New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Juniper Exam JN0-636 Topic 5 Question 26 Discussion

Actual exam question for Juniper's JN0-636 exam
Question #: 26
Topic #: 5
[All JN0-636 Questions]

you must create a secure fabric in your company's network

In this Scenario, Which three statements are correct? (Choose Three)

Show Suggested Answer Hide Answer
Suggested Answer: B, D, E

To create a secure fabric in your company's network, you need to know the following facts:

A secure fabric is a collection of sites that contain network devices (switches, routers, firewalls, and other security devices) that are used in policy enforcement groups. A site is a grouping of network devices that contribute to threat prevention. When threat prevention policies are applied to policy enforcement groups, the system automatically discovers to which sites those groups belong.This is how threat prevention is aggregated across your secure fabric1.

MX Series devices associated with tenants can belong to multiple sites. Tenants are logical partitions of the network that can have their own security policies and enforcement points.Sites that are associated with tenants do not need switches as enforcement points, because MX Series devices can perform tenant-based policy enforcement1.

SRX Series devices can belong to only one site. SRX Series devices are firewalls that can act as perimeter enforcement points for the secure fabric. They can send potentially malicious objects and files to the Juniper ATP Cloud for analysis and receive threat intelligence from the Juniper ATP Cloud to block malicious traffic.SRX Series devices cannot belong to multiple sites, because they do not support tenant-based policy enforcement1.

A switch must be assigned to the site to enforce an infected host policy within the network. An infected host policy is a policy that blocks or quarantines hosts that are identified as infected by the Juniper ATP Cloud. A switch can act as an internal enforcement point for the secure fabric by applying the infected host policy to the hosts that are connected to it.A switch must be assigned to the site where the infected hosts are located, because SRX Series devices cannot enforce infected host policies1.

Switches and connectors cannot be added to the same site. Connectors are software agents that can be installed on Windows or Linux servers to enable them to act as enforcement points for the secure fabric. Connectors can apply infected host policies to the hosts that are connected to them. However, connectors cannot coexist with switches in the same site, because they use different methods of policy enforcement.Switches use VLANs and ACLs, while connectors use IPtables and WFP1.

Therefore, the correct answer is B, D, and E. The other options are incorrect because:

A)MX Series devices associated with tenants can belong to multiple sites, not only one site1.

C)SRX Series devices can belong to only one site, not multiple sites1.


Secure Fabric Overview

Contribute your Thoughts:

Sonia
7 months ago
Candidate 6: Candidate 5, I think statement A) is correct. MX Series device associated with tenants can indeed belong to only one site. So, I agree with your choice of statements B) and E) as well.
upvoted 0 times
...
Gail
7 months ago
Candidate 5: I agree with candidate 4. I believe that statement B) and E) are correct. But I'm not sure about statement A), do you think it's true?
upvoted 0 times
...
Jesusita
7 months ago
Candidate 4: I see your point, candidate 3. I also believe that statement B) is correct. However, I think statement E) is true since switches and connectors cannot be added to the same site.
upvoted 0 times
...
Demetra
7 months ago
Candidate 3: I disagree with statement D) because in my opinion, SRX Series devices can belong to multiple sites. I think statement B) is correct as a switch must be assigned to enforce an infected host policy.
upvoted 0 times
...
Fletcher
7 months ago
Candidate 2: I agree with your view on statement A) and C), but I also believe that statement D) is correct as SRX Series devices can belong to only one site.
upvoted 0 times
...
Claribel
8 months ago
Candidate 1: I think statement A) and C) are correct because SRX Series devices can belong to multiple sites and MX Series device associated with tenants can belong to only one site.
upvoted 0 times
...

Save Cancel