how to pass ccie security
TRANSCRIPT
HOW TO PASS
THE CCIE SECURITYLab Exam
Keith Barker, CCIE #6783
1Getting Started
Getting Started|3Achieving a Security CCIE certification is a big deal, and many people often ask for the “secret” to successfully passing the lab and becoming a Security CCIE. If you are considering a CCIE, or working towards one now, this document is written for you.
The acronym for the successful candidate is: The acronym
for the successful candidate is: A.B.L.E.
Assess your current level of knowledge, regarding each
and every topic and sub-topic from the CCIE Security
blueprint, available on Cisco’s web site. Honestly rate
your skills and knowledge for each topic, on a scale from
1 to 5. A rank of “1” would mean that the concept is
new or that your knowledge of it is very limited on that
subject. A rank of “5” would mean that you are at the
level of doing advanced configuration and
troubleshooting, with no assistance from outside sources
or documentation.
This “CCIE Security Checklist” will serve as a baseline to track your studies, and
assist you in covering all the topics. It is often a temptation to jump to lab
configurations, without understanding the technology. Remember that as you
take the time now to learn the technology, you will save time later in
configuration and troubleshooting. Before attempting the lab, a person should be
at a 4+ on virtually every topic on the blueprint.
Believe in your ability to learn the topics and pass the lab, with the emphasis on
learning the technology. No matter how many lab scenarios a person looks at,
they will not be successful in the live lab unless they have learned the
technology and how to implement and troubleshoot it at an advanced level.
Don’t cheat yourself, by “hoping” you won’t get a specific topic on the lab, and
prepare for all topics. You can do it.
No matter where you are in your journey, the products and services provided in the INE Version 3.0 Training Program will ensure that you will complete your journey.
INE TIP
Getting Started|4Long-term planning is essential for the preparation for the lab. Using the
assessment with the CCIE Security Checklist you created earlier, identify the
areas that you want to focus on, and then setup a plan that includes which days
of the week you will study, and how many hours on those days. Before the study
time arrives, lay out a plan of the topics and have the study material, labs,
videos and other resources you will use ready to go, so that you may hit the
ground running during your study time. Use the
assessment worksheet before and after each study
session to track where you are in the topics you
are studying. Realistically, a successful candidate
should set a study plan out that includes beginning
with the CCSP level of knowledge and skills, and
then additional study and lab work. Approximately
400 hours of lab practice using live or simulated
gear are going to be needed and at least that again
in study time. So if a person said they were going to
dedicate 4 hours a day, 3 times a week (12 hours a week), they should put
together a plan that would last between 12 and 24 months. As you study,
update the CCIE Security Checklist with your personal ranking of each topic. If
you end up mastering each topic ahead of schedule, your time frame may be
less than originally planned. The goal should be to really learn the technology in
each area of the blueprint. Finding a study-buddy can also be of value, along
with sharing with friends what your commitments are regarding study time.
There are several online communities, including www.IEOC.com where members
assist other member.
Enjoy the process. There is a lot to learn, and it will serve you to tackle new
topics with the attitude of “I get to learn this” instead of “I have to learn this”.
Keep it fun, and light. Also realize that you will NEVER know everything, and
what you have learned, you may discover can be improved on. Enjoying the
journey involves being honest about your current level and always taking that
knowledge up another notch every time you study. Cramming the week or so
before the lab is not usually a good strategy. By using your study schedule, and
really learning as you go along, you will find that many technologies dovetail
into others, and you will become faster at learning, configuring and
troubleshooting.
1. ASSESS2. BELIEVE3. LONG-TERM4. ENJOY
A.B.L.E
Getting Started|5Do not look for "short cuts" on your journey. Stick to the path we have outlined for you here and it will help you not only in your journey to become a CCIE but also in your career as a networking engineer. During your journey stay away from cheat sheets, brain dumps, gotcha lists, etc. The material you have access to here, combined with the Cisco Documentation, is everything you need to complete your journey. All of the products and services are designed as an important step in your journey. The INE's Version 3.0 Program is not just a bunch of products and services that are bundled together with no rhyme or reason. All of the products and services are developed by the elite instructor team here at INE. We put our names on the front of everything we offer and personally stand behind our products and services.
You may get discouraged at times during your journey and think that it may not be worth it. Don't give up or stray from your path and you will complete the journey as hundreds of our customers have done before you.
The average candidate attempts the CCIE lab 2.7 times before passing. You want to have a personal goal to pass the lab the first time or the second at the latest. If you have properly followed the path we have given you this should be an obtainable goal.
I would like to add a couple more items here before you begin. As I said earlier, you must be honest in your assessment of your knowledge. There isn't a problem in thinking you are knowledgeable about a topic but there is a problem when you think you are more knowledgeable then you really are. I've personally seen people take the CCIE Lab 7 or 8 times before passing because of this single problem. They would never step back to assess where they were and why they failed. They believed they just needed more practice labs and would buy every workbook on the market. You do not want to fall into this trap. You want to pass the CCIE lab exam as a byproduct of learning the technologies and topics covered. You do not want to pass because you can remember seeing a scenario in a practice lab you did.
