Congratulation! Thanks, Loyd Bracero | Philippines |loyd.brac...@fluor.com | O +6332.402.5276 | IODC 75.5276X
From: "Kevin Sheahan" <sheaha...@gmail.com> To: <ccie_security@onlinestudylist.com>, Date: 11/21/2013 11:10 PM Subject: [OSL | CCIE_Security] CCIE Sec Pass Sent by: ccie_security-boun...@onlinestudylist.com Gents, It is with great pleasure that I can tell you I’ve passed my CCIE Security Lab on Tuesday in RTP. It has been a very difficult year both personally and professionally to prepare for this exam. This was my third attempt. For study, I leaned very heavily on IPExpert’s material/intructors/racks. Piotr Kaluzny – I can’t speak highly enough about this guy – suffice it to say that if you are feeling lost, get his attention and he will lead you in the right direction. His expertise, patience, and all around cool-dudeness are sincerely appreciated and valuable when you start to feel like you’re drowning in the blueprint. I also used my own personal hardware and read A LOT of Cisco configuration guides pertaining to blueprint (There are a lot of “Notes” in those config guides that provide great info). Lessons learned: - My strategy played a very large role in time management and organization during the exam. o Build a table to keep track of…. EVERYTHING: § Obj | Points | Desc | V1 | V2 | Comments 1.1 4 ASAMC F Unable to ping <subnet>, check later 1.2 5 IPS-IVP P Re-verify @ end, core objective. § I would create and fill out this table (first 3 columns) as I’m reading through the lab at the beginning. The “Comments” section became extremely useful for me to shorten the amount of end-lab verification because instead of re-reading the objective for verification I would only have to see what I wrote down from previous verification failures. Anything with a “P” for pass in the V2 column should be money in the bank, ensure that you’ve paid attention to the fine details in the objective which can cause loss of points. o Prep the lab: § Pager 20 / Term length 20 · This will allow you to execute long-output show commands later in the day without the screen scrolling away from you. This should be done on ALL devices. § Logging · ASA o Logging console warnings / Logging on – This will tell you throughout your lab when your ASA is denying traffic due to ACL and/or NAT failures. Very useful! · IOS o Logging console – This will tell you when routing processes drop, when ISAKMP is ON/OFF, etc. As well, this will allow for your debug output to show up. § Suspicion · Switches and Routers o Show access-list – Check for ACLs, you may find some that were designed to screw with you and you may find some that are legitimately necessary. Don’t change/add/remove ACL’s at this point, just make note of them at the bottom on the page where you created your tracking table. This will make troubleshooting simpler and faster later on. o Show run – This is not a fine-tooth-comb type check. Just briefly scroll through the running-config for every IOS device. If something looks out of place (CoPP, CoPr, STP/Routing manipulation, etc), jot it down below your tracking table for reference later. o Draw a diagram? § I didn’t do this, but it’s up to your personal preference. My feeling is that the topology on the monitor is in great detail and only a few clicks away. That, and I’ve managed to make a distracting mess everytime in my life I’ve tried to draw a quick diagram. o Quicksand § This may be the same for you, maybe not. But for me, there is a point (or a few) where I feel like the lab is swallowing me. Something is not working the way I want it to, logs are scrolling, devices are misbehaving…. DON’T PANIC. Move away from that objective, mark it down in your table and move on. That feeling, like you’re sinking fast in quicksand, is the enemy. o Close it out § I’m not sure of the rules/points impact of some of the above changes, namely changing the term length and enabling console logging. To be safe, script changes for the end of the exam to remove this changes quickly if time permits. Better safe than sorry I guess. I’m very excited to enjoy the holidays and a nice long study break. Good luck and work hard at it, absolutely worth the achievement! Kevin Sheahan CCIE # 41349 (Security)_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc ------------------------------------------------------------ The information transmitted is intended only for the person or entity to which it is addressed and may contain proprietary, business-confidential and/or privileged material. If you are not the intended recipient of this message you are hereby notified that any use, review, retransmission, dissemination, distribution, reproduction or any action taken in reliance upon this message is prohibited. If you received this in error, please contact the sender and delete the material from any computer. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of the company. ------------------------------------------------------------
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc