Specialist Level (JNCIS)

Specialist Level (JNCIS)

All Courses Idea

JNCIS-SEC (Security)

Junos Security Overview

  • Junos security architecture

  • Branch vs. high-end platforms

  • Major hardware components of SRX Series services gateways

  • Packet flow

  • Packet-based vs. session-based forwarding

Zones

  • Zone types

  • Dependencies

  • To-the-device packet behavior

  • Transit packet behavior

  • Zone configuration steps

  • Configuration precedence

  • Monitoring and troubleshooting

Security Policies

  • Policy types (default policy)

  • Policy components

  • Policy ordering

  • To-the-device traffic examination

  • Transit traffic examination

  • Scheduling

  • Rematching

  • ALGs

  • Address books

  • Applications

  • Custom applications

  • Monitoring and troubleshooting

Firewall User Authentication

  • User authentication types

  • Authentication server support

  • Client groups

Screens

  • Attack types and phases

  • Screen options

  • Screen configuration steps

  • Monitoring and troubleshooting

NAT

  • NAT types

  • NAT/PAT processing

  • Address persistence

  • NAT proxy ARP

  • Configuration guidelines

  • NAT configuration steps

  • Monitoring and troubleshooting

IPSec VPNs

  • Secure VPN characteristics and components

  • IPSec tunnel establishment

  • IPSec traffic processing

  • Junos OS IPSec implementation options

  • IPSec VPN configuration steps

  • Monitoring and troubleshooting

High Availability (HA) Clustering

  • HA features and characteristics

  • Deployment requirements and considerations

  • Chassis cluster characteristics and operation

  • Cluster modes

  • Cluster and node IDs

  • Redundancy groups

  • Cluster interfaces

Real-time objects

  • State synchronization

  • Ethernet switching considerations

  • IPSec considerations

  • Manual failover

  • Cluster preparation

  • Cluster configuration steps

  • Monitoring and troubleshooting

Unified Threat Management (UTM)

  • Packet flow and processing

  • Design considerations

  • Policy flow

  • Platform support

  • Licensing

  • Methods

  • Whitelists vs. blacklists

  • Order of operations

  • Traffic examination

  • Configuration steps using the CLI

  • Monitoring and troubleshooting

  • Scanning methods

  • Antivirus flow process

  • Scanning options and actions

  • Configuration steps using the CLI

  • Monitoring and troubleshooting

  • Filtering features and solutions

  • Configuration steps using the CLI

  • Monitoring and troubleshooting

 

JNCIS-ENT (Routing and Switching)

Layer 2 Switching and VLANs

Identify the concepts, operation, and functionality of Layer 2 switching for the Junos OS

  • Enterprise switching platforms

  • Bridging components

  • Frame processing

Identify the concepts, benefits, and functionality of VLANs

  • Ports

  • Tagging

  • Native VLANs and voice VLANs

  • Inter-VLAN routing

Demonstrate knowledge of how to configure, monitor and troubleshoot Layer 2 switching and VLANs

  • Interfaces and ports

  • VLANs

  • Routed VLAN interfaces (RVI)

Spanning Tree

Identify the concepts, benefits, operation, and functionality of the Spanning Tree Protocol

  • STP and RSTP concepts

  • Port roles and states

  • BPDUs

  • Convergence and reconvergence

Demonstrate knowledge of how to configure and monitor STP and RSTP

  • STP

  • RSTP

Layer 2 Security

Identify the concepts, benefits and operation of various protection and security features

  • BPDU, loop and root protection

  • Port security, including MAC limiting, DHCP snooping, Dynamic ARP inspection (DAI) and IP source guard

  • Storm control

  • Identify the concepts, benefits and operation of Layer 2 firewall filtres

  • Filter types

  • Processing order

  • Match criteria and actions

Demonstrate knowledge of how to configure and monitor Layer 2 security

  • Protection

  • Port security

  • Storm control

  • Firewall filter configuration and application

Protocol Independent Routing

Identify the concepts, operation and functionality of various protocol-independent routing components

