Juniper JN0-335 Practice Test - Questions Answers, Page 10

In order to manually failover the primary Routing Engine in an SRX Series high availability cluster pair, you must issue the command 'set chassis cluster disable reboot' on the primary node. This command will disable the cluster and then reboot the primary node, causing the secondary node to take over as the primary node. This is discussed in greater detail in the Juniper Security, Specialist (JNCIS-SEC) Study Guide (page 68).

The two security policy features that provide the capability to permit access to an application but block its sub-applications are URL filtering and micro application detection. URL filtering allows you to create policies that permit or block access to certain websites or webpages based on URL patterns. Micro application detection is a more sophisticated approach that can identify and block specific applications, even if they are embedded within other applications or websites. According to the Juniper Networks Certified Internet Specialist (JNCIS-SEC) Study Guide[1], ''micro application detection is the most accurate way to detect and control applications.'' Content filtering and APPID are more general approaches and are not as effective in providing the level of granularity needed to block sub-applications.

To create a security policy that will automatically add infected hosts to the infected hosts feed and block further communication through the SRX Series device, you need to add a security intelligence policy to the permit portion of the security policy. A security intelligence policy is a policy that allows you to block or monitor traffic from malicious sources based on threat intelligence feeds from Juniper ATP Cloud or other providers. One of the feeds that you can use is the Infected-Hosts feed, which contains IP addresses of hosts that are infected with malware and communicate with command-and-control servers. You can create a profile and a rule for the Infected-Hosts feed and specify the threat level and the action to take for the infected hosts. Then, you can link the security intelligence policy with the firewall policy and apply it to the traffic that you want to protect.

The solution that satisfies the requirements for a vSRX deployment is AWS. AWS (Amazon Web Services) is a cloud computing platform that provides on-demand services such as infrastructure, platform, software, and database as a service. AWS is globally distributed, meaning that it has data centers in multiple regions around the world. AWS also allows rapid provisioning, meaning that you can launch vSRX instances in minutes using preconfigured Amazon Machine Images (AMIs) or custom templates. AWS also enables scaling based on demand, meaning that you can adjust the number and size of vSRX instances according to your network traffic and performance needs. AWS also has low CapEx (capital expenditure), meaning that you only pay for what you use and do not need to invest in hardware or maintenance costs.

vSRX is a virtual firewall that runs as a software instance on a hypervisor. A hypervisor is a software layer that allows multiple virtual machines to run on a single physical host. vSRX supports three hypervisors: VMware ESXi, Hyper-V, and KVM. VMware ESXi is a hypervisor that runs on x86 servers and supports various operating systems and applications. Hyper-V is a hypervisor that runs on Windows Server and supports Windows and Linux virtual machines. KVM (Kernel-based Virtual Machine) is a hypervisor that runs on Linux and supports Linux, Windows, and other operating systems.

A policy scheduler is a feature that allows a security policy to be activated or deactivated for a specified time period. You can define schedulers for a single or recurrent time slot within which a policy is active. Two statements that are correct about a policy scheduler are:

A policy scheduler can be defined using a daily schedule: You can configure a scheduler to be active every day for a certain time interval, such as from 8:00 AM to 5:00 PM. You can also exclude specific days from the daily schedule, such as weekends or holidays.

A policy scheduler determines the time frame that a security policy is actively evaluated: When you associate a scheduler with a security policy, the policy is only available for policy lookup during the time frame specified by the scheduler. When the scheduler is off, the policy is inactive and cannot be matched by any traffic.

vSRX is a virtual firewall that runs as a software instance on a hypervisor or in a cloud environment. It provides the same features and functionality as the SRX Series physical firewalls, such as advanced security, secure SD-WAN, and robust networking. Two statements that are true about vSRX are:

AWS is supported as an IaaS solution: AWS (Amazon Web Services) is a cloud computing platform that provides on-demand services such as infrastructure, platform, software, and database as a service. vSRX is available on the AWS Marketplace and can be deployed and scaled in minutes to provide firewall protection for workloads running in AWS Virtual Private Clouds (VPCs), private clouds, or on-premises resources.

OpenStack is supported as a cloud orchestration solution: OpenStack is an open source software platform that enables users to create and manage cloud infrastructure and services. vSRX can be integrated with OpenStack using Heat templates or Contrail Service Orchestration to automate the provisioning and configuration of vSRX instances in an OpenStack environment.