Professional Level (JNCIP)

Professional Level (JNCIP)

All Courses Idea

JNCIP-SEC (Security)

Application-Aware Security Services

Describe the concepts, operation and functionality of AppSecure

  • AppSecure traffic processing
  • AppID
  • AppTrack
  • AppFW
  • AppDoS
  • AppQoS
  • Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot the various AppSecure modules

Virtualization

Describe the concepts, operation and functionality of various virtualization components on SRX Series Services Gateways

  • Routing instances
  • RIB groups
  • Routing between instances
  • Logical systems (LSYS)
  • Intra-LSYS and Inter-LSYS communication
  • Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot the various elements of virtualization
  • Given a scenario, describe and implement filter-based forwarding (FBF)

Advanced NAT

Describe the concepts, operation and functionality of various types of NAT

  • NAT traffic processing
  • Destination NAT
  • Source NAT
  • Persistent NAT
  • Static NAT
  • Double NAT
  • NAT traversal
  • DNS doctoring
  • IPv6 NAT (Carrier-grade NAT) – NAT64, NAT46, NAT444, DS-Lite
  • Routing
  • NAT and FBF
  • NAT and security policy
  • Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot advanced NAT implementations

Advanced IPSec VPNs

Describe the concepts, operation and functionality of various IPSec VPN implementations

  • IPSec traffic processing
  • Site-to-site VPNs
  • Hub-and-spoke VPNs
  • Group VPNs
  • Dynamic VPNs
  • Routing over VPNs
  • VPNs and NAT
  • Public key infrastructure (PKI) for IPSec VPNs
  • VPNs and dynamic gateways
  • Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot advanced IPSec VPN implementations

Intrusion Prevention

Describe the concepts, operation and functionality of Junos Intrusion Prevention System (IPS) for SRX Series Services Gateways

  • IPS packet inspection process
  • IPS rules and rulebases
  • Signature-based attack detection
  • Reconnaissance scans and fingerprinting
  • Flooding, attacks and spoofing

Describe how to perform setup and initial configuration for SRX Series Services Gateways with IPS functionality

  • IPS deployment options and considerations
  • Network settings
  • Attack database
  • Given a scenario, demonstrate knowledge of how to configure mechanisms to detect and protect against scans and attacks
  • Custom signatures
  • Scan prevention

Transparent Mode

Describe the concepts, operation and functionality of various transparent mode implementations

  • High Availability
  • VLAN translation
  • Layer 2 security
  • IRB
  • Bridge groups
  • Spanning tree traffic processing
  • Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot transparent mode implementations

Troubleshooting

  • Given a scenario, demonstrate knowledge of how to troubleshoot Junos OS security issues
  • Flow analysis
  • SNMP
  • show commands
  • Logging and syslog
  • Tracing, including flow traceoptions
  • Policy flow
  • Packet capture

 

JNCIP-ENT (Routing and Switching)

OSPF

Describe the concepts, operation and functionality of OSPFv2 and OSPFv3

  • OSPF LSA types
  • OSPF area types and operations
  • LSA flooding through an OSPF multi-area network
  • DR/BDR operation
  • SPF algorithm
  • Metrics, including external metric types
  • Authentication options
  • Route summarization and restriction
  • Overload
  • Virtual links
  • OSPFv2 vs OSPFv3
  • Given a scenario, demonstrate knowledge of how to configure and monitor single-area and multi-area OSPF
  • Implement OSPF routing policy

BGP

Describe the concepts, operation and functionality of BGP

  • BGP route selection process
  • Next hop resolution
  • BGP attributes – concept and operation
  • BGP communities
  • Regular expressions
  • Load balancing – multipath, multihop, forwarding table
  • NLRI families – inet, inet6
  • Advanced BGP options
  • Given a scenario, demonstrate knowledge of how to configure and monitor BGP
  • Implement BGP routing policy

