Security - Specialist (JNCIS-SEC) JN0-335 Exam Questions with Experts Answers Updated Recently

Juniper Identity Management Service (JIMS) is a service that collects and maintains a large database of user, device, and group information from identity sources, enabling SRX Series Service Gateways to rapidly identify users in a large, distributed enterprise1. JIMS supports the following identity sources: Microsoft Active Directory on Windows Server 2008 R2 and later, and Microsoft Exchange Server 2010 with Service Pack 3 (SP3) and later2. JIMS collects username and device IP addresses from these sources by monitoring the event logs of the Active Directory domain controllers and the Exchange servers3. JIMS does not use DNS or OpenLDAP service ports as identity sources. References:

• Juniper Identity Management Service User Guide, Introduction section
• Supported Identity Sources, Juniper Identity Management Service 1.6.0 Release Notes
• Configure Juniper Identity Management Service to Obtain User Identity Information, Junos OS Security Configuration Guide

 The error occurred because the “http” application is not defined in this context of Juniper SRX Series device configuration. One solution is to create a custom application named “http” at the [edit applications] hierarchy level (Option C). Another solution is to modify the security policy to use the built-in “junos-http” application which is predefined and doesn’t need an explicit definition (Option D). Options A and B are not correct because they do not address the root cause of the error, which is the undefined application “http”. References: The answers can be verified from Juniper’s official documentation on security policies and applications available on their website. Here are some relevant links:

• Security Policies Feature Guide for Security Devices
• Understanding Applications and Application Sets for SRX Series Devices
• Configuring Custom Applications for SRX Series Devices
• Predefined Applications for SRX Series Devices

 To track BitTorrent traffic on your network, you need to use the Security Intelligence feature, which allows you to apply actions to traffic based on predefined or custom feeds. The High_Risk_Workstations and BitTorrent_Servers are examples of custom feeds that you can create and populate with IP addresses of devices that match certain criteria. To automatically add the workstations and servers to the respective feeds, you need to use the administration-feed option under the application-services security-intelligence hierarchy. This option specifies the feed name and the action to be taken for the traffic that matches the feed. For example, to add the workstations to the High_Risk_Workstations feed and drop the traffic, you would use:

set security policies from-zone untrust policy FindThreat then permit application-services security-intelligence administration-feed High_Risk_Workstations drop

To add the servers to the BitTorrent_Servers feed and log the traffic, you would use:

set security policies from-zone untrust policy FindThreat then permit application-services security-intelligence administration-feed BitTorrent_Servers log

Option B and Option C show the correct commands for these scenarios. Option A and Option D are incorrect because they use the wrong syntax for the administration-feed option. They also use the wrong feed names, as the feeds are case-sensitive and must match the ones defined under the security-intelligence hierarchy. References: Juniper Security, Specialist (JNCIS-SEC) Reference Materials and Juniper Security, Professional (JNCIP-SEC) Reference Materials