SDM for ISCW

The SDM sounds like it would be really easy for this test, but it's not. It's like having an open book test, but not knowing where to find the answers. And you only have 90 minutes to do it. The SDM questions ask random things that you have to find with what little time you have. If you don't find it quickly, you will not have enough time. Keep in mind that there are more questions than BSCI or BCMSN, there are 75 questions on ISCW.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Paul Boz

I've been studying SDM a lot because of the pitfalls which I've heard about regarding the ISCW. I think it's kind of lame that they certify on a GUI but it's not my test so I can't make up the contents.

dtlokee

I think Cisco did it this way to prevent it from becoming too much like the SNRS exam where you need to configure all of your IPSec policies and crypto maps manually. It can be a cumbersome task to troubleshoot these things from the command prompt. I think most people will agree using the SDM is becoming more popular to do their configurations, but I still prefer the CLI.

Cucumber

I hate SDM already

ITdude

It's a brave new world!

JGCisco

Well I'm 0-2 on the ISCW test. This is my first double failure. I've passed others on first or second attempt.

It seems like the exam could read me and know everything I didn't study thoroughly, and asked me all of those questions. There are some questions I got both times that I still can't find answers for in either the hardback book or the partner learning spiral bound books. Maybe those are the ungraded ones...?

The kicker... missed it by 3 POINTS!

networker050184

Man, thats close. Third times a charm right?

I'd read the sections in the docs you can't find in your book. They have helped me clear some things up I couldn't find in the books.

ITdude

Keep in mind that the SDM questions are probably pretty analogous to the CLI sim questions asked in other exams in the track and their weight in the overall score are probably fairly equivalent. Meaning, if you are not sharp with that you will probably take a pretty big hit.

Try to work with a box that has SDM installed or install it on a router you have and play with it. In some ways, it is kinda fun for a change but I still feel more comfortable with CLI.

As always, time is your enemy!

yukky

How do they test you on the SDM? On a simulation or do you have to memorize the names of menus, etc?

"Click on the configure icon..."

mgeorge

Seems like Cisco is really pushing the SDM, personally I hate it!!!

It drives us old command line junkies nuts...

ITdude

I think that is partially due to the fact that Cisco is trying to make this push to be everyone's company. Meaning even people with no/little CLI experience can deploy their products. Ah, okay, I guess....

Of course they always say that things should be tweaked with the CLI or MQC (for Qos ).. I guess whatever floats your boat!

networker050184

When I go to look at a router thats having issues and see all the SDM generated configs it makes me cringe. IMO, if you don't know what you are doing, you are probably going to mess it up by just hitting next over and over.

I do like the "easy" VPN server config through SDM though.

Paul Boz

networker050184, I agree with you.

The problem that I have with SDM and other web GUIs is that they give the allusion that because it's a Cisco-made "smart wizard!" the need for testing in a lab isn't there any more.

Routers and switches are not supposed to be easy. that's not to say that they're supposed to be overly complicated and hard to implement, but I feel that the allusion of ease provided by SDM really circumvents the primary quality control of Cisco equipment - having to actually LEARN the technology.

That being said, I completely understand the value of SDM. It is important to provide complex and powerful tools to people who may not have the time or inclination to learn the operating system. I just wish people were more careful and or knowledgeable when using it rather than assuming that it will get the job done without fuss.

kryolla

I just used SDM configure CBAC and security audit on my 851W which replaced my linksys router but other than that all CLI

ITdude

Paul Boz wrote:

- having to actually LEARN the technology.

Imagine that!

dtlokee

so CLI = job security?

Even with SDM you still need to know what to put where and what the impact of the choices you make are going to be. This means the theory is still needed and it still applies even with the SDM. I know plenty of guys who have made a living off following the configuration guides letter for letter to get things done. They most likely could not do it on their own, but they are still successful at what they do. When they have a problem with the configuration, they call TAC. It's a crappy way to do things, but basiclly the same as a guy who uses SDM without the understanding of what they're doing. They're both a bad way to do things. But I don't think it makes you less of an engineer if you choose to use SDM over the CLI or it make you more hardcore because you use the CLI. Configuration via the CLI is just about plugging in the right values into your configuration once you know the commands.

