Studying for the JNCIS-SEC may take you places you didn’t expect
Jul 31, 2013
This is a guest blog post. Views expressed in this post are original thoughts posted by Glen Kemp, Enterprise Solutions Architect at SecureData Europe. These views are his own and in no way do they represent the views of the company he works for.
When I first started to look at the Juniper Networks SRX platform, as a ScreenOSbigot I regarded it with the same suspicion of a cat discovering suitcases in the hallway. Recently I’ve been working with the product more and it was time to test my mettle with the JNCIS-SEC exam. As is the norm, I didn’t have the amount of study or lab time that I would have liked, but I made sure that I at least covered the parts which I considered myself to be weaker on.
Another Look at NAT
Network Address Translation (NAT) in particular has changed quite significantly since ScreenOS; however it was during the study that it finally clicked in my head. Pretty much everything within Junos is policy driven; including NAT. In ScreenOS a single NAT is a single command; with Junos you need a couple of policy statements, which can seem a bit over complex at first sight. It dawned on me that the “SRX way” is actually more scalable and flexible; ScreenOS requires one command per NAT but with Junos multiple NATs can be achieved in a single policy. For anything other than a tiny environment this makes the Junos platform much easier to manage and scale. It was only the rigours of the study process which brought this to my attention.
My primary source of study material was the official Juniper Fast track study guides (login required). These free guides have all the exam objectives condensed into a few hundred pages. Whilst they do not contain the answers in a literal sense, they do cover all the areas you are expected to understand. Certainly there was nothing in the exam which wasn’t at least mentioned in the study guides. The guides however are not exhaustive and (rightly in my view) only provide limited examples. If you are struggling with a specific concept it would be sensible to widen your research; I’d recommend the excellent Juniper Networks SRX Series book to fill in any gaps.
What helped an old “Screenie” like me is how many SRX concepts are lifted directly from the ScreenOS platforms. In several cases where I was unsure of the answer, the maxim “If in doubt; assume the ScreenOS position” pointed me to the correct solution. What did catch me out was the IPSEC/VPN portion of the test; a topic I’d considered myself expert and therefore not studied in any detail. This was nearly my undoing and I dropped a lot of points.
The final result for my was a healthy pass; in fact given the relatively limited amount of study I am very pleased with the result. I employed no special tricks and took no shortcuts, just plodded through the recommend material at my own pace. Given its quality, perhaps the result shouldn’t be a surprise.
My original intention was to return to the Enterprise Routing and Switching track, but my “not-as-impossible as I thought would be” success with the Security track has me now seriously eyeing the JNCIP-SEC. The “Professional” track of course is also the pre-curser to the coveted (and of course much harder) JNCIE-SEC, but forgive me for crossing that bridge when I come to it.