice also tracks the MAC address of the infected host and updates Policy Enforcer if the host moves to a different switch port or a different switch. This way, the Switch Microservice ensures that the infected host is isolated until it is remediated and no longer poses a threat to the network.


Reference:

Juniper Security, Professional (JNCIP-SEC) Reference Materials source and documents:

https://www.juniper.net/documentation/en_US/junos/topics/concept/security-policy-enforcer- switch-microservice-overview.html



Which two modes are supported on Juniper ATP Cloud? (Choose two.)

  1. global mode
  2. transparent mode
  3. private mode
  4. Layer 3 mode

Answer(s): B,D

Explanation:

According to the Juniper documentation, Juniper ATP Cloud supports the following modes:
Layer 3 mode: In this mode, the SRX Series device acts as a Layer 3 gateway and routes traffic between different subnets. The SRX Series device performs NAT and security policy enforcement on the traffic and sends a copy of the traffic to Juniper ATP Cloud for analysis. This mode is suitable for networks that have multiple subnets and require NAT and firewall functions1 Transparent mode: In this mode, the SRX Series device acts as a Layer 2 bridge and forwards traffic between the same subnet. The SRX Series device does not perform NAT or security policy enforcement on the traffic, but sends a copy of the traffic to Juniper ATP Cloud for analysis. This mode is suitable for networks that have a single subnet and do not require NAT or firewall functions1 The other two modes, global mode and private mode, are not supported by Juniper ATP Cloud. Global mode is a configuration option for Juniper ATP Appliance, which is an on-premises solution that provides threat detection and prevention. Private mode is a configuration option for Juniper ATP Private Cloud, which is a cloud-based solution that provides threat detection and prevention within a private network23


Reference:

1: Juniper Advanced Threat Prevention Cloud | ATP Cloud | Juniper Networks 2: Juniper Advanced Threat Prevention Appliance | ATP Appliance | Juniper Networks 3: [Juniper Advanced Threat Prevention Private Cloud | ATP Private Cloud | Juniper Networks]






Post your Comments and Discuss Juniper JN0-636 exam with other Community members:

JN0-636 Discussions & Posts