To permit a primary application while blocking its sub-features, a combination of Application Identification (AppID) and micro-application detection is required.

1. APPID (D) is the foundational engine on Juniper SRX devices that identifies applications by inspecting traffic and matching it against a known signature database, regardless of port or protocol.

2. Micro application detection (B) is a specific capability within the AppID engine that provides more granular identification. It recognizes specific functions or sub-applications (e.g., Facebook Chat) within the traffic of a larger parent application (e.g., Facebook).

A security policy is then configured to match both the main application and the specific micro-application to enforce the block action, achieving the required granular control.

A. URL filtering: This is incorrect because it filters based on URLs, not application signatures. It cannot reliably distinguish sub-applications that may not use unique or predictable URLs for their functions.

C. content filtering: This is incorrect because it inspects the data payload for specific patterns (like keywords or file types), not the application's functional behavior or protocol structure.

1. Juniper Networks TechLibrary

Application Security Overview (SRX Series and vSRX): "The AppID feature determines which application is running on which port... AppID can identify applications that are embedded within a main application

such as Facebook-chat within Facebook. These are known as micro-applications." This statement confirms that AppID is the feature that also performs micro-application identification.

2. Juniper Networks TechLibrary

Application Identification Feature Guide for Security Devices

Understanding Application Signatures: "The Juniper Networks signature database file contains application signature definitions... The application signature package contains a list of supported micro-applications." This shows that both main applications and micro-applications are defined within the signature package used by AppID.

3. Juniper Networks TechLibrary

Example: Configuring Application Firewall to Block Facebook Applications: This configuration example demonstrates creating a security policy rule set that explicitly matches application [junos-facebook-chat junos-facebook-apps] to block them

while a separate rule permits junos-facebook. This requires both the identification of the main application (APPID) and the specific sub-applications (micro-application detection).