Thursday, December 29, 2016

JN0-633 Security, Professional (JNCIP-SEC) Exam

JN0-633 Security, Professional (JNCIP-SEC) Exam

Application-Aware Security Services
Describe the concepts, operation and functionality of AppSecure
AppSecure traffic processing
AppID
AppTrack
User FW
SSL proxy
AppFW
AppQoS
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot the various AppSecure modules

Virtualization
Describe the concepts, operation and functionality of various virtualization components on SRX Series Services Gateways
Routing instances
RIB groups
Routing between instances
Logical systems (LSYS)
Intra-LSYS and Inter-LSYS communication
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot the various elements of virtualization
Given a scenario, describe and implement filter-based forwarding (FBF)

Advanced NAT
Describe the concepts, operation and functionality of various types of NAT
NAT traffic processing
Destination NAT
Source NAT
Persistent NAT
Static NAT
Double NAT
NAT traversal
DNS doctoring
IPv6 NAT (Carrier-grade NAT) - NAT64, NAT46, NAT444, DS-Lite
Routing
NAT and FBF
NAT and security policy
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot advanced NAT implementations

Advanced IPSec VPNs
Describe the concepts, operation and functionality of various IPSec VPN implementations
IPSec traffic processing
Site-to-site VPNs
Hub-and-spoke VPNs
Group VPNs
Dynamic VPNs
Routing over VPNs
VPNs and NAT
Public key infrastructure (PKI) for IPSec VPNs
Traffic Selectors
VPNs and dynamic gateways
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot advanced IPSec VPN implementations

Intrusion Prevention
Describe the concepts, operation and functionality of Junos Intrusion Prevention System (IPS) for SRX Series Services Gateways
IPS packet inspection process
IPS rules and rulebases
Signature-based attack detection
Reconnaissance scans and fingerprinting
Flooding, attacks and spoofing
Describe how to perform setup and initial configuration for SRX Series Services Gateways with IPS functionality
IPS deployment options and considerations
Network settings
Attack database
Given a scenario, demonstrate knowledge of how to configure mechanisms to detect and protect against scans and attacks
Custom signatures
Scan prevention

Transparent Mode
Describe the concepts, operation and functionality of various transparent mode implementations
High Availability
VLAN translation
Layer 2 security
IRB
Bridge groups
Spanning tree traffic processing
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot transparent mode implementations

Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot Junos OS security issues
Flow analysis
SNMP
show commands
Logging and syslog
Tracing, including flow traceoptions
Policy flow
Packet capture


QUESTION 1
Which AppSecure module provides Quality of Service?

A. AppTrack
B. AppFW
C. AppID
D. AppQoS

Answer: D

QUESTION 2
You are asked to configure your SRX Series device to support IDP SSL inspections for up to 6,000 concurrent HTTP sessions to a server within your network.
Which two statements are true in this scenario? (Choose two.)

A. You must add at least one PKI certificate.
B. Junos does not support more than 5000 sessions in this scenario.
C. You must enable SSL decoding.
D. You must enable SSL inspection.

Answer: C,D

QUESTION 3
You are troubleshooting an SRX240 acting as a NAT translator for transit traffic. Traffic is dropping at the SRX240 in your network.Which three tools would you use to troubleshoot the issue? (Choose three.)

A. security flow traceoptions
B. monitor interface traffic
C. show security flow session
D. monitor traffic interface
E. debug flow basic

Answer: A,B,C
Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB16110

QUESTION 4
You are asked to establish a baseline for your company's network traffic to determine the bandwidth usage per application. You want to undertake this task on the central SRX device that connects all segments together.What are two ways to accomplish this goal? (Choose two.)

A. Configure a mirror port on the SRX device to capture all traffic on a data collection server for further investigation.
B. Use interface packet counters for all permitted and denied traffic and calculate the values using Junos scripts.
C. Send SNMP traps with bandwidth usage to a central SNMP server.
D. Enable AppTrack on the SRX device and configure a remote syslog server to receive AppTrack messages.

