Thursday, December 29, 2016

JN0-633 Security, Professional (JNCIP-SEC) Exam

JN0-633 Security, Professional (JNCIP-SEC) Exam

Application-Aware Security Services
Describe the concepts, operation and functionality of AppSecure
AppSecure traffic processing
AppID
AppTrack
User FW
SSL proxy
AppFW
AppQoS
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot the various AppSecure modules

Virtualization
Describe the concepts, operation and functionality of various virtualization components on SRX Series Services Gateways
Routing instances
RIB groups
Routing between instances
Logical systems (LSYS)
Intra-LSYS and Inter-LSYS communication
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot the various elements of virtualization
Given a scenario, describe and implement filter-based forwarding (FBF)

Advanced NAT
Describe the concepts, operation and functionality of various types of NAT
NAT traffic processing
Destination NAT
Source NAT
Persistent NAT
Static NAT
Double NAT
NAT traversal
DNS doctoring
IPv6 NAT (Carrier-grade NAT) - NAT64, NAT46, NAT444, DS-Lite
Routing
NAT and FBF
NAT and security policy
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot advanced NAT implementations

Advanced IPSec VPNs
Describe the concepts, operation and functionality of various IPSec VPN implementations
IPSec traffic processing
Site-to-site VPNs
Hub-and-spoke VPNs
Group VPNs
Dynamic VPNs
Routing over VPNs
VPNs and NAT
Public key infrastructure (PKI) for IPSec VPNs
Traffic Selectors
VPNs and dynamic gateways
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot advanced IPSec VPN implementations

Intrusion Prevention
Describe the concepts, operation and functionality of Junos Intrusion Prevention System (IPS) for SRX Series Services Gateways
IPS packet inspection process
IPS rules and rulebases
Signature-based attack detection
Reconnaissance scans and fingerprinting
Flooding, attacks and spoofing
Describe how to perform setup and initial configuration for SRX Series Services Gateways with IPS functionality
IPS deployment options and considerations
Network settings
Attack database
Given a scenario, demonstrate knowledge of how to configure mechanisms to detect and protect against scans and attacks
Custom signatures
Scan prevention

Transparent Mode
Describe the concepts, operation and functionality of various transparent mode implementations
High Availability
VLAN translation
Layer 2 security
IRB
Bridge groups
Spanning tree traffic processing
Given a scenario, demonstrate knowledge of how to configure, monitor and troubleshoot transparent mode implementations

Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot Junos OS security issues
Flow analysis
SNMP
show commands
Logging and syslog
Tracing, including flow traceoptions
Policy flow
Packet capture


QUESTION 1
Which AppSecure module provides Quality of Service?

A. AppTrack
B. AppFW
C. AppID
D. AppQoS

Answer: D

QUESTION 2
You are asked to configure your SRX Series device to support IDP SSL inspections for up to 6,000 concurrent HTTP sessions to a server within your network.
Which two statements are true in this scenario? (Choose two.)

A. You must add at least one PKI certificate.
B. Junos does not support more than 5000 sessions in this scenario.
C. You must enable SSL decoding.
D. You must enable SSL inspection.

Answer: C,D

QUESTION 3
You are troubleshooting an SRX240 acting as a NAT translator for transit traffic. Traffic is dropping at the SRX240 in your network.Which three tools would you use to troubleshoot the issue? (Choose three.)

A. security flow traceoptions
B. monitor interface traffic
C. show security flow session
D. monitor traffic interface
E. debug flow basic

Answer: A,B,C
Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB16110

QUESTION 4
You are asked to establish a baseline for your company's network traffic to determine the bandwidth usage per application. You want to undertake this task on the central SRX device that connects all segments together.What are two ways to accomplish this goal? (Choose two.)

A. Configure a mirror port on the SRX device to capture all traffic on a data collection server for further investigation.
B. Use interface packet counters for all permitted and denied traffic and calculate the values using Junos scripts.
C. Send SNMP traps with bandwidth usage to a central SNMP server.
D. Enable AppTrack on the SRX device and configure a remote syslog server to receive AppTrack messages.

