JN0-335 Exam Dumps : Security, Specialist (JNCIS-SEC)

 To create a security policy that will automatically add infected hosts to the infected hosts feed and block further communication through the SRX Series device, you need to add a security intelligence policy to the permit portion of the security policy. A security intelligence policy is a set of rules that defines the actions to be taken for traffic thatmatches a specific category of threat feeds, such as infected hosts, command and control servers, or botnets. By adding a security intelligence policy to the permit portion of the security policy, you can enable the SRX Series device to dynamically update the infected hosts feed based on the advanced anti-malware policy results, and block the traffic from or to the infected hosts. Options B, C, and D are not correct because they do not enable the automatic addition of infected hosts to the feed or the blocking of their communication. References: The answer can be verified from Juniper’s official documentation on security intelligence and advanced anti-malware available on their website. Here are some relevant links:

• Security Intelligence Feature Guide for Security Devices
• Advanced Anti-Malware Feature Guide for Security Devices
• Configuring Security Intelligence Policy on the SRX Series Device
• [Configuring Advanced Anti-Malware Policy on the SRX Series Device]

= The vSRX is a virtual firewall that offers the same features as the physical SRX Series firewalls, but in a virtualized form factor for delivering security services that scale to match network demand. The vSRX supports Juniper Contrail Networking and third-party software-defined networking (SDN) solutions, which enable dynamic and automated network provisioning and management. The vSRX also integrates with cloud orchestration tools such as OpenStack, which allow for flexible deployment and configuration of virtual machines and networks. The vSRX provides granular security for the workloads that run within the virtual network on the public or private cloud. It supports next-generation firewall capabilities, such as application security, intrusion prevention, user identity, and role-based access control. It also supports advanced threat prevention features, such as malware sandboxing, threat intelligence feeds, and encrypted traffic inspection. The vSRX can protect the network from both internal and external threats, and enforce consistent security policies across the entire network. References:

• vSRX Virtual Firewall | Juniper Networks US
• vSRX Documentation | Juniper Networks
• Understand vSRX Virtual Firewall with Microsoft Azure Cloud

JIMS server is a Windows service application that collects and maintains user, device, and group information from Active Directory domains or syslog sources. JIMS server uses the Windows event logs to obtain user login and logout information from the domain controllers and Exchange servers. Therefore, to enable JIMS server to view the event logs, you need to perform the following actions:

• Enable remote event log management within Windows Firewall on the necessary domain controllers and Exchange servers. This allows JIMS server to access the event logs on these servers remotely. You can do this by using the Windows Firewall with Advanced Security snap-in or by using the netsh command. For example, to enable remote event log management on a domain controller, you can use the following command:

netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes

• Enable remote event log management within Windows Firewall on the JIMS server. This allows JIMS server to receive the event logs from the domain controllers and Exchange servers. You can do this by using the same method as above. For example, to enable remote event log management on the JIMS server, you can use the following command:

netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes

Option C and Option D show the correct actions for solving this issue. Option A and Option B are incorrect because they are not related to the JIMS server’s ability to view the event logs. Host-inbound-traffic rules are used to control the traffic that is allowed to reach the SRX Series devices, not the JIMS server. Enabling remote event log management on the Exchange servers is not necessary if JIMS server does not need to collect user information from them.

References: Juniper Security, Specialist (JNCIS-SEC) Reference Materials and Juniper Security, Professional (JNCIP-SEC) Reference Materials