Professional Documents
Culture Documents
Achieving a Security CCIE certification is a big deal, and many people often ask for
the “secret” to successfully passing the lab and becoming a Security CCIE. If you
are considering a CCIE, or working towards one now, this document is written for
you.
The acronym for the successful candidate is: The acronym INE TIP
for the successful candidate is: A.B.L.E.
No matter where you are
in your journey, the
Assess your current level of knowledge, regarding each
and every topic and sub-topic from the CCIE Security products and services
blueprint, available on Cisco’s web site. Honestly rate provided in the INE
your skills and knowledge for each topic, on a scale from Version 3.0 Training
1 to 5. A rank of “1” would mean that the concept is Program will ensure that
new or that your knowledge of it is very limited on that you will complete your
subject. A rank of “5” would mean that you are at the journey.
level of doing advanced configuration and
troubleshooting, with no assistance from outside sources
or documentation.
This “CCIE Security Checklist” will serve as a baseline to track your studies, and
assist you in covering all the topics. It is often a temptation to jump to lab
configurations, without understanding the technology. Remember that as you
take the time now to learn the technology, you will save time later in
configuration and troubleshooting. Before attempting the lab, a person should be
at a 4+ on virtually every topic on the blueprint.
Believe in your ability to learn the topics and pass the lab, with the emphasis on
learning the technology. No matter how many lab scenarios a person looks at,
they will not be successful in the live lab unless they have learned the
technology and how to implement and troubleshoot it at an advanced level.
Don’t cheat yourself, by “hoping” you won’t get a specific topic on the lab, and
prepare for all topics. You can do it.
|
4
Getting Started
Long-term planning is essential for the preparation for the lab. Using the
assessment with the CCIE Security Checklist you created earlier, identify the
areas that you want to focus on, and then setup a plan that includes which days
of the week you will study, and how many hours on those days. Before the study
time arrives, lay out a plan of the topics and have the study material, labs,
videos and other resources you will use ready to go, so that you may hit the
ground running during your study time. Use the
assessment worksheet before and after each study
session to track where you are in the topics you
A.B.L.E are studying. Realistically, a successful candidate
1. ASSESS should set a study plan out that includes beginning
2. BELIEVE with the CCSP level of knowledge and skills, and
3. LONG-TERM then additional study and lab work. Approximately
Enjoy the process. There is a lot to learn, and it will serve you to tackle new
topics with the attitude of “I get to learn this” instead of “I have to learn this”.
Keep it fun, and light. Also realize that you will NEVER know everything, and
what you have learned, you may discover can be improved on. Enjoying the
journey involves being honest about your current level and always taking that
knowledge up another notch every time you study. Cramming the week or so
before the lab is not usually a good strategy. By using your study schedule, and
really learning as you go along, you will find that many technologies dovetail
into others, and you will become faster at learning, configuring and
troubleshooting.
|
5
Getting Started
Do not look for "short cuts" on your journey. Stick to the path we have outlined
for you here and it will help you not only in your journey to become a CCIE but also
in your career as a networking engineer. During your journey stay away from cheat
sheets, brain dumps, gotcha lists, etc. The material you have access to here,
combined with the Cisco Documentation, is everything you need to complete your
journey. All of the products and services are designed as an important step in your
journey. The INE's Version 3.0 Program is not just a bunch of products and services
that are bundled together with no rhyme or reason. All of the products and services
are developed by the elite instructor team here at INE. We put our names on the
front of everything we offer and personally stand behind our products and services.
You may get discouraged at times during your journey and think that it may not be
worth it. Don't give up or stray from your path and you will complete the journey as
hundreds of our customers have done before you.
The average candidate attempts the CCIE lab 2.7 times before passing. You want to
have a personal goal to pass the lab the first time or the second at the latest. If you
have properly followed the path we have given you this should be an obtainable
goal.
I would like to add a couple more items here before you begin. As I said earlier, you
must be honest in your assessment of your knowledge. There isn't a problem in
thinking you are knowledgeable about a topic but there is a problem when you think
you are more knowledgeable then you really are. I've personally seen people take
the CCIE Lab 7 or 8 times before passing because of this single problem. They
would never step back to assess where they were and why they failed. They
believed they just needed more practice labs and would buy every workbook on the
market. You do not want to fall into this trap. You want to pass the CCIE lab exam as
a byproduct of learning the technologies and topics covered. You do not want to
pass because you can remember seeing a scenario in a practice lab you did.
The recommended learning process you should take is what I define as a three step
learning process. The first step is to get an understanding of what the technology or
feature does and why it was implemented. This step should be done from a vendor
neutral point of view if possible. This can be done by utilizing the Cisco
Documentation, our Volume 1 Workbook, a Core Knowledge Simulator Link, the
various books and white papers, or the RFCs freely available on the Internet.