Answer: A,D

Explanation:
AppTrack is used for visibility for application usage and bandwidth
Reference:http://www.juniper.net/us/en/local/pdf/datasheets/1000327-en.pdf





Posted by at No comments:
Labels: , , , , , , ,

Monday, December 26, 2016

JPR-932 Juniper Networks Certified Internet Expert-SEC (JNCIE-SEC)

JNCIE-SEC Exam Objectives (Exam: JPR-932)

Infrastructure Concepts
Security Forwarding Options
Packet-based
MPLS
inet6
Flow-Based
inet6
Security Zones
Configure security zones
Device Management
User accounts
System services

High Availability
HA Clustering
Active-active
Active-passive
Reth interfaces
Link aggregation
Control and data plane
Dual fabric links
Redundancy groups

Firewall Policies
Security Polices
Policy configuration
Advanced policy options
Schedulers
ALGs
Authorization
Bypass flow forwarding
Logging
Data and control plane logs
Forward logs to the RE
Send logs to external collectors
UTM
Anti-virus
Web filtering

IPSec VPNs
Implementation of IPSec VPNs
Multipoint tunnels
Policy-based VPNs
Route-based VPNs
Traffic selectors
Proxy ID
Traceoptions
Dual and backup tunnels
On-demand tunnels
DRP over a tunnel
Dynamic VPNs
Certificate-based VPNs
PKI
Interoperability with 3rd party devices

NAT
Implementation of NAT
Source NAT
Destination NAT
Static NAT
NAT64
Implementation of NAT with IPSec
Overlapping IPs between sites

Advanced Security Services
AppSecure
AppTrack
AppFW
AppQoS
AppDoS
Application Identification
User Firewall
SSL Forward Proxy
Integration with IPS
IDP
Logs
Custom polices
Automatic updates
L3/L4/L7 DoS
Stateless filters
Screens
Flow options
App DDos
Active Directory Integration

IGPs
OSPF
Multi-area OSPF topologies
Filter and summarize routes
Network and link types
Route selection process
Redistribution
IPv6

BGP
Implementation
Routing policy
Route selection
IPv6

Protocol-Independent Routing
Filter-based Forwarding
Based on Layer 4
Based on IFL
Configuring Routes
Aggregate
Static
Generated
Policies

Extended Implementation Concepts
Transparent mode
Configure transparent mode


Posted by at No comments:
Labels: , , , , , , ,

Wednesday, December 21, 2016

JN0-1360 Juniper Networks Certified Design Specialist, WAN (JNCDS-WAN)

JNCDS-WAN Exam Objectives (Exam: JN0-1360)

WAN Connectivity
Describe the various methods of WAN connectivity
Public/Private/Managed
Service Provider connectivity
Service Provider hand-off methods
Service Provider MPLS services
Enterprise Internet transport
Enterprise Layer 2/Layer 3 handoff services
Enterprise private connections

Network Availability and Traffic Prioritization
Describe network availability concepts
Calculating availability
Physical redundancy
Logical redundancy
Fate sharing (e.g., high availability)
Capacity planning
Describe class of service concepts
Diffserv
CoS processing

Service Provider Core WAN Design
Describe the design considerations of a Service Provider's core WAN
Network segmentation
IGP design
BGP design
MPLS design

Service Provider Edge WAN Design
Describe the design considerations of a Service Provider's edge WAN
Layer 2 Services
Layer 3 services
Metro Ethernet
Subscriber services
Multicast services

Enterprise WAN
Describe the design considerations of an Enterprise WAN
Private WANs
Large Enterprise WAN design
SME WAN design

Data Center WAN
Describe the design considerations of a data center WAN
Gateway and fabric connectivity
L2 WAN extensions
EVPN
VXLAN

WAN Security
Describe the design considerations for security in the WAN
Platform security
BGP Flowspec
MACsec
IPsec
Subscriber access security