Answer: A,D

Explanation:
AppTrack is used for visibility for application usage and bandwidth
Reference:http://www.juniper.net/us/en/local/pdf/datasheets/1000327-en.pdf





Posted by at No comments:
Labels: , , , , , , ,

Monday, December 26, 2016

JPR-932 Juniper Networks Certified Internet Expert-SEC (JNCIE-SEC)

JNCIE-SEC Exam Objectives (Exam: JPR-932)

Infrastructure Concepts
Security Forwarding Options
Packet-based
MPLS
inet6
Flow-Based
inet6
Security Zones
Configure security zones
Device Management
User accounts
System services

High Availability
HA Clustering
Active-active
Active-passive
Reth interfaces
Link aggregation
Control and data plane
Dual fabric links
Redundancy groups

Firewall Policies
Security Polices
Policy configuration
Advanced policy options
Schedulers
ALGs
Authorization
Bypass flow forwarding
Logging
Data and control plane logs
Forward logs to the RE
Send logs to external collectors
UTM
Anti-virus
Web filtering

IPSec VPNs
Implementation of IPSec VPNs
Multipoint tunnels
Policy-based VPNs
Route-based VPNs
Traffic selectors
Proxy ID
Traceoptions
Dual and backup tunnels
On-demand tunnels
DRP over a tunnel
Dynamic VPNs
Certificate-based VPNs
PKI
Interoperability with 3rd party devices

NAT
Implementation of NAT
Source NAT
Destination NAT
Static NAT
NAT64
Implementation of NAT with IPSec
Overlapping IPs between sites

Advanced Security Services
AppSecure
AppTrack
AppFW
AppQoS
AppDoS
Application Identification
User Firewall
SSL Forward Proxy
Integration with IPS
IDP
Logs
Custom polices
Automatic updates
L3/L4/L7 DoS
Stateless filters
Screens
Flow options
App DDos
Active Directory Integration

IGPs
OSPF
Multi-area OSPF topologies
Filter and summarize routes
Network and link types
Route selection process
Redistribution
IPv6

BGP
Implementation
Routing policy
Route selection
IPv6

Protocol-Independent Routing
Filter-based Forwarding
Based on Layer 4
Based on IFL
Configuring Routes
Aggregate
Static
Generated
Policies

Extended Implementation Concepts
Transparent mode
Configure transparent mode


Posted by at No comments:
Labels: , , , , , , ,

Tuesday, December 13, 2016

JN0-694 Enterprise Routing and Switching Support, Professional (JNCSP-ENT)

JNCSP-ENT Exam Objectives (Exam: JN0-694)

IGP Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot OSPFv2 and OSPFv3 issues on Junos devices
Routing issues
Neighbor/adjacency issues
Configuration issues

BGP Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot BGP issues on Junos devices
Peering issues
Routing issues
Next hop resolution issues
Configuration issues

Routing Policy Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot routing policy issues on Junos devices
Forwarding table policy issues
Routing instance issues
IGP policy issues
BGP policy issues
Configuration issues

Layer 2 Switching Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot Spanning Tree issues on Junos devices
STP
RSTP
MSTP
VSTP
Configuration issues
Given a scenario, demonstrate knowledge of how to troubleshoot other Layer 2 switching and High Availability issues on Junos devices
VLAN issues
Q-in-Q tunneling and L2PT issues
Layer 2 port security issues
Authentication and access control issues
Virtual chassis
Configuration issues

Multicast Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot multicast issues on Junos devices
RP issues
SPT issues
PIM issues
IGMP issues
Configuration issues

Class of Service (CoS) Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot CoS issues
Classification and rewrite issues
Policer issues
Queuing/scheduling issues
Packet drop issues
Configuration issues


QUESTION 1
You are implementing Q-in-Q tunneling on an EX Series switch. You want the tunnel to support all
C-VLANs; however, only some VLANs are able to send traffic across the tunnel. Switch-1 has the
following configuration:
[edit vlans]
user@Switch-1# show
v100 {
vlan-id 100;
interface {
ge-0/0/0.10;
ge-0/0/1.20;
}
dot1q-tunneling {
customer-vlans [ ];
}
}
What would solve this problem?

A. Add family ethernet-switching to the tunnel-side interface on Switch-1.
B. Implement RSTP.
C. Q-in-Q tunneling will not work in this scenario; use a Layer 2 VPN instead.
D. Remove the customer-vlans statement.

Answer: C

Explanation:

QUESTION 2
You are troubleshooting a problem where an OSPF adjacency between two neighboring routers will not form.
What are two reasons for this problem? (Choose two.)

A. One or both of the connected interfaces are missing the family inet statement.
B. One or both of the connected interfaces are missing the family iso statement.
C. The connected interfaces are not on the same subnet.
D. Another IGP is running on one or both of the routers, overriding OSPF.

Answer: B,D

Explanation:

QUESTION 3
Your Junos device is dropping certain traffic flows, while allowing other traffic flows to pass through the device unaffected.
Which CoS component is causing this problem?

