YFZblu's CCNA: Security journey (640 554)

YFZblu

Also - I lab'd ACL's today and read the chapter. Yesterday I only had time to watch the CBT Nuggets video. Up next is Implementing Secure Network Management, which I assume pertains to securing the management plane. I think this will have a lot of bleed over from AAA, but will most likely also include things like creating CCP profiles and creating parser views.

I have taken my massive stack of note cards and begun separating them for each lab; that way I can grab a couple stacks, take them to work, and everything will be organized.

Roguetadhg

I haven't heard anything about the exam retiring, it's probably just the holiday season. Studying during this time is hard for almost anyone with family. Last minute shopping, Cooking, decorating. I can see people rushing to get the test sat, and leaving it up to chance to see if they know enough to pass!

Bah Hum Bug!

YFZblu

I ended up combining Management Plane Security and AAA, because they overlap so much. Today is layer 2 security.

YFZblu

Finished L2 security - Covered a lot of the CCNA topics, which felt good to review. Creating VLANs, DTP, assigning access/trunk ports, assigning ports to VLANs, native VLAN, router on a stick, etc.

Also got more port security under my belt, and finished off with Root Guard and BPDU Guard. So far I have finished exactly half of topics in the objectives that use the word 'implement', so I still have a while to go.

I think going forward I will do two labs per day; one in the morning and one after work. That way I'll finish a few days prior to my exam.

YFZblu

Went to work today, had to re-join a PC to the domain, moved a User to a new office, and immediately returned home. I think I'm going to be available from home today, so I can get several hours of studying in. I'll be in Chicago this weekend for at least one night, and I doubt I'll be able to escape to study. But if you've read this thread at all, you know I'll bring a piece of my lab with me just in case!

Edit: Today is Zone-based Firewalls, and I'm going to shoot for the ASA implementation portion as well.

YFZblu

Pretty awesome Zone-Based Firewall videos if anyone is interested.

Part 1 - Basic: Zone-Based Firewall-Part 1 of 2-Basic Configuration - YouTube

Part 2 - Advanced: Zone-Based Firewall-Part 2 of 2-Advanced - YouTube

Roguetadhg

It's like watching a weatherman. Nice find!

Roguetadhg

Cisco Press has the Rough Cuts for the Security FLG if you're interested.

http://my.safaribooksonline.com/book/networking/security/9780132983341

Mike-Mike

I really like this book, the official cert guide

YFZblu

Yeah, it's really good - It's especially nice that Keith Barker did the new CCNA Sec CBT Nuggets videos, so it's all very similar.

YFZblu

Re-read Firewall Fundamentals, ZBF, and the ASA chapter. I also lab'd along with the book.

Today I'll begin doing some memorization. Hopefully tonight I'll knock out IPS.

Roguetadhg

good to know im not the only one pounding away at certs! Hows the studying coming? you'll be right on track for the test?

YFZblu

It's coming along nicely, I think I may just barely get through everything with a couple days left over for hardcore memorization/review. Today is IPS, I'll watch the CBT Nugs, read the chapter, and then implement via CCP. I'm thinking this will be a pretty short review considering IPS implementation doesn't go very deep with ccna sec.

After that I will watch the videos and read the chapter for implementing Site-to-Site VPNs, and lab it.

Tomorrow I'll be on a train to Chicago for four hours, which will allow me to watch videos and read the chapter for remote access SSL VPN's, and at that point I will be done lab'ing and reviewing. I'm going to see the Chicago Symphony play 'Fantasia' tomorrow night, so most likely tomorrow afternoon and evening will be completely tied up.

Sunday afternoon I will be on a train BACK to Grand Rapids for four hours, so there will be more memorization and review.

Monday morning I'll be 'working' from home for the first half of the day so I can review before my exam at noon. I'm cutting it close, but I think it's doable.

How's Linux+, voice, security, and wireless treating you?

Roguetadhg

Any type of mass-transportation I tend to fall asleep. It's so easy for me to sleep on a bus, train, or even airplane. Amazing what drool can do to a leather jacket after it's been sitting for a couple of hours.

Linux+ = Reinstalled Ubuntu. Spent 30 minutes reading why the !@#$ Expendables 2 wouldn't play on it. Got it to work, barely. Got Word working for 30 days as the telephone registration boxes don't work and I can't autoreg it! OneNote is still out of comission. Meh. Certification wise: Been reading, entering commands as best as possible. I still dislike using "vi" - Because I don't get to see -- INSERT -- to show me what mode I'm in.

