Training

Certification

Navigation
JNCIS-SEC Exam Objectives (Exam: JN0-333)

This list provides a general view of the skill set required to successfully complete the specified certification exam. Topics listed are subject to change.

Junos Security Overview
Zones
Security Policies
NAT
IPSec VPNs
High Availability (HA) Clustering
Virtual SRX

Junos Security Overview

  • Identify concepts, general features, and functionality of Junos OS security
    • Junos security architecture
    • Branch vs. high-end platforms
    • Major hardware components of SRX Series services gateways
    • Packet flow
    • Packet-based vs. session-based forwarding

Zones

  • Identify the concepts, benefits, or operation of zones
    • Zone types
    • Dependencies
    • Host inbound packet behavior
    • Screens
    • Transit packet behavior
  • Demonstrate knowledge of how to configure, monitor, or troubleshoot zones
    • Zone configuration steps
    • Hierarchy priority (Inheritance)
    • Screens
    • Monitoring and troubleshooting

Security Policies

  • Identify the concepts, benefits, or operation of security policies
    • Policy types
    • Policy components
    • Policy ordering
    • Host inbound traffic examination
    • Transit traffic examination
    • Scheduling
    • Rematching
    • ALGs
    • Address books
    • Junos Space Security Director policy management
    • Applications
  • Demonstrate knowledge of how to configure, monitor, or troubleshoot security policies
    • Policies
    • ALGs
    • Address books
    • Junos Space Security Director policy management
    • Custom applications
    • Monitoring and troubleshooting

NAT

  • Identify the concepts, benefits, or operation of NAT
    • NAT types
    • NAT/PAT processing
    • DNS Doctoring
    • Cone NAT
    • IPv4 to IPv6
    • Address persistence
    • NAT with Junos Space Security Director
    • NAT proxy ARP
  • Demonstrate knowledge of how to configure, monitor, or troubleshoot NAT
    • NAT configuration steps
    • Monitoring and troubleshooting

IPSec VPNs

  • Identify the concepts, benefits, or operation of IPsec VPNs
    • Secure VPN characteristics and components
    • IPSec tunnel establishment
    • IPSec traffic processing
    • Group VPN
    • ADVPN
    • IPsec with Junos Space Security Director
    • PKI
    • Dynamic VPN
    • Junos OS IPsec implementation options
  • Demonstrate knowledge of how to configure, monitor, or troubleshoot IPsec VPNs
    • IPSec VPN configuration steps
    • Monitoring and troubleshooting

High Availability (HA) Clustering

  • Identify the concepts, benefits, or operation of HA
    • HA features and characteristics
    • Deployment requirements and considerations
    • Chassis cluster characteristics and operation
    • Cluster modes
    • Cluster and node IDs
    • Redundancy groups
    • Cluster interfaces
    • Real-time objects
    • State synchronization
    • Ethernet switching considerations
    • IPSec considerations
    • Manual failover
  • Demonstrate knowledge of how to configure, monitor, or troubleshoot clustering
    • Cluster preparation
    • Cluster configuration steps
    • Monitoring and troubleshooting

Virtual SRX

  • Identify concepts, general features or functionality of virtualized security using SRX
    • Installation
    • Clustering with vSRX
    • Deployment scenarios
    • Troubleshooting