WAN Management
Describe the design considerations for WAN management
OOB management design
Junos Space management platform
Best practices

SDN in the WAN
Describe the design considerations of SDN in the WAN
SD-WAN (protocols, considerations, benefits)
Northstar
WANDL
Contrail Cloud CPE

Posted by at No comments:
Labels: , , , , , , ,

Thursday, December 15, 2016

JN0-690 Junos Troubleshooting

Junos Troubleshooting Exam Objectives (Exam: JN0-691)

Troubleshooting Methodology
Identify the elements to build a framework for approaching troubleshooting Junos devices
General troubleshooting methodology
Broad troubleshooting steps
Identify tools that can be used to troubleshoot Junos devices
CLI
Craft interface
Logging
Traceoptions
Real-time monitoring
Core files
Port mirroring
Identify tools that can be used for device and network monitoring
SNMP
RMON
Sampling

Chassis Monitoring and Troubleshooting
Identify the concepts, tools and features used to monitor and troubleshoot chassis-related components of Junos devices
Chassis
RE and PFE components
Fans and power supplies
System
Storage and file system
Boot media and start-up sequence
System software
Backups
Given a scenario, demonstrate knowledge of how to monitor and troubleshoot the chassis and core system components of Junos devices
show commands
Logging

Control Plane Monitoring and Troubleshooting
Identify the concepts, tools and features used to monitor and troubleshoot the control plane of Junos devices
System processes
User processes
ARP
RIB/FIB
Given a scenario, demonstrate knowledge of how to monitor and troubleshoot the control plane of Junos devices
show commands
clear commands
monitor commands
Logging
Traceoptions

Data Plane Monitoring and Troubleshooting
Identify the concepts, tools and features used to monitor and troubleshoot the data plane of Junos devices
PFE issues
Ethernet interfaces
MTU issues
Link flapping
Forwarding table issues
PFE load balancing
Local vs. transit traffic
Firewall filters and policers
Given a scenario, demonstrate knowledge of how to monitor and troubleshoot the data plane of Junos devices
request commands
show commands
monitor commands
clear commands
Loopback testing

Layer 2 and Layer 3 Protocol Monitoring and Troubleshooting
Identify the concepts, tools and features used to monitor and troubleshoot Layer 3 protocols on Junos devices
Routing table information
Routing loops
OSPF neighbors
OSPF adjacencies
BGP peering and peer groups
BGP neighbor states
Identify the concepts, tools and features used to monitor and troubleshoot Layer 2 protocols on Junos devices
VLAN’s
bridging concepts
xSTP protocols
switching table
Given a scenario, demonstrate knowledge of how to perform basic monitoring and troubleshooting of Layer 3 protocols on Junos devices
show commands
clear commands
Traceoptions
Given a scenario, demonstrate knowledge of how to perform basic monitoring and troubleshooting of Layer 2 protocols on Junos devices
show commands
clear commands
Traceoptions

High Availability (HA) Monitoring and Troubleshooting
Identify the concepts, tools and features used to monitor and troubleshoot HA components for Junos devices
Graceful Routing Engine switchover (GRES)
Graceful restart (GR)
Nonstop active routing/bridging
Virtual router redundancy protocol (VRRP)
Link aggregation groups (LAG)
Unified in-service software upgrade (ISSU)
Given a scenario, demonstrate knowledge of how to perform monitoring and troubleshooting of HA features on Junos devices
monitor commands
show commands
request commands
QUESTION 1
Which CLI command is used to restart a software process?

A. restart
B. reboot
C. commit
D. reload

Answer: A

Explanation: To restart a process one have to use restart , reboot is not even a
valid command.
Possible completions:
restart Restart software process

QUESTION 2
Which CLI command applies the candidate configuration to the active configuration?

A. load
B. merge
C. copy run start
D. commit

Answer: D

Explanation: Copy run start is a Cisco specific command and is nowhere to be found in Junos.
>commit Commit current set of changes

QUESTION 3
Which operational CLI command would you use to troubleshoot hardware-related problems?

