CCNA: Sec... outta here!

mikearamamikearama Member Posts: 749
After just getting through the BSCI a few months ago, this exam was a breeze.

Nailed it with a 925.

Describe the security threats facing modern network infrastructures: 100%
Secure Cisco routers: 100%
Implement AAA on Cisco routers using local router database and ACS: 75%
Mitigate threats to Cisco routers and networks using ACLs: 100%
Implement secure network management and reporting: 100%
Mitigate common Layer 2 attacks: 75%
Implement the Cisco IOS firewall feature set using SDM: 100%
Implement the Cisco IOS IPS feature set using SDM: 50%
Implement site-to-site VPNs on Cisco Routers using SDM: 93%

I used the CCNA Security Official Exam Certification Guide by Michael Watkins and Kevin Wallace, and the CCNA Security Exam Cram.

Word to the wise... this exam was heavy on SDM simulators. Fortunately, I have a couple spare 1841 ISR's in our lab that I was able to configure. If you are taking this exam, do yourself a favour and get super-familiar with the SDM as it relates to firewall, IPS, and VPN set ups.

All in all, I felt very confident about the exam, just from the Exam Cert Guide. There may have been maybe 5 questions that were total guesses, but otherwise, the material was covered.

Surprisingly, the exam was sparse on topics including SAN security, wireless security, and voice security. And as you can see from the topics above, heavy on IOS firewall / IPS / VPN security.

So, on to the ISCW.
There are only 10 kinds of people... those who understand binary, and those that don't.

CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Nice job, Congratulations!
  • shednikshednik Member Posts: 2,005
    Nice mike!! Good review on the exam!
  • IT ManIT Man Member Posts: 159
    Congrats...Now I am even more motivated!!
    Shoot for the moon. Even if you miss, you'll still land among the stars. - Les Brown
  • 7255carl7255carl Member Posts: 1,544 ■■■□□□□□□□
    congrats icon_cool.gif
    W.I.P CCNA Cyber Ops
  • nelnel Member Posts: 2,859 ■□□□□□□□□□
    Congrats mike.

    How long did you study for the exam? How much security experiance do you have?
    Xbox Live: Bring It On

    Bsc (hons) Network Computing - 1st Class
    WIP: Msc advanced networking
  • mikearamamikearama Member Posts: 749
    nel wrote:
    Congrats mike.

    How long did you study for the exam? How much security experiance do you have?

    About 6 weeks of dedicated study. Though yes, I work with most of the technology daily, and have been for several years. Having said that, a lot of the topics were first-timers... I've never employed the IOS firewall or IPS, as we use dedicated cisco devices for that. Same with the VPN setup via the SDM... we use concentrators. The key was having a couple devices to play with to cover the topics.

    Someone mentioned a while back that their biggest learning curve was IKE / IPsec. Mine too. I took the topic when I did my Security+, but after reading the Cert Guide, I understood it far better.

    Mike
    There are only 10 kinds of people... those who understand binary, and those that don't.

    CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

    Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
  • GlynixxGlynixx Member Posts: 138
    Awesome job Mike!

    Unlike the CCENT/ CCNA where you can get buy with some equipment off e-bay, do you need actual PIX or ASA's to be able to pass this exam (not sure if a sim would do the trick) ? or any other special hardware?

    Thanks and congrats again!
    G
    Check out www.manager-tools.com for some great management training for free!
  • mikearamamikearama Member Posts: 749
    Great question... and NO, you do not need Pix's are ASA's. In fact, they're hardly even touched on. The focus was on the IOS version of everything, the IOS Firewall, the IOS IPS, and the IOS VPN service.

    So, having access to an ISR router of some kind is important. I didn't look into sims for the above as I had a couple ISR's, but if they exist, I'm sure they'd be fine.

    As for actual CLI work, there's was a bunch... but it's all stuff you'd expect. IE,
    configuring AAA
    setting timestamps
    creating acl's, and their placement
    securing access to vty lines
    implementing SSH
    port-security
    securing the IOS and config

    Nothing too difficult, if you've played with a sim / router. I'd like to see someone **** their way through the sims, though. They were great.
    There are only 10 kinds of people... those who understand binary, and those that don't.

    CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

    Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Congrats!
    An expert is a man who has made all the mistakes which can be made.
  • Met44Met44 Member Posts: 194
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    Congratulations! icon_thumright.gif
    :mike: Cisco Certifications -- Collect the Entire Set!
  • Knives OutKnives Out Member Posts: 91 ■■□□□□□□□□
    Quick question - I can't find the CCNA Security exam cram book on Amazon and says its not available until November 08, where did you get this book? lol
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    You can usually get stuff early on Safari, and it does look like it's there.
  • Knives OutKnives Out Member Posts: 91 ■■□□□□□□□□
    Oh okay, I never heard of Safari books online before!

    Edit to add b.c my manners are terribad: Congratulations! Good review on the exam, I'd like to take it eventually.
  • SlowhandSlowhand Mod Posts: 5,161 Mod
    That's a great score, congratulations! And good luck with ISCW. :D

    Free Microsoft Training: Microsoft Learn
    Free PowerShell Resources: Top PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
  • mamonomamono Member Posts: 776 ■■□□□□□□□□
    Congrats! :D Great info too!
Sign In or Register to comment.