CCIE Security Written down

And so is what is left of my brain. Passed this morning.
The exam was different to what I had expected. It was much more indepth on protocol details than appliance knowledge and as I thought beforehand routing protocols were my worst section, need to work on that heavily for the lab. Still it was a fair exam. The funniest thing though was one question I absolutely know was not on any of the CCSP or CCIE related study but I remembered it from the Security+, the InfoSec intro exam that keeps on giving

I used the following (listed in order of how intensely they were studied; from exhaustive re-reads to quickly skimmed):

CCIE Security Certification Guide 2nd Ed.
Cisco Network Security Troubleshooting Handbook
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
The Complete Cisco VPN Configuration Guide
CCSP IPS Exam Certification Guide + CBTNuggets
CCSP VPN Exam Certification Guide
CCSP SNRS Exam Certification Guide + CBTNuggets
CCSP SND CBTNuggets
Internet Security Protocols : Protecting IP Traffic
The Protocols (TCP/IP Illustrated : Volume 1)
CCIE Security Quicksheets
Security Monitoring with Cisco mars
Advanced Host Intrusion Prevention with CSA
Cisco Access Control Security: AAA Administration Services
Cisco ASA and PIX Firewall Handbook
Cisco Security Architectures
Cisco.com product guides for the Anomaly Detector and Guard Appliances and modules.

The single most surprising to me was the Cisco Network Troubleshooting Handbook, I thought I'd skim through it and just pick up some extra tips but it's actually an excellent study source in addition to the more direct handbooks.

I've still got at least as many recommended books to go through and a few others I've picked up over the last few months but didn't have time to read before the Exam (like "Routing TCP/IP Vol1 and 2...yep lots of time on those..

). The lab certainly is not the end of my theory studies.

I've got a decent if minimal lab hobbled together that will be supplemented with Dynagen/Dynamips and PEMU so onward to the lab....eventually....when my head stops feeling like it's on fire....Maybe by the end of the year.

Anyway thanks to all the folks here who provide so much support. I really don't think I'd have stuck with my studies this long without this place. Kudos all.

Find more posts tagged with

Comments

dtlokee

Congrats! Good luck on the remainder of your journey.

mikej412

Congratulations!

Now the REAL FUN begins

damsel_in_tha_net

congrats!

BeaverC32

Congrats man, keep up the great work!

dynamik

Congratulations! That's quite an accomplishment.

What are your feelings on going directly through the security track and skipping the CCNP and R&S CCIE? I'm going to wrap up my CCNA over the next couple of months, and I'm trying to figure out which route (no pun intended) to take after that. I'd like to go straight into security, but I'm not sure how feasible it is. I saw that Keatron also went right to the CCSP, but it seems like he has a pretty solid R&S background as well.

Thanks for the resource list. I'm definitely bookmarking this thread. How much of those did you go through on your way through the CCSP?

sprkymrk

Well done Ahriakin!

snadam

congrats, and job well done. Good luck with the rest of it!

Ahriakin

Thanks guys, I haven't had a proper day off in 2 months even with taking 6 days of vacation 2 weeks back, just studying like crazy so I plan on taking the next 2 weeks off from the books and lab.

Dynamik you will deal with a certain amount of routing protocols anyway, primarily RIP and OSPF, with the CCSP just not in a lot of detail, it's really CCNA level stuff with a few extras on how they behave over IPSec and multiple areas etc. The CCIE does go deeper, I think if I'd taken some extra time and read over the TCP/IP Routing guides I would have been prepared enough for what was needed here. The main thing is it (the recommended courseware, not talking about the exam and treading on NDA) focuses a lot on BGP which of course the CCNA and CCSP don't really touch. Still it's more than doable. What you lose in familiarity with deeper R&S you can gain through focus. There's always a trade off unless you have time to burn.
As for the book list I based it pretty much on the Cisco recommended list and adding the obvious CCSP titles I had already. For the CCSP I used the official Ciscopress guides and CBTNuggets for each (work has a subscription to their online streaming

