Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Juniper Exam JN0-636 Topic 6 Question 29 Discussion

Actual exam question for Juniper's JN0-636 exam
Question #: 29
Topic #: 6
[All JN0-636 Questions]

You are asked to control access to network resources based on the identity of an authenticated device

Which three steps will accomplish this goal on the SRX Series firewalls? (Choose three )

Show Suggested Answer Hide Answer
Suggested Answer: A, C, E

To control access to network resources based on the identity of an authenticated device on the SRX Series firewalls, you need to perform the following steps:

A) Configure an end-user-profile that characterizes a device or set of devices. An end-user-profile is a device identity profile that contains a collection of attributes that are characteristics of a specific group of devices, or of a specific device, depending on the attributes configured in the profile. The end-user-profile must contain a domain name and at least one value in each attribute.The attributes include device-identity, device-category, device-vendor, device-type, device-os, and device-os-version1.You can configure an end-user-profile by using the Junos Space Security Director or the CLI2.

C) Reference the end-user-profile in the security policy. A security policy is a rule that defines the action to be taken for the traffic that matches the specified criteria, such as source and destination addresses, zones, protocols, ports, and applications. You can reference the end-user-profile in the source-end-user-profile field of the security policy to identify the traffic source based on the device from which the traffic issued.The SRX Series device matches the IP address of the device to the end-user-profile and applies the security policy accordingly3.You can reference the end-user-profile in the security policy by using the Junos Space Security Director or the CLI4.

E) Configure the authentication source to be used to authenticate the device. An authentication source is a system that provides the device identity information to the SRX Series device. The authentication source can be Microsoft Windows Active Directory or a third-party network access control (NAC) system. You need to configure the authentication source to be used to authenticate the device and to send the device identity information to the SRX Series device.The SRX Series device stores the device identity information in the device identity authentication table5.You can configure the authentication source by using the Junos Space Security Director or the CLI6.

The other options are incorrect because:

B) Referencing the end-user-profile in the security zone is not a valid step to control access to network resources based on the identity of an authenticated device. A security zone is a logical grouping of interfaces that have similar security requirements.You can reference the user role in the security zone to identify the user who is accessing the network resources, but not the end-user-profile7.

D) Applying the end-user-profile at the interface connecting the devices is also not a valid step to control access to network resources based on the identity of an authenticated device. You cannot apply the end-user-profile at the interface level, but only at the security policy level.The end-user-profile is not a firewall filter or a security policy, but a device identity profile that is referenced in the security policy1.


End User Profile Overview

Creating an End User Profile

source-end-user-profile

Creating Firewall Policy Rules

Understanding the Device Identity Authentication Table and Its Entries

Configuring the Authentication Source for Device Identity

user-role

by Lore at Apr 23, 2024, 05:42 AM

Limited Time Offer

25%

Off

Get Premium JN0-636 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Jovita
2 days ago
I think the first step is to configure an end-user-profile, right?
upvoted 0 times
...
Jules
11 days ago
No, that's not part of the three steps. The last step is to apply the end-user-profile at the interface connecting the devices.
upvoted 0 times
...
Nell
12 days ago
Got it. So, we configure the authentication source to be used to authenticate the device as well, right?
upvoted 0 times
...
Matthew
13 days ago
The third step is to reference the end-user-profile in the security policy.
upvoted 0 times
...
Jules
14 days ago
Yes, that's correct. And what's the third step?
upvoted 0 times
...
Nell
15 days ago
Next, we need to reference the end-user-profile in the security zone, right?
upvoted 0 times
...
Matthew
16 days ago
First, we should configure an end-user-profile that characterizes the device or set of devices.
upvoted 0 times
...
Jules
17 days ago
We need to control access to network resources based on device identity. What should we do first?
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77