Maybe it's just me but I don't see the CLI as "difficult" and the SDM as "easy", and somone who hacks around in either one without understanding what they're doing is a problem on any network.

Paul Boz

It's not about the CLI being hard and the GUI being easy. All I'm saying is that graphical interfaces usually allow people to perform tasks that they may not be completely knowledgeable on. They can also give the allusion that the configuration is "one and done" and that testing in a lab isn't necessary.

As I said, it's not about "easy" versus "hard." GUIs just hide mistakes much better than CLI. I'm not saying one is better than the other. If I had to do tedious configurations constantly I'd probably use the SDM for sheer ease of use.

networker050184

I see people use the SDM and then when they look at the configuration they can't figure out what is wrong because they do not understand what they are seeing in the output. I don't think people should be using the SDM to implement stuff they don't understand. IMO it is a tool that simplifies configuration of things you already understand, not a way to implement something you don't.

Just my $.02...

APA

networker050184 wrote:

I see people use the SDM and then when they look at the configuration they can't figure out what is wrong because they do not understand what they are seeing in the output. I don't think people should be using the SDM to implement stuff they don't understand. IMO it is a tool that simplifies configuration of things you already understand, not a way to implement something you don't.

Just my $.02...

The guys configuring via the SDM probably wouldn't go into the CLI to troubleshoot.... They'll try and troubleshoot from the GUI!!!!

I'm a CLI guy through and through as well.... but there's no harm in learning new things right??

Like DTLokee said.... If you know what you're doing and understand the pros\cons of the choices you are making that who can dare say you're any less of an engineer for using the SDM?

networker050184

I'm not against the SDM, I just don't think it should be used in place of knowledge about what you are doing. If you fully understand the technology then there is nothing wrong with using the SDM IMO.

CptSquirt

Are the only interactive questions on this exam in the SDM???!!! I sure do hope that's not the case. I've been concentrating mostly on CLI since it doesn't seem very Cisco-ish to emphasize a GUI.

mikej412

CptSquirt wrote:

Are the only interactive questions on this exam in the SDM???!!! I sure do hope that's not the case. I've been concentrating mostly on CLI since it doesn't seem very Cisco-ish to emphasize a GUI.

The Cisco Career Certifications and Confidentiality Agreement and the Cisco Candidate Conduct Policy would prevent someone who has taken the test from answering... but you can check the 642-825 ISCW exam blueprint for yourself.

If you stick with just learning the CLI tasks, then you've learned over 57% of the "hands-on topics" from the blueprint that you should know for the exam

SDM tasks:

    * Configure a site-to-site IPSec VPN/GRE Tunnel with SDM (i.e., preshared key).
    * Describe and configure Cisco Easy VPN solutions using SDM.
    * Describe, Configure, and verify AutoSecure/One-Step Lockdown implementations (i.e., CLI and SDM).
    * Configure Cisco IOS Firewall with SDM.
    * Verify Cisco IOS Firewall configurations (i.e., IOS CLI configurations, SDM Monitor).
    * Configure Cisco IOS IPS using SDM.

Non-SDM tasks:

    * Configure ADSL (i.e., PPPoE or PPPoA).
    * Verify basic teleworker configurations.
    * Configure and verify Frame-Mode MPLS.
    * Verify IPSec/GRE Tunnel configurations (i.e., IOS CLI configurations).
    * Describe, configure, and verify VPN backup interfaces.
    * Describe, configure, and verify AAA for Cisco Routers.
    * Describe and configure threat and attack mitigation using ACLs.
    * Describe and configure IOS secure management features (e.g., SSH, SNMP, SYSLOG, NTP, Role-Based CLI, etc.)

I guess you've got to ask yourself if you're feeling lucky -- and if not, then learn the SDM. Here's a link from the CCNA forum to get you started.