I passed the security written today. I made it with a fairly comfortable margin so I guess I did some things right :) There isn't much strategy help on this exam in blogs or forums, so here are a few notes.
First, I read (and re-read at various times) the ccbootcamp security guide. Get this. I read most or parts of the Cisco Press books on the security booklist, especially the more recent ones (2005+). I also purchased the Flash Cards and the Quick Reference Exam Sheets which I highly recommend. For a few specific technologies here is how I attacked them:
MARS:
Security Threat Mitigation and Response: Understanding Cisco Security MARS, great book. Cisco PEC labs, there is a great course on Cisco Mars, I didn't complete the whole thing, just about a 1/3 of it which is enough to go over the basics of installation, initializing, and adding devices. As well as the technologies and protocols it uses for various functions. I definitely felt good about the MARS questions I got on the test so this was good preparation.
NAC:
Volume I and the first few chapters of Volume II Cisco Press Series on NAC. I also read various docs on cisco.com about the Framework vs Appliance deployments. Not much available on Cisco PEC so I relied a lot on the books and some configuration examples. Know the protocols, communication methods, deployment options (in band, oob, L2, L3, etc) RADIUS attributes, etc and you should be fine.
ASA:
The All-In-One Handbook and the 8.2 Configuration guide. Also played around with the PIX emu in dynagen a lot. I focused a lot on NAT (know the various types of NAT bypass), application inspection and traffic flow in general. Still, there were a few questions that stumped me, but I felt comfortable about my answers in general.
IPSec and VPN:
This is one of those topics that is covered by a 1,000 books. I read various chapters in the Cisco VPN books (there are a few) to nail down the protocol details, phase 1 and phase 2, modes of operation, encryptions, authentication methods, etc. Read and labbed quite a few scenarios of IPSec VPN (IOS and ASA, psk and rsa-sig), DMVPN, GET VPN, Easy VPN. These are topics that you should lab and document as you go through so you can review the specific details as needed. SSL VPN is also covered well by Cisco docs. In my opinion, these should be easy points if you are at this stage of the game.
Catalyst Modules (FWSM, IDSM, etc):
Download the data sheets and installation/configuration guides. I recommend printing and popping them in a binder, highlighting bullet lists and reviewing the differences between these and their appliance counterparts.
IPS:
Broad topic in general, you have the appliance, Cisco IOS IPS, the modules and you have an HIPS in the Cisco Security Agent. I read the IPS Exam guide and the Cisco Security Agent book. If you have the capability to lab any of these, I recommend it. Especially the CSA (use a VM!).
Security General:
For things like standards bodies, I kept a paper notebook of lists that each group does. I just made a list of things covered in books. Anything from CERT to IETF, from BCP 38 to ISO 27001. It's a very random collection of details but it gives the basic of each and ability to answer general questions about those topics.
Security Solutions:
This was my weakest score, I got a 50% here so maybe I should tell you how I attacked this so you won't make the same mistakes! What I did: not much! This topic, which is blueprint section 8 is very broad and just tests your knowledge of attacks in general. I probably should have read more SAFE documents or something to get more familiar, after all, in the real world it's all about solutions.
Finally, two topics that I kind of wish I had the opportunity to play with more are MARS, and CSA. Now that I have passed the written, I will focus on the lab and my knowledge about these is surely to wane. These are impressive products to me, but I never had any exposure to them in the real world, hopefully one day I will (assuming they continue to be developed).
Anyways, I hope this gives you some things to focus on. I didn't really have a strategy going in, except to just tackle all topics with the blueprint as a pseudo-map. Take good notes and review them regularly. Took me about 6 months off and on to study. Good luck!
No comments:
Post a Comment