IP Multicast

Describe the concepts, operation and functionality of IP multicast

  • Components of IP multicast, including multicast addressing
  • IP multicast traffic flow
  • Any-Source Multicast (ASM) vs. Source-Specific Multicast (SSM)
  • RPF – concept and operation
  • IGMP, IGMP snooping
  • PIM dense-mode and sparse-mode
  • Rendezvous point (RP) – concept, operation, discovery, election
  • SSM – requirements, benefits, address ranges
  • Anycast RP
  • MSDP
  • Routing policy and scoping
  • Given a scenario, demonstrate knowledge of how to configure and monitor IGMP, PIM-DM and PIM-SM (including SSM)
  • Implement IP multicast routing policy

Ethernet Switching and Spanning Tree

Describe the concepts, operation and functionality of advanced Ethernet switching

  • Filter-based VLANs
  • Private VLANs
  • Dynamic VLAN registration using MVRP
  • Tunnel Layer 2 traffic through Ethernet networks
  • Layer 2 tunneling using Q-in-Q and L2PT
  • Given a scenario, demonstrate knowledge of how to configure and monitor advanced Ethernet switching
  • Describe the concepts, operation and functionality of advanced spanning tree protocols, including MSTP and VSTP
  • Given a scenario, demonstrate knowledge of how to configure and monitor MSTP and VSTP

Layer 2 Authentication and Access Control

Describe the operation of various Layer 2 authentication and access control features

  • Authentication process flow
  • 802.1x – concepts and functionality
  • MAC RADIUS
  • Captive portal
  • Server fail fallback
  • Guest VLAN
  • Considerations when using multiple authentication/access control methods
  • Given a scenario, demonstration how to configure and monitor Layer 2 authentication and access control

IP Telephony Features
Describe the concepts, operation and functionality of features that facilitate IP telephony deployments

  • Power over Ethernet (PoE)
  • LLDP and LLDP-MED
  • Voice VLAN
  • Given a scenario, demonstration how to configure and monitor Layer 2 authentication and access control

Class of Service (CoS)
Describe the concepts, operation and functionality of Junos CoS for Layer 2/3 networks

  • CoS processing on Junos devices
  • CoS header fields
  • Forwarding classes
  • Classification
  • Packet loss priority
  • Policers
  • Schedulers
  • Drop profiles
  • Shaping
  • Rewrite rules
  • Given a scenario, demonstrate knowledge of how to configure and monitor CoS for Layer 2/3 networks

 

JNCIP-SP (Service Provider)

OSPF
Describe the concepts, operation and functionality of OSPFv2 and OSPFv3

  • OSPF LSA types
  • OSPF area types and operations
  • LSA flooding through an OSPF multi-area network
  • DR/BDR operation
  • SPF algorithm
  • Metrics, including external metric types
  • Authentication options
  • Summarize and restrict routes
  • Virtual links
  • OSPFv2 vs OSPFv3
  • Given a scenario, demonstrate knowledge of how to configure and monitor single-area and multi-area OSPF
  • Implement OSPF routing policy

IS-IS
Describe the concepts, operation and functionality of IS-IS

  • IS-IS link-state PDU (LSP) types
  • IS-IS areas/levels and operations
  • LLSP flooding through an IS-IS multi-area network
  • DIS operation
  • SPF algorithm
  • Metrics, including wide metrics
  • Authentication options
  • Route summarization and route leaking
  • Given a scenario, demonstrate knowledge of how to configure and monitor single-area and multi-area IS-ISa
  • Implement IS-IS routing policy

BGP
Describe the concepts, operation and functionality of BGP

  • BGP route selection process
  • Next hop resolution
  • BGP attributes-concept and operation
  • BGP communities
  • Regular expressions
  • Multipath
  • Multihop
  • Load balancing
  • Advanced BGP options
  • BGP route damping
  • Multiprotocol BGP
  • Given a scenario, demonstrate knowledge of how to configure and monitor BGP
  • Route reflection
  • Confederations
  • Describe the concepts, operation and functionality of BGP scaling mechanisms
  • Implement BGP routing policy

Class of Service (CoS)
Describe the concepts, operation and functionality of Junos CoS

  • CoS processing on Junos devices
  • CoS header fields
  • Forwarding classes
  • Classification
  • Packet loss priority
  • Policers, including tricolor marking and hierarchical policers
  • Schedulers
  • Drop profiles
  • Shaping
  • Rewrite rules
  • Hierarchical scheduling (H-CoS) characteristics (high-level only)
  • Given a scenario, demonstrate knowledge of how to configure and monitor CoS

IP Multicast
Describe the concepts, operation and functionality of IP multicast

  • Components of IP multicast, including multicast addressing
  • IP multicast traffic flow
  • Any-Source Multicast (ASM) vs. Source-Specific Multicast (SSM)
  • RPF-concept and operation
  • IGMP
  • PIM dense-mode and sparse-mode
  • Rendezvous point (RP)-concept, operation, discovery, election
  • SSM-requirements, benefits, address ranges
  • MSDP, including single and multi-PIM domains
  • Anycast RP
  • Routing policy and scoping
  • Given a scenario, demonstrate knowledge of how to configure and monitor IGMP, PIM-DM, PIM-SM (including SSM) and MSDP
  • Implement IP multicast routing policy

MPLS
Describe the concepts, operation and functionality of MPLS

  • RSVP and LDP operation
  • Primary/secondary paths
  • LSP metrics, including interaction with IGP metrics
  • LSP priority and preemption
  • Fast reroute, link protection and node protection
  • LSP optimization
  • Routing table integration options for traffic engineering
  • RSVP reservation styles
  • Routing policy to control path selection
  • Advanced MPLS features
  • Describe the concepts, operation and functionality of Constrained Shortest Path First (CSPF)
  • TED
  • IGP extensions
  • CSPF algorithm-selecting the best path
  • Tie-breaking options
  • Administrative groups
  • Advanced CSPF options
  • Given a scenario, demonstrate knowledge of how to configure and monitor MPLS, LDP and RSVP
  • RSVP-signaled and LDP-signaled LSPs
  • Traffic protection mechanisms
  • CSPF
  • Implement MPLS routing policy

Layer 3 VPNs
Describe the concepts, operation and functionality of Layer 3 VPNs

  • Traffic flow-control and data planes
  • Full mesh vs. hub-and-spoke topology
  • VPN-IPv4 addressing
  • Route distinguishers
  • Route targets
  • Route distribution
  • Site of origin
  • Sham links
  • vrf-table-label
  • Layer 3 VPN scaling
  • Layer 3 VPN Internet access options
  • Given a scenario, demonstrate knowledge of how to configure and monitor the components of Layer 3 VPNs
  • Describe the concepts, operation and functionality of multicast VPNs
  • Next-generation MVPNs (NG-MVPN)
  • Flow of control and data traffic in a NG-MVPN
  • Describe Junos support for carrier-of-carriers and interprovider VPN models

Layer 2 VPNs
Describe the concepts, operation and functionality of BGP Layer 2 VPNs

  • Traffic flow-control and data planes
  • Forwarding tables
  • Connection mapping
  • Layer 2 VPN NLRI
  • Route distinguishers
  • Route targets
  • Layer 2 VPN scaling
  • Describe the concepts, operation and functionality of LDP Layer 2 circuits
  • Traffic flow-control and data planes
  • Virtual circuit label
  • Layer 2 interworking
  • Describe the concepts, operation and functionality of VPLS
  • Traffic flow-control and data planes
  • BGP VPLS label distribution
  • LDP VPLS label distribution
  • Route targets
  • Site IDs
  • Given a scenario, demonstrate knowledge of how to configure and monitor Layer 2 VPNs
  • BGP Layer 2 VPNs
  • LDP Layer 2 circuits
  • VPLS

Automation
Demonstrate basic knowledge of using automation scripts

  • Operation scripts
  • Commit scripts
  • Event scripts