ExamGecko
Search Search Login
Home Home / Juniper / JN0-636
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the Exhibit: which two statements about the configuration shown in the exhibit are correct ?
Exhibit You have configured the SRX Series device to switch packets for multiple directly connected hosts that are within the same broadcast domain However, the traffic between two hosts in the same broadcast domain are not matching any security policies Referring to the exhibit, what should you do to solve this problem?
Exhibit The exhibit shows a snippet of a security flow trace. In this scenario, which two statements are correct? (Choose two.)
Which two security intelligence feed types are supported?
Exhibit: You are troubleshooting a firewall filter shown in the exhibit that is intended to log all traffic and block only inbound telnet traffic on interface ge-0/0/3. How should you modify the configuration to fulfill the requirements?
Which two additional configuration actions are necessary for the third-party feed shown in the exhibit to work properly? (Choose two.)
Click the Exhibit button. Which type of NAT is shown in the exhibit?
Exhibit You configure a traceoptions file called radius on your returns the output shown in the exhibit What is the source of the problem?
SRX Series device enrollment with Policy Enforcer fails To debug further, the user issues the following command show configuration services security—intelligence url https : //cloudfeeds . argon . juniperaecurity . net/api/manifeat. xml and receives the following output: What is the problem in this scenario?
What are two important function of the Juniper Networks ATP appliance solution? (Choose two.).

Question 37 - JN0-636 discussion

Report
Export

Exhibit

Referring to the exhibit, which two statements are true? (Choose two.)

A.
The SRX-1 device can use the Proxy__Nodes feed in another security policy.
Answers
A.
The SRX-1 device can use the Proxy__Nodes feed in another security policy.
B.
You can use the Proxy_Nodes feed as the source-address and destination-address match criteria of another security policy on a different SRX Series device.
Answers
B.
You can use the Proxy_Nodes feed as the source-address and destination-address match criteria of another security policy on a different SRX Series device.
C.
The SRX-1 device creates the Proxy_wodes feed, so it cannot use it in another security policy.
Answers
C.
The SRX-1 device creates the Proxy_wodes feed, so it cannot use it in another security policy.
D.
You can only use the Proxy_Node3 feed as the destination-address match criteria of another security policy on a different SRX Series device.
Answers
D.
You can only use the Proxy_Node3 feed as the destination-address match criteria of another security policy on a different SRX Series device.
Suggested answer: C, D

Explanation:

The exhibit shows the output of the show security intelligence category summary command on the SRX-1 device. This command displays the status of the security intelligence categories configured on the device. In the output, we can see that there are two categories configured - Proxy_Nodes and Proxy_Node3. The Proxy_Nodes category is a custom category that is created by the SRX-1 device using the adaptive threat profiling feature. The Proxy_Node3 category is a third-party category that is downloaded from the Juniper ATP Cloud service. The Proxy_Nodes category contains the IP addresses that match the security policy named Proxy-ATP on the SRX-1 device. The Proxy_Node3 category contains the IP addresses that are associated with the Tor network.

The two statements that are true based on the exhibit are:

The SRX-1 device creates the Proxy_Nodes feed, so it cannot use it in another security policy. This is because the adaptive threat profiling feature does not allow the device that creates the feed to use it in another security policy. The feed is intended to be shared with other devices in the same realm through the Juniper ATP Cloud service. The SRX-1 device can only use the feeds that are created by other devices or downloaded from third-party sources.

You can only use the Proxy_Node3 feed as the destination-address match criteria of another security policy on a different SRX Series device. This is because the Proxy_Node3 feed is a third-party feed that is downloaded from the Juniper ATP Cloud service. The SRX-1 device can use this feed as a dynamic address object in its security policies. However, the feed is configured with the destinationonly option, which means that it can only be used as the destination-address match criteria of a security policy. The source-address match criteria of a security policy cannot use this feed.

Reference: Juniper Security, Professional (JNCIP-SEC) Reference Materials source and documents:

https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/showsecurity-intelligence-category-summary.html

https://www.juniper.net/documentation/en_US/junos/topics/concept/security-intelligence-thirdparty-feed-configuring.html

https://www.juniper.net/documentation/en_US/junos/topics/concept/security-adaptive-threatprofiling-overview.html

Show Answer
asked 18/09/2024
Bartosz Szewczyk
37 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms