IPS test

Ok I have taken the exam blue print and I am building my notes entirely off of it.

But some of the things are difficult to find answers to.

For example:

USE the IDM to tune signatures to provide Maximum protection for a network.

Or

Determine the need for event action rules in a given scenario.

I know that I shouldn't expect Cisco to say in situation A you have to do xyz in regards to event action rules.

I guess I am just looking for some other resources to help me fill in the blanks.

Does anyone have any suggestions?

Find more posts tagged with

Comments

liven

liven wrote:

Ok I have taken the exam blue print and I am building my notes entirely off of it.

But some of the things are difficult to find answers to.

For example:

USE the IDM to tune signatures to provide Maximum protection for a network.

Or

Determine the need for event action rules in a given scenario.

I know that I shouldn't expect Cisco to say in situation A you have to do xyz in regards to a particular situation.

I guess I am just looking for some other resources to help me fill in the blanks.

Does anyone have any suggestions?

Ahriakin

The CBTNuggets course is actually very good for this, my favourite manic instructor Jeremy Cioara does it.
The Cisco Press guide has a lot of information but is very dry.
If you really need a use-advice/scenario guide (vs. the info. you can find in the official doc.s) the CBTNugget is your best bet.

liven

Ahriakin wrote:

The CBTNuggets course is actually very good for this, my favourite manic instructor Jeremy Cioara does it.
The Cisco Press guide has a lot of information but is very dry.
If you really need a use-advice/scenario guide (vs. the info. you can find in the official doc.s) the CBTNugget is your best bet.

I know my request is lame, it is just I want to make sure I know what Cisco wants me to know.

I use IDS/IPS everyday at work (mostly open source version, but been using Cisco IPS a lot lately).

Ok to make a long story short, just don't want to leave any stones unturned when taking the test.

THanks so much for your input. I really appriciate it!

Oh on the sources you mentioned... You think they are still valid for the new version of this test?

Ahriakin

Sorry I haven't been through the new course details but I use 6.0 at work and these 2 courses helped immensely - I did the IPS course Feb 2007 so it was on 5.x but only got my hands on the hardware (6.x) last October, I basically redid the course as I configured the devices and it was still a great help. I'd say use both/either for your initial study and supplement it with a read through of the official Cisco 6.x Docs. Mainly it adds Anomaly detection and multiple virtual sensors, the principals of operation and more importantly the type of scenario training you asked about first remain the same.

liven

Ahriakin wrote:

Sorry I haven't been through the new course details but I use 6.0 at work and these 2 courses helped immensely - I did the IPS course Feb 2007 so it was on 5.x but only got my hands on the hardware (6.x) last October, I basically redid the course as I configured the devices and it was still a great help. I'd say use both/either for your initial study and supplement it with a read through of the official Cisco 6.x Docs. Mainly it adds Anomaly detection and multiple virtual sensors, the principals of operation and more importantly the type of scenario training you asked about first remain the same.

Thanks Bro!