Security, Expert (JNCIE-SEC)

Register Now

The Security track enables you to demonstrate a thorough understanding of security technology in general and Junos OS software for SRX Series devices. JNCIE-SEC is at the pinnacle of the Junos Security certification track.

The JNCIE-SEC exam is designed to validate your ability to deploy, configure, manage, and troubleshoot Junos-based security platforms. Throughout the 6-hour practical exam, you will build a secure enterprise network consisting of multiple interconnected sites and services using firewall devices. You will perform system configuration on all devices, configure secure management capabilities, implement advanced security features, define complex policies and attack prevention features, HA capabilities, and IPS features.

This track contains four certifications:

  • JNCIA-SEC: Security, Associate. For details, see JNCIA-SEC.
  • JNCIS-SEC: Security, Specialist. For details, see JNCIS-SEC.
  • JNCIP-SEC: Security, Professional. For details, see JNCIP-SEC.
  • JNCIE-SEC: Security, Expert. For details, see the sections below.

Exam Preparation

We recommend the following resources to help you prepare for your exam. However, these resources aren't required, and using them doesn't guarantee you'll pass the exam.

Recommended Training

Exam Resources

Additional Preparation

Exam Objectives

Here’s a high-level view of the skillset required to successfully complete the JNCIE-SEC certification exam.

Exam Objective


Security Infrastructure

In a network that comprises multiple sites and security devices, a successful candidate will:

  • Deploy, manage, and troubleshoot chassis clustering while ensuring that specific behavior is achieved in regard to redundancy groups and priorities.
  • Deploy, modify, and troubleshoot a variety of IPsec tunnels between sites while ensuring specific criteria is being accomplished.
  • Create, modify, and validate security zones on security devices across multiple sites. 
  • Implement and use a variety of methods for allowing incoming local host and protocol traffic.
  • Create, modify, and validate security policies to properly handle a variety of traffic requirements and restrictions. The candidate will use policies to ensure proper communication between internal and external devices and resources.
  • Implement a variety of Network Address Translation (NAT) solutions to ensure proper communication between networks, which might include one-to-one mapping, overlapping addresses, and Internet connectivity.
  • Implement a variety of system services, which might include Network Time Protocol (NTP), SSH, and HTTPS.
  • Create and use custom security policy applications to control traffic flows between specific resources in the network.

Security Management

In a network comprised of multiple sites and security devices, a successful candidate will:

  • Use various methods including packet captures, security logs, and session tables to identify malicious attacks and attack patterns. The candidate will implement screens throughout the network to prevent these attacks.
  • Use Security Director to manage, monitor, and run reports for the branch security devices.
  • Create a custom syslog file using the specified format to monitor various security attacks.

Advanced Security

In a network comprised of multiple sites and security devices, a successful candidate will:

  • Use AppTrack to track and log usage and statistic information to a particular file while using the specified format.
  • Use advanced policy-based routing (APBR) to identify specific traffic and make appropriate changes to routing decisions.
  • Use the Junos CLI to download, install, and use the IDP signature database and predefined policy templates. The candidate will modify intrusion detection and prevention (IDP) templates to accomplish required behavior based on task requirements.
  • Implement public key infrastructure (PKI) with Secure Sockets Layer (SSL) forward proxy to allow the inspection of specific encrypted traffic. The candidate will implement a solution to exclude certain traffic from being decrypted by SSL forward proxy.
  • Enroll and monitor devices with Juniper Advanced Threat Prevention Cloud (Juniper ATP Cloud). 
  • Use Juniper ATP Cloud to inspect certain traffic for malware threats and carry out a specified action if found.
  • Use Security Director to block communication to certain geographical locations.

Exam Details

Exam questions are derived from the recommended training and the exam resources listed above. The exam is only provided in English.

Exam Code


Prerequisite Certification

Delivered by

Exam Length

6 hours

Exam Type

Hands-on lab exam

Software Versions

  • Junos Version: vSRX = 23.2R1
  • Junos Space: 23.1R1
  • Junos Space Security Director: 23.1R1
  • Security Director Insights: 23.1R1


Juniper certifications are valid for three years. For more information, see Recertification.