CCNA Security changes (?)

altdrugz

Hi there,

I am CCNA certified and i will be until next May (if i remember well :P) I wanted to pass CCNA Security for maintaining my CCNA status and also move towards security.

I read this one --> Cisco updates CCIE, CCNA certifications: What you need to know

and went to cisco website and indeed verified that the 'old' exam will be up until 30 Nov. Since its very hard to take the exam in 10 days... I will have to take the new exam. Is there any clue about this? I am planning to self-study something that I also did for CCNA... Any books for the new exam?

I remember that lots of stuff were related to the configuration manager (cpp?) which is http based and it is really very bad. Is that the case also for the new exam?

Thanks

NetworkNewb

Lots of posts on this a few below this thread in the CCNA Security section...

dwarftude

altdrugz wrote: »

Hi there,

I am CCNA certified and i will be until next May (if i remember well :P) I wanted to pass CCNA Security for maintaining my CCNA status and also move towards security.

I read this one --> Cisco updates CCIE, CCNA certifications: What you need to know

and went to cisco website and indeed verified that the 'old' exam will be up until 30 Nov. Since its very hard to take the exam in 10 days... I will have to take the new exam. Is there any clue about this? I am planning to self-study something that I also did for CCNA... Any books for the new exam?

I remember that lots of stuff were related to the configuration manager (cpp?) which is http based and it is really very bad. Is that the case also for the new exam?

Thanks

Self-study for the current exam or the new 210-260, by the book(s), and likely video training, isn't achievable in my opinion. I went read through the book for both CCNA:S 640-554 and CCNA:S 260-210. I went though the CBT nuggets 640-554 videos, I built a basement lab and implemented as much out of the text books as I could. Firewalls (Class maps, Policy maps, Service Policy), IPSec Site to Site, VPNs (IPSec Client, AnyConnect SSL, SSL Clientless), AAA, AAA by RADIUS (I don't see an easy / feasible way to impliment or test TACACS+ by ACS, someone would have to explain that to me), Securing the Management plane (configuring SSH and forcing its use, configuring users, privilege levels, parser views, method lists), Securing the Control plane (port security, DHCP Snooping, Dynamic ARP Inspection, authenticating routing updates, rate limiting, etc). While not required for the exam, I built my own internal Certificate Authority so I could get an idea for issuing and using certificates.

Both exams 210-260 and 640-554, in my opinion, pretty much disregarded all of that. If the exam was sentient and could talk -- I feel it said the equivalent of "Yea, that's nice. It's great you know that. But, thats maybe only half of the exam. In the other half of the exam I'm going to present questions to you on material not covered or outlined in the blueprint."

The exam(s) weren't a fair fight, in my opinion. In my opinion: Self-study means you are going in with one arm tied behind your back. Which, again, in my opinion, is entirely different compared to how my CCENT (ICND1) and CCNA (ICND2) played out. But, those were 2 and 3+ years ago. So, perhaps it's different now.

The new exam configuration simulation / non-configurational information collection Simlets are ASA ASDM GUI based.

AMD4EVER

Dwarf, I think your account of the test is about the most disheartening one I've read. I am just getting started and have a vision of doing all the things that you did in hopes that I'll pass the test. I want to try and go all out by studying books, videos, practice tests, and doing labs that exceed the requirements of the blueprint. Hearing that you did all that and still didn't pass sucks This is an Associate test so I don't understand why Cisco is making it so difficult to pass if you put forth a strong effort like you have. Seems like they should save that kind of stuff for the Professional tests.

dwarftude

AMD4EVER wrote: »

Dwarf, I think your account of the test is about the most disheartening one I've read. I am just getting started and have a vision of doing all the things that you did in hopes that I'll pass the test. I want to try and go all out by studying books, videos, practice tests, and doing labs that exceed the requirements of the blueprint. Hearing that you did all that and still didn't pass sucks This is an Associate test so I don't understand why Cisco is making it so difficult to pass if you put forth a strong effort like you have. Seems like they should save that kind of stuff for the Professional tests.

Possibly there is a bit of better news -- CBT Nuggets has a new video series covering the 210-260 exam. I've not been though them, though. I'm going over Security+, right now. I'm hoping that Security+ is a much more achievable cert. At least when I took my A+ (2000) and Net+ (2012) exams they were achievable from self-study and the exams didn't present out of scope questions.

Lion66six

Its a hard certification, but it can be done.

Importantly the new 210-260 cbtnugget video series shows a number of other nuggets to watch from some of the CCNP video series. That in my eyes is a very strong hint of the extra level of study you need to complete to pass this exam. At least thats what I'm doing to pass this exam, so it better work haha

AMD4EVER

dwarftude, I hold a Security+ and have passed the test twice now. The difficulty level is a bit higher than Network+ but not much. It is a pretty easy test to pass if you have worked in the security arena for any length of time.

Lion, thanks for the info! I'm probably going to jump straight over to the CBT Nugget videos after I finish up my OCG book. That will probably be a month or so from now. I'm also signed up for the Chris Bryant videos on Udemy.com. I've heard those were quite good for the previous version of CCNA Security. His videos won't be out until late Feb so I'll have plenty of time to swim through the CBT Nugget videos

devils_haircut

I passed the new 210-260 exam yesterday afternoon with a 950. I failed the old exam back in July. The new one felt much easier to me...the cutoff score was slightly lowered, which might have helped. However, I've also been exposed to a lot of ASA configuration and management at work, so it's possible I just knew more going in the second time.

CCP is gone...it's all ASDM labs now. If you've spent some time clicking around in ASDM and know where to find things, you should be okay. Understand what the menu options are, understand the basics of VPNs and how to configure them in ASDM, know how to assign access rules and configure basic NAT. Honestly, I felt the questions were very direct. You either know the answer or you don't, there's no in-between. There were several questions about Cisco-specific products (FirePOWER, Sourcefire, lots of IPS stuff that I honestly wouldn't know unless I had read up on it). The rest was pretty straightforward for anyone with a CCENT/CCNA.

JoJoCal19

Congrats on the pass devils_haircut! That feedback is exactly what I've been waiting for out of the folks who pass the 210-260. Seems like they've gone in the right direction from the awful 640-554.

devils_haircut

Yeah, when I failed the 640-554, I walked out of that exam room feeling like crap because I thought I had passed. The new exam just felt so much easier. I honestly didn't do much studying between my 1st and 2nd attempt, but I do touch a lot of ASAs at work, so maybe I just had more experience going in the 2nd time. I don't know, the labs felt easier, and apart from the Cisco-specific questions, a lot of it was just security concepts that are really industry-wide. The new exam feels more "fair", I guess.

Mike-Mike

thanks for the detailed review, I have mine on Wed.

Lion66six

Thanks for the info on the new version of the exam. Im looking forward to smashing it, even more now i know its a bit more fair.