Road to RHCE
Comments
-
Bodanel Member Posts: 214 ■■■□□□□□□□hiddenknight821 wrote: »Ever played Mortal Kombat? FINISH HIM!
I agree with our knight here. After I got my exam it's pretty easy focusin on Puppet and other interesting parts, at least for me. -
Verities Member Posts: 1,162Alright, alright....I'll continue with it. You guys are right. I'll let you know the scheduled date so you can keep me accountable.
-
hiddenknight821 Member Posts: 1,209 ■■■■■■□□□□Alright! We're proud of you, Verities. Get 300/300. I ought to start my RHCE accountability thread here soon.
-
asummers Member Posts: 157Alright, alright....I'll continue with it. You guys are right. I'll let you know the scheduled date so you can keep me accountable.
Good man. -
Verities Member Posts: 1,162Had to push back to Oct 3 due to no proctors being on site at exam location on Saturdays. Even though its a kiosk exam and a remote proctor will be watching me through cameras....they need a proctor on site as well.
-
varelg Banned Posts: 790I am kind of surprised that you were able to book it for Saturday. So now you'll have to talk to the boss for early exit Monday, so that you can take the exam...
Don't let that slight bump discourage you! Good luck on your exam, I am sure you'll ace it! -
Verities Member Posts: 1,162I am kind of surprised that you were able to book it for Saturday. So now you'll have to talk to the boss for early exit Monday, so that you can take the exam...
Don't let that slight bump discourage you! Good luck on your exam, I am sure you'll ace it!
Yep, there is no stopping now. I plan on obtaining that RHCE and moving straight on to EX413 for my first COE down the path to RHCA: Datacenter. -
hiddenknight821 Member Posts: 1,209 ■■■■■■□□□□Now I'm jealous. If I ever decide to go down the RHCA path, I'd like to attempt the RHCA: Cloud, which has a little bit of DevOps and Datacenter combined. Not sure if RHCA is feasible for someone with very little beer money to himself each month as it's $600 per test. I'd have to scrape together a study guide, which is probably more difficult to do than having a convenient access to the $5.5K Learning Subscription without the 50% discount (only for RHCA-certified professionals).
By the time, I'd have saved and prepped enough to take the 4th or 5th exam, my first exam in the series probably would've expired. I'm convinced RHCA can be attained if you work for an employer who value the certs and would happily reimburse for it.
@Verities: What's your learning resource for the Server Hardening exam? Are you paying for the test out of your own expense? -
Verities Member Posts: 1,162hiddenknight821 wrote: »Now I'm jealous If I ever decide to go down the RHCA path, I'd like to attempt the RHCA: Cloud, which has a little bit of DevOps and Datacenter combined. Not sure if RHCA is feasible for someone with very little beer money to himself each month as it's $600 per test. I'd have to scrape together a study guide, which is probably more difficult to do than having a convenient access to the $5.5K Learning Subscription without the 50% discount (only for RHCA-certified professionals).
By the time, I'd have saved and prepped enough to take the 4th or 5th exam, my first exam in the series probably would've expired. I'm convinced RHCA can be attained if you work for an employer who value the certs and would happily reimburse for it.
@Verities: What's your learning resource for the Server Hardening exam? Are you paying for the test out of your own expense?
I budget my monthly income, so I'm putting away at least $1200-$1500 a month. I can dip into that for my exam costs and get reimbursed on the next pay check by my company if I pass the exam. I don't like to spend too much on materials so I utilize Safari Books Online for high quality videos for free through the DoD MWR program (I'm a former Marine). Sander Van Vugt's Pearson Live Lessons have been gold for EX200, EX300, and he just finished his EX413 series. I believe he's going to be producing more next year like EX442. DISA STIG for RHEL 6 v1 R12 is a great resource to become familiar with. Its about 273 items that are required to be configured to meet the DoD requirements for RHEL systems. As you apply the STIG items you'll cover most of the EX413 exam objectives and the rest can probably be found in the RHEL Security Administration Guide (available for free as PDF on RH.com).
The RHCA Cloud does look enticing at first glance, but RHCA Datacenter aligns more with my job experience. It would greatly help increase my current skill set and put me on the path to a more senior role. My ideal path would be: EX413 > EX401 > EX342 > EX436 > EX442. -
asummers Member Posts: 157hiddenknight821 wrote: »Now I'm jealous. If I ever decide to go down the RHCA path, I'd like to attempt the RHCA: Cloud, which has a little bit of DevOps and Datacenter combined. Not sure if RHCA is feasible for someone with very little beer money to himself each month as it's $600 per test. I'd have to scrape together a study guide, which is probably more difficult to do than having a convenient access to the $5.5K Learning Subscription without the 50% discount (only for RHCA-certified professionals).
By the time, I'd have saved and prepped enough to take the 4th or 5th exam, my first exam in the series probably would've expired. I'm convinced RHCA can be attained if you work for an employer who value the certs and would happily reimburse for it.