  • Static, aggregate, and generated routes

  • Martian addresses

  • Routing instances, including RIB groups

  • Load balancing

  • Filter-based forwarding

Demonstrate knowledge of how to configure and monitor various protocol-independent routing components

  • Static, aggregate, and generated routes

  • Load balancing

  • Filter-based forwarding

Open Shortest Path First (OSPF)

Identify the concepts, operation and functionality of OSPF

  • Link-state database

  • OSPF packet types

  • Router ID

  • Adjacencies and neighbors

  • Designated router (DR) and backup designated router (BDR)

  • OSPF area and router types

  • LSA packet types

Demonstrate knowledge of how to configure, monitor and troubleshoot OSPF

  • Areas, interfaces and neighbors

  • Additional basic options

  • Routing policy application

  • Troubleshooting tools

Intermediate System to Intermediate System (IS-IS)

Identify the concepts, operation and functionality of IS-IS

  • Link-state database

  • IS-IS PDUs

  • TLVs

  • Adjacencies and neighbors

  • Levels and areas

  • Designated intermediate system (DIS)

  • Metrics

Demonstrate knowledge of how to configure, monitor and troubleshoot IS-IS

  • Levels, interfaces and adjacencies

  • Additional basic options

  • Routing policy application

  • Troubleshooting tools

Border Gateway Protocol (BGP)

Identify the concepts, operation and functionality of BGP

  • BGP basic operation

  • BGP message types

  • Attributes

  • Route/path selection process

  • IBGP and EBGP functionality and interaction

Demonstrate knowledge of how to configure and monitor BGP

  • Groups and peers

  • Additional basic options

  • Routing policy application

Tunnels

Identify the concepts, requirements and functionality of IP tunneling Tunneling applications and considerations

  • GRE

  • IP-IP

Demonstrate knowledge of how to configure and monitor IP tunnels

  • GRE

  • IP-IP

High Availability

Identify the concepts, benefits, applications and requirements for high availability in a Junos OS environment

  • Link aggregation groups (LAG)

  • Redundant trunk groups (RTG)

  • Virtual Chassis

  • Graceful restart (GR)

  • Graceful Routing Engine switchover (GRES)

  • Nonstop active routing (NSR)

  • Nonstop bridging (NSB)

  • Bidirectional Forwarding Detection (BFD)

  • Virtual Router Redundancy Protocol (VRRP)

  • Unified In-Service Software Upgrade (ISSU)

Demonstrate knowledge of how to configure and monitor high availability components

  • LAG and RTG

  • Virtual Chassis

  • GR, GRES, NSR, and NSB

  • VRRP

  • ISSU

 

JNCIS-SP (Service Provider)

Protocol-Independent Routing

Identify the concepts, operation and functionality of various protocol-independent routing components

  • Static, aggregate, and generated routes
  • Martian addresses
  • Routing instances, including RIB groups
  • Load balancing
  • Filter-based forwarding

Demonstrate knowledge of how to configure and monitor various protocol-independent routing components

  • Static, aggregate, and generated routes
  • Load balancing
  • Filter-based forwarding

Open Shortest Path First (OSPF)

Identify the concepts, operation and functionality of OSPF

  • Link-state database
  • OSPF packet types
  • Router ID
  • Adjacencies and neighbors
  • Designated router (DR) and backup designated router (BDR)
  • OSPF area and router types
  • LSA packet types

Demonstrate knowledge of how to configure, monitor and troubleshoot OSPF

  • Areas, interfaces and neighbors
  • Additional basic options
  • Routing policy application
  • Troubleshooting tools

Intermediate System to Intermediate System (IS-IS)

Identify the concepts, operation and functionality of IS-IS

  • Link-state database
  • IS-IS PDUs
  • TLVs
  • Levels and areas
  • Designated intermediate system (DIS)
  • Metrics

