JN0-335 Exam Dumps : Security, Specialist (JNCIS-SEC)

 SSL proxy is a transparent proxy that performs SSL encryption and decryption between the client and the server. It allows inspection of encrypted traffic by terminating the SSL connection from either end and applying security policies to the clear text. SSL proxy can leverage pre-match or post-match results to determine whether to apply SSL proxy to a session. Pre-match results are based on the initial packet of the session, while post-match results are based on the application identification after the session is established. In the exhibit, the session shows that the application services identification is “ssl-proxy”, which means that SSL proxy is applied based on the pre-match results. The cache lookup status for application services is “on”, which means that the SRX Series device uses the application system cache to store the pre-match results for faster processing. Therefore, the correct answer is D. SSL proxy leverages pre-match result. References: = SSL Proxy, Configuring SSL Proxy, and Application System Cache

AppQoS is a service that allows you to prioritize and manage the quality of service (QoS) for different types of applications on SRX Series devices. AppQoS uses application signatures to identify and classify the traffic, and then applies QoS policies to assign bandwidth, priority, and scheduling parameters to the traffic. AppQoS can help you optimize the performance of critical applications, such as VoIP, and ensure that they get the required bandwidth and latency in a congested network12. In this scenario, you can use AppQoS to prioritize the VoIP traffic over other traffic and guarantee its QoS on the SRX Series device at the branch office. References:

• Understanding Application Quality of Service
• Configuring Application Quality of Service

Statistical sampling is a technique that reduces the amount of flow data that is sent to JSA by sampling a subset of packets from the network device. Statistical sampling can help reduce network bandwidth and storage requirements, but it also increases processor utilization on the network device and decreases event correlation accuracy on JSA. Statistical sampling can also affect the accuracy of reports and searches that are based on flow data. Therefore, it is recommended to use statistical sampling only when necessary and with caution12.

BGP FlowSpec is not used to collect traffic flows from Junos OS devices, but to distribute firewall filter rules to routers that participate in BGP. BGP FlowSpec can help mitigate distributed denial-of-service (DDoS) attacks by filtering unwanted traffic based on flow attributes such as source and destination IP addresses, ports, and protocols3.

Superflows are not a method of collecting network traffic flows, but a way of grouping individual flows that match certain criteria into a single record. Superflows can help detect common attack vectors and reduce the number of flows that are stored on JSA. Superflows do not reduce traffic licensing requirements, but they can help optimize the performance and storage of JSA4. References:

• 1: Flow Sources | JSA 7.5.0 | Juniper Networks
• 2: JSA Events and Flows | JSA 7.5.0 | Juniper Networks
• 3: Understanding BGP FlowSpec
• 4: Superflows | JSA 7.5.0 | Juniper Networks