You want to verify that all application traffic traversing your SRX device uses standard ports.
For example, you need to verify that only DNS traffic runs through port 53, and no other
protocols. How would you accomplish this goal?
A.
Use an IDP policy to identify the application regardless of the port used.
B.
Use a custom ALG to detect the application regardless of the port used.
C.
Use AppTrack to detect the application regardless of the port used.
D.
Use AppID to detect the application regardless of the port used.
Explanation:
Correct answear is D (Use AppID to detect the application regardless of the port used).
0
0
you can’t use AppID independently, so D is not correct.
AppTrack is showing you only statistics of # of created sessions
ALG is out of topic
From the offered options only IDP can detect the violation and block the malicious traffic.
0
0
D
0
0
Correct answer is “A”.
Application identification is enabled by default and is automatically turned on when you configure Intrusion Detection and Prevention (IDP), AppFW, AppQoS, or AppTrack. Reference: https://www.juniper.net/documentation/en_US/junos12.1×44/topics/concept/services-application-identification-understanding.html
0
0
The question itself is very tricky. It asks us to ‘verify’, not to ‘block’ so I am not sure if IDP policy is really needed here
From chapter 12 in Juniper SRX series book:
https://learning.oreilly.com/library/view/juniper-srx-series/9781449339029/ch12.html
“show services application-identification application-system-cache” command will show you port numbers for detected applications
Potentially we could use output of this with “| match ” to for example match everything that has Port: 53 and Protocol: UDP (pattern: .*Port: 53.*Protocol: UDP.*) and then exclude Application: DNS, so we can see if there are any non DNS apps running over this port
So we could technically “Use AppId” by using show command above to identify potential violations like that.
Let me know what you think
0
0