Juniper JN0-636 Juniper Security, Professional JNCIP-SEC Exam Practice Test

Answer : A, D

The two statements about the configuration shown in the exhibit are correct are:

A) The remote IKE gateway IP address is 203.0.113.100. The exhibit shows that the address option under the gateway statement is set to 203.0.113.100, which specifies the IP address of the primary IKE gateway.The address option is used to configure the IP address or the hostname of the remote peer that has a static IP address1.

D) The remote peer is assigned a dynamic IP address. The exhibit shows that the dynamic option under the gateway statement is configured with various attributes, such as general-ikeid, ike-user-type, and user-at-hostname. The dynamic option is used to configure the identifier for the remote gateway with a dynamic IP address.The dynamic option also enables the SRX Series device to accept multiple connections from remote peers that have the same identifier2.

The other statements are incorrect because:

B) The local peer is not assigned a dynamic IP address, but a static IP address. The exhibit shows that the local-address option under the gateway statement is set to 192.0.2.100, which specifies the IP address of the local IKE gateway.The local-address option is used to configure the IP address of the local peer that has a static IP address1.

C) The local IKE gateway IP address is not 203.0.113.100, but 192.0.2.100, as explained above.

gateway (Security IKE)

dynamic (Security IKE)

Answer : A, C

To find an infected host and where the attack came from using the Juniper ATP Cloud, you need to use the Hosts and Threat Sources monitor workspaces. The other options are incorrect because:

B) The File Scanning monitor workspace shows the files that have been scanned by the Juniper ATP Cloud and their verdicts (clean, malicious, or unknown).It does not show the infected hosts or the attack sources1.

D) The Encrypted Traffic monitor workspace shows the encrypted traffic that has been decrypted by the Juniper ATP Cloud and the certificates that have been used.It does not show the infected hosts or the attack sources2.

Therefore, the correct answer is A and C. You need to use the Hosts and Threat Sources monitor workspaces to find an infected host and where the attack came from using the Juniper ATP Cloud. To do so, you need to perform the following steps:

For Hosts, you need to access the Hosts monitor workspace in the Juniper ATP Cloud WebUI by selecting Monitor > Hosts. You can see the list of hosts that have been detected by the Juniper ATP Cloud and their risk scores, infection levels, and threat categories. You can filter the hosts by various criteria, such as IP address, hostname, domain, or threat category. You can also drill down into each host to see the details of the files, applications, and incidents associated with the host.You can identify the infected host by looking for the host with the highest risk score, infection level, or threat category3.

For Threat Sources, you need to access the Threat Sources monitor workspace in the Juniper ATP Cloud WebUI by selecting Monitor > Threat Sources. You can see the list of threat sources that have been detected by the Juniper ATP Cloud and their risk scores, threat categories, and geolocations. You can filter the threat sources by various criteria, such as IP address, domain, or threat category. You can also drill down into each threat source to see the details of the files, applications, and incidents associated with the threat source. You can identify the attack source by looking for the threat source with the highest risk score, threat category, or geolocation that matches the infected host.

File Scanning

Encrypted Traffic

Hosts

[Threat Sources]

Answer : A, D

The exhibit shows a security policy configuration with a threshold of 1000 policy violations by a source network identifier and a threshold of 10 policy violations to an application within a specified period. If either of these thresholds are exceeded, an alarm will be generated. Therefore, the correct answer is A and D. The other options are incorrect because:

B) The ratio of policy violation traffic compared to accepted traffic is not a criterion for triggering an alarm. The security policy configuration does not specify any ratio or percentage of policy violation traffic that would cause an alarm.

C) The number of policy violation by a destination TCP port is also not a criterion for triggering an alarm. The security policy configuration does not specify any threshold or duration for policy violation by a destination TCP port.

policy (Security Alarms)

Monitoring Security Policy Violations

Answer : C, D

To enable inter-tenant communication with tenant system, you need to use an external router or a logical tunnel interface. The other options are incorrect because:

A) Interconnecting EVPN switch is not a valid solution for inter-tenant communication with tenant system. EVPN (Ethernet VPN) is a technology that provides layer 2 connectivity over an IP network. It can be used to connect different logical systems on the same device, but not tenant systems.Tenant systems are isolated from each other and do not share the same layer 2 domain1.

