Juniper Networks Certified Internet Associate – Intrusion Detection & Prevention Certification

Courses:   IIDP
Exams:   JNO-541
Certification:   JNCIA- IDP

 

Target Audience

Designed for experienced networking professionals with beginner to intermediate knowledge of the Juniper Networks IDP products and their deployment. JNCIA-IDP exam topics are based on the content of the Implementing Intrusion Detection and Prevention (IIDP) instructor-led training course.

Detailed Exam Objectives

Intrusion Detection Concepts

  • Identify features and fuctions on an IDP sensor
  • Identify the uses of the IDP interfaces
  • Identify TCP ports used by IDP sensor and Security Manager
  • Understand the IDP deployment modes

Initial Configuration of an IDP Sensor

  • Identify the steps to deploy the IDP Sensor
  • Describe how to configure a new sensor via the console
  • Describe how to establish communication between Security Manager and the IDP sensor

Configuring and Fine-Tuning Policies

  • Match IDP attack terminology to their associated definitions
  • Understand the components of an IDP rule
  • Choose appropriate IDP actions and IP actions
  • Describe the IDP rule-matching algorithm
  • Explain the use of packet captures
  • Explain how to fine-tune policies

Configuring Other IDP-related Rulebases

  • Explain Exempt rulebase operation
  • Explain Traffic Anomalies rulebase operation
  • Explain Backdoor rulebase operation
  • Explain SYN Protector rulebase operation
  • Explain Network Honeypot operation

Configuring and Using the Profiler

  • Describe the general operation of the Profiler
  • List the steps to operate the Profiler
  • Describe how to use Profiler for network discovery
  • Describe how to use Profiler to detect new devices and ports
  • Describe how to use Profiler to detect policy violations

Sensor Operation and Sensor Command-line Utilities

  • Describe the sensor components and sensor processes
  • Use scio to manage policies and view sensor configuration
  • Use sctop to view sensor statistics

Managing Attack Objects and Creating Custom Signatures

  • Describe the use of static groups vs. dynamic groups
  • Explain how to update the attack object database
  • List the steps for obtaining information on an attack
  • Understand the purpose and use of the sensor commands “scio ccap” and “scio pcap”
  • List the steps for creating a simple attack object
  • Describe the purpose of compound attack objects

Maintenance and Troubleshooting

  • Use Appliance Configuration Manager (ACM) to view and change sensor configuration
  • Use sensor commands and Unix commands to troubleshoot IDP problems
  • Understand the operation of external HA and NIC bypass

Exam Type

60 multiple-choice questions

Exam Length

90 minutes