Security, Professional (JNCIP-SEC)

Register Now

Announcement

On June 10, 2024, there will be a new exam for the Juniper Networks Certified Professional, Security (JNCIP-SEC) certification. View the information for the new Security, Professional (JN0-637) exam.

The Security Track enables you to demonstrate a thorough understanding of security technology in general and Junos OS software for SRX Series devices. JNCIP-SEC, the professional-level certification in this track, is designed for networking professionals with advanced knowledge of the Juniper Networks Junos OS for SRX Series devices. The written exam verifies your understanding of advanced security technologies and related platform configuration and troubleshooting skills.

This track contains four certifications:

  • JNCIA-SEC: Security, Associate. For details, see JNCIA-SEC.
  • JNCIS-SEC: Security, Specialist. For details, see JNCIS-SEC.
  • JNCIP-SEC: Security, Professional. For details, see the sections below.
  • JNCIE-SEC: Security, Expert. For details, see JNCIE-SEC.

Exam Preparation

We recommend the following resources to help you prepare for your exam. However, these resources aren't required, and using them doesn't guarantee you'll pass the exam.

Recommended Training

Exam Resources

Additional Preparation

Exam Objectives

Here’s a high-level view of the skillset required to successfully complete the JNCIP-SEC certification exam.

Exam Objective

Description

Firewall Filters

Describe the concepts, operation, or functionality of firewall filters.

  • Selective packet processing
  • Troubleshooting with firewall filters
  • Filter-based forwarding

Given a scenario, demonstrate how to configure, troubleshoot, or monitor firewall filters.

Troubleshooting Security Policy and Zones

Given a scenario, demonstrate how to troubleshoot or monitor security policies or security zones.

  • Tools
  • Logging/tracing
  • Other outputs

Advanced Threat Protection

Describe the concepts, operation, or functionality of Juniper Advanced Threat Prevention (on-premises appliance or Cloudbased service).

  • Collectors
  • Custom rules
  • Mitigation

Given a scenario, demonstrate how to configure or monitor Juniper Advanced Threat Prevention.

Edge Security

Describe the concepts, operation, or functionality of edge security features.

  • Hardware support
  • Security Intelligence (SecIntel)
  • Intrusion prevention system (IPS)
  • Corero DDoS Mitigation
  • Advanced threat prevention (ATP)

Compliance

Describe the concepts or operation of security compliance.

  • Role-based access control (RBAC)
  • Junos Space® Security Director
  • Authentication, Authorization, and Accounting (AAA) and Security Assertion Markup Language (SAML) integration

Threat Mitigation

Describe the concepts, operation, or functionality of threat mitigation.

  • Malware identification or mitigation
  • Malicious lateral traffic identification or mitigation
  • Zero trust microsegmentation

Given a scenario, demonstrate how to configure or monitor threat mitigation.

Logical and Tenant Systems

Describe the concepts, operation, or functionality of the logical systems.

  • Administrative roles
  • Security profiles
  • Logical systems (LSYS) communication

Describe the concepts, operation, or functionality of the tenant systems.

  • Master and tenant admins
  • Tenant systems (TSYS) capacity

Layer 2 Security

Describe the concepts, operation, or functionality of Layer 2 security.

  • Transparent mode
  • Mixed mode
  • Secure wire
  • Media Access Control Security (MACsec)

Given a scenario, demonstrate how to configure or monitor Layer 2 security.

Advanced Network Address Translation (NAT)

Describe the concepts, operation, or functionality of advanced NAT functionality.

  • Persistent NAT
  • Domain name system (DNS) doctoring
  • IPv6 NAT

Given a scenario, demonstrate how to configure, troubleshoot, or monitor advanced NAT scenarios.

Advanced IPsec

Describe the concepts, operation, or functionality of advanced IPsec applications.

  • Remote access VPNs
  • Hub-and-spoke VPNs
  • Public Key Infrastructure (PKI)
  • Auto Discovery VPNs (ADVPNs)
  • Routing with IPsec
  • Overlapping IP addresses
  • Dynamic gateways
  • IPsec class of service (CoS)

Given a scenario, demonstrate how to configure, troubleshoot, or monitor advanced IPsec functionality.

Exam Details

Exam questions are derived from the recommended training and the exam resources listed above. Pass/fail status is available immediately after taking the exam. The exam is only provided in English.

Exam Code

JN0-636

Prerequisite Certification

Delivered by

Exam Length

90 minutes

Exam Type

65 multiple-choice questions

Software Versions

  • Junos OS 22.2
  • SD 22.1

Recertification

Juniper certifications are valid for three years. For more information, see Recertification.