JNCIS-ENT: Juniper Networks Certified Specialist – Enterprise Routing and Switching (2021) — Question 96

You are asked to deploy IPS on your SRX Series devices to stop an attack that is not defined in the IPS database.

What are two ways to detect this attack? (Choose two.)

Answer options

• A. GeoIP feeds
• B. custom attack objects
• C. protocol anomaly detection
• D. Command and Control feeds

Correct answer: B, C

Explanation

The correct answers are B and C. Custom attack objects allow you to define specific attack patterns that are not present in the database, while protocol anomaly detection helps identify deviations from normal protocol behavior, which can indicate an attack. Options A and D are not effective in this scenario as they focus on geographic or command and control behaviors rather than directly identifying unknown attacks.