Congratulations on beginning your journey!
2Three Step Learning Process
Three Step Process|7The recommended learning process you should take is what I define as a three step learning process. The first step is to get an understanding of what the technology or feature does and why it was implemented. This step should be done from a vendor neutral point of view if possible. This can be done by utilizing the Cisco Documentation, our Volume 1 Workbook, a Core Knowledge Simulator Link, the various books and white papers, or the RFCs freely available on the Internet.
The second step is to learn how Cisco has implemented the particular technology or feature. You can do this by using the numerous configuration examples, tech tips, and documentation available on the Internet and Cisco's website along with Cisco Press books. Do not underestimate the wealth of information available in the Cisco Documentation.
Now that you have an understanding of the why and the how, it's time to take the third step by gaining
experience with the technology or feature through hands on practice. Although anything is pretty much theoretically possible, you can not expect to pass the CCIE Lab Exam without hundreds of hours of hands-on practice and/or real world experience on the routers and switches. Many students report that this can add up to 400 to 700 hours of command line practice on the devices. In the CCIE lab they will be trying to test your experience and the main way they test experience is by seeing how familiar you are with the technologies and topics. Generally speaking, someone who is more familiar will also be faster. By faster I do not mean that they can type faster, but that they can do a task faster than someone without the equivalent experience. So do not worry about your keyboard typing speed if it is not the fastest.
If we break these three steps down into time frames, the first step would consume about 15% of total time, the second step about 20%, and the last step about 65% of total time. This means that for every one hour of reading about a technology or topic, you should expect to spend two hours doing hands-on practice.
1. Understand the Technology
2. Learn the Implementation
3. Experience the Technology
INE TIP
Three Step Process|8Recommended Reading Prior to StartingBefore we take a look at the recommended reading, and what products should be used, I want to make sure that we are all on the same page. Before preparation for the CCIE Security, you should have at least a CCSP level of knowledge and/or experience first. You would also want a solid knowledge of routing and switching to succeed in CCIE Security. If you are not at a CCSP level yet, INE offers an online CCNA Security as well as CCSP class. Please be aware that Ciscoʼs CCSP certification requires knowledge of the Security Device Manager (SDM) GUI for routers, and the Adaptive Security Device Manager (ASDM) GUI for the ASA. The 10 day CCSP class includes the command line interface (CLI), as well as both the GUIs for ASDM and SDM because the CCSP requires it. The GUI for SDM and ASDM is not allowed nor covered in the Security CCIE lab, so that portion of the CCSP class will be nice to know, but not required for CCIE level certification. One of our product specialists can assist you with additional recommendations as well, should you need more information.
For Security CCIE candidates, I recommend the following books for reading and reference:
CCIE Professional Development Series Network Security Technologies and Solutions By: Yusuf Bhaiji
CCIE Security v3.0 Configuration Practice Labs, Second Edition
By: Yusuf Bhaiji
Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance, Second EditionBy: Jazib Frahim, CCIE #5459; Omar Santos
Three Step Process|9CCIE Security Advanced Technologies Class on DemandUse the ATCoD as a means of learning the details for the technologies. Schedule your study time to focus on a specific topic, and perhaps use part of the time for the CoD, and part of the same study period for reading. I would recommend no more than 45 minutes to an hour per session. Mix it up, keep it fun and you will learn at a greater rate.
Step One:
Learn
CCIE Security Lab Workbook Volume I Use the technology labs as a means to get an understanding of the implementation for any technologies or features you are not familiar with. These labs are not meant to be done as a whole but more as a way to fill in any gaps in your knowledge base. They are broken out into sections that correspond to the blueprint. You should use this workbook, and its labs to move your expertise ranking on the assessment you did earlier to make sure you are at least a level 3 or higher on all topics.
Treat these as more warm-up labs as opposed to true practice labs. What is meant by "warm-up" is use these labs to get familiar and comfortable with all the technologies. Ensure that you gain the knowledge and experience that is conveyed in these labs and not worry about a pass or fail at this point. Use online documentation, and reference material as you go through these.
Three Step Process|10CCIE Security Lab Workbook Volume IIUsing volume I as a foundation, volume II includes 10 labs that collectively test your ability to read and interpret the tasks, and implement the correct solution. These labs are not intended to be completed within 8 hours each, and several different study sessions may be required to master all of the tasks contained in a single lab.
The goal for this part of your journey is to solidify your knowledge while at the same time expanding your knowledge by hands on practice. It is important that you have the knowledge discussed earlier before these Volume II labs, as you will have a much harder time with the labs and will not receive the full benefit of them without it.
You want to be able to do the vast majority of these labs without relying on the online Cisco documentation too much at this point. Ideally you are only using it to verify command options and not using it to help solve a task. If you have to reference the online documentation for most of the tasks in the labs you may need to step back and reevaluate if you are ready to continue on. There is no shame in stepping back. You are far better off stepping back and going back over the technologies and topics than you are going forward and failing the real lab.
