Juniper JN0-636 Practice Test - Questions Answers, Page 7

The result of adding the count action to a security policy can be seen in the show security policies detail command output. The count action is a feature that allows you to enable statistics collection for sessions that enter the device for a given policy, and for the number of packets and bytes that pass through the device in both directions for a given policy. The count action can help you to monitor the traffic that matches a security policy and to troubleshoot security policy issues. The show security policies detail command displays the detailed information about the security policies configured on the device, including the count statistics. The output shows the number of packets and bytes that have been processed by the policy in both directions, as well as the number of sessions that have been created by the policy. You can use this command to verify that the count action is working as expected and to see the traffic volume and session count for each policy. Reference:

Juniper Security, Professional (JNCIP-SEC) Reference Materials source and documents:

https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/showsecurity-policies-detail.html

https://www.juniper.net/documentation/en_US/junos/topics/concept/security-policy-countoverview.html

The suspicious_Endpoints feed is a dynamic address group that is created by Juniper ATP Cloud based on the IoT device discovery and policy enforcement feature. This feature allows the SRX Series device to send IoT traffic to Juniper ATP Cloud for analysis and classification. Juniper ATP Cloud then creates a threat feed that contains the IP addresses of the suspicious IoT devices and sends it back to the SRX Series device. The SRX Series device can then use this feed to create and enforce security policies for the IoT traffic. The suspicious_Endpoints feed is usable by any SRX Series device that is a part of the same realm as SRX-1, because the feed is shared among the devices that belong to the same Juniper ATP Cloud realm. Juniper ATP Cloud automatically creates the suspicious_Endpoints feed after you commit the security policy that references the feed, because the feed is dynamically generated based on the IoT traffic analysis. You do not need to manually create the feed in the Juniper ATP Cloud interface. Reference:

Example- Configure IoT Device Discovery and Policy Enforcement

Juniper Advanced Threat Prevention Cloud Policy Overview

The three profiles that are configurable in a threat prevention policy are infected host profile, C&C profile, and malware profile. A threat prevention policy is a feature of Juniper ATP Cloud that provides protection and monitoring for selected threat profiles, including command and control servers, infected hosts, and malware. Using feeds from Juniper ATP Cloud and optional custom feeds that you configure, ingress and egress traffic is monitored for suspicious content and behavior. Based on a threat score, detected threats are evaluated and action may be taken once a verdict is reached.

You can create a threat prevention policy by selecting one or more of the following profiles:

Infected host profile: This profile detects and blocks traffic from hosts that are infected with malware or compromised by attackers. You can configure the threat score thresholds and the actions for different levels of severity. You can also enable Geo IP filtering to block traffic from or to specific countries or regions.

C&C profile: This profile detects and blocks traffic to or from command and control servers that are used by attackers to control malware or botnets. You can configure the threat score thresholds and the actions for different levels of severity. You can also enable Geo IP filtering to block traffic from or to specific countries or regions.

Malware profile: This profile detects and blocks traffic that contains malware or malicious content.

You can configure the threat score thresholds and the actions for different levels of severity. You can also enable protocol-specific settings for HTTP and SMTP traffic, such as file type filtering, file size filtering, and file name filtering.

The other two profiles, device profile and SSL proxy profile, are not configurable in a threat prevention policy. A device profile is a feature of Policy Enforcer that defines the device type, the device group, and the device settings for the SRX Series devices that are enrolled with Juniper ATP Cloud. An SSL proxy profile is a feature of SRX Series devices that enables SSL proxy to decrypt and inspect SSL/TLS traffic for threats and policy violations.

Reference: Juniper Security, Professional (JNCIP-SEC) Reference Materials source and documents:

https://www.juniper.net/documentation/en_US/junos-space23.1/policyenforcer/topics/concept/threat-management-policy-overview.html

https://www.juniper.net/documentation/en_US/junos-space23.1/policyenforcer/topics/task/configuration/junos-space-policy-enforcer-threat-management-policyconfigure.

html://https://www.juniper.net/documentation/en_US/junos/topics/concept/securitypolicy-enforcer-device-profile-overview.html

https://www.juniper.net/documentation/en_US/junos/topics/concept/security-ssl-proxyoverview.html

The IPS signature database is one of the major components of the intrusion prevention system (IPS).

It contains definitions of different objects, such as attack objects, application signature objects, and service objects, that are used in defining IDP policy rules. As a response to new vulnerabilities, Juniper Networks periodically provides a file containing attack database updates on the Juniper Networks website. You can download this file to protect your network from new threats. Note: IPS does not need a separate license to run as a service on the SRX Series Firewall; however, a license is required for IPS updates1.

When you configure a chassis cluster, the two nodes back up each other, with one node acting as the primary device and the other as the secondary device, ensuring stateful failover of processes and services in the event of system or hardware failure. If the primary device fails, the secondary device takes over processing of traffic2.

To download and install the IPS signature database to a device operating in chassis cluster mode, you must perform the following steps:

Download the IPS signature package from the Juniper Networks website to the primary node of the chassis cluster. You can use the request security idp security-package download CLI command or the Security Director user interface to download the package. Note: You must have a valid license key installed on the device to download the package3.

Install the IPS signature package on the primary node of the chassis cluster. You can use the request security idp security-package install CLI command or the Security Director user interface to install the package. Note: You must reboot the primary node after installing the package3.

Synchronize the IPS signature package from the primary node to the backup node of the chassis cluster. You can use the request security idp security-package install-backup CLI command or the Security Director user interface to synchronize the package. Note: You do not need to reboot the backup node after synchronizing the package3.

Therefore, the correct answer is A. You must download and install the IPS signature package on the primary node. The other options are incorrect because:

B) The first synchronization of the backup node and the primary node is performed automatically after you install the package on the primary node. You do not need to perform it manually3.

C) The first time you synchronize the IPS signature package from the primary node to the backup node, the primary node does not need to be rebooted. You only need to reboot the primary node after installing the package3.

D) The IPS signature package does not need to be downloaded and installed on the primary and backup nodes separately. You only need to download and install it on the primary node and then synchronize it to the backup node3.

Reference:

IDP Signature Database Overview

Understanding IDP Signature Database for Migration

Configuring Chassis Clustering on SRX Series Devices

Reference: https://kb.juniper.net/InfoCenter/index?

page=content&id=KB33979&cat=JATP_SERIES&actp=LIST

https://www.juniper.net/documentation/us/en/software/junos/multicastl2/topics/ref/statement/family-ethernet-switching-edit-interfaces-qfx-series.html#statement-namestatement_d26608e73

Reference: https://www.juniper.net/documentation/en_US/junos-space17.2/policyenforcer/topics/concept/ policy-enforcer-deployment-supported-topologies.html