CCIE Security Written down

AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
And so is what is left of my brain. Passed this morning.
The exam was different to what I had expected. It was much more indepth on protocol details than appliance knowledge and as I thought beforehand routing protocols were my worst section, need to work on that heavily for the lab. Still it was a fair exam. The funniest thing though was one question I absolutely know was not on any of the CCSP or CCIE related study but I remembered it from the Security+, the InfoSec intro exam that keeps on giving :D

I used the following (listed in order of how intensely they were studied; from exhaustive re-reads to quickly skimmed):

CCIE Security Certification Guide 2nd Ed.
Cisco Network Security Troubleshooting Handbook
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
The Complete Cisco VPN Configuration Guide
CCSP IPS Exam Certification Guide + CBTNuggets
CCSP VPN Exam Certification Guide
CCSP SNRS Exam Certification Guide + CBTNuggets
CCSP SND CBTNuggets
Internet Security Protocols : Protecting IP Traffic
The Protocols (TCP/IP Illustrated : Volume 1)
CCIE Security Quicksheets
Security Monitoring with Cisco mars
Advanced Host Intrusion Prevention with CSA
Cisco Access Control Security: AAA Administration Services
Cisco ASA and PIX Firewall Handbook
Cisco Security Architectures
Cisco.com product guides for the Anomaly Detector and Guard Appliances and modules.


The single most surprising to me was the Cisco Network Troubleshooting Handbook, I thought I'd skim through it and just pick up some extra tips but it's actually an excellent study source in addition to the more direct handbooks.

I've still got at least as many recommended books to go through and a few others I've picked up over the last few months but didn't have time to read before the Exam (like "Routing TCP/IP Vol1 and 2...yep lots of time on those.. icon_confused.gif ). The lab certainly is not the end of my theory studies.

I've got a decent if minimal lab hobbled together that will be supplemented with Dynagen/Dynamips and PEMU so onward to the lab....eventually....when my head stops feeling like it's on fire....Maybe by the end of the year.

Anyway thanks to all the folks here who provide so much support. I really don't think I'd have stuck with my studies this long without this place. Kudos all.
We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?

Comments

  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Congrats! Good luck on the remainder of your journey.
    The only easy day was yesterday!
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    Congratulations! icon_cheers.gif

    Now the REAL FUN begins icon_eek.gif
    :mike: Cisco Certifications -- Collect the Entire Set!
  • damsel_in_tha_netdamsel_in_tha_net Member Posts: 75 ■■□□□□□□□□
  • BeaverC32BeaverC32 Member Posts: 670 ■■■□□□□□□□
    Congrats man, keep up the great work! :)
    MCSE 2003, MCSA 2003, LPIC-1, MCP, MCTS: Vista Config, MCTS: SQL Server 2005, CCNA, A+, Network+, Server+, Security+, Linux+, BSCS (Information Systems)
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Congratulations! That's quite an accomplishment.

    What are your feelings on going directly through the security track and skipping the CCNP and R&S CCIE? I'm going to wrap up my CCNA over the next couple of months, and I'm trying to figure out which route (no pun intended) to take after that. I'd like to go straight into security, but I'm not sure how feasible it is. I saw that Keatron also went right to the CCSP, but it seems like he has a pretty solid R&S background as well.

    Thanks for the resource list. I'm definitely bookmarking this thread. How much of those did you go through on your way through the CCSP?
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Well done Ahriakin! icon_thumright.gif
    All things are possible, only believe.
  • snadamsnadam Member Posts: 2,234 ■■■■□□□□□□
    congrats, and job well done. Good luck with the rest of it!
    **** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine

    :study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    Thanks guys, I haven't had a proper day off in 2 months even with taking 6 days of vacation 2 weeks back, just studying like crazy so I plan on taking the next 2 weeks off from the books and lab.

    Dynamik you will deal with a certain amount of routing protocols anyway, primarily RIP and OSPF, with the CCSP just not in a lot of detail, it's really CCNA level stuff with a few extras on how they behave over IPSec and multiple areas etc. The CCIE does go deeper, I think if I'd taken some extra time and read over the TCP/IP Routing guides I would have been prepared enough for what was needed here. The main thing is it (the recommended courseware, not talking about the exam and treading on NDA) focuses a lot on BGP which of course the CCNA and CCSP don't really touch. Still it's more than doable. What you lose in familiarity with deeper R&S you can gain through focus. There's always a trade off unless you have time to burn.
    As for the book list I based it pretty much on the Cisco recommended list and adding the obvious CCSP titles I had already. For the CCSP I used the official Ciscopress guides and CBTNuggets for each (work has a subscription to their online streaming :) ). From the list above though back then I only added "The Complete Cisco VPN Configuration Guide" (fantastic book) but after going though it I'd also recommend "TheCisco Network Security Troubleshooting Handbook". The PIX/ASA handbooks are very good but are better read after you have either done the exam or at least know the Ciscopress guides inside out, there's a ton more information that might overload you before the exam but is great for real-world application.
    If you want to dig a bit deeper into some of the encryption methods "Internet Security Protocols : Protecting IP Traffic " is a very good post-exam book. It's written at a level that really suits just having done the CCSP. It covers some neat stuff like just WHY remote access VPNs use Aggressive mode with pre-shared keys, or how/why HMACS are stronger than standard hashes even when truncated....that kind of stuff bugged me ....yes I need a life.... Not necessarily useful for the exams but a quick and worthwhile read.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • APAAPA Member Posts: 959
    Well done!!!