A. BA classification
B. RED
C. MF classification
D. Rewrite rules

Answer: D

Explanation:

QUESTION 4
Two neighboring routers are able to form an OSPF adjacency, but are not able to establish an IBGP neighborship.
What are two reasons for the IBGP neighborship problem? (Choose two.)

A. One of the devices has a misconfigured BGP peer address.
B. One or both of the connected interfaces are missing the family iso statement.
C. OSPF has a lower route preference than BGP.
D. A firewall filter on one of the interfaces is blocking TCP traffic.

Answer: B,C

Explanation:

Posted by at No comments:
Labels: , , , , , , ,

Sunday, December 11, 2016

JN0-1300 Juniper Networks Certified Design Specialist, Data Center (JNCDS-DC)

JNCDS-DC Exam Objectives (Exam: JN0-1300)

Data Center Considerations
Describe the concepts of Data Center Design
Physical considerations including placement, cabling, power, heating and cooling
Access switch placement
Traditional multi-tiered design
Data Center monitoring
Data Center Support and Serviceability

Ethernet Fabric Architectures
Describe the design consideration of Data Center Ethernet Fabric Architectures
Virtual Chassis
Virtual Chassis Fabric
Qfabric
Fusion

IP Fabric Architecture
Describe the design considerations of a Data Center IP Fabric
Clos Layer 3 overlay networking
Clos Layer 3 control plane options
Clos Layer 3 BGP design

Data Center Interconnect
Describe the design considerations for interconnecting Data Centers
CCC
Layer 3 VPNs
Pseudowire connections
VPLS
EVPN
VXLAN

Data Center Security
Describe the design consideration for securing the Data Center
Micro-perimeterization
Micro-segmentation
Virtual routers
Firewalls
Security automation
Device sprawl
Data classification
Risk management

Virtualization in the Data Center
Describe the design considerations for virtualization in the Data Center
NFV
ETSI standards
Virtualization security
SDN

Traffic Engineering in the Data Center
Describe the design considerations for traffic shaping in the Data Center
QoS
CoS
DCBX

High Availability in the Data Center
Describe the design considerations for high availability in the data center
Business continuity
Device-level high availability features
Intra-DC high availability
Inter-DC high availability

QUESTION 1
What are two valid types of software-defined networking architectures? (Choose two.)

A. hardware-based
B. controller-based
C. policy-based
D. actuation-based

Answer: B,C

Explanation:

QUESTION 2
Your customer wants to implement better quality of service for multiple mission critical
applications.
How many bits of the Differentiated Services (DiffServ) field of a packet would be used as codepoints
to achieve this goal?

A. eight
B. two
C. six
D. ten

Answer: C

Explanation:

QUESTION 3
The Junos Fusion architecture is comprised of which two components? (Choose two.)

A. interconnect devices
B. satellite devices
C. node devices
D. aggregation devices

Answer: B,D

Explanation:
The Junos Fusion architecture consists of two major components: “Aggregation” devices and
“Satellite” devices, which Juniper also calls Linux Forwarding Engines (LFEs). These components
work together as a single switching system,flattening the network to a single tier without
compromising resiliency.
Reference: https://www.juniper.net/assets/us/en/local/pdf/whitepapers/2000610-en.pdf

QUESTION 4
Which control plane protocol does EVPN use for MAC address mobility?

A. VPLS
B. STP
C. MP-BGP
D. E-LAN

Answer: A

Explanation:
Posted by at No comments:
Labels: , , , , , , ,

Tuesday, December 6, 2016

JN0-380 Wireless LAN, Specialist (JNCIS-WLAN)

JNCIS-WLAN Exam Objectives (Exam: JN0-380)

Wireless LAN Overview
Identify concepts, general features and functionality of the Juniper Networks wireless LAN product line
WLAN standards
WLC protocols
WLAN authentication, authorization and encryption
Hardware - APs, controllers, servers
Software - RingMaster
Licensing

Planning
Describe the elements of coverage area model and requirements
RF environment
Device requirements
Site visit
Describe the elements of predictive planning with RingMaster
AutoCAD file requirements
Site creation
Area planning
Identify various other planning parameters
Sites, buildings and floors
Coverage areas
RF obstacles
APs
Redundancy options
Data and VoIP capacity options

Initial Setup and Installation
Identify wireless LAN hardware, software and licensing requirements
WLAN controllers (WLCs)
RingMaster
Demonstrate knowledge of how to perform setup and initial installation of Juniper Networks wireless LAN hardware and software
AP boot and configuration options
WLC configuration using QuickStart and RingMaster
RingMaster installation and setup