If we break these three steps down into time frames, the first step would consume
about 15% of total time, the second step about 20%, and the last step about 65% of
total time. This means that for every one hour of reading about a technology or
topic, you should expect to spend two hours doing hands-on practice.
|
8
Recommended Reading Prior to Starting
Three Step Process
Before we take a look at the recommended reading, and what products should be
used, I want to make sure that we are all on the same page. Before preparation for
the CCIE Security, you should have at least a CCSP level of knowledge and/or
experience first. You would also want a solid knowledge of routing and switching to
succeed in CCIE Security. If you are not at a CCSP level yet, INE offers an online
CCNA Security as well as CCSP class. Please be aware that Ciscoʼs CCSP
certification requires knowledge of the Security Device Manager (SDM) GUI for
routers, and the Adaptive Security Device Manager (ASDM) GUI for the ASA. The 10
day CCSP class includes the command line interface (CLI), as well as both the GUIs
for ASDM and SDM because the CCSP requires it. The GUI for SDM and ASDM is
not allowed nor covered in the Security CCIE lab, so that portion of the CCSP class
will be nice to know, but not required for CCIE level certification. One of our product
specialists can assist you with additional recommendations as well, should you need
more information.
For Security CCIE candidates, I recommend the following books for reading and
reference:
Class on Demand
Step One: Use the ATCoD as a means of learning the details for
the technologies. Schedule your study time to focus
Treat these as more warm-up labs as opposed to true practice labs. What is meant
by "warm-up" is use these labs to get familiar and comfortable with all the
technologies. Ensure that you gain the knowledge and experience that is conveyed
in these labs and not worry about a pass or fail at this point. Use online
documentation, and reference material as you go through these.
|
10
CCIE Security Lab Workbook Volume II
Three Step Process
Step Two:
Using volume I as a foundation, volume II includes 10
labs that collectively test your ability to read and interpret
the tasks, and implement the correct solution. These labs
Practice
are not intended to be completed within 8 hours each,
and several different study sessions may be required to
master all of the tasks contained in a single lab.
The goal for this part of your journey is to solidify your knowledge while at the same
time expanding your knowledge by hands on practice. It is important that you have
the knowledge discussed earlier before these Volume II labs, as you will have a
much harder time with the labs and will not receive the full benefit of them without it.
You want to be able to do the vast majority of these labs without relying on the
online Cisco documentation too much at this point. Ideally you are only using it to
verify command options and not using it to help solve a task. If you have to
reference the online documentation for most of the tasks in the labs you may need
to step back and reevaluate if you are ready to continue on. There is no shame in
stepping back. You are far better off stepping back and going back over the
technologies and topics than you are going forward and failing the real lab.
At this point you are roughly two-thirds of the way to being ready for the real lab and
you should start feeling more comfortable doing these practice labs. You will want to
focus a little on speed. After doing these labs, you may want switch back to Volume
I, having been several weeks since you have done them, and see if you can do all
the tasks, but this time without use of the solutions or online documentation.
Switch over and do labs 6 through 9 Lab Workbook Volume II. You want to focus on
speed with your configuration and verification skills along with minimizing any simple
mistakes (applying configuration to the wrong device, filtering on the wrong
interface, etc). Remember to "test as you build".
|
11
Three Step Process
Here are some of the more common reasons people have a hard time with a lab:
1. Do not understand the technologies and topics covered
2. Had problems understanding the requirements from the wording given in the
tasks
3. Made too many little mistakes
4. Overwhelmed with all of the tasks and didn't have time to complete them all
If you failed because of number 1, you definitely should step back and fill in the gaps
you have in your knowledge. Every time we teach a class we learn something new
so I can pretty much guarantee that if you watch the CoD or attend the class again
you will benefit from it. Remember that we do not require you to fail the real lab
before you can audit our classes again.
If you had problems with number 2 it could be a couple of issues. First off you may
not understand the technologies and topics enough to grasp the wording of the
tasks. If you understand the technologies and topics you should be able to complete
the task. Secondly you may be "over thinking" the tasks. Do what the task is asking
and nothing more. Do try to apply real world logic or design to the task. Also don't
add in "what if's", meaning do not worry about “what if" this router goes down or
"what if" the Frame Relay circuit is down. If the proctors are looking for redundancy
to be taken into consideration they will ask for it.
The little mistakes are get many people (forgetting to no shut an interface, etc). As
you become more of an "expert" you will make fewer mistakes and solve the ones
that you do make quickly. You will always make little mistakes as it's just human
nature but with experience you will be better at finding and fixing your own mistakes.
For many people that fail the lab it's the little mistakes that get them into some big
problems.
Lastly number four is just going to boil down to getting the hands on practice needed
to be good at doing these labs. No tips, tricks, or brain-dumps can substitute for the
hands on experience you will need with the routers, switches, ASAs, IPS and the
ACS to pass the real lab exam.
Additional
Resources
|
16
Additional Resources
Websites to Visit
1. INE
1.1. Access your products electronically
1.2. Get the best training products
1.3. http://www.ine.com/
2. IEOC - Internetwork Expert Online Community.
2.1. Product support
2.2. Ask questions, post comments, and interact with your peers
2.3. http://www.ieoc.com
3. CCIE Blog
3.1. Content published from our CCIE Instructors
3.2. Exciting challenges and prizes
3.3. Ask INE, dedicated to answering your CCIE questions
3.4. http://blog.ine.com
4. INE on Twitter
4.1. Follow us for the latest news
4.2. http://www.twitter.com/inetraining
5. INE on Facebook
5.1. Join our fan page
5.2. http://www.facebook.com/inetraining
6. INE on LinkedIn
6.1. Add us to your connections
6.2. http://www.linkedin.com/companies/144650
7. INE on YouTube
7.1. Subscribe to our channel
7.2. http://www.youtube.com/INEtraining
|
17