B) Interconnecting VPLS switch is also not a valid solution for inter-tenant communication with tenant system. VPLS (Virtual Private LAN Service) is another technology that provides layer 2 connectivity over an IP network. It can also be used to connect different logical systems on the same device, but not tenant systems.Tenant systems are isolated from each other and do not share the same layer 2 domain1.

Therefore, the correct answer is C and D. You need to use an external router or a logical tunnel interface to enable inter-tenant communication with tenant system. To do so, you need to perform the following steps:

For external router, you need to connect the external router to the interfaces of the tenant systems that you want to communicate with. You also need to configure the routing protocols and policies on the external router and the tenant systems to exchange routes and traffic.The external router acts as a gateway between the tenant systems and provides layer 3 connectivity2.

For logical tunnel interface, you need to create a logical tunnel interface on the device and assign it to a tenant system. You also need to configure the IP address and routing protocols on the logical tunnel interface and the tenant systems that you want to communicate with.The logical tunnel interface acts as a virtual link between the tenant systems and provides layer 3 connectivity3.

Tenant Systems Overview

Example: Configuring Inter-Tenant Communication Using External Router

Example: Configuring Inter-Tenant Communication Using Logical Tunnel Interface

Answer : B, C

To share threat intelligence from your environment with third party tools, you need to enable Juniper ATP Cloud to share threat intelligence and configure application tokens in the Juniper ATP Cloud to limit who has access. The other options are incorrect because:

A) Configuring application tokens in the SRX Series firewalls is not necessary or sufficient to share threat intelligence with third party tools.Application tokens are used to authenticate and authorize requests to the Juniper ATP Cloud API, which can be used to perform various operations such as submitting files, querying C&C feeds, and managing allowlists and blocklists1.However, to share threat intelligence with third party tools, you need to enable the TAXII service in the Juniper ATP Cloud, which is a different protocol for exchanging threat information2.

D) Enabling SRX Series firewalls to share threat intelligence with third party tools is not possible or supported.SRX Series firewalls can send potentially malicious objects and files to the Juniper ATP Cloud for analysis and receive threat intelligence from the Juniper ATP Cloud to block malicious traffic3. However, SRX Series firewalls cannot directly share threat intelligence with third party tools. You need to use the Juniper ATP Cloud as the intermediary for threat intelligence sharing.

Therefore, the correct answer is B and C. You need to enable Juniper ATP Cloud to share threat intelligence and configure application tokens in the Juniper ATP Cloud to limit who has access. To do so, you need to perform the following steps:

Enable and configure the TAXII service in the Juniper ATP Cloud. TAXII (Trusted Automated eXchange of Indicator Information) is a protocol for communication over HTTPS of threat information between parties. STIX (Structured Threat Information eXpression) is a language used for reporting and sharing threat information using TAXII. Juniper ATP Cloud can contribute to STIX reports by sharing the threat intelligence it gathers from file scanning.Juniper ATP Cloud also uses threat information from STIX reports as well as other sources for threat prevention2.To enable and configure the TAXII service, you need to select Configure > Threat Intelligence Sharing in the Juniper ATP Cloud WebUI, move the knob to the right to Enable TAXII, and move the slidebar to designate a file sharing threshold2.

Configure application tokens in the Juniper ATP Cloud. Application tokens are used to authenticate and authorize requests to the Juniper ATP Cloud API and the TAXII service. You can create and manage application tokens in the Juniper ATP Cloud WebUI by selecting Configure > Application Tokens. You can specify the name, description, expiration date, and permissions of each token. You can also revoke or delete tokens as needed.You can use the application tokens to limit who has access to your shared threat intelligence by granting or denying permissions to the TAXII service1.

Threat Intelligence Open API Setup Guide

Configure Threat Intelligence Sharing

About Juniper Advanced Threat Prevention Cloud

Answer : A, D

https://forums.juniper.net/t5/Ethernet-Switching/monitor-traffic-interface/td-p/462528

Answer : C, D, E

https://kb.juniper.net/InfoCenter/index?page=content&id=TN326&cat=&actp=LIST&showDraft=false