Juniper JN0-335 Practice Test - Questions Answers, Page 8

Based on SSL proxy is a feature that allows SRX Series devices to decrypt and inspect SSL/TLS traffic for security purposes. According to SRX Series devices support two types of SSL proxy:

Client-protection SSL proxy also known as forward proxy --- The SRX Series device resides between the internal client and outside server. It decrypts and inspects traffic from internal users to the web.

Server-protection SSL proxy also known as reverse proxy --- The SRX Series device resides between outside clients and internal servers. It decrypts and inspects traffic from web users to internal servers.

The exhibit shows a configuration snippet for security intelligence on an SRX Series device. Security intelligence is a feature that allows you to block or monitor traffic from malicious sources based on threat intelligence feeds from Juniper ATP Cloud or other providers. The configuration defines a profile for ATP Infected-Hosts, which is a feed that contains IP addresses of hosts that are infected with malware and communicate with command-and-control servers. The configuration also defines a rule for threat level 8, which is a parameter that indicates the severity of the threat. Based on this configuration, the SRX Series device will do the following:

Packets from the infected hosts with a threat level of 8 or above will be dropped: The action block-and-drop under the rule means that the device will block any traffic from the infected hosts that have a threat level equal to or higher than 8. This will prevent the hosts from sending or receiving malicious commands or data.

No log message will be generated: The absence of any log option under the rule means that the device will not generate any log message for the blocked traffic. This may reduce the load on the device and the logging server, but it may also limit the visibility and analysis of the security events.

A reth LAG is a redundant Ethernet link aggregation group that combines multiple physical interfaces into a single logical interface in a chassis cluster. A reth LAG provides load balancing and redundancy for traffic within or between redundancy groups. Two statements that are correct about a reth LAG are:

Links must have the same speed and duplex setting: To form a reth LAG, the physical interfaces must have the same speed and duplex setting. This ensures that the links can operate at the same capacity and avoid performance issues or errors.

You should have two or more interfaces: To create a reth LAG, you need to have at least two physical interfaces. One interface should be connected to node 0 and the other interface should be connected to node 1. You can also have more than two interfaces in a reth LAG for increased bandwidth and redundancy.

Application identification is a feature that enables SRX Series devices to identify and classify network traffic based on application signatures or custom rules. Application identification can enhance security, visibility, and control over network applications. Two statements that are true about application identification are:

Application identification can identify nested applications that are within Layer 7: Nested applications are applications that run within another application protocol, such as HTTP or SSL. For example, Facebook or YouTube are nested applications within HTTP. Application identification can identify nested applications by inspecting the application payload and matching it against predefined or custom signatures.

Application signatures are not the same as IDP signatures: Application signatures are patterns of bytes or strings that uniquely identify an application protocol or a nested application. IDP signatures are patterns of bytes or strings that indicate an attack or an exploit against a vulnerability. Application signatures are used for application identification and classification, while IDP signatures are used for intrusion detection and prevention.

The sequence that an SRX Series device uses when implementing stateful session security policies using Layer 3 routes is:

An SRX Series device will conduct a longest-match Layer 3 route table lookup before performing a security policy search: When an SRX Series device receives a packet, it first looks up the destination IP address in the routing table and finds the longest matching route to forward the packet. Then, it performs a security policy search based on the source zone, destination zone, source address, destination address, protocol, and application of the packet. If there is a matching policy that allows the packet, it creates or updates a session entry for the packet and applies any security services configured in the policy.

The logging parameter that will provide the function of showing tabular data for operational mode commands is count. The count parameter displays the number of packets and bytes that match a security policy and the action taken by the policy. The count parameter can be used with the show security policies hit-count command to display the policy counters in a tabular format. The count parameter can also be used with the show security flow session command to display the session counters in a tabular format.Reference:=show security policies hit-count,show security flow session

Two benefits of using a cSRX in your virtual environment are:

The cSRX supports firewall, NAT, IPS, and UTM services: The cSRX is a containerized version of the SRX Series firewall that runs as a Docker container on Linux hosts. It provides the same features and functionality as the SRX Series physical firewalls, such as firewall, NAT, IPS, and UTM services. The cSRX can protect your virtual workloads and applications from various threats and attacks.

The cSRX has low memory requirements: The cSRX is designed to be lightweight and efficient, with low memory and CPU requirements. The cSRX can run on as little as 1 GB of RAM and 1 vCPU, making it suitable for resource-constrained environments.

The service that you would implement at your edge device to prioritize VoIP traffic in this scenario is AppQoS. AppQoS is a feature that enables you to allocate bandwidth and prioritize traffic based on application signatures or custom rules. AppQoS can enhance the quality of service and experience for critical or latency-sensitive applications, such as VoIP. You can configure AppQoS policies to assign different classes of service (CoS) values or queue numbers to different applications or traffic flows. You can also define bandwidth limits, guarantees, or bursts for each class or queue.Reference:= [Application Quality of Service Overview], [Configuring Application Quality of Service]