Options
642-627 - IPS Exam Experience
bryguy
Member Posts: 190
To give you a little background, I earned my CCNP in February of 2010 which was shortly before the transition that Cisco made into the specialized CCNP designations. Of the 4 CCNP exams that were required at the time, I enjoyed ISCW the most. I was disappointed to learn, upon investigating various options to re-certify, that it was no longer offered and because I'm no longer in the infrastructure realm of routing and switching- I briefly thought about letting my CCNP expire. Upon further investigation, however, I thought the security track might make for a more relevant means to re-certify.
Currently, I work in more of an auditing, security assessment type capacity. I briefly looked at Secure, because it appeared to mirror the ISCW content more than the others, but decided against it, after reading several bad reviews on Amazon and TE regarding the Cisco Press book. For better or worse, I typically use Cisco Press books as my main study resource, so Secure was out.
I decided, instead, to go with the 642-627 to re-certify my CCNP. I had worked with Cisco firewalls and vpns before (PIX, 3000 concentrators) in my prior role, but never with IDS/IPS. At my last job, they did a great job of implementing the "separation of duties" concept, so as a router/switch guy, we never touched the IPS/IDS gear so I thought this would make for a good opportunity to expand my horizons a little bit and learn something new, instead of certifying on something that I had worked with on a daily basis.
In order to pass I used the following resources:
CCNP Security IPS 642-627 Official Cert Guide - David Burns
CBT Nuggets - 24 hour subscription - Michael Shannon
IME Demo
Skillsoft Training - Michael Shannon
IP Expert VOD
Boson Practice Test
Official Cisco Documentation
I prepared for roughly 3 months by taking notes on the official cert guide, and then reviewing my notes on a daily basis. In addition, I listened to the audio portion of the IP Expert videos on my way to and from work on my 40 minute commute. I spent a weekend watching the CBT Nuggets videos (24 hour subscription) and taking notes. The IME Demo was invaluable and I would definitely recommend getting some "hands on" with it, if you don't have actual IPS's to work with, short of actual rack time.
Insofar as the computer based training was concerned, I would actually recommend the Skillsoft Training over the CBT Nuggets, or IP Expert VOD. It was surprisingly thorough and included several simulations. The questions following the Skillsoft content, however, had a lot to be desired. If I had to do it over again, I would have saved some money, and just used the Skillsoft training that my employer provides.
The Boson Practice test included 3 individual tests. I've used Boson before, and have been very impressed by the quality of the questions they ask, and the associated explanations that are provided. Definitely worth the $75 or so I paid for them.
The test itself was on par with what I had studied, and I can't say there were any surprises at test time. The biggest challenge, I think, was keeping the various IPS technologies seperate in my mind. You have dedicated appliances like the 4200 series, ASA IPS modules, ISR IPS modules, and Switch based IPS modules- all with slightly different syntax, capabilities, and features. Using the IME (or the GUI interface) kind of "normalizes" administration from a syntax perspective, if you have multiple IPS devices you're working with in your environment. The book stresses the IME and IDM over the CLI for this reason, I believe. Of the the topics I covered, I found the RegEx portion of the string engines, most interesting.
In any event, I passed with a strong score and re-certified my CCNP in the process, while learning something new. I probably won't bother with the rest of the CCNP-Security track, unless I start working directly with infrastructure security again. Hope this helps someone looking into taking this exam.
Currently, I work in more of an auditing, security assessment type capacity. I briefly looked at Secure, because it appeared to mirror the ISCW content more than the others, but decided against it, after reading several bad reviews on Amazon and TE regarding the Cisco Press book. For better or worse, I typically use Cisco Press books as my main study resource, so Secure was out.
I decided, instead, to go with the 642-627 to re-certify my CCNP. I had worked with Cisco firewalls and vpns before (PIX, 3000 concentrators) in my prior role, but never with IDS/IPS. At my last job, they did a great job of implementing the "separation of duties" concept, so as a router/switch guy, we never touched the IPS/IDS gear so I thought this would make for a good opportunity to expand my horizons a little bit and learn something new, instead of certifying on something that I had worked with on a daily basis.