Deployment and Configuration
Describe the elements of planning and data gathering for a deployment project
Data forwarding models
Centralized vs. distributed controllers
Capacity planning and bandwidth considerations
Redundancy planning
Coverage details
Network details
Site visit
Demonstrate knowledge of how to implement services for the Juniper Networks wireless LAN
Service types and characteristics
Radio profile
Service profile
AAA server definitions
Network access rules
Service mapping

Domains and High Availability
Describe the concepts, benefits and operation of domains and high availability
Mobility Domain seed
Synchronization
Redundancy and interleaving
Security
Clustering guidelines
Cluster AP affinity groups
Demonstrate knowledge of how to configure and monitor domains and high availability
Mobility Domain
Clusters
Network Domain

Architecture
Describe various architecture considerations for a Juniper Networks wireless LAN environment
Voice support - SIP recognition, call admission control, QoS
Mesh services - mesh APs, wireless bridging
Spectrum analysis
Remote AP
Client load balancing
Bandwidth control
NAT/PAT implementation options
Advanced RADIUS implementation
Location detection
VLAN pooling
High-latency network support
Adaptive channel (Auto-tune enhancements)
Transmit beam-forming
IPv6 support

Wireless LAN Services
Describe the concepts, operation and functionality of various wireless LAN services
Open, 802.1x, Web Portal, voice, and mesh concepts and characteristics
Services configuration options
Describe and configure 802.1x options
Pass through mode vs offload mode
EAP Protocols
Describe and configure Web portal options
Local vs external Web portal configuration
Certificate and encryption options

Security
Describe the steps and components for securing a WLAN
Threat evaluation
Access control
Securing and separating services
Client protection
Intrusion detection and protection systems (IDS/IPS)
802.1x
Certificates

Management and Reporting
Demonstrate knowledge of how to manage a Juniper Networks wireless LAN environment
RingMaster server and client
WLCs
Hardware upgrades
System recovery
Configuration management (backup and restore)
Demonstrate knowledge of how to implement RingMaster reporting
Report definition and generation
Scheduling

Integration
Describe how the WLS can integrate with other network technologies
RADIUS
DHCP options
LDAP
Snoop
DNS for APs and WLCs

Monitoring and Troubleshooting
Demonstrate knowledge of how to monitor the Juniper Networks wireless LAN environment
SNMP
Polling
Dashboard
System status
Clients
Traffic
Alarms
Security
Event log
Demonstrate knowledge of how to troubleshoot the Juniper Networks wireless LAN environment
Troubleshooting process and flow
Network troubleshooting tools
Trace messages
MSS commands
AP issues
Client issues
Controller issues
Configuration issues
RingMaster issues
Network integration issues
Services issues
Clustering issues
QUESTION 1
Which RingMaster license is needed to enable the RingMaster API?

A. base license
B. USM license
C. Agent license
D. AP license

Answer: C

Explanation:

QUESTION 2
A small business is using Radio Frequency (RF) planning to establish and limit the number of
access points (APs) needed for a coverage area. The company is trying to decide what to use for
the baseline association rate for clients to connect to the access points.
Which two statements are correct? (Choose two.)

A. A baseline association rate of 54 Mbps requires more APs than a baseline association rate of
18 Mbps.
B. A baseline association rate of 18 Mbps requires more APs than a baseline association rate of
54 Mbps.
C. A baseline association rate of 54 Mbps requires the client to be farther away from the AP to
reach the targeted rate.
D. A baseline association rate of 18 Mbps requires the client to be farther away from the AP to
reach the targeted rate.

Answer: A,D

Explanation:

QUESTION 3
You are using the RF Planning tool in RingMaster to configure a data capacity plan for a client.
Which three settings are required on the Data Capacity Options page? (Choose three.)

A. AP authentication mode
B. Per Station Throughput
C. Expected Station Count
D. Coverage Area
E. Station Oversubscription Ratio

Answer: B,C,E

Explanation:

QUESTION 4
Multiple users are complaining that their wireless connections are not working.
Which RingMaster screen would the administrator use for troubleshooting?

A. Alarms
B. Clients
C. Monitor
D. Verification

Answer: C

Explanation:

QUESTION 5
A network administrator must perform a software upgrade of a factory-default wireless LAN
controller (WLC) using the CLI.
Which three actions are required? (Choose three.)

A. Set the inactive boot partition to the active boot partition.
B. Add an upgraded license for the new image.
C. Copy the new image to the inactive boot partition using TFTP.
D. Reboot the controller.
E. Upgrade the connected access points (APs) before upgrading the controller.

