CCNA: S Passed, + Sources

Vask3nVask3n Member Posts: 517
Hi all, I sat the CCNA: Security this morning and passed. In retrospect I think I may have clocked more hours into studying for this than CCNA, I think I hit about 40 hours on CBT alone plus another 20 or so on Chris Bryant's Advantage and then extra time with the OCG book and especially printing out Cisco documentation from their website. Look for their official documentation on things like IPSec, implementing Site-to-Site VPNs, Layer 2 Security, and AAA. Again, these are official docs on the Cisco site. The actual number of questions on the exam varies but I think the passing score is usually around 804 (it was for me, and I got 70 questions).

My consensus with the CCNA Security CBT nuggets is that it was helpful, but to be honest at times it was hard to follow KB just cause the typing seems out of sync with his presentation (not sure if he records the presentation beforehand and then does a voice over?). Basically with the Jeremy Ciara series I didn't have to go through the vids as many times because he does the typing there on the spot and its a little slower paced.

The OCG book is excellent and is by KB. It isn't structured the same way as the CBT series so they don't resemble each other structure wise. However, be warned that the practice questions on the OCG guide generally seem a bit easy.

When studying AAA and messing around with it on your routers/GNS3, turn debugging on and look at what comes up if there is or is not a successful login, and remember the three responses an ACS server can give (PASS, FAIL, ERROR). Remember that the protocols used between the client (the router) and the ACS server are different and have different characteristics. The Layer 2 stuff is generally straightforward, remember how trunking works and how it can be dynamic or non-dynamic.

Here are some examples I would highly recommend. I have these printed and basically read them over and over until I can understand the concept well enough that I can skim through the packet without having to stop to understand something because I have already gone over it x times.:

Cisco IOS Security Configuration*Guide, Release*12.2 - AAA Overview* [Cisco IOS Software Releases 12.2 Mainline] - Cisco Systems

Catalyst 6500 Release 12.2SX Software Configuration Guide - Port Security* [Cisco Catalyst 6500 Series Switches] - Cisco Systems

Configuration Professional: Site-to-Site IPsec VPN Between ASA/PIX and an IOS Router Configuration Example - Cisco Systems

How to Use CCP to Configure IOS IPS* [Cisco IOS Intrusion Prevention System (IPS)] - Cisco Systems

Don't underestimate the official Cisco sources/documentation because they are key to understanding the conepts.
Working on MS-ISA at Western Governor's University


  • senerasenera Registered Users Posts: 1 ■□□□□□□□□□
    Congrats on the pass! Thanks for listing resources
  • pamccabepamccabe Member Posts: 315 ■■■□□□□□□□
    Excellent post Vask! I'm almost sure that CCNA: Security will be my next certification. Your post has exactly the type of information I was looking for, thanks again!

    Oh, and congrats on your pass!
  • Vask3nVask3n Member Posts: 517
    Thanks guys
    Working on MS-ISA at Western Governor's University
  • iamme4evaiamme4eva Member Posts: 272
    Cheers for the info. I'm currently studying for this, so I'll be making use of the links you posted! Useful post, thanks! Well done for passing too!
    Current objective: CCNA Security
    My blog:
  • FloOzFloOz Member Posts: 1,614 ■■■■□□□□□□
  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • QuickybillyQuickybilly Member Posts: 7 ■□□□□□□□□□
    Congratulations Vask3n!!

    Thanks for the great tips on material. One question though, did you use any labs? Which ones were they?
  • Vask3nVask3n Member Posts: 517
    I did not use pre-made labs but I did practice commands on a 7200 image using GNS3 and the port-security stuff in packet tracer. Basically I'd recommend crafting method lists, applying them to interfaces (or not if they are a default list) and seeing the result. Other things you can do are creating parser views, custom privilege levels, and of course ACLs.

    One of the exam objectives is "Implement Cisco IOS-based IPS using CCP" For that one, one of the documents I linked is specifically for that purpose, with screenshots and all. So even if you can't implement that solution virtually or physically, the document is a great supplement and focuses in on that exact objective.
    Working on MS-ISA at Western Governor's University
  • broli720broli720 Member Posts: 394 ■■■■□□□□□□
    Congrats. This is the next frontier for me.
  • gadav478gadav478 Member Posts: 374 ■■■□□□□□□□
    Goals for 2015: CCNP
  • SysnetNotesSysnetNotes Member Posts: 45 ■■□□□□□□□□
Sign In or Register to comment.