A. show system
B. show chassis
C. show route
D. show cli

Answer: B

Explanation: Show route will only show you routing, show chassis will show you hardware related
information.
>show chassis ?
Possible completions:
alarms Show alarm status
cluster Show chassis cluster information
craft-interface Show craft interface status
environment Show component status and temperature, cooling system speeds
fan Show fan and fan tray information
firmware Show firmware and operating system version for components
forwarding Show forwarding process (fwdd) status
fpc Show Flexible PIC Concentrator status
hardware Show installed hardware components
location Show physical location of chassis
mac-addresses Show media access control addresses
pic Show Physical Interface Card state, type, and uptime
routing-engine Show Routing Engine status
temperature-thresholds Show chassis temperature threshold settings
usb Show chassis USB status

QUESTION 4
In the Junos OS, which type of file dumps the program’s environment in the form of memory
pointers, instructions, and register data to a file in the event of a panic or other serious
malfunction?

A. log file
B. backup file
C. configuration file
D. core file

Answer: D

Explanation: Junos will under a panic create a core-dump file, definitely not a backup file.
> show system core-dumps
/var/crash/*core*: No such file or directory
/var/tmp/*core*: No such file or directory
/var/tmp/pics/*core*: No such file or directory
/var/crash/kernel.*: No such file or directory
/tftpboot/corefiles/*core*: No such file or directory

QUESTION 5
Which operational CLI command would you use to display information about the system and
software processes?

A. show system
B. show chassis
C. show route
D. show cli

Answer: A

Explanation: Show route will only show you routing, show system will show you software related
information:
>show system ?
Possible completions:
alarms Show system alarm status
audit Show file system MD5 hash and permissions
auto-snapshot Show auto-snapshot status when system booted from alternate slice
autoinstallation Show autoinstallation information
autorecovery Show autorecovery information
boot-messages Show boot time messages
buffers Show buffer statistics
certificate Show installed X509 certificates
commit Show pending commit requests (if any) and commit history
configuration Show configuration information
connections Show system connection activity
core-dumps Show system core files
directory-usage Show local directory information
download Show status of downloads
firmware Show all firmware version information
health Show online diagnostic status
license Show feature licenses information
login Show system login state
memory Show system memory usage
processes Show system process table
queues Show queue statistics
reboot Show any pending halt or reboot requests
resource-cleanup Show resource cleanup information
rollback Show rolled back configuration
services Show service applications information
snapshot Show snapshot information
software Show loaded JUNOS extensions
statistics Show statistics for protocol
storage Show local storage data
threads Show system threads table
uptime Show time since system and processes started
users Show users who are currently logged in
virtual-memory Show kernel dynamic memory usage
Posted by at No comments:
Labels: , , , , , , ,

Tuesday, December 13, 2016

JN0-694 Enterprise Routing and Switching Support, Professional (JNCSP-ENT)

JNCSP-ENT Exam Objectives (Exam: JN0-694)

IGP Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot OSPFv2 and OSPFv3 issues on Junos devices
Routing issues
Neighbor/adjacency issues
Configuration issues

BGP Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot BGP issues on Junos devices
Peering issues
Routing issues
Next hop resolution issues
Configuration issues

Routing Policy Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot routing policy issues on Junos devices
Forwarding table policy issues
Routing instance issues
IGP policy issues
BGP policy issues
Configuration issues

Layer 2 Switching Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot Spanning Tree issues on Junos devices
STP
RSTP
MSTP
VSTP
Configuration issues
Given a scenario, demonstrate knowledge of how to troubleshoot other Layer 2 switching and High Availability issues on Junos devices
VLAN issues
Q-in-Q tunneling and L2PT issues
Layer 2 port security issues
Authentication and access control issues
Virtual chassis
Configuration issues

Multicast Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot multicast issues on Junos devices
RP issues
SPT issues
PIM issues
IGMP issues
Configuration issues