@Verities: What's your learning resource for the Server Hardening exam? Are you paying for the test out of your own expense?
You can absolutely gain a RHCA with free/cheap resources - but it is made a lot easier if you have training materials. As you mentioned, the cheapest it can be is exams $600x5, so $3000 for you and a lot more for us Brits. -
Verities Member Posts: 1,1623 more days until the exam. I'm continuing to lab like a mad man and brush up on a few items I haven't used very much in production. Feeling very confident in being able to achieve all the objectives due to sheer repetition of labs. For the items that are extremely verbose (teaming,port forwarding with firewalld), I'm focusing on utilizing man page examples (nmcli/nmcli-examples).
-
asummers Member Posts: 1573 more days until the exam. I'm continuing to lab like a mad man and brush up on a few items I haven't used very much in production. Feeling very confident in being able to achieve all the objectives due to sheer repetition of labs. For the items that are extremely verbose (teaming,port forwarding with firewalld), I'm focusing on utilizing man page examples (nmcli/nmcli-examples).
That's a good idea - I have had some areas which are too much to hold in the brain but as long as you know the pointers to the information you will be ok. -
Verities Member Posts: 1,162I underestimated the difficulty of the exam and failed it. My biggest mistakes were not studying Apache enough and using RHEL 7.2 for my studies. The exam is RHEL 7.0 and there are some distinct differences between the two versions, including services. I was not prepared for that and quickly ended up doing more troubleshooting than expected to get some things working. It also took 10 minutes to get the damn kiosk working, but the proctor added time to my exam in that regard.
Final thoughts: this exam was much more difficult than the RHCSA, time goes by very fast so you really do need to be able to do all the exam objectives quickly and test with at least 1 reboot. Don't do a kiosk exam they are junk and have too small of a monitor to fit everything you need on screen (I spent a lot of time moving items around so I could read exam objectives and have my terminal sessions open), and lastly, study the ****-out of Apache then study it some more.
I'm going to take a break from studying for RHCE for now and come back to it maybe in January. -
hiddenknight821 Member Posts: 1,209 ■■■■■■□□□□So... the RHELv7 RHCE horror stories are true.
Thanks for sharing, Verities. I heard it's 2-3 times as difficult, and now that you mentioned the kiosk trouble, I'm swayed to stick with the classroom exam. We'd have to take the 'E' in RHCE very seriously and dive a bit deeper in every objective. Don't get discouraged though. I appreciate the fact that you gave it your best effort than giving up entirely. -
Verities Member Posts: 1,162Thanks for the support. It's been a humbling experience and I will definitely approach the exam with a more serious attitude for round 2. I'm glad you are going to do the classroom exam, there is absolutely no way I will ever use a kiosk again.
-
varelg Banned Posts: 790Oh man, sorry to hear you didn't pass. And now reading your testimonials about kiosk exams, my dreams of taking the exam without anybody around me are crushed...
Make more than one post-exam analysys. What is the underlying cause behind both versioning and Apache shortcomings? -
asummers Member Posts: 157I had the same opinion after my first kiosk but to be honest you get used to them. It's preferable to be in a classroom environment but ultimately kiosks are ok.
-
asummers Member Posts: 157I underestimated the difficulty of the exam and failed it. My biggest mistakes were not studying Apache enough and using RHEL 7.2 for my studies. The exam is RHEL 7.0 and there are some distinct differences between the two versions, including services. I was not prepared for that and quickly ended up doing more troubleshooting than expected to get some things working. It also took 10 minutes to get the damn kiosk working, but the proctor added time to my exam in that regard.
Final thoughts: this exam was much more difficult than the RHCSA, time goes by very fast so you really do need to be able to do all the exam objectives quickly and test with at least 1 reboot. Don't do a kiosk exam they are junk and have too small of a monitor to fit everything you need on screen (I spent a lot of time moving items around so I could read exam objectives and have my terminal sessions open), and lastly, study the ****-out of Apache then study it some more.
I'm going to take a break from studying for RHCE for now and come back to it maybe in January.
Sorry to hear that you failed but glad you have seen the areas for focus for next time - and you are still determined to get the certification. -
Verities Member Posts: 1,162@Varelg: hard to explain concisely, but there are services in RHEL 7.2 that get automatically started with other services. This is not the case in RHEL 7.0, which is where I ran into SELinux policy violations and due to my own fault, I used the dirty method to create my own module, which takes much longer than say using SETroubleshoot. I can't go into detail, but just study Apache as much as possible and get familiar with httpd-manual package, you can use it for references during the exam. If you have a Linux Academy subscription, I highly recommend cross referencing the material from the RHCE course with the LFCSE course.
@asummers: I did my RHCSA on the same kiosk about a year ago, but its a waste of time when they give you a 21 inch screen and 1/4 of the screen is the proctor chat. Doesn't leave much space to arrange your windows.
