JNCISEC (JNO332) or bust. (Does anyone have study notes?)

evarneyevarney Member Posts: 68 ■■■□□□□□□□
So after passing the CCNA security exam (which I honestly had trouble with because of that blasted CCP bullshit), I have the technology and concepts in my head fresh so may as well hit this one too.

I ordered a Juniper SRX210 on ebay. I am trying to figure out if I need to buy another or if I can just use a different firewall for the other end.

I have access to the new CBTnuggets course that is being made right now and I am ready to rock out. I also have access to the SRX Manual and Junos Security guide.

The question is, what else do I need. I only have two ex2200 switches at work and a SSG but the home lab can't be mixed with that equipment.

Does anyone have study notes?
What other books do you recommend. I have access to pretty much every IT book ever.

I will own this exam and eat its babies.

Comments

  • pevangelpevangel Member Posts: 342
    I'm studying for this exam as well. I actually just finished JSEC today and will be doing JUTM tomorrow. The fast track PDFs are pretty good. There's also the O'Reilly SRX book.

    You can't do clustering with just one SRX, and unless you have the proper licenses, I don't think you'll be able to do IDP and UTM.

    Another good resource is Junos Genius. It's an app for Androids and iPhones that has practice questions for JNCIA, JNCIS-SEC, and JNCIS-ENT.

    Good luck!
  • evarneyevarney Member Posts: 68 ■■■□□□□□□□
    Yeah I have that ap on my phone. I am currently trying to get my hands on a old SSG at work that isn't in use so I have that and I have a pair of EX2200's in the office. My shop is Cisco but they spoke of going to juniper and I am the only one that has any experience besides the senior network engineer and he hasn't touched JUNOS in a while so I am pretty much on my own as far as technical guidance.

    Do you have to cluster for the exam? can I mix a SRX110 with a SRX210? Is the bare miminmum 2 SRX appliances?
  • pevangelpevangel Member Posts: 342
    I believe the SRXs have to be the same to cluster them. You could probably pass the exam without labbing up the high availability section. I'm sitting the exam on the 24th, so I'll let you know afterwards if reading the PDF is good enough. The bare minimum is one SRX and one other firewall that can do IPSEC VPNs if you decide to skip clustering.

    You don't need the EX2200s and SSG. If you have an SRX110 and an SRX210, then you should be good with doing most of the labs.
  • evarneyevarney Member Posts: 68 ■■■□□□□□□□
    But I need to have a pair of the same model in order to cluster eh?

    Uh oh. My dumbass bought the Dell J-SRX210B and regular SRX110H2-VB.
  • evarneyevarney Member Posts: 68 ■■■□□□□□□□
    So I could purchase a SRX210H . Would that be too different?
  • StaunchyStaunchy Member Posts: 180
    evarney wrote: »
    So I could purchase a SRX210H . Would that be too different?

    You have to have 2 of the same model SRX firewalls running the same JunOS software version to cluster them
    2016 Goals: CCNP R&S, CCNA Security, CCNP Security
    LinkedIn
  • evarneyevarney Member Posts: 68 ■■■□□□□□□□
    Let me reiterate that though because I am not yet clear.

    Does it have to be the exact same. If I have SRX210B and a SRX210H, is that a no go? What is the difference in the model numbers from 210B to 210H??
  • StaunchyStaunchy Member Posts: 180
    evarney wrote: »
    But I need to have a pair of the same model in order to cluster eh?

    Uh oh. My dumbass bought the Dell J-SRX210B and regular SRX110H2-VB.

    According to this post you bought a Dell J-SRX210B and and Juniper SRX110H2 so not you can't cluster 2 different manufacture products. If both are Juniper SRX210 you should be able to cluster them the only difference are memory and flash size.

    http://www.juniper.net/us/en/local/pdf/datasheets/1000281-en.pdf
    Understanding Chassis Cluster Formation - Technical Documentation - Support - Juniper Networks
    2016 Goals: CCNP R&S, CCNA Security, CCNP Security
    LinkedIn
  • snadamsnadam Member Posts: 2,234 ■■■■□□□□□□
    evarney wrote: »
    Let me reiterate that though because I am not yet clear.

    Does it have to be the exact same. If I have SRX210B and a SRX210H, is that a no go? What is the difference in the model numbers from 210B to 210H??



    As far as I remember, yes, the EXACT same models are necessary for clustering. 210B and 210H are slightly different. 210B is the basic (low-memory) version with 512MB RAM available, while 210H is the high-memory version and has 1GB RAM available. I do not think you can cluster these two together. At best, i think you'll get unexpected results.

    You can see the link below to verify your SRXs memory. Basically run sh chassis hardware​ in configuration mode.


    Juniper Networks - How to check if a SRX-100,SRX-210, or SRX-240 device is a low (Base) or high memory model? - Knowledge Base

    PS - Its kinda nice to see other people studying for Juniper lately, let alone JNCIS-SEC! Good luck!
    **** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine

    :study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security
  • evarneyevarney Member Posts: 68 ■■■□□□□□□□
    snadam wrote: »
    As far as I remember, yes, the EXACT same models are necessary for clustering. 210B and 210H are slightly different. 210B is the basic (low-memory) version with 512MB RAM available, while 210H is the high-memory version and has 1GB RAM available. I do not think you can cluster these two together. At best, i think you'll get unexpected results.

    You can see the link below to verify your SRXs memory. Basically run sh chassis hardware​ in configuration mode.


    Juniper Networks - How to check if a SRX-100,SRX-210, or SRX-240 device is a low (Base) or high memory model? - Knowledge Base

    PS - Its kinda nice to see other people studying for Juniper lately, let alone JNCIS-SEC! Good luck!


    your hat is oppressing me. I will have to buy another J-SRX210B.
    The test will be grate fun.
  • pevangelpevangel Member Posts: 342
    So I passed the exam today. It was pretty tough. It's my lowest score on a cert so far. I bombed on IPSEC and UTM but did really well on everything else. I think I would have been better off re-reading the fast track PDFs and trying to memorize the little details for the time I spent doing labs.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Congrats!
    An expert is a man who has made all the mistakes which can be made.
  • snadamsnadam Member Posts: 2,234 ■■■■□□□□□□
    evarney wrote: »
    your hat is oppressing me. I will have to buy another J-SRX210B.
    The test will be grate fun.

    Sorry about the hat. I could put another one on... :)

    pevangel wrote:
    So I passed the exam today. It was pretty tough. It's my lowest score on a cert so far. I bombed on IPSEC and UTM but did really well on everything else. I think I would have been better off re-reading the fast track PDFs and trying to memorize the little details for the time I spent doing labs.

    Congrats! Did you use the Junos Genius App at all? Im curious to know if they are on par with the exam in terms of difficulty.
    **** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine

    :study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security
  • pevangelpevangel Member Posts: 342
    Thanks guys!

    I used the Junos Genius app a little bit. I probably looked at less than 20 questions but they were pretty good. They were on par with a lot of the questions in terms of difficulty. There were just a few questions that I really did not expect to show up in the exam. Like I said, I should have spent more time memorizing some of the small details.
  • evarneyevarney Member Posts: 68 ■■■□□□□□□□
    Was the HA portion very important or atleast to the point where I must build the lab for THAT topic?
  • pevangelpevangel Member Posts: 342
    I don't think you need to build the lab as long as you understand how it's supposed to work. The HA section was pretty easy and I did extremely well on it.
Sign In or Register to comment.