JN0-336 Question #75: Real Exam Question with Answer & Explanation

Question

Options

• APackets from the infected hosts with a threat level of 8 will be dropped and a log message will be
• BPackets from the infected hosts with a threat level of 8 or above will be dropped and a log message
• CPackets from the infected hosts with a threat level of 8 or above will be dropped and no log message
• DPackets from the infected hosts with a threat level of 8 will be dropped and no log message will be

Explanation

The exhibit shows a configuration snippet for security intelligence on an SRX Series device. Security intelligence is a feature that allows you to block or monitor traffic from malicious sources based on threat intelligence feeds from Juniper ATP Cloud or other providers. The configuration defines a profile for ATP Infected-Hosts, which is a feed that contains IP addresses of hosts that are infected with malware and communicate with command-and-control servers. The configuration also defines a rule for threat level 8, which is a parameter that indicates the severity of the threat. Based on this configuration, the SRX Series device will do the following: Packets from the infected hosts with a threat level of 8 or above will be dropped: The action block-and- drop under the rule means that the device will block any traffic from the infected hosts that have a threat level equal to or higher than 8. This will prevent the hosts from sending or receiving malicious commands No log message will be generated: The absence of any log option under the rule means that the device will not generate any log message for the blocked traffic. This may reduce the load on the device and the logging server, but it may also limit the visibility and analysis of the security events. Reference: = Security Intelligence Theory, Firewall Filter Support on Loopback Interface

No community discussion yet for this question.