Options
Its been a while, taking CCNA:Sec next week
PhildoBaggins
Member Posts: 276
Been working on it for about 10 days pretty hardcore. Hopefully they will have an opening this week at the test center down the way.
After getting my CCNA and being thrown into a crazy MSP where I support 300+ customer networks with sonciwall, hp, brocade, cisco asa's etc... CCNA security is alot of info but its alot of stuff that transfers from my recent real world exp.
All the VPN, ACL, ZBF junk is extremely at home with me.
I have used the CBT nuggets, 640-553 exam cram (which has some goofy test questions and other errors but I found informative).
I think this certification study has been worlds different going from a techy guy to a CCNA. After a year of 60-70 hours a week break fix and design my brains have been stuck in learning mode. Alot of the concepts are no longer new or hard to learn. I have been labbing with a 1841 ISR, 3550 EMI switch, I have gns3 of course to do things my 1841 image wont do.
I broke my studies down into watching all CBTs, taking notes on each one. Then rewatching the longer videos if I found myself not paying as close attention.
I then quickly glanced over the entire exam cram book, and writing down stuff to lab so I could get a feel for what I need to accomplish lab wise with this cert. At that point I closely read every chapter. Taking each end of chapter exam after 20 minutes of reading the chapter to see if I retained the info.
I then made a list of items as I went to to either memorize, lab, study, practice etc... This allowed me to focus on specific items I either didnt pay enough attention on or had trouble memorizing (like some of the tables throughout the book). I really like having a method to study (light, medium, indepth)
I lightly cover material (watch cbts during downtime at work or at night when the wife is working)
Cover it a little more in depth (light labbing, light reading of some sort of formal material like a cisco press or exam cram book)
Then I test myself using available questions to give myself a baseline. Once tested I drill down each section of the required knowledge for the exam and lab each area where possible.
Wednesday
100%
Lightly read 100 pages of the Exam Cram book
100%
Lightly read 30 pages of the MEGA guide
100%
At night time lab up Router and SDM
Thursday
100%
Lightly read 100 pages of the Exam Cram book
100%
Lightly read 30 pages of the MEGA guide
100%
Lab at least 2-3 hours on Router technologies and SDM
Friday
read chapter 7 entirely
100%
Lightly read 100 pages of the Exam Cram book
100%
Lightly read 30 pages of the MEGA guide
100%
Lab 2 hours switch
100%
Lab 2 hours router sdm
Saturday
100%
Lightly read 100 pages of the Exam Cram book
100%
Lightly read 30 pages of the MEGA guide
100%
Lab 2 hours switch
50%
Lab 2 hours router sdm
C.1 Test
91%
brush up
C.2 Test
80%
brush up
C.3 Test
86%
brush up
C.4 Test
80%
brush up
C.5 Test
80%
brush up
C.6 Test
80%
brush up
C.7 Test
90%
lab-up
C.8 Test
90%
lab-up
C.9 Test
90%
brush up
C.10 Test
100%
lab-up
average
87%
When average > 80% take practice tests
When pactice test average 90% take EXAM
x=good
/=learn it
*=cli only
?=whatt
KNOW HOW TO
x
base config router for access, ssh, SDM
x
be able to setup AAA and VIEW modes
x
secure backup image and config, be able to show it
x
be able to block numerous VTY login attempts
x
KNOW your login command on vty lines for locking down access to aaa groups
x
KNOW WHAT FILES SDM requires
x
know how to setup AAA, TACACS, views , aaa groups etc… from chp 3 in SDM and CLI
x
memorize Cisco Log Severity Levels
x
enable and show sys log / logging in CLI and in SDM
x
enable and show SNMP v1 2 3 in SDM / CLI
x
enable SSH via CLI and SDM
verify version and sessions
x
lock down ssh vty lines via CLI and SDM
x
setup NTP via sli and SDM
