Which two statements are correct about the Junos IPS feature? (Choose two.)
Correct Answer: A,D
Explanation The Junos IPS feature is a security service that is integrated on SRX Series devices, which are high-performance network security platforms that offer firewall, VPN, IPS, application security, and unified threat management capabilities. The Junos IPS feature uses various methods to detect and prevent intrusions, such as signature-based detection, protocol anomaly detection, behavioral anomaly detection, and custom signatures. Signature-based detection compares network traffic against predefined patterns of known attacks and blocks traffic when a match is found. Protocol anomaly detection monitors network traffic for deviations from the expected or normal behavior of common protocols, such as HTTP, FTP, SMTP, and DNS, and blocks traffic when an anomaly is detected. Behavioral anomaly detection monitors network traffic forchanges in the baseline behavior of hosts, networks, or applications, and blocks traffic when a significant deviation is detected. Custom signatures allow administrators to create their own patterns of attacks based on specific criteria, such as IP addresses, ports, protocols, or payload content, and block traffic when a match is found. The Junos IPS feature does not use sandboxing to detect unknown attacks, as this is a function of the Juniper ATP Cloud service, which is a cloud-based service that provides advanced malware detection and prevention for the network. The Junos IPS feature is not a standalone platform, but rather a service that runs on SRX Series devices, which can be deployed as physical or virtual appliances. References: [Juniper Security, Professional (JNCIP-SEC) Reference Materials] 1 [Juniper Security, Specialist (JNCIS-SEC) Reference Materials] 2 [Junos OS Security Configuration Guide] 3 [Junos OS Security Feature Guide] 4 [Junos OS Security Feature Support Reference] 5
Question 22
Exhibit Referring to the exhibit which statement is true?
Correct Answer: C
Question 23
Exhibit Referring to the exhibit, which two statements describe the type of proxy used? (Choose two.)
Correct Answer: C,D
Question 24
Which two statements are correct about security policy changes when using the policy rematch feature? (Choose two.)
Correct Answer: C,D
Explanation The policy rematch feature enables the device to reevaluate an active session when its associated security policy is modified. The session remains open if it still matches the policy that allowed the session initially. The session is closed if its associated policy is renamed, deactivated, or deleted1 When a policy change includes changing the policy's action from permit to deny, all existing sessions are dropped. This is because the policy rematch feature does not allow a session to continue if it violates the new policy action1 When a policy change includes changing the policy's source or destination address match condition, all existing sessions are reevaluated. This is because the policy rematch feature tries to find a suitable policy that can still permit the session based on the new address criteria. If no such policy exists, the session is dropped12 References: 1: policy-rematch | Junos OS | Juniper Networks 2: What is session rematch and how to use it to avoid traffic disruption during a policy update via NSM - Juniper Networks
Question 25
You want to collect events and flows from third-party vendors. Which solution should you deploy to accomplish this task?