Class of Service (CoS) Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot CoS issues
Classification and rewrite issues
Policer issues
Queuing/scheduling issues
Packet drop issues
Configuration issues


QUESTION 1
You are implementing Q-in-Q tunneling on an EX Series switch. You want the tunnel to support all
C-VLANs; however, only some VLANs are able to send traffic across the tunnel. Switch-1 has the
following configuration:
[edit vlans]
user@Switch-1# show
v100 {
vlan-id 100;
interface {
ge-0/0/0.10;
ge-0/0/1.20;
}
dot1q-tunneling {
customer-vlans [ ];
}
}
What would solve this problem?

A. Add family ethernet-switching to the tunnel-side interface on Switch-1.
B. Implement RSTP.
C. Q-in-Q tunneling will not work in this scenario; use a Layer 2 VPN instead.
D. Remove the customer-vlans statement.

Answer: C

Explanation:

QUESTION 2
You are troubleshooting a problem where an OSPF adjacency between two neighboring routers will not form.
What are two reasons for this problem? (Choose two.)

A. One or both of the connected interfaces are missing the family inet statement.
B. One or both of the connected interfaces are missing the family iso statement.
C. The connected interfaces are not on the same subnet.
D. Another IGP is running on one or both of the routers, overriding OSPF.

Answer: B,D

Explanation:

QUESTION 3
Your Junos device is dropping certain traffic flows, while allowing other traffic flows to pass through the device unaffected.
Which CoS component is causing this problem?

A. BA classification
B. RED
C. MF classification
D. Rewrite rules

Answer: D

Explanation:

QUESTION 4
Two neighboring routers are able to form an OSPF adjacency, but are not able to establish an IBGP neighborship.
What are two reasons for the IBGP neighborship problem? (Choose two.)

A. One of the devices has a misconfigured BGP peer address.
B. One or both of the connected interfaces are missing the family iso statement.
C. OSPF has a lower route preference than BGP.
D. A firewall filter on one of the interfaces is blocking TCP traffic.

Answer: B,C

Explanation:

Posted by at No comments:
Labels: , , , , , , ,

Tuesday, December 6, 2016

JN0-380 Wireless LAN, Specialist (JNCIS-WLAN)

JNCIS-WLAN Exam Objectives (Exam: JN0-380)

Wireless LAN Overview
Identify concepts, general features and functionality of the Juniper Networks wireless LAN product line
WLAN standards
WLC protocols
WLAN authentication, authorization and encryption
Hardware - APs, controllers, servers
Software - RingMaster
Licensing

Planning
Describe the elements of coverage area model and requirements
RF environment
Device requirements
Site visit
Describe the elements of predictive planning with RingMaster
AutoCAD file requirements
Site creation
Area planning
Identify various other planning parameters
Sites, buildings and floors
Coverage areas
RF obstacles
APs
Redundancy options
Data and VoIP capacity options

Initial Setup and Installation
Identify wireless LAN hardware, software and licensing requirements
WLAN controllers (WLCs)
RingMaster
Demonstrate knowledge of how to perform setup and initial installation of Juniper Networks wireless LAN hardware and software
AP boot and configuration options
WLC configuration using QuickStart and RingMaster
RingMaster installation and setup

Deployment and Configuration
Describe the elements of planning and data gathering for a deployment project
Data forwarding models
Centralized vs. distributed controllers
Capacity planning and bandwidth considerations
Redundancy planning
Coverage details
Network details
Site visit
Demonstrate knowledge of how to implement services for the Juniper Networks wireless LAN
Service types and characteristics
Radio profile
Service profile
AAA server definitions
Network access rules
Service mapping

Domains and High Availability
Describe the concepts, benefits and operation of domains and high availability
Mobility Domain seed
Synchronization
Redundancy and interleaving
Security
Clustering guidelines
Cluster AP affinity groups
Demonstrate knowledge of how to configure and monitor domains and high availability
Mobility Domain
Clusters
Network Domain

Architecture
Describe various architecture considerations for a Juniper Networks wireless LAN environment
Voice support - SIP recognition, call admission control, QoS
Mesh services - mesh APs, wireless bridging
Spectrum analysis
Remote AP
Client load balancing
Bandwidth control
NAT/PAT implementation options
Advanced RADIUS implementation
Location detection
VLAN pooling
High-latency network support
Adaptive channel (Auto-tune enhancements)
Transmit beam-forming
IPv6 support

Wireless LAN Services
Describe the concepts, operation and functionality of various wireless LAN services
Open, 802.1x, Web Portal, voice, and mesh concepts and characteristics
Services configuration options
Describe and configure 802.1x options
Pass through mode vs offload mode
EAP Protocols
Describe and configure Web portal options
Local vs external Web portal configuration
Certificate and encryption options

Security
Describe the steps and components for securing a WLAN
Threat evaluation
Access control
Securing and separating services
Client protection
Intrusion detection and protection systems (IDS/IPS)
802.1x
Certificates

Management and Reporting
Demonstrate knowledge of how to manage a Juniper Networks wireless LAN environment
RingMaster server and client
WLCs
Hardware upgrades
System recovery
Configuration management (backup and restore)
Demonstrate knowledge of how to implement RingMaster reporting
Report definition and generation
Scheduling

Integration
Describe how the WLS can integrate with other network technologies
RADIUS
DHCP options
LDAP
Snoop
DNS for APs and WLCs

Monitoring and Troubleshooting
Demonstrate knowledge of how to monitor the Juniper Networks wireless LAN environment
SNMP
Polling
Dashboard
System status
Clients
Traffic
Alarms
Security
Event log
Demonstrate knowledge of how to troubleshoot the Juniper Networks wireless LAN environment
Troubleshooting process and flow
Network troubleshooting tools
Trace messages
MSS commands
AP issues
Client issues
Controller issues
Configuration issues
RingMaster issues
Network integration issues
Services issues
Clustering issues
QUESTION 1
Which RingMaster license is needed to enable the RingMaster API?

A. base license
B. USM license
C. Agent license
D. AP license

Answer: C

Explanation:

QUESTION 2
A small business is using Radio Frequency (RF) planning to establish and limit the number of
access points (APs) needed for a coverage area. The company is trying to decide what to use for
the baseline association rate for clients to connect to the access points.
Which two statements are correct? (Choose two.)

A. A baseline association rate of 54 Mbps requires more APs than a baseline association rate of
18 Mbps.
B. A baseline association rate of 18 Mbps requires more APs than a baseline association rate of
54 Mbps.
C. A baseline association rate of 54 Mbps requires the client to be farther away from the AP to
reach the targeted rate.
D. A baseline association rate of 18 Mbps requires the client to be farther away from the AP to
reach the targeted rate.

Answer: A,D

Explanation:

QUESTION 3
You are using the RF Planning tool in RingMaster to configure a data capacity plan for a client.
Which three settings are required on the Data Capacity Options page? (Choose three.)

A. AP authentication mode
B. Per Station Throughput
C. Expected Station Count
D. Coverage Area
E. Station Oversubscription Ratio

Answer: B,C,E

Explanation:

QUESTION 4
Multiple users are complaining that their wireless connections are not working.
Which RingMaster screen would the administrator use for troubleshooting?

A. Alarms
B. Clients
C. Monitor
D. Verification

Answer: C

Explanation:

QUESTION 5
A network administrator must perform a software upgrade of a factory-default wireless LAN
controller (WLC) using the CLI.
Which three actions are required? (Choose three.)

A. Set the inactive boot partition to the active boot partition.
B. Add an upgraded license for the new image.
C. Copy the new image to the inactive boot partition using TFTP.
D. Reboot the controller.
E. Upgrade the connected access points (APs) before upgrading the controller.

Answer: A,C,D

Explanation:
Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)