In order to pass I used the following resources:
CCNP Security IPS 642-627 Official Cert Guide - David Burns
CBT Nuggets - 24 hour subscription - Michael Shannon
IME Demo
Skillsoft Training - Michael Shannon
IP Expert VOD
Boson Practice Test
Official Cisco Documentation
I prepared for roughly 3 months by taking notes on the official cert guide, and then reviewing my notes on a daily basis. In addition, I listened to the audio portion of the IP Expert videos on my way to and from work on my 40 minute commute. I spent a weekend watching the CBT Nuggets videos (24 hour subscription) and taking notes. The IME Demo was invaluable and I would definitely recommend getting some "hands on" with it, if you don't have actual IPS's to work with, short of actual rack time.
Insofar as the computer based training was concerned, I would actually recommend the Skillsoft Training over the CBT Nuggets, or IP Expert VOD. It was surprisingly thorough and included several simulations. The questions following the Skillsoft content, however, had a lot to be desired. If I had to do it over again, I would have saved some money, and just used the Skillsoft training that my employer provides.
The Boson Practice test included 3 individual tests. I've used Boson before, and have been very impressed by the quality of the questions they ask, and the associated explanations that are provided. Definitely worth the $75 or so I paid for them.
The test itself was on par with what I had studied, and I can't say there were any surprises at test time. The biggest challenge, I think, was keeping the various IPS technologies seperate in my mind. You have dedicated appliances like the 4200 series, ASA IPS modules, ISR IPS modules, and Switch based IPS modules- all with slightly different syntax, capabilities, and features. Using the IME (or the GUI interface) kind of "normalizes" administration from a syntax perspective, if you have multiple IPS devices you're working with in your environment. The book stresses the IME and IDM over the CLI for this reason, I believe. Of the the topics I covered, I found the RegEx portion of the string engines, most interesting.
In any event, I passed with a strong score and re-certified my CCNP in the process, while learning something new. I probably won't bother with the rest of the CCNP-Security track, unless I start working directly with infrastructure security again. Hope this helps someone looking into taking this exam.
Comments
-
Options
Maced129
Member Posts: 78 ■■□□□□□□□□
congrats on the pass, and great tips for future test takers! -
Options
wave
Member Posts: 342
Congratulations and thank you for the write-up!
ROUTE Passed 1 May 2012
SWITCH Passed 25 September 2012
TSHOOT Passed 23 October 2012
Taking CCNA Security in April 2013 then studying for the CISSP -
Options
f0rgiv3n
Member Posts: 598 ■■■■□□□□□□
Good info, thank you for taking the time. Congrats as well! -
Options
wintermute000
Banned Posts: 172
Hey buddy
I am looking to follow through with CCNP Sec, but for different reasons to you - love firewalls and VPNs, but no interest in IPS and at core a R&S engineer who just happens to be thrown into firewall and voice roles all the time
Hence it seems a pity to do firewall, vpn exams but lack one more exam - IPS - to get the full CCNP Sec certification.
Regarding IME demo, what IPS hardware did you use? IOS software I assume? Did you find it a hindrance not to have had 'real' hands onto 4200s and hardware ASA/ISR modules? -
Optionsbryguy
Member Posts: 190
The IME Demo doesn't actually require any hardware, it's a software "emulation" that looks and behaves like the real deal. It has a simulated ASA module, and a couple 4200 appliances, and a simulated NME or AIM module if I remember correctly. The only thing is, you can't apply and see the effect of your changes but you can navigate through all the configuration items up until the point you would click apply. For study purposes, I don't think you miss anything by not having the real thing, as the CLI wasn't heavily stressed in the Cisco Press book. Oh, and a head's up the CCNP Security track requires 4 exams. In addition to VPN, Firewall, and IPS there's also SECURE.
-
Optionswintermute000
Banned Posts: 172
AH OK excellent. Thanks for the information.
Yeah aware of the 4 exams. -
Options
ChooseLife
Member Posts: 941 ■■■■■■■□□□
Great overview, saved for future reference. Thank you for sharing your experience in details!“You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896
GetCertified4Less - discounted vouchers for certs -
Options
Master Of Puppets
Member Posts: 1,210
Great one, thank you.Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
