Juniper JN0-335 Exam With Confidence Using Practice Dumps

• Referring to the SRX Series flow module diagram shown in the exhibit, application security is processed at the Services ALGs stage. Application Layer Gateways (ALGs) are software components that enable the SRX Series device to provide application-level security for specific protocols and applications1.
• ALGs inspect the application layer payload of packets and perform various actions, such as modifying the payload, opening pinholes, creating sessions, applying security policies, and enforcing application-specific behavior12.
• ALGs are required for protocols and applications that embed IP address information or port numbers in the application layer data, that open secondary connections, or that are dynamically assigned ports1. Some examples of protocols and applications that require ALGs are FTP, SIP, H.323, RTSP, PPTP, and DNS2.
• ALGs are configured as part of the security policy and are applied to the traffic that matches the policy criteria. ALGs can also be enabled or disabled globally or per zone12.

References:

• 1: Application Layer Gateways Overview
• 2: Application Layer Gateways Feature Guide for Security Devices

The SRX Series device will drop packets from the infected hosts with a threat level of 8 and no log message will be generated. This is because the security intelligence profile “ATP_Infected-Hosts” has a rule “Rule-1” that matches packets with a threat level of 8 and the action is to block and drop them. There is no log option specified in the action, so no log message will be generated. Options A and B are not correct because the rule only matches packets with a threat level of 8, not 8 or above. Option C is not correct because the action is to drop, not permit, the packets. References: The answer can be verified from Juniper’s official documentation on security intelligence available on their website. Here are some relevant links:

• Security Intelligence Feature Guide for Security Devices
• security-intelligence | Junos OS
• Configure the Security Intelligence Policy on the SRX Series Device

JIMS server is a Windows service application that collects and maintains user, device, and group information from Active Directory domains or syslog sources. JIMS server uses the Windows event logs to obtain user login and logout information from the domain controllers and Exchange servers. Therefore, to enable JIMS server to view the event logs, you need to perform the following actions:

• Enable remote event log management within Windows Firewall on the necessary domain controllers and Exchange servers. This allows JIMS server to access the event logs on these servers remotely. You can do this by using the Windows Firewall with Advanced Security snap-in or by using the netsh command. For example, to enable remote event log management on a domain controller, you can use the following command:

netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes

• Enable remote event log management within Windows Firewall on the JIMS server. This allows JIMS server to receive the event logs from the domain controllers and Exchange servers. You can do this by using the same method as above. For example, to enable remote event log management on the JIMS server, you can use the following command:

netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes

Option C and Option D show the correct actions for solving this issue. Option A and Option B are incorrect because they are not related to the JIMS server’s ability to view the event logs. Host-inbound-traffic rules are used to control the traffic that is allowed to reach the SRX Series devices, not the JIMS server. Enabling remote event log management on the Exchange servers is not necessary if JIMS server does not need to collect user information from them.

References: Juniper Security, Specialist (JNCIS-SEC) Reference Materials and Juniper Security, Professional (JNCIP-SEC) Reference Materials