JN0-335 Exam Dumps : Security, Specialist (JNCIS-SEC)

 To implement IPS on your SRX Series device, you need to download and install the IPS signature database. The IPS signature database contains the attack signatures and predefined attack groups that are used to detect and prevent intrusions. You can download the IPS signature database from the Juniper Networks website or from a local server. You can install the IPS signature database manually or automatically. You do not need to enroll the SRX Series device with Juniper ATP Cloud or reboot the SRX Series device to implement IPS34 References:

• Configuring the IPS Policy on SRX Series Devices Using NSM
• Installing SRX 1400 with IPS activation ??? | SRX - Juniper Networks
• Download an IPS Signature | J-Web for SRX Series 21.2 - Juniper Networks
• IPS Configuration (CLI) | Junos OS | Juniper Networks

The infected host cloud feed is a list of IP addresses that have been identified as compromised or infected by malware. The feed is updated by Juniper ATP Cloud based on the detection of malicious activity from the hosts, such as contacting known command-and-control servers. When a host on the network reaches the configured threat level threshold, its IP address is automatically added to the infected host cloud feed and blocked from communicating with any other hosts on the Internet. The other feeds are not relevant for this situation. The command-and-control cloud feed is a list of IP addresses that are known to be used by malware for remote control and communication. The allowlist and blocklist feed is a user-defined list of IP addresses that are either allowed or denied by the SRX Series device. The custom cloud feed is a user-defined list of IP addresses that are associated with a specific category or threat level. References:

• Infected Hosts: More Information
• Juniper’s Attacker IP feed bolsters threat protection with SecIntel
• ATP Appliance and SRX Series Threat Level Comparison Chart