You can create an exempt rule to skip detection of a set of attacks in certain traffic. You can specify the source and destination IP addresses as the match criteria for the exempt rule. This allows you to exclude traffic from specific hosts or networks from being examined by the IPS rulebase. You can also specify other parameters such as protocol, application, and attack objects for the exempt rule, but source and destination IP addresses are the most common ones.  References : =  Create IPS or Exempt Rules  and  rulebase-exempt

The SRX Series device will drop packets from the infected hosts with a threat level of 8 and no log message will be generated. This is because the security intelligence profile “ATP_Infected-Hosts” has a rule “Rule-1” that matches packets with a threat level of 8 and the action is to block and drop them. There is no log option specified in the action, so no log message will be generated. Options A and B are not correct because the rule only matches packets with a threat level of 8, not 8 or above. Option C is not correct because the action is to drop, not permit, the packets.  References : The answer can be verified from Juniper’s official documentation on security intelligence available on their website. Here are some relevant links:

Security Intelligence Feature Guide for Security Devices

security-intelligence | Junos OS

Configure the Security Intelligence Policy on the SRX Series Device

JSA Rules

Custom Rules

Creating a Custom Rule

JSA Rules - TechLibrary

The Junos IPS feature is a security service that is integrated on SRX Series devices, which are high-performance network security platforms that offer firewall, VPN, IPS, application security, and unified threat management capabilities. The Junos IPS feature uses various methods to detect and prevent intrusions, such as signature-based detection, protocol anomaly detection, behavioral anomaly detection, and custom signatures. Signature-based detection compares network traffic against predefined patterns of known attacks and blocks traffic when a match is found. Protocol anomaly detection monitors network traffic for deviations from the expected or normal behavior of common protocols, such as HTTP, FTP, SMTP, and DNS, and blocks traffic when an anomaly is detected. Behavioral anomaly detection monitors network traffic for changes in the baseline behavior of hosts, networks, or applications, and blocks traffic when a significant deviation is detected. Custom signatures allow administrators to create their own patterns of attacks based on specific criteria, such as IP addresses, ports, protocols, or payload content, and block traffic when a match is found. The Junos IPS feature does not use sandboxing to detect unknown attacks, as this is a function of the Juniper ATP Cloud service, which is a cloud-based service that provides advanced malware detection and prevention for the network. The Junos IPS feature is not a standalone platform, but rather a service that runs on SRX Series devices, which can be deployed as physical or virtual appliances.  References :

[Juniper Security, Professional (JNCIP-SEC) Reference Materials]  1

[Juniper Security, Specialist (JNCIS-SEC) Reference Materials]  2

[Junos OS Security Configuration Guide]  3

[Junos OS Security Feature Guide]  4

[Junos OS Security Feature Support Reference]  5

Referring to the SRX Series flow module diagram shown in the exhibit, application security is processed at the Services ALGs stage.  Application Layer Gateways (ALGs) are software components that enable the SRX Series device to provide application-level security for specific protocols and applications 1 .

ALGs inspect the application layer payload of packets and perform various actions, such as modifying the payload, opening pinholes, creating sessions, applying security policies, and enforcing application-specific behavior 1 2 .

ALGs are required for protocols and applications that embed IP address information or port numbers in the application layer data, that open secondary connections, or that are dynamically assigned ports 1 .  Some examples of protocols and applications that require ALGs are FTP, SIP, H.323, RTSP, PPTP, and DNS 2 .

ALGs are configured as part of the security policy and are applied to the traffic that matches the policy criteria.  ALGs can also be enabled or disabled globally or per zone 1 2 .

References :

1 :  Application Layer Gateways Overview

2 :  Application Layer Gateways Feature Guide for Security Devices

 AppQoE is an AppSecure component that provides application quality of experience by monitoring the network performance and dynamically adjusting the traffic routing based on predefined policies 1 .  AppQoE can detect excessive packet loss on a WAN link and route the traffic to another link that has better performance 2 .  AppQoE can also prioritize the traffic based on the application type and user group 3 . AppQoE is suitable for accomplishing the task of routing traffic from the degraded link to the working link.

The other options are not correct for the following reasons:

AppFW is an AppSecure component that provides application firewalling by enforcing granular policies to allow, deny, or limit access to applications based on user roles, locations, and devices 4 . AppFW does not monitor or adjust the traffic routing based on network performance.

AppQoS is an AppSecure component that provides application quality of service by allocating bandwidth and shaping traffic based on application priority and user group. AppQoS does not monitor or adjust the traffic routing based on network performance.

APBR is an AppSecure component that provides application-based routing by selecting the best path for each application based on predefined criteria such as latency, jitter, packet loss, and cost. APBR does not monitor the network performance dynamically or adjust the traffic routing automatically.

References :  AppSecure Overview   Understanding AppQoE   Configuring AppQoE   Understanding AppFW  [Understanding AppQoS] [Understanding APBR]

Juniper ATP Cloud is a cloud-based threat detection service that protects all hosts in your network against evolving security threats.  It uses a combination of tools to identify and block malware, such as cache lookup, static analysis, and dynamic analysis 1 2

Cache lookup is the first step in the malware detection process. It checks the file hash against a database of known malicious and benign files.  If the file is found in the cache, the analysis is completed and the file is either allowed or blocked based on the cache result 1 2

Static analysis is the second step in the malware detection process. It examines the file attributes, such as file size, file type, file name, and embedded URLs, to determine if the file is suspicious or not. If the file is deemed suspicious, it is sent to the next step for further analysis.  If the file is deemed benign, it is allowed to pass through 1 2

Dynamic analysis is the third and final step in the malware detection process. It executes the file in a sandbox environment and observes its behavior, such as network connections, registry changes, file operations, and process injections. If the file exhibits malicious behavior, it is blocked and reported.  If the file does not exhibit malicious behavior, it is allowed to pass through 1 2

Therefore, dynamic analysis is not always performed to determine if a file contains malware, as it depends on the results of the cache lookup and static analysis.  Similarly, if the cache lookup determines that a file contains malware, static analysis is not performed to verify the results, as the file is already blocked based on the cache lookup 1 2

References :

Juniper Advanced Threat Prevention Cloud (ATP Cloud) Documentation

Juniper Advanced Threat Prevention Cloud | Juniper Networks