I passed my exam today and wanted to share my recommended tools and best practices with anyone interested.
1. LAB - You will always benefit from a lab.. there is a lot of configuration in the CiscoPress Official exam certification guide and this exam maps pretty closely to this guide (or rather the guide maps to the exam blueprint). The PacketTracer 5.1 utility does not support the concentration exams which leaves you with the options of an actual lab or GNS3 (I use(d) both!!!)
2. CiscoPress Official Exam Certification Guide 640-553
3. SDM (Security Device Manager) - The exam blueprint lists several configuration examples that are performed via the SDM. Namely, ZBF (Zone-Based Firewall), IPS and IPsec VPN. I would highly recommend that you lab all SDM examples in the book as well as those from either of the following video recommendations. Do note that there is an SDM Sales Demo available for download that works with Windows XP as well as Server 2k3. The actual SDM will work with Vista as well (another reason to invest in an actual lab)! Here is a link to an SDM page at the CLN site:
4. CBTNuggets.com or trainsignal.com ... Pick one! Both are great for CCNA Security and will help you to get the CLI and even SDM portions of your studies down while covering some theory as well.. actually a lot of theory... I have always been a bigger fan of Jeremy Ciaoara's CBTNuggets video series but this time I believe they are of equal merit! Opinions may vary!
5. KEY TOPICS: The CiscoPress Official Exam Cert Guide lists "KEY TOPICS" throughout the series... I read the book once then went back through copying all listed 'key topics' to a notebook! I believe that this helped me tremendously!
6. Use GNS3 to familiarize yourself with "quick CLI configs" like login block-for 30 attempts 10 within 10, ip inspect dhcp snooping, span guard root et. al. and lab the bigger configs such as your IKE Phase 1 (ISAKMP) and IKE Phase 2 (IPsec) VPN configs and lab EVERYTHING they list.. both CLI and SDM! I do not believe that I will break the Cisco NDA by saying that you can expect more sims on this than you had on the regular CCNA so be sure to lab!
7. Do not worry about downloading the ACS demo.. This was a big concern of mine but the CCNA Security does not expect you to configure ACS (but may expect you to configure the IOS side... so again lab away!!!
8. Everything on the blueprint is fair game.. same goes for that book so make sure that you know the theory involved.. Especially with blueprint topics like RADIUS, TACACS+, 802.1X (Anything EAP) and anything else on the blueprint!
If you use (a subset) of the tools listed above then you should be fine! Also, remember that there is the "SPECIALIZE" promotion that will let you retake any concentration exam.. Also if anyone let their CCNA R&S (or any CISCO cert) lapse and want to get back in the game then they can use the COMEBACK2009 promo to take the exam for free.. and get two chances at a concentration with the SPECIALIZE! The link is below that explains the differences!
Good Luck!
B Haines
CCNA Security, CCNA R&S, ETA FOI
1. LAB - You will always benefit from a lab.. there is a lot of configuration in the CiscoPress Official exam certification guide and this exam maps pretty closely to this guide (or rather the guide maps to the exam blueprint). The PacketTracer 5.1 utility does not support the concentration exams which leaves you with the options of an actual lab or GNS3 (I use(d) both!!!)
2. CiscoPress Official Exam Certification Guide 640-553
3. SDM (Security Device Manager) - The exam blueprint lists several configuration examples that are performed via the SDM. Namely, ZBF (Zone-Based Firewall), IPS and IPsec VPN. I would highly recommend that you lab all SDM examples in the book as well as those from either of the following video recommendations. Do note that there is an SDM Sales Demo available for download that works with Windows XP as well as Server 2k3. The actual SDM will work with Vista as well (another reason to invest in an actual lab)! Here is a link to an SDM page at the CLN site:
4. CBTNuggets.com or trainsignal.com ... Pick one! Both are great for CCNA Security and will help you to get the CLI and even SDM portions of your studies down while covering some theory as well.. actually a lot of theory... I have always been a bigger fan of Jeremy Ciaoara's CBTNuggets video series but this time I believe they are of equal merit! Opinions may vary!
5. KEY TOPICS: The CiscoPress Official Exam Cert Guide lists "KEY TOPICS" throughout the series... I read the book once then went back through copying all listed 'key topics' to a notebook! I believe that this helped me tremendously!
6. Use GNS3 to familiarize yourself with "quick CLI configs" like login block-for 30 attempts 10 within 10, ip inspect dhcp snooping, span guard root et. al. and lab the bigger configs such as your IKE Phase 1 (ISAKMP) and IKE Phase 2 (IPsec) VPN configs and lab EVERYTHING they list.. both CLI and SDM! I do not believe that I will break the Cisco NDA by saying that you can expect more sims on this than you had on the regular CCNA so be sure to lab!
7. Do not worry about downloading the ACS demo.. This was a big concern of mine but the CCNA Security does not expect you to configure ACS (but may expect you to configure the IOS side... so again lab away!!!
8. Everything on the blueprint is fair game.. same goes for that book so make sure that you know the theory involved.. Especially with blueprint topics like RADIUS, TACACS+, 802.1X (Anything EAP) and anything else on the blueprint!
If you use (a subset) of the tools listed above then you should be fine! Also, remember that there is the "SPECIALIZE" promotion that will let you retake any concentration exam.. Also if anyone let their CCNA R&S (or any CISCO cert) lapse and want to get back in the game then they can use the COMEBACK2009 promo to take the exam for free.. and get two chances at a concentration with the SPECIALIZE! The link is below that explains the differences!
Good Luck!
B Haines
CCNA Security, CCNA R&S, ETA FOI
