642-627 - IPS Exam Experience

bryguybryguy Member Posts: 190
To give you a little background, I earned my CCNP in February of 2010 which was shortly before the transition that Cisco made into the specialized CCNP designations. Of the 4 CCNP exams that were required at the time, I enjoyed ISCW the most. I was disappointed to learn, upon investigating various options to re-certify, that it was no longer offered and because I'm no longer in the infrastructure realm of routing and switching- I briefly thought about letting my CCNP expire. Upon further investigation, however, I thought the security track might make for a more relevant means to re-certify.

Currently, I work in more of an auditing, security assessment type capacity. I briefly looked at Secure, because it appeared to mirror the ISCW content more than the others, but decided against it, after reading several bad reviews on Amazon and TE regarding the Cisco Press book. For better or worse, I typically use Cisco Press books as my main study resource, so Secure was out.

I decided, instead, to go with the 642-627 to re-certify my CCNP. I had worked with Cisco firewalls and vpns before (PIX, 3000 concentrators) in my prior role, but never with IDS/IPS. At my last job, they did a great job of implementing the "separation of duties" concept, so as a router/switch guy, we never touched the IPS/IDS gear so I thought this would make for a good opportunity to expand my horizons a little bit and learn something new, instead of certifying on something that I had worked with on a daily basis.

In order to pass I used the following resources:
CCNP Security IPS 642-627 Official Cert Guide - David Burns
CBT Nuggets - 24 hour subscription - Michael Shannon
IME Demo
Skillsoft Training - Michael Shannon
IP Expert VOD
Boson Practice Test
Official Cisco Documentation

I prepared for roughly 3 months by taking notes on the official cert guide, and then reviewing my notes on a daily basis. In addition, I listened to the audio portion of the IP Expert videos on my way to and from work on my 40 minute commute. I spent a weekend watching the CBT Nuggets videos (24 hour subscription) and taking notes. The IME Demo was invaluable and I would definitely recommend getting some "hands on" with it, if you don't have actual IPS's to work with, short of actual rack time.

Insofar as the computer based training was concerned, I would actually recommend the Skillsoft Training over the CBT Nuggets, or IP Expert VOD. It was surprisingly thorough and included several simulations. The questions following the Skillsoft content, however, had a lot to be desired. If I had to do it over again, I would have saved some money, and just used the Skillsoft training that my employer provides.

The Boson Practice test included 3 individual tests. I've used Boson before, and have been very impressed by the quality of the questions they ask, and the associated explanations that are provided. Definitely worth the $75 or so I paid for them.

The test itself was on par with what I had studied, and I can't say there were any surprises at test time. The biggest challenge, I think, was keeping the various IPS technologies seperate in my mind. You have dedicated appliances like the 4200 series, ASA IPS modules, ISR IPS modules, and Switch based IPS modules- all with slightly different syntax, capabilities, and features. Using the IME (or the GUI interface) kind of "normalizes" administration from a syntax perspective, if you have multiple IPS devices you're working with in your environment. The book stresses the IME and IDM over the CLI for this reason, I believe. Of the the topics I covered, I found the RegEx portion of the string engines, most interesting.

In any event, I passed with a strong score and re-certified my CCNP in the process, while learning something new. I probably won't bother with the rest of the CCNP-Security track, unless I start working directly with infrastructure security again. Hope this helps someone looking into taking this exam.


  • Options
    Maced129Maced129 Member Posts: 78 ■■□□□□□□□□
    congrats on the pass, and great tips for future test takers!
  • Options
    wavewave Member Posts: 342
    Congratulations and thank you for the write-up!

    ROUTE Passed 1 May 2012
    SWITCH Passed 25 September 2012
    TSHOOT Passed 23 October 2012
    Taking CCNA Security in April 2013 then studying for the CISSP
  • Options
    f0rgiv3nf0rgiv3n Member Posts: 598 ■■■■□□□□□□
    Good info, thank you for taking the time. Congrats as well!
  • Options
    wintermute000wintermute000 Banned Posts: 172
    Hey buddy

    I am looking to follow through with CCNP Sec, but for different reasons to you - love firewalls and VPNs, but no interest in IPS and at core a R&S engineer who just happens to be thrown into firewall and voice roles all the time :) Hence it seems a pity to do firewall, vpn exams but lack one more exam - IPS - to get the full CCNP Sec certification.

    Regarding IME demo, what IPS hardware did you use? IOS software I assume? Did you find it a hindrance not to have had 'real' hands onto 4200s and hardware ASA/ISR modules?
  • Options
    bryguybryguy Member Posts: 190
    The IME Demo doesn't actually require any hardware, it's a software "emulation" that looks and behaves like the real deal. It has a simulated ASA module, and a couple 4200 appliances, and a simulated NME or AIM module if I remember correctly. The only thing is, you can't apply and see the effect of your changes but you can navigate through all the configuration items up until the point you would click apply. For study purposes, I don't think you miss anything by not having the real thing, as the CLI wasn't heavily stressed in the Cisco Press book. Oh, and a head's up the CCNP Security track requires 4 exams. In addition to VPN, Firewall, and IPS there's also SECURE.
  • Options
    wintermute000wintermute000 Banned Posts: 172
    AH OK excellent. Thanks for the information.

    Yeah aware of the 4 exams.
  • Options
    ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    Great overview, saved for future reference. Thank you for sharing your experience in details!
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    - discounted vouchers for certs
  • Options
    Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    Great one, thank you.
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
Sign In or Register to comment.