ExamGecko
Search Search Login
Home Home / Juniper / JN0-636
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the Exhibit: which two statements about the configuration shown in the exhibit are correct ?
Exhibit You have configured the SRX Series device to switch packets for multiple directly connected hosts that are within the same broadcast domain However, the traffic between two hosts in the same broadcast domain are not matching any security policies Referring to the exhibit, what should you do to solve this problem?
Exhibit The exhibit shows a snippet of a security flow trace. In this scenario, which two statements are correct? (Choose two.)
Which two security intelligence feed types are supported?
Exhibit: You are troubleshooting a firewall filter shown in the exhibit that is intended to log all traffic and block only inbound telnet traffic on interface ge-0/0/3. How should you modify the configuration to fulfill the requirements?
Which two additional configuration actions are necessary for the third-party feed shown in the exhibit to work properly? (Choose two.)
Click the Exhibit button. Which type of NAT is shown in the exhibit?
Exhibit You configure a traceoptions file called radius on your returns the output shown in the exhibit What is the source of the problem?
SRX Series device enrollment with Policy Enforcer fails To debug further, the user issues the following command show configuration services security—intelligence url https : //cloudfeeds . argon . juniperaecurity . net/api/manifeat. xml and receives the following output: What is the problem in this scenario?
What are two important function of the Juniper Networks ATP appliance solution? (Choose two.).

Question 51 - JN0-636 discussion

Report
Export

Exhibit

A.
The highlighted incident (arrow) shown in the exhibit shows a progression level of "Download" in the kill chain.What are two appropriate mitigation actions for the selected incident? (Choose two.)
Answers
A.
The highlighted incident (arrow) shown in the exhibit shows a progression level of "Download" in the kill chain.What are two appropriate mitigation actions for the selected incident? (Choose two.)
B.
Immediate response required: Block malware IP addresses (download server or CnC server)
Answers
B.
Immediate response required: Block malware IP addresses (download server or CnC server)
C.
Immediate response required: Wipe infected endpoint hosts.
Answers
C.
Immediate response required: Wipe infected endpoint hosts.
D.
Immediate response required: Deploy IVP integration (if configured) to confirm if the endpoint has executed the malware and is infected.
Answers
D.
Immediate response required: Deploy IVP integration (if configured) to confirm if the endpoint has executed the malware and is infected.
E.
Not an urgent action: Use IVP to confirm if machine is infected.
Answers
E.
Not an urgent action: Use IVP to confirm if machine is infected.
Suggested answer: A, C

Explanation:

The appropriate mitigation actions for the selected incident are to block malware IP addresses (download server or CnC server) and to deploy IVP integration (if configured) to confirm if the endpoint has executed the malware and is infected. This is because the incident shows a progression level of "Download" in the kill chain, which means that the malware has been downloaded and is likely to be executed. Blocking the malware IP addresses can prevent further communication with the malicious server and stop the malware from receiving commands or exfiltrating data. Deploying IVP integration can help verify the infection status of the endpoint and provide additional information about the malware behavior and impact. IVP integration is an optional feature that allows the ATP Appliance to interact with third-party endpoint security solutions such as Carbon Black, Cylance, and CrowdStrike. Reference:

Advanced Threat Prevention Appliance Solution Brief

Advanced Threat Prevention Appliance Datasheet

[Advanced Threat Prevention Appliance Mitigation Actions]

[Advanced Threat Prevention Appliance IVP Integration]

Show Answer
asked 18/09/2024
Nosh Shah
37 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms