Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 0d 13h 51m 31s Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Juniper Exam JN0-636 Topic 6 Question 33 Discussion

Actual exam question for Juniper's JN0-636 exam
Question #: 33
Topic #: 6
[All JN0-636 Questions]

you must create a secure fabric in your company's network

In this Scenario, Which three statements are correct? (Choose Three)

Show Suggested Answer Hide Answer
Suggested Answer: B, D, E

To create a secure fabric in your company's network, you need to know the following facts:

A secure fabric is a collection of sites that contain network devices (switches, routers, firewalls, and other security devices) that are used in policy enforcement groups. A site is a grouping of network devices that contribute to threat prevention. When threat prevention policies are applied to policy enforcement groups, the system automatically discovers to which sites those groups belong.This is how threat prevention is aggregated across your secure fabric1.

MX Series devices associated with tenants can belong to multiple sites. Tenants are logical partitions of the network that can have their own security policies and enforcement points.Sites that are associated with tenants do not need switches as enforcement points, because MX Series devices can perform tenant-based policy enforcement1.

SRX Series devices can belong to only one site. SRX Series devices are firewalls that can act as perimeter enforcement points for the secure fabric. They can send potentially malicious objects and files to the Juniper ATP Cloud for analysis and receive threat intelligence from the Juniper ATP Cloud to block malicious traffic.SRX Series devices cannot belong to multiple sites, because they do not support tenant-based policy enforcement1.

A switch must be assigned to the site to enforce an infected host policy within the network. An infected host policy is a policy that blocks or quarantines hosts that are identified as infected by the Juniper ATP Cloud. A switch can act as an internal enforcement point for the secure fabric by applying the infected host policy to the hosts that are connected to it.A switch must be assigned to the site where the infected hosts are located, because SRX Series devices cannot enforce infected host policies1.

Switches and connectors cannot be added to the same site. Connectors are software agents that can be installed on Windows or Linux servers to enable them to act as enforcement points for the secure fabric. Connectors can apply infected host policies to the hosts that are connected to them. However, connectors cannot coexist with switches in the same site, because they use different methods of policy enforcement.Switches use VLANs and ACLs, while connectors use IPtables and WFP1.

Therefore, the correct answer is B, D, and E. The other options are incorrect because:

A)MX Series devices associated with tenants can belong to multiple sites, not only one site1.

C)SRX Series devices can belong to only one site, not multiple sites1.


Secure Fabric Overview

by Florinda at May 31, 2024, 04:28 PM

Limited Time Offer

25%

Off

Get Premium JN0-636 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Weldon
8 months ago
Okay, let's see here... I'm pretty sure MX devices can belong to multiple sites, and SRX devices are limited to one. But the switch and connector thing, that's a new one on me. Time to consult the Meraki documentation, I suppose.
upvoted 0 times
Reita
7 months ago
E) Switches and connectors cannot be added to the same site
upvoted 0 times
...
Veda
7 months ago
C) SRX Series devices can belong to multiple sites
upvoted 0 times
...
Kina
7 months ago
A) MX Series device associated with tenants can belong to only one site
upvoted 0 times
...
...
Caren
8 months ago
Haha, this question is a real brain-teaser! I think I got it, though. B and E are definitely not right. Gotta love these tricky networking scenarios, am I right?
upvoted 0 times
Sunny
7 months ago
D) SRX Series devices can belong to only one site
upvoted 0 times
...
Felicia
8 months ago
C) SRX Series devices can belong to multiple sites
upvoted 0 times
...
Dorthy
8 months ago
A) MX Series device associated with tenants can belong to only one site
upvoted 0 times
...
...
Iola
8 months ago
A, C, and D seem correct to me. I'm not sure about the switch and connector thing though. Guess I'll have to brush up on my Meraki networking knowledge.
upvoted 0 times
Lavonda
7 months ago
D) SRX Series devices can belong to only one site
upvoted 0 times
...
Mari
7 months ago
C) SRX Series devices can belong to multiple sites
upvoted 0 times
...
Glory
8 months ago
D) SRX Series devices can belong to only one site
upvoted 0 times
...
Elfriede
8 months ago
C) SRX Series devices can belong to multiple sites
upvoted 0 times
...
Fannie
8 months ago
A) MX Series device associated with tenants can belong to only one site
upvoted 0 times
...
Carri
8 months ago
A) MX Series device associated with tenants can belong to only one site
upvoted 0 times
...
...
Vivienne
8 months ago
I believe statement D is correct, SRX Series devices can only belong to one site to ensure proper security measures.
upvoted 0 times
...
Carissa
9 months ago
I agree with statement C, SRX Series devices can belong to multiple sites which helps in creating a secure fabric.
upvoted 0 times
...
Brunilda
9 months ago
I think statement A is correct because MX Series devices are associated with tenants.
upvoted 0 times
...

Save Cancel
a