Voice/Security = Still building my cisco lab. I still have a little less than half a month for my Flash upgrades for my 2600xm routers though. I didn't know they were being shipped from freaking Hong Kong. I need 1 Router, 1 Switch and 1 ASA for the security labs. Not sure of "Voice" as the cert labs aren't out yet. Not really studying any of it hardcore - I go over the major topics over in my head; attacks, hardening, procedures. Voice: Meh.

Wireless = I watch some CBT between studying for the Linux+ for a rough overview.

If I have to bold-face each current certification I'm studying for, I think that's a hint I should just study one.

YFZblu

FYI - Professor Messer has begun a free Linux+ video training. Only a few videos up so far, you'll want to keep an eye out for new ones:

Linux Training Videos | Professor Messer - CompTIA A+, Network+, Security+, Linux, Microsoft Technology Training

Ivanjam

Best of luck on the exam, YFZblu - been following your thread for a while.

YFZblu

Thanks Ivanjam! I have yet to see a TE poster fail 640-554, so I'll do my best not to be the first

YFZblu

Soo in my lab efforts I realized my 871 router hardware supports IPS, but I either don't have a proper license to use it or my IOS image doesn't support IPS.

1. If I don't have a proper license, I'm not going out and buying one.
2. I don't feel like spending the next two hours finding an image, downloading a TFTP server, trying to upload the image the router, dealing with it if/when that fails, etc.

So I watched the CBT Nuggets, read the 'IPS Fundamentals' chapter, and then read the 'Implementing IOS IPS' chapter. At the CCNA Sec level it isn't too bad, and I only need to be able to implement it with CCP, not the CLI for the exam. CCP is quite easy to use, so if it comes up during my exam I should be able to poke around and figure things out.

YFZblu

I'd like to take a break from my book, so right now I'm going to forego the Site-to-Site VPN material and do some labs/memorization with ACL's.

Mike-Mike

you seem to be putting WAY more studying time than me, I am assuming you will blow this exam away

gvtheogiof

Cam on nhhung chia se thu vi nay
Chuc ngay cuoi tuan vui ve va hanh phuc nhe
Best regards

namld20997

c?m on vì chia s? b? Ã*ch.............................

phoeneous

Mike-Mike wrote: »

you seem to be putting WAY more studying time than me, I am assuming you will blow this exam away

Or it'll backfire and he'll fail from over studying. Hopefully that doesn't happen

YFZblu

Mike-Mike wrote: »

you seem to be putting WAY more studying time than me, I am assuming you will blow this exam away

Honestly with this being the eve of my exam, I wish I would have put more effort in This last 1.5 weeks has been pretty hardcore, yeah; but if you trace back the posts in this thread you'll see some legitimate gaps in progress.

Current status: cramming

daba

Did you take it yet? Results?

YFZblu

Wow, so I failed the exam. Bullet points first, then my experience:

Passing score: 804
My score: 794

Common Security threats: 50%
Security and Cisco Routers: 80%
AAA on Cisco Devices: 80%
IOS ACL's: 67%
Secure Network Management and Routing: 80%
Common Layer 2 Attacks: 67%
Cisco Firewall Technologies: 77%
Cisco IPS: 50%
VPN Technologies: 82%

During the exam, I was feeling really good. Like, really good. I killed the first 15 questions in about three minutes. Then, my subnetting failed me! I was totally stunned when I went reaching inside my brain for subnetting, and got NOTHING. That, and there were some Layer 2 questions tripping me up, which should be an easy fix. I thought the exam was fair, and wasn't nearly as difficult as ICND2.

I will probably end up taking the test either Friday or Saturday and I will just make sure my subnetting is solid once again. I will definitely take the score report to heart and spend plenty of time on IPS and Layer 2, as well as reading the introductory chapters of the book again to grasp the common security threats more effectively.

I am a little shocked that I walked out of the testing center with the word 'fail' on my papers, but it is what it is. I think I would much rather re-take and pass with a strong score than be a weaker candidate with a low passing score.

Edit - I recant my last statement, who am I kidding? I would much rather just pass.

marco71

YFZblu, feel sorry for you ... I also did this exam today and I passed ...
Good luck with your exam re-take.

Roguetadhg

Congrats, Macro71 for being awesome!

And blu. Tisk. Not that I would've done better Yeah, subnetting wasn't really covered in the book, so that's definitely understandable. I guess it's a good cue for anyone wanting to do anything in Cisco is to keep their Subnetting knives sharp for test day

Mike-Mike

YFZblu wrote: »

Edit - I recant my last statement, who am I kidding? I would much rather just pass.

this made me laugh...

sorry you didn't pass, thanks for the tip to brush up on the subnetting

Chitownjedi

You will get it, yeah I had a subnetting question on a recent M$ exam, and it was almost like I never even learned it... definitely got to keep that sharp in case I see it again when I get back into the Security/Voip test. Good luck, you got this Bro!