JN0-335 Exam Dumps : Security, Specialist (JNCIS-SEC)

The infected host cloud feed is a list of IP addresses that have been identified as compromised or infected by malware. The feed is updated by Juniper ATP Cloud based on the detection of malicious activity from the hosts, such as contacting known command-and-control servers. When a host on the network reaches the configured threat level threshold, its IP address is automatically added to the infected host cloud feed and blocked from communicating with any other hosts on the Internet. The other feeds are not relevant for this situation. The command-and-control cloud feed is a list of IP addresses that are known to be used by malware for remote control and communication. The allowlist and blocklist feed is a user-defined list of IP addresses that are either allowed or denied by the SRX Series device. The custom cloud feed is a user-defined list of IP addresses that are associated with a specific category or threat level. References:

• Infected Hosts: More Information
• Juniper’s Attacker IP feed bolsters threat protection with SecIntel
• ATP Appliance and SRX Series Threat Level Comparison Chart

The SRX Series device will drop packets from the infected hosts with a threat level of 8 and no log message will be generated. This is because the security intelligence profile “ATP_Infected-Hosts” has a rule “Rule-1” that matches packets with a threat level of 8 and the action is to block and drop them. There is no log option specified in the action, so no log message will be generated. Options A and B are not correct because the rule only matches packets with a threat level of 8, not 8 or above. Option C is not correct because the action is to drop, not permit, the packets. References: The answer can be verified from Juniper’s official documentation on security intelligence available on their website. Here are some relevant links:

• Security Intelligence Feature Guide for Security Devices
• security-intelligence | Junos OS
• Configure the Security Intelligence Policy on the SRX Series Device

Unified policies are security policies that enable you to use dynamic applications as match conditions along with the existing 5-tuple or 6-tuple (with user firewall) match conditions to detect application changes over time3 If the traffic matches the security policy rule, one or more actions defined in the policy are applied to the traffic3 During the initial policy lookup phase, which occurs prior to a dynamic application being identified, if there are multiple policies in the potential policy list, the SRX Series Firewall applies the default security policy until a more explicit match has occurred2 The policy that best matches the application is the final policy2 APPID results are used to determine the final security policy1 References:

• 1: Unified Security Policies | Junos OS | Juniper Networks
• 2: Unified Policies Support for Flow | Junos OS | Juniper Networks
• 3: Unified Policy Overview - TechLibrary - Juniper Networks