JNCIS-ENT: Juniper Networks Certified Specialist – Enterprise Routing and Switching (2021) — Question 17

You administer a JSA host and want to include a rule that sets a threshold for excessive firewall denies and sends an SNMP trap after receiving related syslog messages from an SRX Series firewall.
Which JSA rule type satisfies this requirement?

Answer options

• A. common
• B. offense
• C. flow
• D. event

Correct answer: D

Explanation

The correct answer is D, as event rules are specifically designed to handle incoming syslog messages and can trigger actions like sending SNMP traps based on defined criteria. Options A and B do not appropriately deal with syslog messages and are not designed for this type of threshold monitoring. Option C is related to flow data, which is not relevant in the context of syslog message processing.