Juniper JN0-335 Practice Test - Questions Answers, Page 2

The fab interface is a fabric link that connects the two nodes in a chassis cluster. A chassis cluster is a high-availability feature that groups two identical SRX Series devices into a cluster that acts as a single device. The fab interface has two functions:

Real-time objects (RTOs) are exchanged on the fab interface to maintain session synchronization: RTOs are data structures that store information about active sessions, such as source and destination IP addresses, ports, protocols, and security policies. RTOs are exchanged between the nodes on the fab interface to ensure that both nodes have the same session information and can take over the traffic in case of a failover.

In an active/active configuration, inter-chassis transit traffic is sent over the fab interface: In an active/active configuration, both nodes in a cluster can process traffic for different redundancy groups (RGs). RGs are collections of interfaces or services that fail over together from one node to another. If traffic needs to transit from one RG to another RG that is active on a different node, it is sent over the fab interface.

Encrypted Traffic Insights is a feature that enables the SRX Series firewall and the ATP Cloud to detect malicious threats that are hidden in encrypted traffic without decrypting the traffic. It does so by analyzing the metadata and connection patterns of the encrypted sessions. Two ways that Encrypted Traffic Insights assess the threat of the traffic are:

It validates the certificates used: The SRX Series firewall extracts the server certificate from the encrypted session and compares its signature with a blocklist of known malicious certificates provided by ATP Cloud. If there is a match, the session is blocked and reported as a threat.

It reviews the timing and frequency of the connections: The SRX Series firewall sends the connection details, such as source and destination IP addresses, ports, protocols, and timestamps, to ATP Cloud. ATP Cloud applies behavior analysis and machine learning algorithms to detect anomalous or suspicious patterns of connections, such as high frequency, low duration, or unusual timing.

The commands in the exhibit show how to configure a firewall filter on the loopback interface (lo0) of an SRX Series device. The loopback interface is a gateway for all the control traffic that enters the Routing Engine of the device. The firewall filter can be used to monitor and protect this control traffic from various attacks. Two statements that are true based on the exhibit are:

The loopback interface blocks invalid traffic on its entry into the device: The firewall filter applied on lo0 has a term that matches any packet with an invalid source address (such as 0.0.0.0/8 or 127.0.0.0/8) and discards it. This prevents spoofing or DoS attacks using invalid source addresses.

The device manager can access the device from 10.253.1.2: The firewall filter applied on lo0 has a term that matches any packet with a source address of 10.253.1.2 and accepts it. This allows the device manager to access the device from this IP address using protocols such as SSH, Telnet, HTTP, or HTTPS.

The output shown in the exhibit displays the status of a chassis cluster redundancy group (RG) on an SRX Series device. A chassis cluster RG is a collection of objects, such as interfaces or services, that fail over together from one node to another in case of a failure or manual intervention. A chassis cluster RG can be primary on one node and backup on another node at any given time. Two statements that describe the output shown in the exhibit are:

Redundancy group 1 was administratively failed over: The output shows that redundancy group 1 has ''Manual failover'' set to ''Yes''. This indicates that redundancy group 1 was manually switched from one node to another using the request chassis cluster failover redundancy-group command.

Node 1 is controlling traffic for redundancy group 1: The output shows that node 1 has ''Status'' set to ''Primary'' for redundancy group 1. This means that node 1 is active and controlling traffic for redundancy group 1.

AppQoE is a feature that enables you to monitor and optimize the quality of experience for applications on your network. It uses application-aware routing and dynamic path selection to choose the best path for each application based on predefined or custom SLA profiles. AppQoE also provides visibility and reporting on application performance and network conditions. Two requirements for enabling AppQoE are:

You need two SRX Series or MX Series device endpoints: AppQoE can be configured between two SRX Series device endpoints or between an SRX Series device and an MX Series device in a hub-and-spoke or full mesh topology. The devices must run the same version of Junos OS and have the same AppQoE configuration.

You need an APPID feature license: AppQoE requires an APPID feature license to be installed on the SRX Series device. The APPID feature license enables application identification and classification, which are essential for AppQoE to work.

Juniper ATP Cloud is a cloud-based service that provides advanced threat prevention and detection for your network. It integrates with SRX Series firewalls and MX Series routers to analyze files and network traffic for signs of malicious activity. Juniper ATP Cloud protects a network from zero-day threats by using dynamic analysis, which is a method of executing files in a sandbox environment and observing their behavior and network interactions. Dynamic analysis can uncover unknown malware that may evade static analysis or signature-based detection methods.

static attack object groups are predefined groups of attack objects that are included in Juniper's IPS signature database.These groups do not change automatically when Juniper updates the database2.

you need to create a global firewall rulebase that matches RT_FLOW_SESSION_DENY events2.To do this, you need to specify two policy parameters:denyandsession-close3.

JIMS serveris aJuniper Identity Management Servicethat collects user identity information from different authentication sources for SRX Series devices12.It can connect to SRX Series devices and CSO platform in your network1.

JIMS server is a service that protects corporate resources by authenticating and restricting user access based on roles2.It connects to SRX Series devices and CSO platform to provide identity information for firewall policies1.To reduce the load that JIMS server places on your network, you should connect JIMS to another SRX Series device1. This way, you can distribute the identity information among multiple SRX Series devices and reduce network traffic.