x
Know what services are uncessessary and how to disable via CLI and SDM
x
perform security audit and one step lockdown in SDM
x
perform auto secure in both auto and interactive mode CLI
x
Read characteristics of firewalls and gear Chapter 5
x
use standard ACLS
cli and sdm
x
extended ACLS
cli and sdm
refllexive ACLS
cli and sdm
x
named ACLS
cli and sdm
x
apply ACL's to interfaces and to VTY lines
x
know how to show and verify ACLS
x
resequence named ACLS, cut and paste named ACLS
x
know how to mitigate spoofing and private ip attacks
x
mitigate ip spoofing outbound
x
know the different icmp messages and make sure to lock them down in the config
x
setup full egress / ingress filtering
chp 5
x
understand the difference between static packet filtering ACL and zone based dynamic packet filtering
chp 5
x
Create zones
apply interfaces to a zone
chp 5
x
Explain zone pairs and how it works
chp 5
x
setup zones via based firewizard SDM
chp 5
x
NEED TO USE GNS3 FOR THIS
chp 5
x
USE GNS3 TO SETUP BASIC AND ADVANCED FIREWALLING
chp 5
x
Manually setup zones
chp 5
x
Manually setup classes and apply to policy maps
chp 5
x
Manually setup zone pairs and assign policy maps to zone pairs
chp 5
x
NEED TO USE GNS3 FOR THIS
chp 5
x
USE GNS3 TO SETUP BASIC AND ADVANCED FIREWALLING
chp 5
x
Monitor ZPF via SDM
chp 5
memrize
be able to view zones in CLI
chp 6
x
read chapter 6 and understand crytopgraphy
chp 6
x
pass chapter 6 cryptography test
chp 5
x
learn common protocol id's chapter 5
chp2
???
learn the seven steps to compromising targets
chp2
memrize
study page 76 threat control matrix
chp2
memrize
study page 55 threat testing techniques
chp3
x
go over all config t "security" commands
chp3
x
explain the diff between enable sec and service pass encryption
chp3
x
know the conf t "login" sub commands for security
chp3
x
know the login quite mode and how to implement it
chp3
x
understand the 5 items SDM manages pg 105
chp4
x
understand in-band vs out-of-band
chp4
memrize
memorize log message levels pg 155
chp4
x
know how to turn on logging SDM and CLI pg 156
chp4
x
know how to implement SSH, VTY ssh, SNMP NTP in sdm and CLI
chp4
memrize
know the list of rtr service vulnerabilities pg 167
chp10
x
lab all of chapter 10 CLI swich security
chp10
x
learn the errdisable recovery cause psecure-violation command chapt 10
chp10
x
setup SPAN and test it out
chp10
x
underestand where storm control is configured
chp 7
memrize
memorize ipsec vs ssl table pg 301
chp 7
x
explain the 5 parts of IKE (HAGLE)
chp 7
Lab up everything Chap 7
chp 7
memrize
memorize table from pg297
chp 8
memrize
memorize table 8.1 AND 8.2 chp 8 pg 346
chp 9
lab chapter 9 IPS
chp 9
know how to show ips data in CLI
chp 9
know how to setup IPS in CLI
chp 9
learn all the nac components chp 9
chp5
look at test question 4 and lab up a bunch, understand how to implement established tcp ACLs
chp 7
configure ike policies
chp 7
setup multiple vpns
chp 7
setup a ton of policies
Fun stuff, hopefully i'm not retarded and know the material for the test
After getting my CCNA and being thrown into a crazy MSP where I support 300+ customer networks with sonciwall, hp, brocade, cisco asa's etc... CCNA security is alot of info but its alot of stuff that transfers from my recent real world exp.
All the VPN, ACL, ZBF junk is extremely at home with me.
I have used the CBT nuggets, 640-553 exam cram (which has some goofy test questions and other errors but I found informative).
I think this certification study has been worlds different going from a techy guy to a CCNA. After a year of 60-70 hours a week break fix and design my brains have been stuck in learning mode. Alot of the concepts are no longer new or hard to learn. I have been labbing with a 1841 ISR, 3550 EMI switch, I have gns3 of course to do things my 1841 image wont do.
