Juniper Security, Specialist JN0-335 Exam Questions

Answer : A, C

According to the Juniper Networks JNCIS-SEC Study Guide, Juniper ATP Cloud sets target thresholds for security events and then continuously scans the environment for any activity that exceeds this threshold. Once the threshold is met, Juniper ATP Cloud continues looking for threats for a period of 0 to 5 minutes. The threat levels range from 0 to 10, with 0 being the lowest and 10 being the highest.

Answer : C

According to the Juniper Networks JNCIS-SEC Study Guide, when you set up your command-and-control (C&C) category with Juniper ATP Cloud, all of the feeds will initially have zero objects in them. This is normal, as it can take a few minutes for the feeds to download. No action is required in this scenario and you will notice the feeds start to populate with objects once the download is complete.

Answer : B, C

static attack object groups are predefined groups of attack objects that are included in Juniper's IPS signature database.These groups do not change automatically when Juniper updates the database2.

Answer : A, C

The two tasks that must be completed before a configuration for IPS on an SRX Series device will work are downloading the IPS signature database and installing the IPS signature database. The Security, Specialist (JNCIS-SEC) Study guide provides further information on how to download and install the IPS signature database. Enrolling the SRX Series device with Juniper ATP Cloud is not necessary to make a configuration work, and rebooting the SRX Series device is not required either.

Answer : B

Answer : A, B

The fab interface is a fabric link that connects the two nodes in a chassis cluster. A chassis cluster is a high-availability feature that groups two identical SRX Series devices into a cluster that acts as a single device. The fab interface has two functions:

Real-time objects (RTOs) are exchanged on the fab interface to maintain session synchronization: RTOs are data structures that store information about active sessions, such as source and destination IP addresses, ports, protocols, and security policies. RTOs are exchanged between the nodes on the fab interface to ensure that both nodes have the same session information and can take over the traffic in case of a failover.

In an active/active configuration, inter-chassis transit traffic is sent over the fab interface: In an active/active configuration, both nodes in a cluster can process traffic for different redundancy groups (RGs). RGs are collections of interfaces or services that fail over together from one node to another. If traffic needs to transit from one RG to another RG that is active on a different node, it is sent over the fab interface.

Answer : B, D

Two statements that are true about Juniper ATP Cloud are:

Juniper ATP Cloud uses multiple antivirus software packages to analyze files: Juniper ATP Cloud is a cloud-based service that provides advanced threat prevention and detection for your network. It integrates with SRX Series firewalls and MX Series routers to analyze files and network traffic for signs of malicious activity. Juniper ATP Cloud uses multiple antivirus software packages from different vendors to scan files for known malware signatures and provide a comprehensive verdict based on their results.

Juniper ATP Cloud does not use antivirus software packages to protect against zero-day threats: Juniper ATP Cloud protects against zero-day threats by using dynamic analysis, not antivirus software packages. Dynamic analysis is a method of executing files in a sandbox environment and observing their behavior and network interactions. Dynamic analysis can uncover unknown malware that may evade static analysis or signature-based detection methods.