+ Reply to Thread
Results 1 to 17 of 17
  1. Senior Member mikearama's Avatar
    Join Date
    May 2007
    Location
    Oshawa, Ontario
    Posts
    757

    Certifications
    CCNP, CCSP, CISSP, MCSE
    #1

    Default CCNA: Sec... outta here!

    After just getting through the BSCI a few months ago, this exam was a breeze.

    Nailed it with a 925.

    Describe the security threats facing modern network infrastructures: 100%
    Secure Cisco routers: 100%
    Implement AAA on Cisco routers using local router database and ACS: 75%
    Mitigate threats to Cisco routers and networks using ACLs: 100%
    Implement secure network management and reporting: 100%
    Mitigate common Layer 2 attacks: 75%
    Implement the Cisco IOS firewall feature set using SDM: 100%
    Implement the Cisco IOS IPS feature set using SDM: 50%
    Implement site-to-site VPNs on Cisco Routers using SDM: 93%

    I used the CCNA Security Official Exam Certification Guide by Michael Watkins and Kevin Wallace, and the CCNA Security Exam Cram.

    Word to the wise... this exam was heavy on SDM simulators. Fortunately, I have a couple spare 1841 ISR's in our lab that I was able to configure. If you are taking this exam, do yourself a favour and get super-familiar with the SDM as it relates to firewall, IPS, and VPN set ups.

    All in all, I felt very confident about the exam, just from the Exam Cert Guide. There may have been maybe 5 questions that were total guesses, but otherwise, the material was covered.

    Surprisingly, the exam was sparse on topics including SAN security, wireless security, and voice security. And as you can see from the topics above, heavy on IOS firewall / IPS / VPN security.

    So, on to the ISCW.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #2
    Nice job, Congratulations!
    Reply With Quote Quote  

  4. sporadic member shednik's Avatar
    Join Date
    Feb 2007
    Location
    Pittsburgh, PA
    Posts
    2,005

    Certifications
    CCNP, JNCIP-ENT, JNCIS-SP, JNCIA, JNCDA, CCNA, CCNA:Security, MCP, A+, N+, L+, MST:InfoSec, CNSS 4011-4015
    #3
    Nice mike!! Good review on the exam!
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Apr 2008
    Location
    Maryland
    Posts
    159

    Certifications
    B.S. Engineering Physics, M.S. Information Assurance, A+, Network+, Security+, CCNA, MCP (70-270, 70-290), CCNA Security
    #4
    Congrats...Now I am even more motivated!!
    Reply With Quote Quote  

  6. Senior Member 7255carl's Avatar
    Join Date
    Jan 2007
    Location
    Preston UK
    Posts
    1,541

    Certifications
    Comptia A+, Network+, CCENT, CCNA R+S, ITIL Foundations
    #5
    congrats
    Reply With Quote Quote  

  7. nel
    nel is offline
    Senior Member
    Join Date
    Jun 2006
    Location
    Australia
    Posts
    2,847

    Certifications
    A+ , Network+, MCSA 2003, CCENT, CCNA, CCDA, CCNP, CCDP, JNCIA-JunOS, JNCIS-ENT, Bsc(hons) & Msc Degree
    #6
    Congrats mike.

    How long did you study for the exam? How much security experiance do you have?
    Reply With Quote Quote  

  8. Senior Member mikearama's Avatar
    Join Date
    May 2007
    Location
    Oshawa, Ontario
    Posts
    757

    Certifications
    CCNP, CCSP, CISSP, MCSE
    #7
    Quote Originally Posted by nel
    Congrats mike.

    How long did you study for the exam? How much security experiance do you have?
    About 6 weeks of dedicated study. Though yes, I work with most of the technology daily, and have been for several years. Having said that, a lot of the topics were first-timers... I've never employed the IOS firewall or IPS, as we use dedicated cisco devices for that. Same with the VPN setup via the SDM... we use concentrators. The key was having a couple devices to play with to cover the topics.

    Someone mentioned a while back that their biggest learning curve was IKE / IPsec. Mine too. I took the topic when I did my Security+, but after reading the Cert Guide, I understood it far better.

    Mike
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Mar 2008
    Posts
    138

    Certifications
    MCSE NT/2k, CCA, MBA
    #8
    Awesome job Mike!