Demonstrate knowledge of how to configure, monitor and troubleshoot OSPF

  • Areas, interfaces and neighbors
  • Additional basic options
  • Routing policy application
  • Troubleshooting tools

Border Gateway Protocol (BGP)

Identify the concepts, operation and functionality of BGP

  • BGP basic operation
  • BGP message types
  • Attributes
  • Route/path selection process
  • IBGP and EBGP functionality and interaction

Demonstrate knowledge of how to configure and monitor BGP

  • Groups and peers
  • Additional basic options
  • Routing policy application

Layer 2 Bridging and VLANs

Identify the concepts, operation, and functionality of Layer 2 bridging for the Junos OS

  • Service Provider switching platforms
  • Bridging elements and terminology
  • Frame processing
  • Virtual Switches
  • Provider bridging (e.g., Q-in-Q tunneling)

Identify the concepts, benefits, and functionality of VLANs

  • Port modes
  • Tagging
  • MVRP
  • IRB

Demonstrate knowledge of how to configure, monitor and troubleshoot Layer 2 bridging and VLANs

  • Interfaces and ports
  • VLANs
  • MVRP
  • IRB
  • Provider bridging

Spanning-Tree Protocols

Identify the concepts, benefits, operation, and functionality of Spanning Tree Protocol and its variants

  • STP, RSTP, MSTP and VSTP concepts
  • Port roles and states
  • BPDUs
  • Convergence and reconvergence
  • Spanning-tree security

Demonstrate knowledge of how to configure, monitor and troubleshoot STP and its variants

  • Spanning-tree protocols – STP, RSTP, MSTP, VSTP
  • BPDU, loop and root protection

Multiprotocol Label Switching (MPLS) and MPLS VPNs

Identify the concepts, operation, and functionality of MPLS

  • MPLS terminology
  • MPLS packet header
  • End-to-end packet flow and forwarding
  • Labels and the label information base (LIB)
  • MPLS and routing tables
  • RSVP
  • LDP

Identify the concepts, benefits, operation, and functionality of MPLS VPNs

  • VPN routing tables
  • Layer 3 VPN terminology and components
  • BGP Layer 2 VPN terminology and components
  • LDP Layer 2 circuit terminology and components
  • Virtual private LAN service (VPLS) terminology and components
  • MPLS VPN control plane traffic flow
  • MPLS VPN data plane traffic flow

Demonstrate knowledge of how to configure and monitor MPLS

  • MPLS forwarding
  • RSVP-signaled and LDP-signaled LSPs

IPv6

  • Identify the concepts, operation and functionality of IPv6
  • IPv4 vs. IPv6
  • Address types, notation and format
  • Address scopes
  • Autoconfiguration
  • Tunneling

Demonstrate knowledge of how to configure and monitor IPv6

  • Interfaces
  • Static routes
  • Dynamic routing – OSPFv3, IS-IS, BGP
  • IPv6 over IPv4 tunneling

Tunnels

Identify the concepts, requirements and functionality of IP tunneling

  • Tunneling applications and considerations
  • GRE
  • IP-IP

Demonstrate knowledge of how to configure and monitor IP tunnels

  • GRE configuration
  • IP-IP configuration

High Availability

Identify the concepts, benefits, applications and requirements of high availability

  • Link aggregation groups (LAG) and multichassis LAGs (MC-LAGs)
  • Graceful restart (GR)
  • Graceful Routing Engine switchover (GRES)
  • Nonstop active routing (NSR)
  • Nonstsop bridging (NSB)
  • Bidirectional Forwarding Detection (BFD)
  • Virtual Router Redundancy Protocol (VRRP)
  • Unified In-Service Software Upgrade (ISSU)
  • Ethernet Ring Protection (ERP)

Demonstrate knowledge of how to configure and monitor high availability component

  • LAG, MC-LAG
  • Additional basic options
  • GR, GRES, NSR and NSB
  • VRRP
  • ISSU