JNCIS-Sec Done

Ahriakin · October 2011

A little further along the path now

. Overall I think the Fast Track materials (esp. now with the added UTM section) covers this pretty well but I was also working from the O'Reilly JunOS Security book and had done the P level AJSEC course a month back. I was actually a little worried going into this one as the material while not very deep is broad, there's a lot of minutiae to remember on a lot of different topics that you might not touch (for example I doubt I will ever use UTM). It's not a walk in the park but personally I think the exam was easier than the coursework would lead you to believe.

Materials Used:
Juniper Fast Track Video and documents.
JunOS Security Amazon.com: JUNOS Security (9781449381714): Rob Cameron, Brad Woodberg, Patricio Giecco, Timothy Eberhard, James Quinn: Books
AJSEC Course manual
Misc. Juniper feature documentation.
Lab - 2 SRX100s

Now onto the JNCIP-Sec (when my 210H arrives for the IDP stuff, also doing the JIPS course in 2 weeks).

networker050184 · October 2011

Congrats man! Soon you'll have a JNCIE to go along with that CCIE.

Ryan82 · October 2011

Congrats! It's good to finally hear someone's review on the fast track materials for this exam.

NightShade03 · October 2011

Congrats on the pass! Also glad to hear feedback about the exam...sitting for it soon myself.

Ahriakin · October 2011

Thanks guys. Sorry there's not much more info I can give without breaking the usual NDA clauses.

Bl8ckr0uter · October 2011

How does it compare to cisco security test? Which do you like more (juniper or cisco security offerings)? Also how much do you work with each?

Ahriakin · October 2011

It's hard to compare to the Cisco security track as I never did their CCNA specialisations which is what I guess this equates most closely to. Comparing to the CCSP itself I think it's closest to the old SND (generic security exam), with a bit more config specific content. One big difference between the Juniper and Cisco tracks is OS and hardware variance. Juniper does not split the exams into different subsections as Cisco do (VPN, IPS, FW etc.) so there is more to cover in theory but they also focus on only one OS and platform - so more areas per exam but also obviously more focused on how these are implemented, no need to learn how to navigate the IPS CLI vs. an ASA in the process. I think I'll only really be able to make a decent comparison once I get the JNCIP-Sec done.

As for real world preference the ASA is still a good enterprise offering but for carrier class absolutely nothing touches the SRX5800. It's a beast of a FW, feature rich and I am really loving the JunOS CLI (there are so many tasks I used to have to export details from the ASA to edit manually that I can do quickly from the JunOS CLI) . Honestly for the work we are doing it makes the ASA look antiquated. But then we haven't been happy with the ASA and their business unit for years now (we only deployed Juniper about 4 months back), every time we've discussed new products and features with them we've been pretty underwhelmed. I'm sure we'll run into some issues as we go with the SRX, nothing's perfect, but right now I'm pretty happy we went with them.
I'd say right now I'm spending more time on the SRX, but that's really just about a day a week of actual hands on and config work. Too much time nowadays spent in meetings :}

nel · October 2011

Congrats man!

Webmaster · October 2011

Congrats!

Aldur · October 2011

congrats! Glad to hear that the SRX5800s are working out for ya

Also, whatcha think about the AJSEC course material. I was on the team that wrote that.

Something else to keep on your radar is the Security bootcamp. We'll be diving into that early next year, should be fun

Ahriakin · October 2011

I think the AJSEC material was pretty good, the only thing I didn't like was how the variables are written for the Lab portions. Often the same variable letter is reused for different devices within the same lab, now if you don't speed read the description (as I have a bad habit of doing) it explains this but it's an extra hoop to jump through imho. Is it that hard to use different letters all the time for different appliances

.
I'm actually in the middle of day 1 of the JIPS right now (remote) and since I know to look for it I'm not having problems but I'm listening to a guy right now having similar issues - though in this case it's that the material references exact IPs from one pod, there is a note above in the description to use your own from the lab diagram but it's easy to miss. It should really be written as 192.168.x.x0 , and have 'x = ' marked clearly at the start of the lab itself. All in all the info is there but I think when you're trying to focus on the tech side of a lab little things like this can trip you up.

That said as educational guides the technotes below each slide in the actual book are great - Concise and clear.

Soooo....can you give away any details on the Bootcamp (even ballpark availability date) ? I definitely want to give it a go next year

Angie629 · October 2011

I'm interested in JNCIS-SEC too, but I can't seem to find the study guide from Juniper's website. I saw a 'Junos Security' book from their bookstore, I don't think it's the same one as O'reilly, but I was wondering if anyone has read it. It says it comes with an exam voucher, but it didn't say for which exam is the voucher, JNCIS or JNCIP.

Aldur · November 2011

Ahriakin wrote: »

I think the AJSEC material was pretty good, the only thing I didn't like was how the variables are written for the Lab portions. Often the same variable letter is reused for different devices within the same lab, now if you don't speed read the description (as I have a bad habit of doing) it explains this but it's an extra hoop to jump through imho. Is it that hard to use different letters all the time for different appliances .
I'm actually in the middle of day 1 of the JIPS right now (remote) and since I know to look for it I'm not having problems but I'm listening to a guy right now having similar issues - though in this case it's that the material references exact IPs from one pod, there is a note above in the description to use your own from the lab diagram but it's easy to miss. It should really be written as 192.168.x.x0 , and have 'x = ' marked clearly at the start of the lab itself. All in all the info is there but I think when you're trying to focus on the tech side of a lab little things like this can trip you up.

That said as educational guides the technotes below each slide in the actual book are great - Concise and clear.

Soooo....can you give away any details on the Bootcamp (even ballpark availability date) ? I definitely want to give it a go next year

We've heard the variables complaint from more than one person, many actually. Which I completely agree with. The good news is that we've change that for the AJSEC class, I personally made that change

, and when revision time comes for other courses, we'll be changing it there too. Each pod will have their own set of diagrams. The feedback thus far has been very positive.

Glad to hear that overall it was a positive experience.

Definitely next year for the Security bootcamp. It's tough to say when, but for sure 2012.

Angie629 wrote: »

I'm interested in JNCIS-SEC too, but I can't seem to find the study guide from Juniper's website. I saw a 'Junos Security' book from their bookstore, I don't think it's the same one as O'reilly, but I was wondering if anyone has read it. It says it comes with an exam voucher, but it didn't say for which exam is the voucher, JNCIS or JNCIP.

Check out the materials that Ahriakin mentioned at the top of this thread. That's more than enough to get your JNCIS-SEC.

JNCIS-Sec Done

Comments