CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Juniper
  5. JN0-636

Free JN0-636 Exam Braindumps (page: 14)

Page 13 of 29
PDF with 115 Questions

Exhibit



Which statement is true about the output shown in the exhibit?

  1. The SRX Series device is configured with default security forwarding options.
  2. The SRX Series device is configured with packet-based IPv6 forwarding options.
  3. The SRX Series device is configured with flow-based IPv6 forwarding options.
  4. The SRX Series device is configured to disable IPv6 packet forwarding.

Answer(s): C

Explanation:

The output shown in the exhibit is from the command "show security flow session family inet6". This command displays the IPv6 flow sessions on the SRX Series device. The output shows that there are two total sessions, both of which are valid. This means that the SRX Series device is configured with flow-based IPv6 forwarding options. Flow-based IPv6 forwarding options enable the device to process IPv6 packets using the security policies, NAT, and other security features. To configure flow- based IPv6 forwarding options, use the command set security forwarding-options family inet6 mode flow-based and reboot the device.


Reference:

show security flow session family inet6
Configuring Flow-Based IPv6 Forwarding Options
SRX Getting Started - Configure IPv6



You want to identify potential threats within SSL-encrypted sessions without requiring SSL proxy to decrypt the session contents.
Which security feature achieves this objective?

  1. infected host feeds
  2. encrypted traffic insights
  3. DNS security
  4. Secure Web Proxy

Answer(s): B

Explanation:

The security feature that achieves the objective of identifying potential threats within SSL-encrypted sessions without requiring SSL proxy to decrypt the session contents is encrypted traffic insights.

Encrypted traffic insights (ETI) is a feature of Juniper ATP Cloud that helps you to detect malicious threats that are hidden in encrypted traffic without intercepting and decrypting the traffic. ETI uses machine learning and behavioral analysis to identify anomalies and suspicious patterns in the encrypted traffic metadata, such as the SSL/TLS handshake, the certificate, the cipher suite, and the session duration. ETI can also leverage third-party feeds and threat intelligence from Juniper ATP Cloud to correlate the encrypted traffic with known indicators of compromise (IoCs). ETI can provide insights into the risk level, the threat category, the threat location, and the threat time of the encrypted traffic. ETI can also trigger mitigation actions, such as blocking, quarantining, or alerting, based on the threat severity and the policy configuration. ETI can help you to improve your security posture and visibility without compromising the privacy and performance of the encrypted traffic.


Reference:

Juniper Security, Professional (JNCIP-SEC) Reference Materials source and documents: https://www.juniper.net/documentation/en_US/junos/topics/concept/security-atp- cloud-encrypted-traffic-insights-overview.html



Exhibit

  1. The highlighted incident (arrow) shown in the exhibit shows a progression level of "Download" in the kill chain.
    What are two appropriate mitigation actions for the selected incident? (Choose two.)
  2. Immediate response required: Block malware IP addresses (download server or CnC server)
  3. Immediate response required: Wipe infected endpoint hosts.
  4. Immediate response required: Deploy IVP integration (if configured) to confirm if the endpoint has executed the malware and is infected.
  5. Not an urgent action: Use IVP to confirm if machine is infected.

Answer(s): A,C

Explanation:

The appropriate mitigation actions for the selected incident are to block malware IP addresses

(download server or CnC server) and to deploy IVP integration (if configured) to confirm if the endpoint has executed the malware and is infected. This is because the incident shows a progression level of "Download" in the kill chain, which means that the malware has been downloaded and is likely to be executed. Blocking the malware IP addresses can prevent further communication with the malicious server and stop the malware from receiving commands or exfiltrating data. Deploying IVP integration can help verify the infection status of the endpoint and provide additional information about the malware behavior and impact. IVP integration is an optional feature that allows the ATP Appliance to interact with third-party endpoint security solutions such as Carbon Black, Cylance, and CrowdStrike.


Reference:

Advanced Threat Prevention Appliance Solution Brief
Advanced Threat Prevention Appliance Datasheet
[Advanced Threat Prevention Appliance Mitigation Actions] [Advanced Threat Prevention Appliance IVP Integration]



Exhibit



Referring to the exhibit, which three protocols will be allowed on the ge-0/0/5.0 interface? (Choose three.)

  1. IBGP
  2. OSPF
  3. IPsec
  4. DHCP
  5. NTP

Answer(s): B,D,E

Explanation:

The exhibit shows the output of the "show interfaces ge-0/0/5.0 extensive" command on an SRX Series device. The output includes a section called "Security" that lists the protocols that are allowed on the ge-0/0/5.0 interface. The protocols that are allowed on the ge-0/0/5.0 interface are:
OSPF
DHCP
NTP
It's important to notice that the output don't have IBGP, IPsec, so these protocols are not allowed on the ge-0/0/5.0 interface.






Post your Comments and Discuss Juniper JN0-636 exam with other Community members:

JN0-636 Discussions & Posts