Juniper Networks Certified Internet Specialist – Firewall/VPN Certification

Courses:   CJFV, IFVH, AJVI, APJF
Exams:   JNO-533
Certification:   JNCIS-FWV

 

Target Audience

The JNCIS-FWV is designed for networking professionals with advanced knowledge of, and experience with, Juniper Firewall/VPN products and ScreenOS software. The JNCIS-FWV exam tests for a wider and deeper level of knowledge than does the JNCIA-FWV exam. Sources of question content include all ScreenOS training courses, the Firewall/VPN and ScreenOS documentation set, on-the-job product experience, as well as Internet technologies and design principles considered to be common knowledge at the Specialist level.

Detailed Exam Objectives

VPNs

  • Identify IKE Phase 1/Phase2 negotiation sequence and proposals
  • Identify/differentiate IPSec standard elements (encapsulations, SA, SPI, etc.)
  • List steps for policy-based/route-based VPN configuration
  • Relate proxy-ID to VPN setup
  • Identify proper configuration for various hub/spoke configurations (policy, int. placement, etc.)
  • Identify NHTB requirements/configurations
  • Configure/verify AC-VPNs
  • Identify PKI components (certificates, CDL, etc.)
  • List steps for PKI implementation w/ VPNs
  • VPN Variations
  • Configure Dynamic Peer VPNs
  • Configure Transparent mode VPNs
  • Configure Overlapping Networks
  • Describe GRE applications/Configure GRE

Network Management

  • Configure local management (SSL, SSH, management restrictions).
  • Interpret internal counters and logs.
  • Configure SYSLOG.
  • Discuss logging levels.
  • Configure SNMP.

Troubleshooting with Debug/Snoop

  • Enable debug/snoop.
  • Set debug filters.
  • Set snoop filters.
  • Use get commands to validates/troubleshoot routing and policies.
  • Use debug output to identify routing and policy problems.
  • Use get commands to validate/troubleshoot address translation.
  • Use debug output to identify problems
  • Use get commands to validate/troubleshoot VPN setup.

Traffic Management

  • Describe the bandwidth allocation process.
  • Describe queuing functionality.
  • List requirements/steps for configuring traffic management.

Virtual Systems

  • Define VSYS applications
  • Describe root vs. VSYS administration
  • Explain VSYS vs. root assignment of routes/NAT pools/etc.
  • Configure interface-based VSYS
  • Configure inter-VSYS communications, including NAT.
  • Use show/debug output to identify VSYS usage.
  • Configure VSYS resource allocation

NSRP

  • Distinguish active/passive and active/active.
  • Describe NSRP operations (HA link, session sync, master election, etc.)
  • Configure active/passive and active/active NSRP.
  • Validate NSRP operations.
  • Adjust operations (secondary link, failover settings).
  • Configure redundant interface.

Dynamic Routing/Routing over VPNs

  • Configure RIP over VPNs
  • Configure OSPF over VPNs
  • Configure/verify OSPF routing
  • Configure OSPF options
  • Configure/verify BGP
  • Configure redistribution/filters/route maps
  • Configure static routes incl. floating static routes
  • Configure/verify source routing
  • Configure/verify policy routing

Attack Prevention

  • Describe SCREEN functions
  • Describe/configure Deep Inspection
  • Describe/configure anti-virus functionality
  • Configure web filtering

Multicast

  • Configure/verify IGMP
  • Configure/verify PIM-SM

Exam Type

75m ultiple-choice questions

Exam Length

90 minutes