Most Recent Juniper JN0-636 Exam Questions & Answers

The suspicious_Endpoints feed is a dynamic address group that is created by Juniper ATP Cloud based on the IoT device discovery and policy enforcement feature. This feature allows the SRX Series device to send IoT traffic to Juniper ATP Cloud for analysis and classification. Juniper ATP Cloud then creates a threat feed that contains the IP addresses of the suspicious IoT devices and sends it back to the SRX Series device. The SRX Series device can then use this feed to create and enforce security policies for the IoT traffic. The suspicious_Endpoints feed is usable by any SRX Series device that is a part of the same realm as SRX-1, because the feed is shared among the devices that belong to the same Juniper ATP Cloud realm. Juniper ATP Cloud automatically creates the suspicious_Endpoints feed after you commit the security policy that references the feed, because the feed is dynamically generated based on the IoT traffic analysis. You do not need to manually create the feed in the Juniper ATP Cloud interface.Reference:

Example- Configure IoT Device Discovery and Policy Enforcement

Juniper Advanced Threat Prevention Cloud Policy Overview

Referring to the exhibit, your company's infrastructure team implemented new printers. To make sure that the policy enforcer pushes the updated IP address list to the SRX, you need to perform the following actions:

A) Configure the server feed URL as http://172.25.10.254/myprinters. The server feed URL is the address of the remote server that provides the custom feed data. You need to configure the server feed URL to match the location of the file that contains the IP addresses of the new printers.In this case, the file name is myprinters and the server IP address is 172.25.10.254, so the server feed URL should be http://172.25.10.254/myprinters1.

B) Create a security policy that uses the dynamic address feed to allow access. A security policy is a rule that defines the action to be taken for the traffic that matches the specified criteria, such as source and destination addresses, zones, protocols, ports, and applications. You need to create a security policy that uses the dynamic address feed as the source or destination address to allow access to the new printers. A dynamic address feed is a custom feed that contains a group of IP addresses that can be entered manually or imported from external sources.The dynamic address feed can be used in security policies to either deny or allow traffic based on either source or destination IP criteria2.

C) Configure Security Director to create a dynamic address feed. Security Director is a Junos Space application that enables you to create and manage security policies and objects. You need to configure Security Director to create a dynamic address feed that contains the IP addresses of the new printers. You can create a dynamic address feed by using the local file or the remote file server option.In this case, you should use the remote file server option and specify the server feed URL as http://172.25.10.254/myprinters3.

The other options are incorrect because:

D) Configuring Security Director to create a C&C feed is not required to complete the requirement. A C&C feed is a security intelligence feed that contains the IP addresses of servers that are used by malware or attackers to communicate with infected hosts. The C&C feed is not related to the new printers or the dynamic address feed.

E) Configuring the server feed URL as https://172.25.10.254/myprinters is not required to complete the requirement. The server feed URL can use either the HTTP or the HTTPS protocol, depending on the configuration of the remote server.In this case, the exhibit shows that the remote server is using the HTTP protocol, so the server feed URL should use the same protocol1.

Configuring the Server Feed URL

Dynamic Address Overview

Creating Custom Feeds

[Command and Control Feed Overview]

Juniper ATP Cloud provides zero-day malware protection for non-Juniper firewalls. It's a cloud-based service that analyzes files and network traffic to detect and prevent known and unknown (zero-day) threats. It uses a combination of static and dynamic analysis techniques, as well as machine learning, to detect and block malicious files, even if they are not known to traditional anti-virus software. It also provides real-time visibility and detailed forensics for incident response and remediation.

According to the Juniper documentation, a custom block list feed is a user-defined list of IP addresses or URLs that are considered malicious or unwanted. A custom block list feed can be configured to override the default Juniper Seclntel block list feed, which is a cloud-based service that provides a list of known malicious IP addresses and URLs. To override the Juniper Seclntel block list feed, the custom block list feed must have a higher priority value than the Juniper Seclntel block list feed. In the exhibit, the custom block list feed has a priority value of 10, which is higher than the default priority value of 5 for the Juniper Seclntel block list feed. Therefore, this custom block list feed will be used instead of the Juniper Seclntel block list feed.Reference: : [Configuring Custom Block List Feeds]

Juniper ATP Cloud is a cloud-based service that provides advanced threat prevention and detection for SRX Series devices. To enroll an SRX Series device with Juniper ATP Cloud, you need to have a valid license and authorization code, and you need to run a Junos OS op script on the device. The op script performs the following tasks:

Downloads and installs certificate authority (CA) licenses onto your SRX Series device.

Creates local certificates and enrolls them with the cloud server.

Performs basic Juniper ATP Cloud configuration on the SRX Series device.

Establishes a secure connection to the cloud server.

You can run the op script either by copying the CLI command from the Juniper ATP Cloud Web Portal and running it on the device, or by using theenrollcommand on the device. The op script is the only way to enroll an SRX Series device with Juniper ATP Cloud. You cannot enroll the device manually or by using other methods.

The other statements in the question are incorrect for the following reasons:

If a device is already enrolled in a realm and you enroll it in a new realm, none of the device data or configuration information is propagated to the new realm. This includes history, infected hosts feeds, logging, API tokens, and administrator accounts. You can view and change the realm association of a device from the Realm Management page in the Juniper ATP Cloud Web Portal.

The only way to enroll an SRX Series device is not to interact with the Juniper ATP Cloud Web Portal. You can also use theenrollcommand on the device, which performs all the necessary enrollment steps without requiring you to access the Web Portal.

When the license expires, the SRX Series device is not disenrolled from Juniper ATP Cloud without a grace period. The device enters a grace period of 30 days, during which it can still send files to the cloud for inspection and receive threat intelligence feeds. After the grace period, the device is disenrolled and stops communicating with the cloud.

How to Enroll Your SRX Series Firewalls in Juniper Advanced Threat Prevention (ATP) Cloud Using Policy Enforcer

Enroll an SRX Series Firewall using Juniper ATP Cloud Web Portal

ATP Cloud | Step 2: Up and Running

Enroll an SRX Series Firewall Using the CLI