JN0-335 Exam Dumps : Security, Specialist (JNCIS-SEC)

AppQoS is a service that allows you to prioritize and manage the quality of service (QoS) for different types of applications on SRX Series devices. AppQoS uses application signatures to identify and classify the traffic, and then applies QoS policies to assign bandwidth, priority, and scheduling parameters to the traffic. AppQoS can help you optimize the performance of critical applications, such as VoIP, and ensure that they get the required bandwidth and latency in a congested network12. In this scenario, you can use AppQoS to prioritize the VoIP traffic over other traffic and guarantee its QoS on the SRX Series device at the branch office. References:

• Understanding Application Quality of Service
• Configuring Application Quality of Service

 The show security policies policy-name detail command shows policy counters for a configured policy. Policy counters display the number of packets and bytes that match the policy, as well as the number of sessions that are created, denied, or closed by the policy. Policy counters can help monitor and troubleshoot the traffic flow and security policy enforcement on the SRX firewall1.

The show security policies policy-name detail command does not display details about the default security policy, which is the implicit policy that is applied when no other policy matches the traffic. The default security policy can be viewed by using the show security policies default-policy command2.

The show security policies policy-name detail command does not identify the different custom policies enabled, which are the user-defined policies that specify the action and conditions for the traffic between zones. The custom policies can be viewed by using the show security policies command without any options1.

The show security policies policy-name detail command does not show the system log files for the local SRX Series device, which are the files that record the events and messages generated by the device. The system log files can be viewed by using the show log command with the name of the file3. References:

• 1: show security policies | Junos OS | Juniper Networks
• 2: Understanding Default Security Policies | Junos OS | Juniper Networks
• 3: show log | Junos OS | Juniper Networks

The infected host cloud feed is a list of IP addresses that have been identified as compromised or infected by malware. The feed is updated by Juniper ATP Cloud based on the detection of malicious activity from the hosts, such as contacting known command-and-control servers. When a host on the network reaches the configured threat level threshold, its IP address is automatically added to the infected host cloud feed and blocked from communicating with any other hosts on the Internet. The other feeds are not relevant for this situation. The command-and-control cloud feed is a list of IP addresses that are known to be used by malware for remote control and communication. The allowlist and blocklist feed is a user-defined list of IP addresses that are either allowed or denied by the SRX Series device. The custom cloud feed is a user-defined list of IP addresses that are associated with a specific category or threat level. References:

• Infected Hosts: More Information
• Juniper’s Attacker IP feed bolsters threat protection with SecIntel
• ATP Appliance and SRX Series Threat Level Comparison Chart