This list is intended to provide a general view of the skill set required to successfully complete the specified certification exam. Topics listed are subject to change.
- Advanced Security Policy
- Virtualization
- Advanced NAT
- High Availability
- Advanced IPsec
- Introduction to Junos Intrusion Prevention System (IPS)
- IPS Initial Configuration
- IPS Attack Objects
- Scanning and Reconnaissance
- Blocking Attacks
- Troubleshooting and Reporting
Advanced Security Policy
- Given a scenario, describe and implement security policies, custom applications and ALGs
- ALG processing
- ALG configuration and application processing
- Configure address books with dynamic addressing
- Create security policies utilizing ALGs, custom applications and dynamic addressing
- Given a scenario, demonstrate knowledge of how to analyze traffic flows and identify traffic processing patterns and problems
Virtualization
- Given a scenario, describe and configure routing-instances
- JUNOS routing instance types used for virtualization
- Implement virtual routing-instances
- Selectively forward traffic between virtual routing-instances
- Implement filter-based forwarding
Advanced NAT
- Given a scenario, describe and implement static, source, destination, and dual NAT
- Describe and implement variations of persistent NAT
- Given a scenario, describe the interaction between NAT and security policy
High Availability
- Given a scenario, demonstrate knowledge of how to implement and monitor optimized chassis clustering
- IPv6 support for chassis clusters
- Implement graceful restart on SRX Series Services Gateways
Advanced IPsec
- Given a scenario, demonstrate knowledge of how to differentiate, implement, and monitor various IPsec VPN implementations
- Implement routing over IPsec VPNs
- Implement NAT traversal
- Configure standard point-to-point VPN tunnels and hub-and-spoke VPNs
- Configure Group and Dynamic VPNs
- Given a scenario, describe public key cryptography for certificates
Introduction to Junos Intrusion Prevention System (IPS)
- Identify the IPS protection methods available on SRX Series Services Gateways
- General types of network attacks and steps involved in network penetration
- Describe the IPS engine's packet inspection process
- IPS engine components
IPS Initial Configuration
- Given a scenario, describe and implement initial configuration for SRX Series Services Gateways with IPS functionality
- IPS deployment options
- Network settings
- Prepare SRX Series devices for IPS features
IPS Attack Objects
- Identify various attack objects
- IPS rules and rulebases
- Signature-based attacks
- Given a scenario, describe and configure custom signatures
Scanning and Reconnaissance
- Given a scenario, describe how the IPS engine detects and blocks scans
- How scanning is used to gather information about target hosts
- Common types of scans
- Fingerprinting
- Given a scenario, demonstrate knowledge of how to configure scan protection on the IPS engine
Blocking Attacks
- Given a scenario, describe the various evasion techniques and attacks
- FIN scans, IP spoofing and IP source routing
- Denial of service and distributed denial of service attacks
- Given a scenario, demonstrate knowledge of how to configure mechanisms to detect and block evasion techniques and DoS/DDoS attacks
Troubleshooting and Reporting
- Given a scenario, demonstrate knowledge of how to troubshoot Junos OS security issues
- Follow a sound methodology for troubleshooting Junos security issues
- Use Junos tools to troubleshoot Junos OS security and IPS implementations
