Juniper JN0-636 JNCIP-SEC Exam Practice Test Instant Access

Question 1

Exhibit:

The security trace options configuration shown in the exhibit is committed to your SRX series firewall. Which two statements are correct in this Scenario? (Choose Two)

AThe file debugger will be readable by all users.

BOnce the trace has generated 10 log files, older logs will be overwritten.

COnce the trace has generated 10 log files, the trace process will halt.

DThe file debugger will be readable only by the user who committed this configuration

Answer : B, D

The security trace options configuration shown in the exhibit is committed to your SRX series firewall. The following statements are correct in this scenario:

B) Once the trace has generated 10 log files, older logs will be overwritten. The files option in the traceoptions statement specifies the maximum number of trace files to keep. When a trace file reaches its maximum size, it is renamed with a numeric suffix, such as kmd.0, kmd.1, and so on, until the maximum number of files is reached. Then the oldest trace file is overwritten by the newest one.In this case, the files option is set to 10, which means that the trace will generate 10 log files and then overwrite the older ones1.

D) The file debugger will be readable only by the user who committed this configuration. The file option in the traceoptions statement specifies the name of the trace file and the permissions for the file. The permissions can be either world-readable or owner-readable.In this case, the file option is set to debugger owner-readable, which means that the trace file will be named debugger and will be readable only by the user who committed the configuration1.

The other statements are incorrect because:

A) The file debugger will not be readable by all users, but only by the user who committed this configuration, as explained above.

C) The trace will not halt after generating 10 log files, but will continue to overwrite the older ones, as explained above.

traceoptions (Security)

Question 2

You are asked to deploy Juniper atp appliance in your network. You must ensure that incidents and

alerts are sent to your SIEM.

In this scenario, which logging output format is supported?

AWELF

BJSON

CCEF

Dbinay

Answer : C

The Juniper ATP Appliance platform collects, inspects and analyzes advanced and stealthy web, file, and email-based threats that exploit and infiltrate client browsers, operating systems, emails and applications.Juniper ATP Appliance's detection of malicious attacks generates incident and event details that can be sent to connected SIEM platforms in CEF, LEEF or Syslog formats1.CEF (Common Event Format) is an open log management standard that improves the interoperability of security-related information from different vendors2. Juniper ATP Appliance supports CEF format for sending events and system audit notifications to SIEM servers.You can configure the CEF format in the Juniper ATP Appliance Central Manager WebUI Config > Notifications > SIEM Settings1. Therefore, the correct answer is C. CEF is a supported logging output format for Juniper ATP Appliance. The other options are incorrect because:

A)WELF (WebTrends Enhanced Log Format) is a proprietary log format developed by WebTrends Corporation for web analytics3. Juniper ATP Appliance does not support WELF format for SIEM integration.

B)JSON (JavaScript Object Notation) is a lightweight data-interchange format that is easy for humans and machines to read and write4.Juniper ATP Appliance supports JSON format for HTTP API results, but not for SIEM notifications1.

D) Binary is a numeric system that uses only two digits: 0 and 1. Binary is not a logging output format for Juniper ATP Appliance or any SIEM platform.

SIEM Syslog, LEEF and CEF Logging

Common Event Format Configuration Guide

WebTrends Enhanced Log Format

JSON

Question 3

Exhibit.