— Exhibit —
[edit security]
user@srx# show idp
…
application-ddos Webserver {
service http;
connection-rate-threshold 1000;
context http-get-url {
hit-rate-threshold 60000;
value-hit-rate-threshold 30000;
time-binding-count 10;
time-binding-period 25;
}
}
— Exhibit —
You are using AppDoS to protect your network against a bot attack, but noticed an approved application has
falsely triggered the configured IDP action of drop. You adjusted your AppDoS configuration as shown in the
exhibit. However, the approved traffic is still dropped.
What are two reasons for this behavior? (Choose two.)
A.
The approved traffic results in 50,000 HTTP GET requests per minute.
B.
The approved traffic results in 25 HTTP GET requests within 10 seconds from a single host.
C.
The active IDP policy has not been defined in the security configuration.
D.
The IDP action is still in effect due to the timeout configuration.
Explanation:
http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos- security-swconfigsecurity/appddos-protection-overview.html http://www.juniper.net/techpubs/software/junos-security/junossecurity10.0/junos-security-swconfig- security/appddos-proctecting-against.html#appddos-proctecting-against