CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Juniper
  5. JN0-636

Free JN0-636 Exam Braindumps (page: 12)

Page 11 of 29
PDF with 115 Questions

You want to enforce I DP policies on HTTP traffic.
In this scenario, which two actions must be performed on your SRX Series device? (Choose two )

  1. Choose an attacks type in the predefined-attacks-group HTTP-All.
  2. Disable screen options on the Untrust zone.
  3. Specify an action of None.
  4. Match on application junos-http.

Answer(s): A,D

Explanation:

To enforce IDP policies on HTTP traffic on an SRX Series device, the following actions must be performed:
Choose an attacks type in the predefined-attacks-group HTTP-All: This allows the SRX Series device to match on specific types of attacks that can occur within HTTP traffic. For example, it can match on SQL injection or cross-site scripting (XSS) attacks.
Match on application junos-http: This allows the SRX Series device to match on HTTP traffic specifically, as opposed to other types of traffic. It is necessary to properly identify the traffic that needs to be protected.
Disabling screen options on the Untrust zone and specifying an action of None are not necessary to enforce IDP policies on HTTP traffic. The first one is a feature used to prevent certain types of attacks, the second one is used to take no action in case of a match.



Exhibit



Referring to the exhibit, which two statements are true about the CAK status for the CAK named "FFFP"? (Choose two.)

  1. CAK is not used for encryption and decryption of the MACsec session.
  2. SAK is successfully generated using this key.
  3. CAK is used for encryption and decryption of the MACsec session.
  4. SAK is not generated using this key.

Answer(s): A,D

Explanation:

The exhibit shows the output of the show security mka sessions summary command on an SRX Series device. This command displays the status of the MACsec Key Agreement (MKA) sessions on the device. In the output, we can see that there are two CAKs configured for the interface ge-0/0/1 - FFFF and EEEE. The CAK named FFFF has the type preceding and the status live. The CAK named EEEE has the type fallback and the status active.
The two statements that are true about the CAK status for the CAK named FFFF are:
CAK is not used for encryption and decryption of the MACsec session. This is because the CAK is only used for authentication and key exchange between the MACsec peers. The CAK is not used for encrypting or decrypting the MACsec traffic. The encryption and decryption of the MACsec session is done by the Secure Association Key (SAK), which is derived from the CAK using the MKA protocol. SAK is not generated using this key. This is because the CAK named FFFF has the type preceding, which means that it is a legacy key that is used for backward compatibility with older MACsec devices. The preceding key is not used for generating the SAK, but only for authenticating the MACsec peers. The SAK is generated using the active key, which is the CAK named EEEE in this case.


Reference:

Juniper Security, Professional (JNCIP-SEC) Reference Materials source and documents:
https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show- security-mka-sessions-summary.html https://www.juniper.net/documentation/en_US/junos/topics/concept/security-macsec- overview.html



Exhibit



Referring to the exhibit, a spoke member of an ADVPN is not functioning correctly.
Which two commands will solve this problem? (Choose two.) A)



B)



C)



D)

  1. Option A
  2. Option B
  3. Option C
  4. Option D

Answer(s): A,B



Exhibit



You are using ATP Cloud and notice that there is a host with a high number of ETI and C&C hits sourced from the same investigation and notice that some of the events have not been automatically mitigated.
Referring to the exhibit, what is a reason for this behavior?

  1. The C&C events are false positives.
  2. The infected host score is globally set bellow a threat level of 5.
  3. The infected host score is globally set above a threat level of 5.
  4. The ETI events are false positives.

Answer(s): C

Explanation:

According to the Juniper documentation, the infected host score is a global setting that determines the minimum threat level required for a host to be considered infected and blocked by Juniper ATP Cloud. The infected host score can be configured from 1 to 10, where 1 is the lowest and 10 is the highest. The default infected host score is 5, which means that any host with a threat level of 5 or higher will be automatically blocked by Juniper ATP Cloud. However, the infected host score can be changed to a higher value, such as 6 or 7, to reduce the number of false positives and allow more traffic to pass through. In the exhibit, the host has a threat level of 5, which indicates that it is infected with malware and has attempted to contact command-and-control servers. However, some of the events have not been automatically mitigated, which means that the host has not been blocked by Juniper ATP Cloud. A possible reason for this behavior is that the infected host score is globally set above a threat level of 5, such as 6 or 7, which means that the host does not meet the minimum threshold for blocking. Therefore, the correct answer is C. The infected host score is globally set above a threat level of 5.


Reference:

[Configuring the Infected Host Score] 1, [Compromised Hosts: More Information] 2
1: https://www.juniper.net/documentation/us/en/software/sky-atp/atp-cloud-user- guide/topics/task/sky-atp-infected-host-score.html 2:
https://www.juniper.net/documentation/us/en/software/sky-atp/atp-cloud-user- guide/topics/concept/sky-atp-infected-host-overview.html






Post your Comments and Discuss Juniper JN0-636 exam with other Community members:

JN0-636 Discussions & Posts