Juniper JN0-636 Exam

You are required to secure a network against malware. You must ensure that in the event that a compromised host is identified within the network, the host is isolated from the rest of the network. In this scenario, after a threat has been identified, the two components that are responsible for enforcing MAC-level infected host are:

C) Policy Enforcer. Policy Enforcer is a software solution that integrates with Juniper ATP Cloud and Juniper ATP Appliance to provide automated threat remediation across the network. Policy Enforcer can receive threat intelligence feeds from Juniper ATP Cloud or Juniper ATP Appliance and apply them to the security policies on the SRX Series devices and the EX Series devices. Policy Enforcer can also enforce MAC-level infected host, which is a feature that allows you to quarantine a compromised host by blocking its MAC address on the switch port.Policy Enforcer can communicate with the EX Series devices and instruct them to apply the MAC-level infected host policy to the infected host1.

D) EX Series device. EX Series devices are Ethernet switches that can provide Layer 2 and Layer 3 switching capabilities and security features. EX Series devices can integrate with Policy Enforcer and Juniper ATP Cloud or Juniper ATP Appliance to provide automated threat remediation across the network. EX Series devices can support MAC-level infected host, which is a feature that allows them to quarantine a compromised host by blocking its MAC address on the switch port.EX Series devices can receive instructions from Policy Enforcer and apply the MAC-level infected host policy to the infected host2.

The other options are incorrect because:

A) SRX Series device. SRX Series devices are high-performance firewalls that can provide Layer 3 and Layer 4 security features and integrate with Juniper ATP Cloud or Juniper ATP Appliance to provide advanced threat prevention. SRX Series devices can receive threat intelligence feeds from Juniper ATP Cloud or Juniper ATP Appliance and apply them to the security policies.However, SRX Series devices cannot enforce MAC-level infected host, which is a feature that requires Layer 2 switching capabilities and is supported by EX Series devices3.

B) Juniper ATP Appliance. Juniper ATP Appliance is a hardware solution that provides advanced threat prevention by detecting and blocking malware, ransomware, and other cyberattacks. Juniper ATP Appliance can analyze the network traffic and identify the compromised hosts based on their behavior and communication patterns. Juniper ATP Appliance can also send threat intelligence feeds to Policy Enforcer and SRX Series devices to enable automated threat remediation across the network. However, Juniper ATP Appliance cannot enforce MAC-level infected host, which is a feature that requires Layer 2 switching capabilities and is supported by EX Series devices.

Policy Enforcer Overview

EX Series Switches Overview

SRX Series Services Gateways Overview

[Juniper ATP Appliance Overview]

To solve the problem of the operator user being unable to save configuration files to a USB stick that is plugged into SRX, you need to add the system-control permission flag to the operations class. The other options are incorrect because:

A) Adding the floppy permission flag to the operations class is not sufficient or necessary to save configuration files to a USB stick. The floppy permission flag allows the user to access the floppy drive, but not the USB drive.The USB drive is accessed by the system permission flag, which is already included in the operations class1.

C) Adding the interface-control permission flag to the operations class is also not sufficient or necessary to save configuration files to a USB stick. The interface-control permission flag allows the user to configure and monitor interfaces, but not to save configuration files.The configuration permission flag, which is also already included in the operations class, allows the user to save configuration files1.

D) Adding the system permission flag to the operations class is redundant and ineffective to save configuration files to a USB stick. The system permission flag allows the user to access the system directory, which includes the USB drive.However, the operations class already has the system permission flag by default1. The problem is not the lack of system permission, but the lack of system-control permission.

Therefore, the correct answer is B. You need to add the system-control permission flag to the operations class to solve the problem.The system-control permission flag allows the user to perform system-level operations, such as rebooting, halting, or snapshotting the device1.These operations are required to mount, unmount, and copy files to and from the USB drive2. To add the system-control permission flag to the operations class, you need to perform the following steps:

Enter the configuration mode: user@host> configure

Navigate to the system login class hierarchy: user@host# edit system login class operations

Add the system-control permission flag: user@host# set permissions system-control

Commit the changes: user@host# commit

login (System)

How to mount a USB drive on EX/SRX/MX/QFX Series platforms to import/export files

To create a secure fabric in your company's network, you need to know the following facts:

A secure fabric is a collection of sites that contain network devices (switches, routers, firewalls, and other security devices) that are used in policy enforcement groups. A site is a grouping of network devices that contribute to threat prevention. When threat prevention policies are applied to policy enforcement groups, the system automatically discovers to which sites those groups belong.This is how threat prevention is aggregated across your secure fabric1.

MX Series devices associated with tenants can belong to multiple sites. Tenants are logical partitions of the network that can have their own security policies and enforcement points.Sites that are associated with tenants do not need switches as enforcement points, because MX Series devices can perform tenant-based policy enforcement1.

SRX Series devices can belong to only one site. SRX Series devices are firewalls that can act as perimeter enforcement points for the secure fabric. They can send potentially malicious objects and files to the Juniper ATP Cloud for analysis and receive threat intelligence from the Juniper ATP Cloud to block malicious traffic.SRX Series devices cannot belong to multiple sites, because they do not support tenant-based policy enforcement1.

A switch must be assigned to the site to enforce an infected host policy within the network. An infected host policy is a policy that blocks or quarantines hosts that are identified as infected by the Juniper ATP Cloud. A switch can act as an internal enforcement point for the secure fabric by applying the infected host policy to the hosts that are connected to it.A switch must be assigned to the site where the infected hosts are located, because SRX Series devices cannot enforce infected host policies1.

Switches and connectors cannot be added to the same site. Connectors are software agents that can be installed on Windows or Linux servers to enable them to act as enforcement points for the secure fabric. Connectors can apply infected host policies to the hosts that are connected to them. However, connectors cannot coexist with switches in the same site, because they use different methods of policy enforcement.Switches use VLANs and ACLs, while connectors use IPtables and WFP1.

Therefore, the correct answer is B, D, and E. The other options are incorrect because:

A)MX Series devices associated with tenants can belong to multiple sites, not only one site1.

C)SRX Series devices can belong to only one site, not multiple sites1.

Secure Fabric Overview

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-profile-logical-system.html

The security trace options configuration shown in the exhibit is committed to your SRX series firewall. The following statements are correct in this scenario:

B) Once the trace has generated 10 log files, older logs will be overwritten. The files option in the traceoptions statement specifies the maximum number of trace files to keep. When a trace file reaches its maximum size, it is renamed with a numeric suffix, such as kmd.0, kmd.1, and so on, until the maximum number of files is reached. Then the oldest trace file is overwritten by the newest one.In this case, the files option is set to 10, which means that the trace will generate 10 log files and then overwrite the older ones1.

D) The file debugger will be readable only by the user who committed this configuration. The file option in the traceoptions statement specifies the name of the trace file and the permissions for the file. The permissions can be either world-readable or owner-readable.In this case, the file option is set to debugger owner-readable, which means that the trace file will be named debugger and will be readable only by the user who committed the configuration1.

The other statements are incorrect because:

A) The file debugger will not be readable by all users, but only by the user who committed this configuration, as explained above.

C) The trace will not halt after generating 10 log files, but will continue to overwrite the older ones, as explained above.

traceoptions (Security)