    Unlike the CCENT/ CCNA where you can get buy with some equipment off e-bay, do you need actual PIX or ASA's to be able to pass this exam (not sure if a sim would do the trick) ? or any other special hardware?

    Thanks and congrats again!
    G
    Reply With Quote Quote  

  10. Senior Member mikearama's Avatar
    Join Date
    May 2007
    Location
    Oshawa, Ontario
    Posts
    757

    Certifications
    CCNP, CCSP, CISSP, MCSE
    #9
    Great question... and NO, you do not need Pix's are ASA's. In fact, they're hardly even touched on. The focus was on the IOS version of everything, the IOS Firewall, the IOS IPS, and the IOS VPN service.

    So, having access to an ISR router of some kind is important. I didn't look into sims for the above as I had a couple ISR's, but if they exist, I'm sure they'd be fine.

    As for actual CLI work, there's was a bunch... but it's all stuff you'd expect. IE,
    configuring AAA
    setting timestamps
    creating acl's, and their placement
    securing access to vty lines
    implementing SSH
    port-security
    securing the IOS and config

    Nothing too difficult, if you've played with a sim / router. I'd like to see someone dump their way through the sims, though. They were great.
    Reply With Quote Quote  

  11. Went to the dark side.... Moderator networker050184's Avatar
    Join Date
    Jul 2007
    Posts
    11,643

    Certifications
    CCNA, CCNP, CCIP, JNCIA-JUNOS, JNCIS-SP, JNCIP-SP, MCA200
    #10
    Congrats!
    An expert is a man who has made all the mistakes which can be made.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    May 2006
    Posts
    195
    #11
    Well done!
    Reply With Quote Quote  

  13. Cisco Moderator mikej412's Avatar
    Join Date
    May 2005
    Location
    Chicago
    Posts
    10,190

    Certifications
    CCNP CCIP CCSP CCVP CCDP CCDA CCNA CS-CIPSS CS-CIPTDS CS-CIPTOS CS-CIPCSS CS-CFWS CS-CVPNS CS-CISecS ISSP 4013 4011
    #12
    Congratulations!
    Reply With Quote Quote  

  14. bumblebee tuna Knives Out's Avatar
    Join Date
    Apr 2006
    Location
    Canada
    Posts
    91

    Certifications
    A+, CCNA, CCDA, ITIL Foundations v3, TCAP, TCEP
    #13
    Quick question - I can't find the CCNA Security exam cram book on Amazon and says its not available until November 08, where did you get this book? lol
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #14
    You can usually get stuff early on Safari, and it does look like it's there.
    Reply With Quote Quote  

  16. bumblebee tuna Knives Out's Avatar
    Join Date
    Apr 2006
    Location
    Canada
    Posts
    91

    Certifications
    A+, CCNA, CCDA, ITIL Foundations v3, TCAP, TCEP
    #15
    Oh okay, I never heard of Safari books online before!

    Edit to add b.c my manners are terribad: Congratulations! Good review on the exam, I'd like to take it eventually.
    Reply With Quote Quote  

  17. Questionably Benevolent Moderator Slowhand's Avatar
    Join Date
    Oct 2005
    Location
    Bay Area, CA
    Posts
    5,072
    Blog Entries
    1

    Certifications
    A+, Linux+, Server+, Security+, MCSA 2003, MCSA 2008, MCSA 2012, CCNA(expired), ITIL Foundation v3 (2011), VCP5-DCV, VCA-Cloud, VCA-DCV, VCA-WM
    #16
    That's a great score, congratulations! And good luck with ISCW.

    -------------------------------------------------------
    ITHumidor.net - "Futuaris nisi irrisus ridebis"
    -------------------------------------------------------

    Free Microsoft Training: Microsoft Virtual Academy
    Free PowerShell Resources: Top 50 PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
    Reply With Quote Quote  

  18. Senior Member mamono's Avatar
    Join Date
    May 2007
    Location
    Cerritos, CA
    Posts
    778

    Certifications
    A+, Net+, Security+, Server+, i-Net+, CCNA Security, CCENT, MCITP:EST, MCDST, MCTS:Vista, HDI/CSR, HDI/SCA, HDI/DST, Apple, Dell
    #17
    Congrats! Great info too!
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks