A great way to start the Juniper Networks Certified Specialist FWV (JNCIS-FWV) preparation is to begin by properly appreciating the role that syllabus and study guide play in the Juniper JN0-533 certification exam. This study guide is an instrument to get you on the same page with Juniper and understand the nature of the Juniper JNCIS FWV exam.
Our team of experts has composed this Juniper JN0-533 exam preparation guide to provide the overview about Juniper FWV Specialist exam, study material, sample questions, practice exam and ways to interpret the exam objectives to help you assess your readiness for the Juniper JNCIS-FWV exam by identifying prerequisite areas of knowledge. We recommend you to refer the simulation questions and practice test listed in this guide to determine what type of questions will be asked and the level of difficulty that could be tested in the Juniper JNCIS FWV certification exam.
Juniper JN0-533 Exam Overview:
Exam Name
|
FWV Specialist |
Exam Number | JN0-533 JNCIS-FWV |
Exam Price | $300 USD |
Duration | 90 minutes |
Number of Questions | 70 |
Passing Score | Variable (60-70% Approx.) |
Recommended Training |
Configuring Juniper Networks Firewall/IPSec VPN Products Integrating Juniper Networks Firewalls and VPNs into High-Performance Networks Advanced Juniper Networks IPSec VPN Implementations Attack Prevention with Juniper Networks Firewalls |
Exam Registration | PEARSON VUE |
Sample Questions | Juniper JN0-533 Sample Questions |
Practice Exam | Juniper Networks Certified Specialist FWV Practice Test |
Juniper JN0-533 Exam Topics:
Section | Objectives |
---|---|
System Setup and Initial Configuration |
Identify the concepts and components of ScreenOS software
- Security architecture components
- Packet flow and decision process
- IPv6 packet handling
- ScreenOS firewall/VPN product lines
- System components
Demonstrate knowledge of how to configure basic elements of ScreenOS software
- Interfaces
- Zones
- Management access and services
- User accounts and authentication
- Administrative lockout options
- DNS configuration
- NTP configuration
Describe how to configure and monitor interfaces
- VLANs, aggregated Ethernet
- Management interface
- Bridge Group
- Tunnel interfaces
- Loopback interface
- Interface modes
- Redundant Ethernet
Identify the concepts and functionality of virtual systems (vsys)
- vsys interfaces and zones
- Inter-vsys routing
- Profiles
- Inter-vsys routing
|
Layer 3 Operations |
Identify the concepts and functionality of Layer 3 operations (IPv4 and IPv6)
- Routing lookup flow
- Virtual routers
- Static and default routing
- Dynamic routing - RIP, OSPF, BGP
- Considerations for routing over VPNs
- Route optimization and aggregation
- Route redistribution; access lists and route maps
- Source-based vs. policy-based routing
- IPv6 modes
Demonstrate knowledge of how to configure, monitor and troubleshoot Layer 3 operations (IPv4 and IPv6)
- Zones
- Interfaces
- IP addressing
- Virtual router
- Static/default routes, including floating static routes
- RIP
- OSPF
- BGP
- Redistribution
- Access lists and route maps
- Source-based and policy-based routing
- Layer 3 verification
- Layer 3 troubleshooting - get vrouter, debug, flow filter, session table
|
Security Policies |
Identify the concepts and functionality of security policies
- Zones and policies
- Policy components
- Policy options
- Policy ordering
- Policy scheduling
- Global policies
- Multicell policies
- Address books
- Policing and guaranteed bandwidth
- Services
Demonstrate knowledge of how to configure, monitor and troubleshoot security policies
- Address books and address groups
- Services and service groups
- Policy verification
- Policy troubleshooting - debug, get session
|
NAT |
Identify the concepts and functionality of NAT
- Interface-based vs. policy-based NAT
- NAT type usage
- Source NAT (NAT-src)
- Dynamic IP addresses (DIP)
- Destination NAT (NAT-dst)
- Virtual IP addresses (VIP)
- Mapped IP addresses (MIP)
- Precedence
Demonstrate knowledge of how to configure, monitor and troubleshoot NAT
- Policy-based NAT
- Dynamic IP addresses (DIP)
- Reachability/Routing
- VIP and MIP
- NAT verification
- NAT troubleshooting - debug, get session, and traffic logs
|
IPsec VPNs |
Identify the concepts and functionality of IPsec VPNs
- Secure VPN characteristics and components
- Encapsulating Security Payload (ESP)
- Authentication Header (AH)
- IPsec tunnel establishment - Internet Key Exchange (IKE)
- Hub-and-spoke IPsec VPNs
- Policy-based vs. route-based IPsec VPNs
- Next-hop tunnel binding (NHTB)
- Next Hop Resolution Protocol (NHRP)
- Fixed vs. dynamic peers
- Tunnel interfaces
- Preshared keys
- VPN Monitor
Demonstrate knowledge of how to configure, monitor and troubleshoot IPsec VPNs
- Interfaces
- Objects
- IKE
- Policy
- Routing
- VPN Monitor
- IPsec VPN verification
- IPsec VPN troubleshooting - system/event log, debug, get ike, get sa
|
High Availability |
Identify the concepts and requirements for high availability (HA) in a ScreenOS firewall/VPN environment
- NetScreen Redundancy Protocol (NSRP) characteristics
- NSRP modes; usage guidelines
- Links, ports and zones
- Virtual security device (VSD), virtual security interfaces (VSI) and VSD groups
- VSD states
- Run-time objects (RTOs)
- HA probes
- Failover tuning
- IP tracking
- Virtual Router Redundancy Protocol (VRRP)
- Redundant interfaces
- Links between the firewalls
- Redundant VPN gateways
Demonstrate knowledge of how to configure, monitor and troubleshoot HA
- HA link
- Cluster settings
- Interfaces
- VSD settings
- RTO synchronization
- Tracking and monitoring
- Redundant interface
- HA verification
- HA monitoring for VPNs - IKE heartbeats, dead peer detection
- HA troubleshooting - debug, get interface, get nsrp stats
|
Attack Prevention |
Describe the purpose, configuration and operation of Screens
- Attack types and phases
- Screen options
- Best practices
- Configuration, verification and troubleshooting
Describe the purpose, configuration and operation of deep inspection (DI)
- Attack object database
- Custom attack objects
- Signature database update methods
- DI policies and actions
- Licensing
- Configuration, verification and troubleshooting
Describe the purpose, configuration and operation of Unified Threat Management (UTM)
- Antispam profiles
- Actions
- Spam block list (SBL)
- Antivirus scanning methods and options
- Antivirus flow process
- Licensing
- Web filtering features and solutions
- Data flow
- Search order
- White lists, black lists and categories
- Configuration, verification and troubleshooting
|
System Administration, Management and Monitoring |
Demonstrate knowledge of how to manage and monitor a ScreenOS firewall/VPN environment
- File management
- Password recovery
- Licensing
- Logs
- Syslog
- SNMP
- Alarms
- Counters
|
Juniper JNCIS-FWV Exam Description:
Designed for experienced networking professionals with intermediate knowledge of Juniper Firewall/VPN Series products and ScreenOS software, this written exam verifies the candidate’s understanding of security and routing technologies, and related platform configuration and troubleshooting skills.