    Have that well earnt rest now and then smash the lab outta the park!!! :)

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • mgeorgemgeorge Member Posts: 774 ■■■□□□□□□□
    Well g'luck with the security lab... Keep in mind that the PIX is now EOL/EOS
    so if you give it a year maybe they will remove it from the CCIE Lab.
    There is no place like 127.0.0.1
  • PashPash Member Posts: 1,600 ■■■■■□□□□□
    Well done Ahriakin, another well respected TE user to come through shining!

    Good luck with the lab!
    DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me.
  • TurgonTurgon Banned Posts: 6,308 ■■■■■■■■■□
    Ahriakin wrote:
    Thanks guys, I haven't had a proper day off in 2 months even with taking 6 days of vacation 2 weeks back, just studying like crazy so I plan on taking the next 2 weeks off from the books and lab.

    Dynamik you will deal with a certain amount of routing protocols anyway, primarily RIP and OSPF, with the CCSP just not in a lot of detail, it's really CCNA level stuff with a few extras on how they behave over IPSec and multiple areas etc. The CCIE does go deeper, I think if I'd taken some extra time and read over the TCP/IP Routing guides I would have been prepared enough for what was needed here. The main thing is it (the recommended courseware, not talking about the exam and treading on NDA) focuses a lot on BGP which of course the CCNA and CCSP don't really touch. Still it's more than doable. What you lose in familiarity with deeper R&S you can gain through focus. There's always a trade off unless you have time to burn.
    As for the book list I based it pretty much on the Cisco recommended list and adding the obvious CCSP titles I had already. For the CCSP I used the official Ciscopress guides and CBTNuggets for each (work has a subscription to their online streaming :) ). From the list above though back then I only added "The Complete Cisco VPN Configuration Guide" (fantastic book) but after going though it I'd also recommend "TheCisco Network Security Troubleshooting Handbook". The PIX/ASA handbooks are very good but are better read after you have either done the exam or at least know the Ciscopress guides inside out, there's a ton more information that might overload you before the exam but is great for real-world application.
    If you want to dig a bit deeper into some of the encryption methods "Internet Security Protocols : Protecting IP Traffic " is a very good post-exam book. It's written at a level that really suits just having done the CCSP. It covers some neat stuff like just WHY remote access VPNs use Aggressive mode with pre-shared keys, or how/why HMACS are stronger than standard hashes even when truncated....that kind of stuff bugged me ....yes I need a life.... Not necessarily useful for the exams but a quick and worthwhile read.

    Well done. It's a lot of work preparing for any written exam. You should find all that reading will payoff in your lab prep.
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    mgeorge27 wrote:
    Keep in mind that the PIX is now EOL/EOS
    so if you give it a year maybe they will remove it from the CCIE Lab.

    Doubtful, the 2600s have been EOL since 2003 and they're still in there. The VPN Concentrators are EOL too, they're still in the lab a year later. The ASA could be more of a drop in replacement for the PIX than an ASA for the VPN concentrator, so it's possible but I wouldn't count on it.

    Besides Security seems to be the "easy track" at the moment icon_rolleyes.gif
    The only easy day was yesterday!
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    dtlokee wrote:

    Besides Security seems to be the "easy track" at the moment icon_rolleyes.gif

    icon_twisted.gif
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • SlowhandSlowhand Mod Posts: 5,161 Mod
    Big congrats on the pass, Ahriakin. I'm sure it's easy to forget how difficult the CCIE written exams can be, since everyone mainly talks about the journey to the lab-exam. Take a break and relax before the mountain-climb begins, you've earned it.
    mgeorge27 wrote:
    Well g'luck with the security lab... Keep in mind that the PIX is now EOL/EOS
    so if you give it a year maybe they will remove it from the CCIE Lab.

    I thought that only certain PIX models were at EoL?

    Free Microsoft Training: Microsoft Learn
    Free PowerShell Resources: Top PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
  • mgeorgemgeorge Member Posts: 774 ■■■□□□□□□□
    Slowhand wrote:
    I thought that only certain PIX models were at EoL?

    All models of the Pix 500 family are EoL/EoS as of Jan 29th
    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_eol_notices_list.html
    There is no place like 127.0.0.1
Sign In or Register to comment.