JN0-636 Exam Dumps - Security, Professional (JNCIP-SEC)

According to the security flow trace in the exhibit, the packets are dropped for self but not interested. This means that the SRX device is receiving packets destined to itself, but it does not have the corresponding service configured in the host-inbound-traffic stanza for the interface1. In this case, the service is BGP, which uses TCP port 179. Therefore, the correct action to solve the problem on the SRX device is to add BGP to the allowed host-inbound-traffic for the interface. This can be done by using the following command:

set security zones security-zone interfaces host-inbound-traffic system-services bgp

This command will allow the SRX device to accept BGP packets on the specified interface and zone. Alternatively, the command can be applied to all interfaces in a zone by using the all-interfaces option2.

References: 1: SRX Getting Started - Troubleshoot Security Policy 2: Configuring System Services Allowed for Host Inbound Traffic

According to the Juniper documentation, the infected host score is a global setting that determines the minimum threat level required for a host to be considered infected and blocked by Juniper ATP Cloud. The infected host score can be configured from 1 to 10, where 1 is the lowest and 10 is the highest. The default infected host score is 5, which means that any host with a threat level of 5 or higher will be automatically blocked by Juniper ATP Cloud. However, the infected host score can be changed to a higher value, such as 6 or 7, to reduce the number of false positives and allow more traffic to pass through. In the exhibit, the host has a threat level of 5, which indicates that it is infected with malware and has attempted to contact command-and-control servers. However, some of the events have not been automatically mitigated, which means that the host has not been blocked by Juniper ATP Cloud. A possible reason for this behavior is that the infected host score is globally set above a threat level of 5, such as 6 or 7, which means that the host does not meet the minimum threshold for blocking. Therefore, the correct answer is C. The infected host score is globally set above a threat level of 5. References: [Configuring the Infected Host Score] 1, [Compromised Hosts: More Information] 2

1: https://www.juniper.net/documentation/us/en/software/sky-atp/atp-cloud-user-guide/topics/task/sky-atp-infected-host-score.html  2: https://www.juniper.net/documentation/us/en/software/sky-atp/atp-cloud-user-guide/topics/concept/sky-atp-infected-host-overview.html