Juniper Networks Certified Internet Professional – SEC Certification

Designed for experienced networking professionals with advanced knowledge of the Juniper Networks Junos software for SRX Series devices, this written exam verifies the candidate’s understanding of advanced security technologies and related platform configuration and troubleshooting skills.

Advanced Security Policy

• Given a scenario, describe and implement security policies, custom applications and ALGs
  • ALG processing
  • ALG configuration and application processing
  • Configure address books with dynamic addressing
  • Create security policies utilizing ALGs, custom applications and dynamic addressing
• Given a scenario, demonstrate knowledge of how to analyze traffic flows and identify traffic processing patterns and problems

Virtualization

• Given a scenario, describe and configure routing-instances
  • JUNOS routing instance types used for virtualization
  • Implement virtual routing-instances
  • Selectively forward traffic between virtual routing-instances
  • Implement filter-based forwarding

Advanced NAT

• Given a scenario, describe and implement static, source, destination, and dual NAT
  • Describe and implement variations of persistent NAT
• Given a scenario, describe the interaction between NAT and security policy

High Availability

• Given a scenario, demonstrate knowledge of how to implement and monitor optimized chassis clustering
  • IPv6 support for chassis clusters
  • Implement graceful restart on SRX Series Services Gateways

Advanced IPsec

• Given a scenario, demonstrate knowledge of how to differentiate, implement, and monitor various IPsec VPN implementations
  • Implement routing over IPsec VPNs
  • Implement NAT traversal
  • Configure standard point-to-point VPN tunnels and hub-and-spoke VPNs
  • Configure Group and Dynamic VPNs
• Given a scenario, describe public key cryptography for certificates

Introduction to Junos Intrusion Prevention System (IPS)

• Identify the IPS protection methods available on SRX Series Services Gateways
  • General types of network attacks and steps involved in network penetration
  • Describe the IPS engine’s packet inspection process
  • IPS engine components

IPS Initial Configuration

• Given a scenario, describe and implement initial configuration for SRX Series Services Gateways with IPS functionality
  • IPS deployment options
  • Network settings
  • Prepare SRX Series devices for IPS features

IPS Attack Objects

• Identify various attack objects
  • IPS rules and rulebases
  • Signature-based attacks
• Given a scenario, describe and configure custom signatures

Scanning and Reconnaissance

• Given a scenario, describe how the IPS engine detects and blocks scans
  • How scanning is used to gather information about target hosts
  • Common types of scans
  • Fingerprinting
• Given a scenario, demonstrate knowledge of how to configure scan protection on the IPS engine

Blocking Attacks

• Given a scenario, describe the various evasion techniques and attacks
  • FIN scans, IP spoofing and IP source routing
  • Denial of service and distributed denial of service attacks
• Given a scenario, demonstrate knowledge of how to configure mechanisms to detect and block evasion techniques and DoS/DDoS attacks

Troubleshooting and Reporting

• Given a scenario, demonstrate knowledge of how to troubshoot Junos OS security issues
  • Follow a sound methodology for troubleshooting Junos security issues
  • Use Junos tools to troubleshoot Junos OS security and IPS implementations

To Be Determined

To Be Determined