Security, Expert (JNCIE-SEC)

Register Now

The Security track enables you to demonstrate a thorough understanding of security technology in general and Junos OS software for SRX Series devices. JNCIE-SEC is at the pinnacle of the Junos Security certification track.

The JNCIE-SEC exam is designed to validate your ability to deploy, configure, manage, and troubleshoot Junos-based security platforms. Throughout the 6-hour practical exam, you will build a secure enterprise network consisting of multiple interconnected sites and services using firewall devices. You will perform system configuration on all devices, configure secure management capabilities, implement advanced security features, define complex policies and attack prevention features, HA capabilities, and IPS features.

This track contains four certifications:

  • JNCIA-SEC: Security, Associate. For details, see JNCIA-SEC.
  • JNCIS-SEC: Security, Specialist. For details, see JNCIS-SEC.
  • JNCIP-SEC: Security, Professional. For details, see JNCIP-SEC.
  • JNCIE-SEC: Secuirty, Expert. For details, see the sections below.

Exam Preparation

We recommend the following resources to help you prepare for your exam. However, these resources aren't required, and using them doesn't guarantee you'll pass the exam.

Exam Objectives

Here’s a high-level view of the skillset required to successfully complete the JNCIE-Sec certification exam.

Exam Objective

Description

Security Infrastructure

NAT

  • Source, destination, static-based
  • Overlapping address space
  • NAT64 or NAT46

 

Security Zones

  • Zone-based architecture
  • How to secure traffic destined to the SRX Series device

 

Security Policy

  • Route-based VPN
  • Asynchronous routing
  • Selective packet mode

 

IPSec VPN

  • Interoperability
  • VPN topologies

 

SRX Series Device Setup

  • Deployment modes
  • System services and access control
  • High availability chassis clustering

Security Management

Traffic Analysis

  • Tools (for example, Wireshark)
  • Malicious traffic detection

 

Network Security Monitoring

  • Attack logging and analysis
  • Attack mitigation

 

Junos Space Security Director

  • Report generation
  • Device management

Advanced Security

AppSecure Services

  • AppFW, AppTrack

 

UTM

  • Antivirus, Web filtering

 

IDP or IPS

  • Signature management
  • IDP policy

 

Screens

  • Attack detection or prevention
  • Screen options

 

UserFW

  • Integrated user firewall

 

SSL Proxy

  • Client protection
  • Sever protection

 

Policy Enforcer or Advanced Threat Protection

  • Anti-malware protection
  • Firewall filters
  • Infected host feed
  • GeoIP
  • Threat intelligence feeds

Exam Details

Exam questions are derived from the recommended training and the exam resources listed above. The exam is only provided in English.

JPR-934

Hands-on lab exam

  • Junos Space: 19.4
  • Junos Space Security Director: 19.4
  • Policy Enforcer: 19.4
  • vQFX Ethernet Switch: 17.4
  • vSRX Services Gateway: 19.4

Recertification

Juniper certifications are valid for three years. For more information, see Recertification.