). From the list above though back then I only added "The Complete Cisco VPN Configuration Guide" (fantastic book) but after going though it I'd also recommend "TheCisco Network Security Troubleshooting Handbook". The PIX/ASA handbooks are very good but are better read after you have either done the exam or at least know the Ciscopress guides inside out, there's a ton more information that might overload you before the exam but is great for real-world application.
If you want to dig a bit deeper into some of the encryption methods "Internet Security Protocols : Protecting IP Traffic " is a very good post-exam book. It's written at a level that really suits just having done the CCSP. It covers some neat stuff like just WHY remote access VPNs use Aggressive mode with pre-shared keys, or how/why HMACS are stronger than standard hashes even when truncated....that kind of stuff bugged me ....yes I need a life.... Not necessarily useful for the exams but a quick and worthwhile read.

APA

Well done!!!

Have that well earnt rest now and then smash the lab outta the park!!!

mgeorge

Well g'luck with the security lab... Keep in mind that the PIX is now EOL/EOS
so if you give it a year maybe they will remove it from the CCIE Lab.

Pash

Well done Ahriakin, another well respected TE user to come through shining!

Good luck with the lab!

Turgon

Ahriakin wrote:

Thanks guys, I haven't had a proper day off in 2 months even with taking 6 days of vacation 2 weeks back, just studying like crazy so I plan on taking the next 2 weeks off from the books and lab.

Dynamik you will deal with a certain amount of routing protocols anyway, primarily RIP and OSPF, with the CCSP just not in a lot of detail, it's really CCNA level stuff with a few extras on how they behave over IPSec and multiple areas etc. The CCIE does go deeper, I think if I'd taken some extra time and read over the TCP/IP Routing guides I would have been prepared enough for what was needed here. The main thing is it (the recommended courseware, not talking about the exam and treading on NDA) focuses a lot on BGP which of course the CCNA and CCSP don't really touch. Still it's more than doable. What you lose in familiarity with deeper R&S you can gain through focus. There's always a trade off unless you have time to burn.
As for the book list I based it pretty much on the Cisco recommended list and adding the obvious CCSP titles I had already. For the CCSP I used the official Ciscopress guides and CBTNuggets for each (work has a subscription to their online streaming ). From the list above though back then I only added "The Complete Cisco VPN Configuration Guide" (fantastic book) but after going though it I'd also recommend "TheCisco Network Security Troubleshooting Handbook". The PIX/ASA handbooks are very good but are better read after you have either done the exam or at least know the Ciscopress guides inside out, there's a ton more information that might overload you before the exam but is great for real-world application.
If you want to dig a bit deeper into some of the encryption methods "Internet Security Protocols : Protecting IP Traffic " is a very good post-exam book. It's written at a level that really suits just having done the CCSP. It covers some neat stuff like just WHY remote access VPNs use Aggressive mode with pre-shared keys, or how/why HMACS are stronger than standard hashes even when truncated....that kind of stuff bugged me ....yes I need a life.... Not necessarily useful for the exams but a quick and worthwhile read.

Well done. It's a lot of work preparing for any written exam. You should find all that reading will payoff in your lab prep.

dtlokee

mgeorge27 wrote:

Keep in mind that the PIX is now EOL/EOS
so if you give it a year maybe they will remove it from the CCIE Lab.

Doubtful, the 2600s have been EOL since 2003 and they're still in there. The VPN Concentrators are EOL too, they're still in the lab a year later. The ASA could be more of a drop in replacement for the PIX than an ASA for the VPN concentrator, so it's possible but I wouldn't count on it.

Besides Security seems to be the "easy track" at the moment

Ahriakin

dtlokee wrote:

Besides Security seems to be the "easy track" at the moment

Slowhand

Big congrats on the pass, Ahriakin. I'm sure it's easy to forget how difficult the CCIE written exams can be, since everyone mainly talks about the journey to the lab-exam. Take a break and relax before the mountain-climb begins, you've earned it.

mgeorge27 wrote:

Well g'luck with the security lab... Keep in mind that the PIX is now EOL/EOS
so if you give it a year maybe they will remove it from the CCIE Lab.

I thought that only certain PIX models were at EoL?

mgeorge

Slowhand wrote:

I thought that only certain PIX models were at EoL?

All models of the Pix 500 family are EoL/EoS as of Jan 29th
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_eol_notices_list.html