Question 9 - JN0-636 discussion

According to the Juniper documentation, the steps to detect domain generation algorithms (DGA) on an SRX Series firewall are as follows:

Define a security-metadata-streaming policy under [edit services]. A security-metadata-streaming policy is a configuration that enables the SRX Series firewall to collect and stream security metadata, such as DNS queries and responses, to Juniper ATP Cloud for analysis. Juniper ATP Cloud uses machine learning models and known pre-computed DGA domain names to provide domain verdicts, which helps in-line blocking and sinkholing of DNS queries on SRX Series firewalls1. You can define a security-metadata-streaming policy by using the following command:

set services security-metadata-streaming policy <policy-name>

Attach the security-metadata-streaming policy to a security zone. A security zone is a logical grouping of interfaces that have similar security requirements. You can attach the security-metadatastreaming policy to a security zone by using the following command:

set security zones security-zone <zone-name> services security-metadata-streaming policy <policyname>

The following steps are not required or incorrect:

Define an advanced-anti-malware policy under [edit services]. An advanced-anti-malware policy is a configuration that enables the SRX Series firewall to scan files for malware using Juniper ATP Cloud. It is not related to DGA detection2.

Attach the advanced-anti-malware policy to a security policy. A security policy is a configuration that defines the rules for permitting or denying traffic between security zones. It is not related to DGA detection3.

Reference: 1: Configuring Security Metadata Streaming 2: Configuring Advanced Anti-Malware Policies 3: Configuring Security Policies