ExamGecko
Search Search Login
Home Home / Juniper / JN0-636
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the Exhibit: which two statements about the configuration shown in the exhibit are correct ?
Exhibit You have configured the SRX Series device to switch packets for multiple directly connected hosts that are within the same broadcast domain However, the traffic between two hosts in the same broadcast domain are not matching any security policies Referring to the exhibit, what should you do to solve this problem?
Exhibit The exhibit shows a snippet of a security flow trace. In this scenario, which two statements are correct? (Choose two.)
Which two security intelligence feed types are supported?
Exhibit: You are troubleshooting a firewall filter shown in the exhibit that is intended to log all traffic and block only inbound telnet traffic on interface ge-0/0/3. How should you modify the configuration to fulfill the requirements?
Which two additional configuration actions are necessary for the third-party feed shown in the exhibit to work properly? (Choose two.)
Click the Exhibit button. Which type of NAT is shown in the exhibit?
Exhibit You configure a traceoptions file called radius on your returns the output shown in the exhibit What is the source of the problem?
SRX Series device enrollment with Policy Enforcer fails To debug further, the user issues the following command show configuration services security—intelligence url https : //cloudfeeds . argon . juniperaecurity . net/api/manifeat. xml and receives the following output: What is the problem in this scenario?
What are two important function of the Juniper Networks ATP appliance solution? (Choose two.).

Question 89 - JN0-636 discussion

Report
Export

You are asked to share threat intelligence from your environment with third party tools so that those tools can be identify and block lateral threat propagation from compromised hosts.

Which two steps accomplish this goal? (Choose Two)

A.
Configure application tokens in the SRX Series firewalls to limit who has access
Answers
A.
Configure application tokens in the SRX Series firewalls to limit who has access
B.
Enable Juniper ATP Cloud to share threat intelligence
Answers
B.
Enable Juniper ATP Cloud to share threat intelligence
C.
Configure application tokens in the Juniper ATP Cloud to limit who has access
Answers
C.
Configure application tokens in the Juniper ATP Cloud to limit who has access
D.
Enable SRX Series firewalls to share Threat intelligence with third party tool.
Answers
D.
Enable SRX Series firewalls to share Threat intelligence with third party tool.
Suggested answer: B, C

Explanation:

To share threat intelligence from your environment with third party tools, you need to enable Juniper

ATP Cloud to share threat intelligence and configure application tokens in the Juniper ATP Cloud to limit who has access. The other options are incorrect because:

A) Configuring application tokens in the SRX Series firewalls is not necessary or sufficient to share threat intelligence with third party tools. Application tokens are used to authenticate and authorize requests to the Juniper ATP Cloud API, which can be used to perform various operations such as submitting files, querying C&C feeds, and managing allowlists and blocklists1. However, to share threat intelligence with third party tools, you need to enable the TAXII service in the Juniper ATP Cloud, which is a different protocol for exchanging threat information2.

D) Enabling SRX Series firewalls to share threat intelligence with third party tools is not possible or supported. SRX Series firewalls can send potentially malicious objects and files to the Juniper ATP Cloud for analysis and receive threat intelligence from the Juniper ATP Cloud to block malicious traffic3. However, SRX Series firewalls cannot directly share threat intelligence with third party tools.

You need to use the Juniper ATP Cloud as the intermediary for threat intelligence sharing.

Therefore, the correct answer is B and C. You need to enable Juniper ATP Cloud to share threat intelligence and configure application tokens in the Juniper ATP Cloud to limit who has access. To do so, you need to perform the following steps:

Enable and configure the TAXII service in the Juniper ATP Cloud. TAXII (Trusted Automated eXchange of Indicator Information) is a protocol for communication over HTTPS of threat information between parties. STIX (Structured Threat Information eXpression) is a language used for reporting and sharing threat information using TAXII. Juniper ATP Cloud can contribute to STIX reports by sharing the threat intelligence it gathers from file scanning. Juniper ATP Cloud also uses threat information from STIX reports as well as other sources for threat prevention2. To enable and configure the TAXII service, you need to select Configure > Threat Intelligence Sharing in the Juniper ATP Cloud WebUI, move the knob to the right to Enable TAXII, and move the slidebar to designate a file sharing threshold2.

Configure application tokens in the Juniper ATP Cloud. Application tokens are used to authenticate and authorize requests to the Juniper ATP Cloud API and the TAXII service. You can create and manage application tokens in the Juniper ATP Cloud WebUI by selecting Configure > Application Tokens. You can specify the name, description, expiration date, and permissions of each token. You can also revoke or delete tokens as needed. You can use the application tokens to limit who has access to your shared threat intelligence by granting or denying permissions to the TAXII service1.

Reference:

Threat Intelligence Open API Setup Guide

Configure Threat Intelligence Sharing

About Juniper Advanced Threat Prevention Cloud

Show Answer
asked 18/09/2024
Rosalba Scalera
48 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms