Pass the Juniper JNCIS-SEC JN0-335 Questions and answers with CertsForce

Referring to the SRX Series flow module diagram shown in the exhibit, application security is processed at the Services ALGs stage. Application Layer Gateways (ALGs) are software components that enable the SRX Series device to provide application-level security for specific protocols and applications1.

ALGs inspect the application layer payload of packets and perform various actions, such as modifying the payload, opening pinholes, creating sessions, applying security policies, and enforcing application-specific behavior12.

ALGs are required for protocols and applications that embed IP address information or port numbers in the application layer data, that open secondary connections, or that are dynamically assigned ports1. Some examples of protocols and applications that require ALGs are FTP, SIP, H.323, RTSP, PPTP, and DNS2.

ALGs are configured as part of the security policy and are applied to the traffic that matches the policy criteria. ALGs can also be enabled or disabled globally or per zone12.

References:

1: Application Layer Gateways Overview

2: Application Layer Gateways Feature Guide for Security Devices

The vSRX is a virtual firewall that offers the same features as the physical SRX Series firewalls, but in a virtualized form factor. It supports next-generation firewall (NGFW) capabilities, networking, and automated lifecycle management. It also integrates with cloud orchestration tools and software-defined networking (SDN) solutions1

The vSRX supports VMXNET3 vNICs, which are optimized for performance in virtualized environments. VMXNET3 vNICs offer enhanced networking features such as jumbo frames, hardware offloads, and multicast filtering2

The vSRX runs on Linux as the base OS, which provides a stable and secure platform for the Junos OS and the firewall functionality. Linux also enables the vSRX to leverage the native hypervisor drivers and APIs for better performance and compatibility3

References: 1: vSRX Virtual Firewall | Juniper Networks US 2: vSRX Virtual Firewall for VMware - TechLibrary - Juniper Networks 3: vSRX Overview - TechLibrary - Juniper Networks

The fab interface is a physical connection between two nodes of a chassis cluster that is used to forward traffic and synchronize session state between the nodes. The fab interface can be any pair of Ethernet interfaces on the same LAN, but they must be the same media type. You need to specify the physical interfaces to be used for the fab link in the configuration, as the system does not determine them automatically. The Junos OS supports only one fab link per node, and it does not support traditional interface features such as IP addressing, routing protocols, or firewall filters. The fab interface is assigned an internally derived IP address by the system for packet transmission. Thefab link also does not support fragmentation, so the MTU size of the fab interface must be equal to or greater than the MTU size of the largest interface in the cluster. References:

Chassis Cluster Fabric Interfaces

HA Chassis cluster, difference between Swfab and Fab

Unified policies are security policies that enable you to use dynamic applications as match conditions along with the existing 5-tuple or 6-tuple (with user firewall) match conditions to detect application changes over time3 If the traffic matches the security policy rule, one or more actions defined in the policy are applied to the traffic3 During the initial policy lookup phase, which occurs prior to a dynamic application being identified, if there are multiple policies in the potential policy list, the SRX Series Firewall applies the default security policy until a more explicit match has occurred2 The policy that best matches the application is the final policy2 APPID results are used to determine the final security policy1 References:

1: Unified Security Policies | Junos OS | Juniper Networks

2: Unified Policies Support for Flow | Junos OS | Juniper Networks

3: Unified Policy Overview - TechLibrary - Juniper Networks

References: IDP Policy Rules and IDP Rule Bases, rulebase-ips, Exam Name: Security, Specialist (JNCIS-SEC) Version: DEMO - Lead2Pass

 JIMS domain PC probes are a mechanism to obtain username to IP address mapping information from devices in a customer’s domain. JIMS initiates a domain PC probe when it receives a request from an SRX Series device for a username to IP address mapping that is not found in the domain security event log. JIMS uses the administrative credentials configured for PC probes to access the device and query the Windows Management Instrumentation (WMI) service for the username to IP address mapping12 References:

1: Juniper Identity Management Service Feature Guide - TechLibrary - Juniper Networks

2: Juniper Identity Management Service (JIMS) Documentation - Juniper Networks

 Juniper Secure Analytics (JSA) is a security information and event management (SIEM) system that consolidates, analyzes, and manages surveillance data from network devices, endpoints, and applications1

JSA uses two features to configure alerts based on certain criteria: building blocks and events2

Building blocks are reusable components that define common characteristics of network activity, such as IP addresses, ports, protocols, usernames, or threat categories. Building blocks can be used to create custom rules, searches, reports, and filters that can trigger alerts when certain conditions are met2

Events are records of network activity that are collected and normalized by JSA. Events can be classified into different categories, such as offenses, flows, logs, or anomalies. Events can also be correlated with other data sources, such as vulnerability scanners, threat intelligence feeds, or asset databases, to provide more context and insight. Events can trigger alerts when they match predefined or custom rules that specify the severity, frequency, or duration of the activity2

References: 1: JSA Series Secure Analytics - Juniper Networks 2: Juniper Secure Analytics Users Guide

JIMS server relies on the timestamps of the event logs to track the user and device status events. If the timestamps are out of order, JIMS server might miss some events or process them incorrectly, leading to unexpected issues. To avoid this, you shouldenable time synchronization on the JIMS server with an Internet time server or a domain controller12. This will ensure that the JIMS server has the correct time and can process the event logs in the right order. References:

Juniper Identity Management Service User Guide

JIMS Administrative User Interface and Configuration

Synchronize Clock with an Internet Time Server in Windows 10

Configuring JIMS for an SRX Device

Add JIMS Configuration

AppTrack: Tracks and reports applications passing through

the device.

• Intrusion Detection and Prevention (IDP): Applies

appropriate attack objects to applications running on

nonstandard ports. Application identification improves IDP

performance by narrowing the scope of attack signatures

for applications without decoders.

• AppFW: Implements an application firewall using

application-based rules.

• AppQoS: Provides quality-of-service (QoS) prioritization

based on application awareness

The AppSecure AppTrack service module is a logging and reporting tool used to share information about application visibility. Once AppID identifies an application, AppTrack notonly monitors and records its usage, it also sends regular application activity update messages. Since these messages are sent by syslog, they can be read by any compatible third-party device, including Juniper Networks JSA Series Secure Analytics Appliances and Contrail Service Orchestration.https://www.juniper.net/content/dam/www/assets/solution-briefs/us/en/appsecure-application-visibility-and-control.pdf

= The vSRX is a virtual firewall that offers the same features as the physical SRX Series firewalls, but in a virtualized form factor for delivering security services that scale to match network demand. The vSRX supports Juniper Contrail Networking and third-party software-defined networking (SDN) solutions, which enable dynamic and automated network provisioning and management. The vSRX also integrates with cloud orchestration tools such as OpenStack, which allow for flexible deployment and configuration of virtual machines and networks. The vSRX provides granular security for the workloads that run within the virtual network on the public or private cloud. It supports next-generation firewall capabilities, such as application security, intrusion prevention, user identity, and role-based access control. It also supports advanced threat prevention features, such as malware sandboxing, threat intelligence feeds, and encrypted traffic inspection. The vSRX can protect the network from both internal and external threats, and enforce consistent security policies across the entire network. References:

vSRX Virtual Firewall | Juniper Networks US

vSRX Documentation | Juniper Networks

Understand vSRX Virtual Firewall with Microsoft Azure Cloud