CCNA: Sec... outta here!

After just getting through the BSCI a few months ago, this exam was a breeze.

Nailed it with a 925.

Describe the security threats facing modern network infrastructures: 100%
Secure Cisco routers: 100%
Implement AAA on Cisco routers using local router database and ACS: 75%
Mitigate threats to Cisco routers and networks using ACLs: 100%
Implement secure network management and reporting: 100%
Mitigate common Layer 2 attacks: 75%
Implement the Cisco IOS firewall feature set using SDM: 100%
Implement the Cisco IOS IPS feature set using SDM: 50%
Implement site-to-site VPNs on Cisco Routers using SDM: 93%

I used the CCNA Security Official Exam Certification Guide by Michael Watkins and Kevin Wallace, and the CCNA Security Exam Cram.

Word to the wise... this exam was heavy on SDM simulators. Fortunately, I have a couple spare 1841 ISR's in our lab that I was able to configure. If you are taking this exam, do yourself a favour and get super-familiar with the SDM as it relates to firewall, IPS, and VPN set ups.

All in all, I felt very confident about the exam, just from the Exam Cert Guide. There may have been maybe 5 questions that were total guesses, but otherwise, the material was covered.

Surprisingly, the exam was sparse on topics including SAN security, wireless security, and voice security. And as you can see from the topics above, heavy on IOS firewall / IPS / VPN security.

So, on to the ISCW.

Find more posts tagged with

Comments

dynamik

Nice job, Congratulations!

shednik

Nice mike!! Good review on the exam!

IT Man

Congrats...Now I am even more motivated!!

7255carl

congrats

nel

Congrats mike.

How long did you study for the exam? How much security experiance do you have?

mikearama

nel wrote:

Congrats mike.

How long did you study for the exam? How much security experiance do you have?

About 6 weeks of dedicated study. Though yes, I work with most of the technology daily, and have been for several years. Having said that, a lot of the topics were first-timers... I've never employed the IOS firewall or IPS, as we use dedicated cisco devices for that. Same with the VPN setup via the SDM... we use concentrators. The key was having a couple devices to play with to cover the topics.

Someone mentioned a while back that their biggest learning curve was IKE / IPsec. Mine too. I took the topic when I did my Security+, but after reading the Cert Guide, I understood it far better.

Mike

Glynixx

Awesome job Mike!

Unlike the CCENT/ CCNA where you can get buy with some equipment off e-bay, do you need actual PIX or ASA's to be able to pass this exam (not sure if a sim would do the trick) ? or any other special hardware?

Thanks and congrats again!
G

mikearama

Great question... and NO, you do not need Pix's are ASA's. In fact, they're hardly even touched on. The focus was on the IOS version of everything, the IOS Firewall, the IOS IPS, and the IOS VPN service.

So, having access to an ISR router of some kind is important. I didn't look into sims for the above as I had a couple ISR's, but if they exist, I'm sure they'd be fine.

As for actual CLI work, there's was a bunch... but it's all stuff you'd expect. IE,
configuring AAA
setting timestamps
creating acl's, and their placement
securing access to vty lines
implementing SSH
port-security
securing the IOS and config

Nothing too difficult, if you've played with a sim / router. I'd like to see someone **** their way through the sims, though. They were great.

Congrats!

Well done!

Congratulations!

Quick question - I can't find the CCNA Security exam cram book on Amazon and says its not available until November 08, where did you get this book? lol

dynamik

You can usually get stuff early on Safari, and it does look like it's there.

Knives Out

Oh okay, I never heard of Safari books online before!

Edit to add b.c my manners are terribad: Congratulations! Good review on the exam, I'd like to take it eventually.

Slowhand

That's a great score, congratulations! And good luck with ISCW.

mamono

Congrats!

Great info too!