You are asked to change the configuration of your company's SRX device so that you can block nested traffic from certain Web sites, but the main pages of these Web sites must remain available to users. Which two methods will accomplish this goal? (Choose two.)
Enable the HTTP ALG.
Implement a firewall filter for Web traffic.
Use an IDP policy to inspect the Web traffic.
Configure an application firewall rule set.
Correct answer: BD
Explanation:
Reference: An application layer gateway (ALG) is a feature on ScreenOS gateways that enables the gateway to parse application layer payloads and take decisions on them. ALGs are typically employed to support applications that use the application layer payload to communicate the dynamic Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) ports on which the applications open data connections (http://kb.juniper.net/InfoCenter/index?page=content&id=KB13530)IDP policy defines the rule for defining the type of traffic permitted on network (http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-swconfig- security/enable-idp-security-policy-section.html)
Reference: An application layer gateway (ALG) is a feature on ScreenOS gateways that enables the gateway to parse application layer payloads and take decisions on them. ALGs are typically employed to support applications that use the application layer payload to communicate the dynamic Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) ports on which the applications open data connections (http://kb.juniper.net/InfoCenter/index?page=content&id=KB13530)
IDP policy defines the rule for defining the type of traffic permitted on network (http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-swconfig- security/enable-idp-security-policy-section.html)
Question 2
You are using the AppDoS feature to control against malicious bot client attacks. The bot clients are using file downloads to attack your server farm. You have configured a context value rate of 10,000 hits in 60 seconds. At which threshold will the bot clients no longer be classified as malicious?
You recently implemented application firewall rules on an SRX device to act upon encrypted traffic. However, the encrypted traffic is not being correctly identified.
Which two actions will help the SRX device correctly identify the encrypted traffic? (Choose two.)
Enable heuristics to detect the encrypted traffic.
Disable the application system cache.
Use the junos:UNSPECIFIED-ENCRYPTED application signature.
Use the junos:SPECIFIED-ENCRYPTED application signature.