Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Juniper Exam JN0-636 Topic 6 Question 29 Discussion

Actual exam question for Juniper's JN0-636 exam
Question #: 29
Topic #: 6
[All JN0-636 Questions]

You are asked to control access to network resources based on the identity of an authenticated device

Which three steps will accomplish this goal on the SRX Series firewalls? (Choose three )

Show Suggested Answer Hide Answer
Suggested Answer: A, C, E

To control access to network resources based on the identity of an authenticated device on the SRX Series firewalls, you need to perform the following steps:

A) Configure an end-user-profile that characterizes a device or set of devices. An end-user-profile is a device identity profile that contains a collection of attributes that are characteristics of a specific group of devices, or of a specific device, depending on the attributes configured in the profile. The end-user-profile must contain a domain name and at least one value in each attribute.The attributes include device-identity, device-category, device-vendor, device-type, device-os, and device-os-version1.You can configure an end-user-profile by using the Junos Space Security Director or the CLI2.

C) Reference the end-user-profile in the security policy. A security policy is a rule that defines the action to be taken for the traffic that matches the specified criteria, such as source and destination addresses, zones, protocols, ports, and applications. You can reference the end-user-profile in the source-end-user-profile field of the security policy to identify the traffic source based on the device from which the traffic issued.The SRX Series device matches the IP address of the device to the end-user-profile and applies the security policy accordingly3.You can reference the end-user-profile in the security policy by using the Junos Space Security Director or the CLI4.

E) Configure the authentication source to be used to authenticate the device. An authentication source is a system that provides the device identity information to the SRX Series device. The authentication source can be Microsoft Windows Active Directory or a third-party network access control (NAC) system. You need to configure the authentication source to be used to authenticate the device and to send the device identity information to the SRX Series device.The SRX Series device stores the device identity information in the device identity authentication table5.You can configure the authentication source by using the Junos Space Security Director or the CLI6.

The other options are incorrect because:

B) Referencing the end-user-profile in the security zone is not a valid step to control access to network resources based on the identity of an authenticated device. A security zone is a logical grouping of interfaces that have similar security requirements.You can reference the user role in the security zone to identify the user who is accessing the network resources, but not the end-user-profile7.

D) Applying the end-user-profile at the interface connecting the devices is also not a valid step to control access to network resources based on the identity of an authenticated device. You cannot apply the end-user-profile at the interface level, but only at the security policy level.The end-user-profile is not a firewall filter or a security policy, but a device identity profile that is referenced in the security policy1.


End User Profile Overview

Creating an End User Profile

source-end-user-profile

Creating Firewall Policy Rules

Understanding the Device Identity Authentication Table and Its Entries

Configuring the Authentication Source for Device Identity

user-role

by Lore at Apr 23, 2024, 05:42 AM

Limited Time Offer

25%

Off

Get Premium JN0-636 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Silva
10 months ago
Finally, we should configure the authentication source to be used to authenticate the device.
upvoted 0 times
...
Theodora
10 months ago
And we also need to apply the end-user-profile at the interface connecting the devices.
upvoted 0 times
...
Sue
10 months ago
Don't forget to reference the end-user-profile in the security policy as well.
upvoted 0 times
...
Kyoko
11 months ago
Yes, that's correct. After that, we need to reference the end-user-profile in the security zone.
upvoted 0 times
...
Jovita
11 months ago
I think the first step is to configure an end-user-profile, right?
upvoted 0 times
...
Jules
12 months ago
No, that's not part of the three steps. The last step is to apply the end-user-profile at the interface connecting the devices.
upvoted 0 times
...
Nell
12 months ago
Got it. So, we configure the authentication source to be used to authenticate the device as well, right?
upvoted 0 times
...
Matthew
12 months ago
The third step is to reference the end-user-profile in the security policy.
upvoted 0 times
...
Jules
12 months ago
Yes, that's correct. And what's the third step?
upvoted 0 times
...
Nell
12 months ago
Next, we need to reference the end-user-profile in the security zone, right?
upvoted 0 times
...
Matthew
12 months ago
First, we should configure an end-user-profile that characterizes the device or set of devices.
upvoted 0 times
...
Jules
12 months ago
We need to control access to network resources based on device identity. What should we do first?
upvoted 0 times
...

Save Cancel