@Bodanel: Thanks. -
Verities Member Posts: 1,162No, not keytab, it was /etc/krb5.conf that was confusing- as a part of Kerberizing the server you'd edit /etc/krb5.conf file to reflect which domain is Kerberos in charge of. But when you configure the client to log in to the kerberized server and you download the keytab, you are also getting a krb5.conf file that was not edited and is generic, with EXAMPLE.COM as a domain. How on earth did the generic krb5.conf file got in there, instead of the krb5.conf that was adjusted for the actual domain?! Would it be CentOS vs. RHEL quirk, or NFS versioning maybe?
As I labbed through configuring a KDC with krb5-server, I was reminded of this post. I noticed the krb5-workstation package places the /etc/krb5.conf generic file there once you install it. -
Verities Member Posts: 1,162hiddenknight821 wrote: »Thanks for sharing. It's pretty cool how you came across this. Even though I haven't taken the RHCSA, I'm pretty much ready to take it as I'm in the reviewing phase for the next few weeks. I'm already anxious to get started on the RHCE topic.
What drew me to your post was this.
Seeing this, I knew it's a quick and dirty workaround as confirmed in the warning here. So we are not expected to write an SELinux policy for RHCE exam, right?
That method was pulled from the audit2allow man page and yeah it is a dirty work around. Its anything but quick as it take time to compile custom policies. I now suggest using the SETroubleshoot package since its much faster and gives you more guidance on how to resolve potential policy violations. -
asummers Member Posts: 157I would suggest people taking a RHCE DO make themselves familar with some SELINUX work - an example would be a non-standard DocumentRoot for Apache would require some SElinux manipulation.
-
Verities Member Posts: 1,162I would suggest people taking a RHCE DO make themselves familar with some SELINUX work - an example would be a non-standard DocumentRoot for Apache would require some SElinux manipulation.
Completely agree. That's actually the example LA and Sander uses for the SELinux tutorials. Its not that I'm unfamiliar with SELinux, but on the exam there were items that I did not expect to be policy violations so it took me by surprise. Compiling a custom policy took forever on that damn kiosk. -
hiddenknight821 Member Posts: 1,209 ■■■■■■□□□□Don't do a kiosk exam they are junk and have too small of a monitor to fit everything you need on screen (I spent a lot of time moving items around so I could read exam objectives and have my terminal sessions open), and lastly, study the ****-out of Apache then study it some more.
I recently came across a post made by CertDepot in /r/redhat subreddit regarding bad kiosk experience. -
asummers Member Posts: 157hiddenknight821 wrote: »I recently came across a post made by CertDepot in /r/redhat subreddit regarding bad kiosk experience.
That's a really good article thanks for the link!
I have read it and it doesn't really talk about the kiosk itself all that much - below is my summary of the issues raised in the article:
1. Lots of issues around the ROL training environment and complications of having French regional settings - Clearly there are bugs to iron ouot and this doesn't necessarily apply to anyone studying in English.
2. RH website being out of date with objectives - They will do this, and in my experience will change the objectives even after you are booked to have an exam. This is a disjoint between the team that handles the website and the training people.
3. The exam at must be taken at a centre rather than home. I wouldn't respect any exam I could do at home. The scope for cheating is way too high.
4. Keyboard is in US format. Another regional issue.
5. Single Sign On issues in France Kiosks - does not affect UK and probably other countries
and this is where the main issue is:
6. RH Training Teams being very poor. And there is no sugar-coating it - my own experience has shown them to be very poor, and unprofessional. They have changed and cancelled my exams at the last minute - even so much as changing the entire objectives (all of them) without telling me. The cancellations having led to lots of money being lost on travel and hotel bookings $1000+ in total - and they response is largely "we dont care" and that's when they bother replying.
Ironically my own experience of RH Training means I am MORE likely to use a kiosk as it's less likely to be cancelled. -
Verities Member Posts: 1,162hiddenknight821 wrote: »I recently came across a post made by CertDepot in /r/redhat subreddit regarding bad kiosk experience.
Thanks for sharing this...I feel a little more validated now.
@Asummers: I wish you the best of luck. When will you be recertifying? -
asummers Member Posts: 157Thanks for sharing this...I feel a little more validated now.
@Asummers: I wish you the best of luck. When will you be recertifying?
That's my point, they cancelled my exam and then cancelled my rescheduled exam. After that I have only booked kiosks since then. I prefer a classroom environment but it's nice to schedule it when you want rather than risking a cancellation. -
Verities Member Posts: 1,162Unfortunately I can't wait 4 months to schedule a classroom exam so I have to attempt another kiosk exam. I am scheduled for the week after next for round 2 of EX300. I'm feeling a lot more confident about Apache and I can go through almost all the objectives in about an hour. Lots of lessons learned from constant labbing and my many failures. The one thing that still annoys me is kerberized NFS; despite configuring my own KDC, configuring my own keytab including host principles & nfs principles, as well ensuring RPCNFDARGES="-V 4.2", it refuses to work on my lab servers. I know I won't get a perfect score, but I think I am familiar enough to get a passing score (210+).