Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Juniper Exam JN0-636 Topic 6 Question 29 Discussion

Actual exam question for Juniper's JN0-636 exam
Question #: 29
Topic #: 6
[All JN0-636 Questions]

You are asked to control access to network resources based on the identity of an authenticated device

Which three steps will accomplish this goal on the SRX Series firewalls? (Choose three )

Show Suggested Answer Hide Answer
Suggested Answer: A, C, E

To control access to network resources based on the identity of an authenticated device on the SRX Series firewalls, you need to perform the following steps:

A) Configure an end-user-profile that characterizes a device or set of devices. An end-user-profile is a device identity profile that contains a collection of attributes that are characteristics of a specific group of devices, or of a specific device, depending on the attributes configured in the profile. The end-user-profile must contain a domain name and at least one value in each attribute.The attributes include device-identity, device-category, device-vendor, device-type, device-os, and device-os-version1.You can configure an end-user-profile by using the Junos Space Security Director or the CLI2.

C) Reference the end-user-profile in the security policy. A security policy is a rule that defines the action to be taken for the traffic that matches the specified criteria, such as source and destination addresses, zones, protocols, ports, and applications. You can reference the end-user-profile in the source-end-user-profile field of the security policy to identify the traffic source based on the device from which the traffic issued.The SRX Series device matches the IP address of the device to the end-user-profile and applies the security policy accordingly3.You can reference the end-user-profile in the security policy by using the Junos Space Security Director or the CLI4.

E) Configure the authentication source to be used to authenticate the device. An authentication source is a system that provides the device identity information to the SRX Series device. The authentication source can be Microsoft Windows Active Directory or a third-party network access control (NAC) system. You need to configure the authentication source to be used to authenticate the device and to send the device identity information to the SRX Series device.The SRX Series device stores the device identity information in the device identity authentication table5.You can configure the authentication source by using the Junos Space Security Director or the CLI6.

The other options are incorrect because:

B) Referencing the end-user-profile in the security zone is not a valid step to control access to network resources based on the identity of an authenticated device. A security zone is a logical grouping of interfaces that have similar security requirements.You can reference the user role in the security zone to identify the user who is accessing the network resources, but not the end-user-profile7.

D) Applying the end-user-profile at the interface connecting the devices is also not a valid step to control access to network resources based on the identity of an authenticated device. You cannot apply the end-user-profile at the interface level, but only at the security policy level.The end-user-profile is not a firewall filter or a security policy, but a device identity profile that is referenced in the security policy1.


End User Profile Overview

Creating an End User Profile

source-end-user-profile

Creating Firewall Policy Rules

Understanding the Device Identity Authentication Table and Its Entries

Configuring the Authentication Source for Device Identity

user-role

Contribute your Thoughts:

Silva
6 months ago
Finally, we should configure the authentication source to be used to authenticate the device.
upvoted 0 times
...
Theodora
6 months ago
And we also need to apply the end-user-profile at the interface connecting the devices.
upvoted 0 times
...
Sue
7 months ago
Don't forget to reference the end-user-profile in the security policy as well.
upvoted 0 times
...
Kyoko
7 months ago
Yes, that's correct. After that, we need to reference the end-user-profile in the security zone.
upvoted 0 times
...
Jovita
7 months ago
I think the first step is to configure an end-user-profile, right?
upvoted 0 times
...
Jules
8 months ago
No, that's not part of the three steps. The last step is to apply the end-user-profile at the interface connecting the devices.
upvoted 0 times
...
Nell
8 months ago
Got it. So, we configure the authentication source to be used to authenticate the device as well, right?
upvoted 0 times
...
Matthew
8 months ago
The third step is to reference the end-user-profile in the security policy.
upvoted 0 times
...
Jules
8 months ago
Yes, that's correct. And what's the third step?
upvoted 0 times
...
Nell
8 months ago
Next, we need to reference the end-user-profile in the security zone, right?
upvoted 0 times
...
Matthew
8 months ago
First, we should configure an end-user-profile that characterizes the device or set of devices.
upvoted 0 times
...
Jules
8 months ago
We need to control access to network resources based on device identity. What should we do first?
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77