JN0-335 Exam Dumps : Security, Specialist (JNCIS-SEC)

Security policy schedulers are a feature that allows you to activate or deactivate a policy for a specified time period. You can create schedulers for a single or recurrent time slot, and apply them to one or more policies. A policy can only have one scheduler associated with it, but a scheduler can have multiple policies associated with it. When a scheduler is active, the policy is available for policy lookup. When a scheduler is inactive, the policy is unavailable for policy lookup. A policy without a defined scheduler will always be active, unless it is explicitly disabled. References:

• Scheduling Security Policies
• schedulers (Security Policies)
• Security Policy Schedulers
• scheduler (Security Policies)

• Cluster failovers occur when one node in a chassis cluster becomes inactive or unreachable, and the other node takes over the processing of traffic and services. To control when cluster failovers occur, you can configure two specific parameters on an SRX Series device: heartbeat-interval and heartbeat-threshold12.
• Heartbeat-interval is the time interval, in milliseconds, between heartbeat messages sent by each node to the other node. The default value is 1000 ms. You can configure the heartbeat-interval value from 100 through 3000 ms1.
• Heartbeat-threshold is the number of consecutive heartbeat messages that can be missed before a node is considered to be down. The default value is 3. You can configure the heartbeat-threshold value from 2 through 2551.
• The combination of heartbeat-interval and heartbeat-threshold determines the failover time, which is the maximum time it takes for a node to detect the failure of the other node and initiate a failover. The failover time is calculated as follows: failover time = heartbeat-interval x heartbeat-threshold1.
• For example, if the heartbeat-interval is 1000 ms and the heartbeat-threshold is 3, the failover time is 3000 ms. This means that if a node does not receive three consecutive heartbeat messages from the other node within 3000 ms, it will assume that the other node is down and initiate a failover1.
• You can configure the heartbeat-interval and heartbeat-threshold parameters using the set chassis cluster redundancy-group group-id node node-id priority priority heartbeat-interval interval heartbeat-threshold threshold command1.

References:

• 1: Configuring Chassis Cluster Redundancy Group Properties | Junos OS | Juniper Networks
• 2: Example: Configuring an Active/Passive Cluster Deployment | Junos OS | Juniper Networks

Statistical sampling is a technique that reduces the amount of flow data that is sent to JSA by sampling a subset of packets from the network device. Statistical sampling can help reduce network bandwidth and storage requirements, but it also increases processor utilization on the network device and decreases event correlation accuracy on JSA. Statistical sampling can also affect the accuracy of reports and searches that are based on flow data. Therefore, it is recommended to use statistical sampling only when necessary and with caution12.

BGP FlowSpec is not used to collect traffic flows from Junos OS devices, but to distribute firewall filter rules to routers that participate in BGP. BGP FlowSpec can help mitigate distributed denial-of-service (DDoS) attacks by filtering unwanted traffic based on flow attributes such as source and destination IP addresses, ports, and protocols3.

Superflows are not a method of collecting network traffic flows, but a way of grouping individual flows that match certain criteria into a single record. Superflows can help detect common attack vectors and reduce the number of flows that are stored on JSA. Superflows do not reduce traffic licensing requirements, but they can help optimize the performance and storage of JSA4. References:

• 1: Flow Sources | JSA 7.5.0 | Juniper Networks
• 2: JSA Events and Flows | JSA 7.5.0 | Juniper Networks
• 3: Understanding BGP FlowSpec
• 4: Superflows | JSA 7.5.0 | Juniper Networks