JN0-335 Exam Dumps : Security, Specialist (JNCIS-SEC)

Juniper ATP Cloud is a cloud-based service that provides advanced threat prevention for SRX Series devices. Juniper ATP Cloud can inspect files for malware by sending them to the cloud or performing a hash lookup. To reduce delays in the inspection of files, Juniper ATP Cloud performs the following two functions12:

• Juniper ATP Cloud allows the creation of allowlists. Allowlists are lists of trusted files or domains that are not sent to the cloud for inspection. This reduces the network traffic and the processing time for the files that are known to be safe. You can create allowlists from the Juniper ATP Cloud Web UI or the SRX Series device CLI.
• Juniper ATP Cloud performs a cache lookup on files. Cache lookup is a feature that checks if a file has been previously scanned by Juniper ATP Cloud and returns the cached verdict. This avoids sending the same file to the cloud again and saves bandwidth and time. Cache lookup is enabled by default and can be configured from the SRX Series device CLI. References:
• Juniper ATP Cloud User Guide
• Juniper ATP Cloud Deployment Guide for SRX Series Devices

JIMS server is a Windows service application that collects and maintains user, device, and group information from Active Directory domains or syslog sources. JIMS server uses the Windows event logs to obtain user login and logout information from the domain controllers and Exchange servers. Therefore, to enable JIMS server to view the event logs, you need to perform the following actions:

• Enable remote event log management within Windows Firewall on the necessary domain controllers and Exchange servers. This allows JIMS server to access the event logs on these servers remotely. You can do this by using the Windows Firewall with Advanced Security snap-in or by using the netsh command. For example, to enable remote event log management on a domain controller, you can use the following command:

netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes

• Enable remote event log management within Windows Firewall on the JIMS server. This allows JIMS server to receive the event logs from the domain controllers and Exchange servers. You can do this by using the same method as above. For example, to enable remote event log management on the JIMS server, you can use the following command:

netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes

Option C and Option D show the correct actions for solving this issue. Option A and Option B are incorrect because they are not related to the JIMS server’s ability to view the event logs. Host-inbound-traffic rules are used to control the traffic that is allowed to reach the SRX Series devices, not the JIMS server. Enabling remote event log management on the Exchange servers is not necessary if JIMS server does not need to collect user information from them.

References: Juniper Security, Specialist (JNCIS-SEC) Reference Materials and Juniper Security, Professional (JNCIP-SEC) Reference Materials

 The show security policies policy-name detail command shows policy counters for a configured policy. Policy counters display the number of packets and bytes that match the policy, as well as the number of sessions that are created, denied, or closed by the policy. Policy counters can help monitor and troubleshoot the traffic flow and security policy enforcement on the SRX firewall1.

The show security policies policy-name detail command does not display details about the default security policy, which is the implicit policy that is applied when no other policy matches the traffic. The default security policy can be viewed by using the show security policies default-policy command2.

The show security policies policy-name detail command does not identify the different custom policies enabled, which are the user-defined policies that specify the action and conditions for the traffic between zones. The custom policies can be viewed by using the show security policies command without any options1.

The show security policies policy-name detail command does not show the system log files for the local SRX Series device, which are the files that record the events and messages generated by the device. The system log files can be viewed by using the show log command with the name of the file3. References:

• 1: show security policies | Junos OS | Juniper Networks
• 2: Understanding Default Security Policies | Junos OS | Juniper Networks
• 3: show log | Junos OS | Juniper Networks