CCNA: Sec... outta here!
mikearama
Member Posts: 749
After just getting through the BSCI a few months ago, this exam was a breeze.
Nailed it with a 925.
Describe the security threats facing modern network infrastructures: 100%
Secure Cisco routers: 100%
Implement AAA on Cisco routers using local router database and ACS: 75%
Mitigate threats to Cisco routers and networks using ACLs: 100%
Implement secure network management and reporting: 100%
Mitigate common Layer 2 attacks: 75%
Implement the Cisco IOS firewall feature set using SDM: 100%
Implement the Cisco IOS IPS feature set using SDM: 50%
Implement site-to-site VPNs on Cisco Routers using SDM: 93%
I used the CCNA Security Official Exam Certification Guide by Michael Watkins and Kevin Wallace, and the CCNA Security Exam Cram.
Word to the wise... this exam was heavy on SDM simulators. Fortunately, I have a couple spare 1841 ISR's in our lab that I was able to configure. If you are taking this exam, do yourself a favour and get super-familiar with the SDM as it relates to firewall, IPS, and VPN set ups.
All in all, I felt very confident about the exam, just from the Exam Cert Guide. There may have been maybe 5 questions that were total guesses, but otherwise, the material was covered.
Surprisingly, the exam was sparse on topics including SAN security, wireless security, and voice security. And as you can see from the topics above, heavy on IOS firewall / IPS / VPN security.
So, on to the ISCW.
Nailed it with a 925.
Describe the security threats facing modern network infrastructures: 100%
Secure Cisco routers: 100%
Implement AAA on Cisco routers using local router database and ACS: 75%
Mitigate threats to Cisco routers and networks using ACLs: 100%
Implement secure network management and reporting: 100%
Mitigate common Layer 2 attacks: 75%
Implement the Cisco IOS firewall feature set using SDM: 100%
Implement the Cisco IOS IPS feature set using SDM: 50%
Implement site-to-site VPNs on Cisco Routers using SDM: 93%
I used the CCNA Security Official Exam Certification Guide by Michael Watkins and Kevin Wallace, and the CCNA Security Exam Cram.
Word to the wise... this exam was heavy on SDM simulators. Fortunately, I have a couple spare 1841 ISR's in our lab that I was able to configure. If you are taking this exam, do yourself a favour and get super-familiar with the SDM as it relates to firewall, IPS, and VPN set ups.
All in all, I felt very confident about the exam, just from the Exam Cert Guide. There may have been maybe 5 questions that were total guesses, but otherwise, the material was covered.
Surprisingly, the exam was sparse on topics including SAN security, wireless security, and voice security. And as you can see from the topics above, heavy on IOS firewall / IPS / VPN security.
So, on to the ISCW.
There are only 10 kinds of people... those who understand binary, and those that don't.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
Comments
-
IT Man Member Posts: 159Congrats...Now I am even more motivated!!Shoot for the moon. Even if you miss, you'll still land among the stars. - Les Brown
-
nel Member Posts: 2,859 ■□□□□□□□□□Congrats mike.
How long did you study for the exam? How much security experiance do you have?Xbox Live: Bring It On
Bsc (hons) Network Computing - 1st Class
WIP: Msc advanced networking -
mikearama Member Posts: 749nel wrote:Congrats mike.
How long did you study for the exam? How much security experiance do you have?
About 6 weeks of dedicated study. Though yes, I work with most of the technology daily, and have been for several years. Having said that, a lot of the topics were first-timers... I've never employed the IOS firewall or IPS, as we use dedicated cisco devices for that. Same with the VPN setup via the SDM... we use concentrators. The key was having a couple devices to play with to cover the topics.
Someone mentioned a while back that their biggest learning curve was IKE / IPsec. Mine too. I took the topic when I did my Security+, but after reading the Cert Guide, I understood it far better.
MikeThere are only 10 kinds of people... those who understand binary, and those that don't.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project. -
Glynixx Member Posts: 138Awesome job Mike!
Unlike the CCENT/ CCNA where you can get buy with some equipment off e-bay, do you need actual PIX or ASA's to be able to pass this exam (not sure if a sim would do the trick) ? or any other special hardware?
Thanks and congrats again!
GCheck out www.manager-tools.com for some great management training for free! -
mikearama Member Posts: 749Great question... and NO, you do not need Pix's are ASA's. In fact, they're hardly even touched on. The focus was on the IOS version of everything, the IOS Firewall, the IOS IPS, and the IOS VPN service.
So, having access to an ISR router of some kind is important. I didn't look into sims for the above as I had a couple ISR's, but if they exist, I'm sure they'd be fine.
As for actual CLI work, there's was a bunch... but it's all stuff you'd expect. IE,
configuring AAA
setting timestamps
creating acl's, and their placement
securing access to vty lines
implementing SSH
port-security
securing the IOS and config
Nothing too difficult, if you've played with a sim / router. I'd like to see someone **** their way through the sims, though. They were great.There are only 10 kinds of people... those who understand binary, and those that don't.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project. -
networker050184 Mod Posts: 11,962 ModCongrats!An expert is a man who has made all the mistakes which can be made.
-
mikej412 Member Posts: 10,086 ■■■■■■■■■■Congratulations!:mike: Cisco Certifications -- Collect the Entire Set!
-
Knives Out Member Posts: 91 ■■□□□□□□□□Quick question - I can't find the CCNA Security exam cram book on Amazon and says its not available until November 08, where did you get this book? lol
-
dynamik Banned Posts: 12,312 ■■■■■■■■■□You can usually get stuff early on Safari, and it does look like it's there.
-
Knives Out Member Posts: 91 ■■□□□□□□□□Oh okay, I never heard of Safari books online before!
Edit to add b.c my manners are terribad: Congratulations! Good review on the exam, I'd like to take it eventually. -
Slowhand Mod Posts: 5,161 ModThat's a great score, congratulations! And good luck with ISCW.
Free Microsoft Training: Microsoft Learn
Free PowerShell Resources: Top PowerShell Blogs
Free DevOps/Azure Resources: Visual Studio Dev Essentials
Let it never be said that I didn't do the very least I could do.