At this point you are roughly two-thirds of the way to being ready for the real lab and you should start feeling more comfortable doing these practice labs. You will want to focus a little on speed. After doing these labs, you may want switch back to Volume I, having been several weeks since you have done them, and see if you can do all the tasks, but this time without use of the solutions or online documentation.
Switch over and do labs 6 through 9 Lab Workbook Volume II. You want to focus on speed with your configuration and verification skills along with minimizing any simple mistakes (applying configuration to the wrong device, filtering on the wrong interface, etc). Remember to "test as you build".
Step Two:
Practice
Three Step Process|11
Step Two:
Practice
CCIE Security Lab 5-Day BootcampIdeally, after going through the Class on Demand (CoD), and Vol I-II, and between 2 to 6 weeks from your actual lab date, the live bootcamp provides incredible value, with new lab content not available anywhere else, and a veteran instructor who will assist in not only identifying weak areas, but helping you make those strengths.
Bootcamps available in multiple locations!
Three Step Process|12CCIE Security Core Knowledge SimulatorUnlike traditional written exams, the Core Knowledge questions are not multiple choice, but instead require a short answer to be manual typed out by the candidate. Additionally, this section must be completed before proceeding onto the traditional configuration portion of the exam, candidates may not return to the short answer questions once they have begun the configuration
portion of the exam, and no additional resources such as the Cisco documentation are available during the section. Most importantly, this section is manually graded by the exam proctors as pass or fail only. Candidates who answer more than one question incorrectly in the Core Knowledge section automatically fail the entire lab exam, even if they passed the configuration and troubleshooting portions of the exam!
Step Three:
Refine
3Ensuring YouAreReady
Ensuring You Are Ready|14Here are some of the more common reasons people have a hard time with a lab:1. Do not understand the technologies and topics covered2. Had problems understanding the requirements from the wording given in the
tasks3. Made too many little mistakes4. Overwhelmed with all of the tasks and didn't have time to complete them all
If you failed because of number 1, you definitely should step back and fill in the gaps you have in your knowledge. Every time we teach a class we learn something new so I can pretty much guarantee that if you watch the CoD or attend the class again you will benefit from it. Remember that we do not require you to fail the real lab before you can audit our classes again.
If you had problems with number 2 it could be a couple of issues. First off you may not understand the technologies and topics enough to grasp the wording of the tasks. If you understand the technologies and topics you should be able to complete the task. Secondly you may be "over thinking" the tasks. Do what the task is asking and nothing more. Do try to apply real world logic or design to the task. Also don't add in "what if's", meaning do not worry about “what if" this router goes down or "what if" the Frame Relay circuit is down. If the proctors are looking for redundancy to be taken into consideration they will ask for it.
The little mistakes are get many people (forgetting to no shut an interface, etc). As you become more of an "expert" you will make fewer mistakes and solve the ones that you do make quickly. You will always make little mistakes as it's just human nature but with experience you will be better at finding and fixing your own mistakes. For many people that fail the lab it's the little mistakes that get them into some big problems.
Lastly number four is just going to boil down to getting the hands on practice needed to be good at doing these labs. No tips, tricks, or brain-dumps can substitute for the hands on experience you will need with the routers, switches, ASAs, IPS and the ACS to pass the real lab exam.
Additional Resources
Additional Resources|16
Websites to Visit1. INE
1.1. Access your products electronically1.2. Get the best training products1.3. http://www.ine.com/
2. IEOC - Internetwork Expert Online Community. 2.1. Product support2.2. Ask questions, post comments, and interact with your peers2.3. http://www.ieoc.com
3. CCIE Blog3.1. Content published from our CCIE Instructors3.2. Exciting challenges and prizes3.3. Ask INE, dedicated to answering your CCIE questions3.4. http://blog.ine.com
4. INE on Twitter4.1. Follow us for the latest news4.2. http://www.twitter.com/inetraining
5. INE on Facebook5.1. Join our fan page5.2. http://www.facebook.com/inetraining
6. INE on LinkedIn6.1. Add us to your connections6.2. http://www.linkedin.com/companies/144650
7. INE on YouTube7.1. Subscribe to our channel7.2. http://www.youtube.com/INEtraining
|17
About the AuthorKeith Barker excelled as a Network Engineer
beginning in 1986 with EDS. Before opting for a
career in IT Education, Keith’s practical experience
culminated with the position of IT Manager for
Paramount Pictures. Once joining the field of IT
Education, Keith became a top-rated Microsoft and Cisco Certified Instructor.
Keith Barker, along with Jeremy Cioara and Anthony Sequeira helped to make
KnowledgeNet, the most respected Online IT Training organization of its time.
You will find Keith Barker in Live Classroom, Live Online, and Self-Paced Route/
Switch and Security classes here at INE.
Keith Barker can be reached via email at [email protected].
Thank you for taking the time to read this document. Congratulations on starting (or continuing) one of the most rewarding journeys you can take in your lifetime. Remember, while at times you might feel alone in this journey, that is NEVER the case.