Answer: A,C,D

Explanation:
Posted by at No comments:
Labels: , , , , , , ,

Thursday, December 1, 2016

JN0-343 Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)

JN0-332 NCIS-SEC Exam Objectives

Junos Security Overview
Identify concepts, general features and functionality of Junos OS security
Junos security architecture
Branch vs. high-end platforms
Major hardware components of SRX Series services gateways
Packet flow
Packet-based vs. session-based forwarding

Zones
Identify concepts, benefits and operation of zones
Zone types
Dependencies
Host inbound packet behavior
Transit packet behavior
Demonstrate knowledge of how to configure, monitor and troubleshoot zones
Zone configuration steps
Hierarchy priority (Inheritance)
Monitoring and troubleshooting

Security Policies
Identify the concepts, benefits and operation of security policies
Policy types (default policy)
Policy components
Policy ordering
Host inbound traffic examination
Transit traffic examination
Scheduling
Rematching
ALGs
Address books
Applications
Demonstrate knowledge of how to configure, monitor and troubleshoot security policies
Policies
ALGs
Address books
Custom applications
Monitoring and troubleshooting

Firewall User Authentication
Describe the concepts, benefits and operation of firewall user authentication
User Firewall
User authentication types
Authentication server support
Client groups

Screens
Identify the concepts, benefits and operation of Screens
Attack types and phases
Screen options
Demonstrate knowledge of how to configure, monitor and troubleshoot Screens
Screen configuration steps
Monitoring and troubleshooting

NAT
Identify the concepts, benefits and operation of NAT
NAT types
NAT/PAT processing
Address persistence
NAT proxy ARP
Configuration guidelines
Demonstrate knowledge of how to configure, monitor and troubleshoot NAT
NAT configuration steps
Monitoring and troubleshooting

IPSec VPNs
Identify the concepts, benefits and operation of IPSec VPNs
Secure VPN characteristics and components
IPSec tunnel establishment
IPSec traffic processing
Junos OS IPSec implementation options
Demonstrate knowledge of how to configure, monitor and troubleshoot IPSec VPNs
IPSec VPN configuration steps
Monitoring and troubleshooting

High Availability (HA) Clustering
Identify the concepts, benefits and operation of HA
HA features and characteristics
Deployment requirements and considerations
Chassis cluster characteristics and operation
Cluster modes
Cluster and node IDs
Redundancy groups
Cluster interfaces
Real-time objects
State synchronization
Ethernet switching considerations
IPSec considerations
Manual failover
Demonstrate knowledge of how to configure, monitor and troubleshoot clustering
Cluster preparation
Cluster configuration steps
Monitoring and troubleshooting

Unified Threat Management (UTM)
Identify concepts, general features and functionality of UTM
Packet flow and processing
Design considerations
Policy flow
Platform support
Licensing
Describe the purpose, configuration and operation of antispam filtering
Methods
Whitelists vs. blacklists
Order of operations
Traffic examination
Configuration steps using the CLI
Monitoring and troubleshooting
Describe the purpose, configuration and operation of antivirus protection
Scanning methods
Antivirus flow process
Scanning options and actions
Configuration steps using the CLI
Monitoring and troubleshooting
Describe the concepts, benefits and operation of content and Web filtering
Filtering features and solutions
Configuration steps using the CLI
Monitoring and troubleshooting
QUESTION 1
Which type of Web filtering by default builds a cache of server actions associated with each URL it
has checked?

A. Websense Redirect Web filtering
B. integrated Web filtering
C. local Web filtering
D. enhanced Web filtering

Answer: B

Explanation:

QUESTION 2
Which security or functional zone name has special significance to the Junos OS?

A. self
B. trust
C. untrust
D. junos-global

Answer: D

Explanation:

QUESTION 3
Which command do you use to display the status of an antivirus database update?

A. show security utm anti-virus status
B. show security anti-virus database status
C. show security utm anti-virus database
D. show security utm anti-virus update

Answer: A

Explanation:
QUESTION 4
Which zone is system-defined?

A. security
B. functional
C. junos-global
D. management

Answer: C

Explanation:

QUESTION 5
You want to allow your device to establish OSPF adjacencies with a neighboring device connected
to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone. Under which
configuration hierarchy must you permit OSPF traffic?

A. [edit security policies from-zone HR to-zone HR]
B. [edit security zones functional-zone management protocols]
C. [edit security zones protocol-zone HR host-inbound-traffic]
D. [edit security zones security-zone HR host-inbound-traffic protocols]

Answer: D

Explanation:
Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)