I broke my studies down into watching all CBTs, taking notes on each one. Then rewatching the longer videos if I found myself not paying as close attention.
I then quickly glanced over the entire exam cram book, and writing down stuff to lab so I could get a feel for what I need to accomplish lab wise with this cert. At that point I closely read every chapter. Taking each end of chapter exam after 20 minutes of reading the chapter to see if I retained the info.
I then made a list of items as I went to to either memorize, lab, study, practice etc... This allowed me to focus on specific items I either didnt pay enough attention on or had trouble memorizing (like some of the tables throughout the book). I really like having a method to study (light, medium, indepth)
I lightly cover material (watch cbts during downtime at work or at night when the wife is working)
Cover it a little more in depth (light labbing, light reading of some sort of formal material like a cisco press or exam cram book)
Then I test myself using available questions to give myself a baseline. Once tested I drill down each section of the required knowledge for the exam and lab each area where possible.
Wednesday
100%
Lightly read 100 pages of the Exam Cram book
100%
Lightly read 30 pages of the MEGA guide
100%
At night time lab up Router and SDM
Thursday
100%
Lightly read 100 pages of the Exam Cram book
100%
Lightly read 30 pages of the MEGA guide
100%
Lab at least 2-3 hours on Router technologies and SDM
Friday
read chapter 7 entirely
100%
Lightly read 100 pages of the Exam Cram book
100%
Lightly read 30 pages of the MEGA guide
100%
Lab 2 hours switch
100%
Lab 2 hours router sdm
Saturday
100%
Lightly read 100 pages of the Exam Cram book
100%
Lightly read 30 pages of the MEGA guide
100%
Lab 2 hours switch
50%
Lab 2 hours router sdm
C.1 Test
91%
brush up
C.2 Test
80%
brush up
C.3 Test
86%
brush up
C.4 Test
80%
brush up
C.5 Test
80%
brush up
C.6 Test
80%
brush up
C.7 Test
90%
lab-up
C.8 Test
90%
lab-up
C.9 Test
90%
brush up
C.10 Test
100%
lab-up
average
87%
When average > 80% take practice tests
When pactice test average 90% take EXAM
x=good
/=learn it
*=cli only
?=whatt
KNOW HOW TO
x
base config router for access, ssh, SDM
x
be able to setup AAA and VIEW modes
x
secure backup image and config, be able to show it
x
be able to block numerous VTY login attempts
x
KNOW your login command on vty lines for locking down access to aaa groups
x
KNOW WHAT FILES SDM requires
x
know how to setup AAA, TACACS, views , aaa groups etc… from chp 3 in SDM and CLI
x
memorize Cisco Log Severity Levels
x
enable and show sys log / logging in CLI and in SDM
x
enable and show SNMP v1 2 3 in SDM / CLI
x
enable SSH via CLI and SDM
verify version and sessions
x
lock down ssh vty lines via CLI and SDM
x
setup NTP via sli and SDM
x
Know what services are uncessessary and how to disable via CLI and SDM
x
perform security audit and one step lockdown in SDM
x
perform auto secure in both auto and interactive mode CLI
x
Read characteristics of firewalls and gear Chapter 5
x
use standard ACLS
cli and sdm
x
extended ACLS
cli and sdm
refllexive ACLS
cli and sdm
x
named ACLS
cli and sdm
x
apply ACL's to interfaces and to VTY lines
x
know how to show and verify ACLS
x
resequence named ACLS, cut and paste named ACLS
x
know how to mitigate spoofing and private ip attacks
x
mitigate ip spoofing outbound
x
know the different icmp messages and make sure to lock them down in the config
x
setup full egress / ingress filtering
chp 5
x
understand the difference between static packet filtering ACL and zone based dynamic packet filtering
chp 5
x
Create zones
apply interfaces to a zone
chp 5
x
Explain zone pairs and how it works
chp 5
x
setup zones via based firewizard SDM
chp 5
x
NEED TO USE GNS3 FOR THIS
chp 5
x
USE GNS3 TO SETUP BASIC AND ADVANCED FIREWALLING
chp 5
x
Manually setup zones
chp 5
x
Manually setup classes and apply to policy maps
chp 5
x
Manually setup zone pairs and assign policy maps to zone pairs
chp 5
x
NEED TO USE GNS3 FOR THIS
chp 5
x
USE GNS3 TO SETUP BASIC AND ADVANCED FIREWALLING
chp 5
x
Monitor ZPF via SDM
chp 5
memrize
be able to view zones in CLI
chp 6
x
read chapter 6 and understand crytopgraphy
chp 6
x
pass chapter 6 cryptography test
chp 5
x
learn common protocol id's chapter 5
chp2
???
