JN0-335 Exam Dumps : Security, Specialist (JNCIS-SEC)

• Referring to the SRX Series flow module diagram shown in the exhibit, application security is processed at the Services ALGs stage. Application Layer Gateways (ALGs) are software components that enable the SRX Series device to provide application-level security for specific protocols and applications1.
• ALGs inspect the application layer payload of packets and perform various actions, such as modifying the payload, opening pinholes, creating sessions, applying security policies, and enforcing application-specific behavior12.
• ALGs are required for protocols and applications that embed IP address information or port numbers in the application layer data, that open secondary connections, or that are dynamically assigned ports1. Some examples of protocols and applications that require ALGs are FTP, SIP, H.323, RTSP, PPTP, and DNS2.
• ALGs are configured as part of the security policy and are applied to the traffic that matches the policy criteria. ALGs can also be enabled or disabled globally or per zone12.

References:

• 1: Application Layer Gateways Overview
• 2: Application Layer Gateways Feature Guide for Security Devices

 The error occurred because the “http” application is not defined in this context of Juniper SRX Series device configuration. One solution is to create a custom application named “http” at the [edit applications] hierarchy level (Option C). Another solution is to modify the security policy to use the built-in “junos-http” application which is predefined and doesn’t need an explicit definition (Option D). Options A and B are not correct because they do not address the root cause of the error, which is the undefined application “http”. References: The answers can be verified from Juniper’s official documentation on security policies and applications available on their website. Here are some relevant links:

• Security Policies Feature Guide for Security Devices
• Understanding Applications and Application Sets for SRX Series Devices
• Configuring Custom Applications for SRX Series Devices
• Predefined Applications for SRX Series Devices

SRX does not identify the iot device. It streams the metadata to Juniper ATP cloud and Junipe ATP cloud identifies the device.