This list is intended to provide a general view of the skill set required to successfully complete the specified certification exam. Topics listed are subject to change.
- Introduction to SRX-series
- Zones
- SCREEN Options
- Security Policies
- NAT
- IPSec VPNs
- HA Clustering
- Intro to IDP
- Firewall User Authentication
Introduction to SRX-series
- Compare and contrast Junos OS for security platforms and traditional routing
- Describe major components of Junos OS for Security Platforms
- Contrast session and flow
- Compare and contrast packet flow of the first and consecutive packets of a flow
- Name elements used in session recognition.
- Describe session management process
Zones
- Describe the purpose of a zone
- Identify the relationship between zones assignments, interfaces, and routing instances
- Define zone types supported by Junos OS
- Compare and contrast security and functional zones
- List and identify the steps necessary to configure zones
- Compare and contrast device's behavior resulting from various configurations, when handling transit packets and packets destined to various interfaces of the device.
- Demonstrate understanding of configuration precedence significance of various zone knobs.
- Describe the traffic behavior based on a sample zone configuration
SCREEN Options
- Identify advantages of using SCREENs
- Compare and contrast reconnaissance, DoS, and suspicious packets attacks
- Identify best practices to be used when implementing SCREENs
- Configure SCREENs with necessary parameters based on threats
Security Policies
- Identify the purpose of a security policy
- Define the purpose of security policy configuration components
- Configure appropriate Junos Enhanced Services security policies actions
- Describe the purpose of an address book
- Based on policy configurations, compare and contrast scheduled and non-scheduled policies
- Based on policy configurations, describe the impact of security policy changes on session in progress
- Identify and explain the importance of policy ordering in the configuration file
NAT
- Describe the purpose of NAT
- Describe Junos OS support of NAT and different NAT types
- Describe Junos OS NAT operation
- Identify NAT scenarios requiring Proxy-ARP configurations
- Identify types of NAT used, based on various NAT configurations
- Configure NAT
IPSec VPNs
- Correlate between major security concerns and solutions
- Compare and contrast symmetric and asymmetric key encryption
- Describe the DH key exchange process
- List methods for IPSec VPN setup
- List specifics of Security Associations
- Describe the IKE phases functionality and purpose
- Compare and contrast policy-based and route-based IPSec implementations
- Configure route-based and policy-based IPSec VPNs
HA Clustering
- Describe chassis cluster functionality
- Identify chassis cluster interfaces and their functions
- Configure redundany groups
Intro to IDP
- Describe the purpose of IDP
- Identify the components of Junos OS IDP
- Identify IDP policy match conditions.
- Identify IDP policy actions
- Describe the procedure for updating the attack database.
- Describe the procedure for implementing an IDP template policy
Firewall User Authentication
- Compare and contrast types of firewall user authentication.
- Describe the purpose of firewall user authentication
- Configure access profiles.
- Configure client groups.
- Describe the behavior when using external authentication servers
- Describe methods for monitoring firewall user authentication.
