210-255 SECOPS Exam Review

Just sat and passed this exam this afternoon. Wow, what a weird exam. If you're doing the scholarship program then I will warn you - you will need additional materials.

Cisco did an odd one with the course for the second half of the qualification. Roughly 50% of the course isn't even mentioned in the exam outline and a bunch of other things are covered in detail (whilst they only had a sentence or two in the official course). My recommendations for those taking the exam;

Do the majority of your exam prep from the topics in the exam outline.
Get as much practical experience with certain topics on the exam as you can (you'll get this in the labs, but for those who don't take the official course make sure you have used the tools mentioned in the topics i.e. Wireshark).
One of the main exam topics is incident response and they mention the NIST documentation in the exam outline. I found it easier to go straight to the source for the NIST documents.
Read the question and re-read it. Honestly the wording is pretty horrific in places.

I don't really want to say much more, the above is pretty general and you could have figured it out for yourself if you read the exam outline.

Main bit of advice is be aware the wording and questions can be a little strange with this one. Don't get thrown! Just apply logic and re-read as many times as you need. The time you have for the exam is adequate.

This exam is a lot more about practical application, rather than memorisation as the first exam was. I don't know if you could get away with passing this exam if you haven't had practical experience in some areas.

Find more posts tagged with

Comments

p@r0tuXus

Firstly, congratulations. I greatly appreciate that you came here to give your account of this experience. The exam has piqued my interest and I think with more experience I may be able to challenge it without the course.

JoJoCal19

Congrats on the pass!

I've heard elsewhere the second exam is "off". I'm still debating whether I'm going to go with the class based on stuff I'm working on now. The cert isn't going to help in my current position, nor in one I would consider in the future. I may just open a spot for someone else at the end of the year.

OctalDump

Congrats on the pass! Thanks for the review.

I'm trying to understand the make up of these exams in a broad sense. Would you say that SECFND is Security basics, like Sec+, and SECOPS is more the hands on tools?

nisti2

Thanks for sharing your experience!!

Whats next?

kanedog

Congratulations!

snowchick7669

JoJoCal19 wrote: »

Congrats on the pass!

I've heard elsewhere the second exam is "off". I'm still debating whether I'm going to go with the class based on stuff I'm working on now. The cert isn't going to help in my current position, nor in one I would consider in the future. I may just open a spot for someone else at the end of the year.

In all honesty, I wouldn't do it then. The course was good and I found it interesting, but I would say 75% of it was stuff I already knew or had done with other courses. It was a lot of work and time sacrificed in order to get the course done in 3 months, but the first exam was very straightforward and the second exam didn't have half the stuff you were taught. Bit frustrating.

Considering you've got your GCIA etc, I'm not really sure what else it would teach you that you don't already know.

snowchick7669

nisti2 wrote: »

Thanks for sharing your experience!! Whats next?

I have the ISO27001 Lead Auditor course in 2 weeks and then I will potentially take a break. Might either finish my CCENT towards the end of the year, or get my eCPPT.

snowchick7669

OctalDump wrote: »

Congrats on the pass! Thanks for the review.

I'm trying to understand the make up of these exams in a broad sense. Would you say that SECFND is Security basics, like Sec+, and SECOPS is more the hands on tools?

Thank you! Yeah that's exactly how I'd explain it. SECFND was common security sense and SECOPS was about interpreting logs/detecting suspicious network activity.

WastedHat

Congrats on the pass! Did you do it through the scholarship program and what material did you use for the thoery? I seen the offical cert guides aren't out yet.

Prog Snob

Congrats to you!

I was thinking of taking those exams since I have always wanted to get into security, but it won't be until next year since I'm tackling the CCIE right now. I saw the exam topics and it seems to cover topics I've studied in penetration testing/ethical hacking. Did you come across such topics when you were studying or taking the class?

securityorc

Thank you for sharing your exam impressions, I have mine next week and I am a bit worried about the discrepancy between the exam objectives and the course materials + the question wording. For study, I am using the mentor materials and my own notes, but I don't know if it'll be enough. I will take your advice and read the NIST document, and I'll also go through the regex site mentioned in the study guide.

Replicon

snowchick7669 wrote: »

Just sat and passed this exam this afternoon. Wow, what a weird exam. If you're doing the scholarship program then I will warn you - you will need additional materials.

Cisco did an odd one with the course for the second half of the qualification. Roughly 50% of the course isn't even mentioned in the exam outline and a bunch of other things are covered in detail (whilst they only had a sentence or two in the official course). My recommendations for those taking the exam;
Do the majority of your exam prep from the topics in the exam outline.

Get as much practical experience with certain topics on the exam as you can (you'll get this in the labs, but for those who don't take the official course make sure you have used the tools mentioned in the topics i.e. Wireshark).

One of the main exam topics is incident response and they mention the NIST documentation in the exam outline. I found it easier to go straight to the source for the NIST documents.

Read the question and re-read it. Honestly the wording is pretty horrific in places.

I don't really want to say much more, the above is pretty general and you could have figured it out for yourself if you read the exam outline.

Main bit of advice is be aware the wording and questions can be a little strange with this one. Don't get thrown! Just apply logic and re-read as many times as you need. The time you have for the exam is adequate.

This exam is a lot more about practical application, rather than memorisation as the first exam was. I don't know if you could get away with passing this exam if you haven't had practical experience in some areas.

Congrats and thanks for sharing your experience.