learn the seven steps to compromising targets
chp2
memrize
study page 76 threat control matrix
chp2
memrize
study page 55 threat testing techniques
chp3
x
go over all config t "security" commands
chp3
x
explain the diff between enable sec and service pass encryption
chp3
x
know the conf t "login" sub commands for security
chp3
x
know the login quite mode and how to implement it
chp3
x
understand the 5 items SDM manages pg 105
chp4
x
understand in-band vs out-of-band
chp4
memrize
memorize log message levels pg 155
chp4
x
know how to turn on logging SDM and CLI pg 156
chp4
x
know how to implement SSH, VTY ssh, SNMP NTP in sdm and CLI
chp4
memrize
know the list of rtr service vulnerabilities pg 167
chp10
x
lab all of chapter 10 CLI swich security
chp10
x
learn the errdisable recovery cause psecure-violation command chapt 10
chp10
x
setup SPAN and test it out
chp10
x
underestand where storm control is configured
chp 7
memrize
memorize ipsec vs ssl table pg 301
chp 7
x
explain the 5 parts of IKE (HAGLE)
chp 7
Lab up everything Chap 7
chp 7
memrize
memorize table from pg297
chp 8
memrize
memorize table 8.1 AND 8.2 chp 8 pg 346
chp 9
lab chapter 9 IPS
chp 9
know how to show ips data in CLI
chp 9
know how to setup IPS in CLI
chp 9
learn all the nac components chp 9
chp5
look at test question 4 and lab up a bunch, understand how to implement established tcp ACLs
chp 7
configure ike policies
chp 7
setup multiple vpns
chp 7
setup a ton of policies
Fun stuff, hopefully i'm not retarded and know the material for the test
Comments
-
OptionsPhildoBaggins
Member Posts: 276
Study is good. I am about there. I have been taking a comb through the cisco press and exam cram pulling out every import piece of info and slapping it into an excel sheet to drill the commands.
I'm finding stuff I missed which is good. Practice tests are in the high 80's woo hoo. -
Options
tha_dub
Member Posts: 262
Good luck! I'm going to try and book this one asap too. I've been procrastinating for about 6 months to get this one done. I am so ready to move on it's not funny...
I'd honestly like to just say F!@# it but my employer will pay the exam fee if I pass and it just seems too wastful to walk away from the hundred hours or so I've spent specifically studying for it. -
OptionsPhildoBaggins
Member Posts: 276
My boss will pay for any cert I want to take. I've been training CCNA classes and Cisco ASA classes to my network engineers at work. I figured all I do is support network security technologies at work and I had already bought the Exam Cram like a year ago so it was a good idea.
The configuration for all the material is pretty small in comparison to CCNP or even going from new new new Cisco guy to passing the CCNA. However there are SO MANY acronyms and "referenced" technologies in the CCNA:Sec it makes it a challenge.
Having to relearn building ACL's, Zones, VPN's is a little goofy since I have been doing it on ASA's. I had to unlearn some commands but most of all the IPS/IDS stuff nearly is a directly knowledge transfer which is cool.
I have a CCDA book sitting on my shelf that i'm eye balling next, I have on/off again studied ROUTE and SWITCH. I think this year will be the year of certifications