Version 4.1 - 6.8 QoS application for security
Some of this material has been covered under section 4.8 QoS marking attacks. And fortunately, QoS has been something that I have implemented in production, so I'm pretty familiar with many of the ins-and-outs of it. One additional part of this that is less familiar is QoS on the Cisco ASA. The INE videos are quite good on this topic.
Here are some points to consider about QoS.
It is applied through Modular Policy Framework (MPF) in strict or hierarchical fashion: Policing, Shaping, LLQ.
Can only influence traffic that is already passed from the Network Interface Card (NIC) to the DP (Data Path)
Useless to fight overruns (they happen too early) unless applied on an adjacent device
Policing is applied on the input after the packet is permitted and on the output before the NIC.
Right after you rewrite a Layer 2 (L2) address on the output
It shapes outbound bandwidth for all traffic on an interface.
Useful with limited uplink bandwidth (such as1Gigabit Ethernet (GE) link to 10Mb modem)
Not supported on high-performance ASA558x models
Priority queuing might starve best-effort traffic.
Not supported on 10GE interfaces on ASA5580 or VLAN subinterfaces
Interface ring size can be further tuned for optimal performance
Note that NIST also has a nice article on QoS and Security.
The basic idea of this topic is that QoS can be used to prevent / mitigate the effects of worms and other malicious content.
If you understand QoS itself, this section shouldn't be a problem.