Security, Expert (JNCIE-SEC)

Register Now


On April 1, 2024, there will be a new exam for the Juniper Networks Certified Expert, Security (JNCIE-SEC) certification. View the information for the new Security, Expert (JPR-935) exam.

Beta exams for the JNCIE-SEC (JPR-935) will be offered during events starting in November 2023. View the information for the JNCIE-SEC (JPR-935) beta exam.

The Security track enables you to demonstrate a thorough understanding of security technology in general and Junos OS software for SRX Series devices. JNCIE-SEC is at the pinnacle of the Junos Security certification track.

The JNCIE-SEC exam is designed to validate your ability to deploy, configure, manage, and troubleshoot Junos-based security platforms. Throughout the 6-hour practical exam, you will build a secure enterprise network consisting of multiple interconnected sites and services using firewall devices. You will perform system configuration on all devices, configure secure management capabilities, implement advanced security features, define complex policies and attack prevention features, HA capabilities, and IPS features.

This track contains four certifications:

  • JNCIA-SEC: Security, Associate. For details, see JNCIA-SEC.
  • JNCIS-SEC: Security, Specialist. For details, see JNCIS-SEC.
  • JNCIP-SEC: Security, Professional. For details, see JNCIP-SEC.
  • JNCIE-SEC: Security, Expert. For details, see the sections below.

Exam Preparation

We recommend the following resources to help you prepare for your exam. However, these resources aren't required, and using them doesn't guarantee you'll pass the exam.

Recommended Training

Exam Resources

Additional Preparation

Exam Objectives

Here’s a high-level view of the skillset required to successfully complete the JNCIE-SEC certification exam.

Exam Objective


Security Infrastructure


  • Source, destination, static-based
  • Overlapping address space
  • NAT64 or NAT46


Security Zones

  • Zone-based architecture
  • How to secure traffic destined to the SRX Series device


Security Policy

  • Route-based VPN
  • Asynchronous routing
  • Selective packet mode



  • Interoperability
  • VPN topologies


SRX Series Device Setup

  • Deployment modes
  • System services and access control
  • High availability chassis clustering

Security Management

Traffic Analysis

  • Tools (for example, Wireshark)
  • Malicious traffic detection


Network Security Monitoring

  • Attack logging and analysis
  • Attack mitigation


Junos Space Security Director

  • Report generation
  • Device management

Advanced Security

AppSecure Services

  • AppFW, AppTrack



  • Antivirus, Web filtering



  • Signature management
  • IDP policy



  • Attack detection or prevention
  • Screen options



  • Integrated user firewall


SSL Proxy

  • Client protection
  • Sever protection


Policy Enforcer or Advanced Threat Protection

  • Anti-malware protection
  • Firewall filters
  • Infected host feed
  • GeoIP
  • Threat intelligence feeds

Exam Details

Exam questions are derived from the recommended training and the exam resources listed above. The exam is only provided in English.

Exam Code


Prerequisite Certification

Delivered by

Exam Length

6 hours

Exam Type

Hands-on lab exam

Software Versions

  • Junos Space: 19.4
  • Junos Space Security Director: 19.4
  • Policy Enforcer: 19.4
  • vQFX Ethernet Switch: 17.4
  • vSRX Services Gateway: 19.4


Juniper certifications are valid for three years. For more information, see Recertification.