Join Telegram Study Group ▷
I just passed the CCIE Security Written Exam (350-018) in the afternoon.
350-018 has a total of 100 questions, the test time is 2 hours, and the score is 70% (I tested 77%). The exam covers a wide range of topics, from traditional routing exchanges to security principles, security protocols, operating system security, and network troubleshooting. Originally thought that after passing CSS1 last year, the CCIE security written test should not be a big problem. But just doing the first question makes me a bit worried, a practical case question, test your understanding of debugging IP packet and fast switching/process switching, the problem is a bit troublesome, and it is constantly between the title and the illustration. Switch, not used to it. Cases like this are estimated to have six or seven roads, involving the use of debugging IP packet for fault detection, peer matching of IPSec crypto map, and cooperation with NAT (this type of question has several), and some involve An example of the basic routing principle. The most troublesome thing is that there are several questions about Windows security and Unix security. Windows security is mainly focused on user/file permissions. Unix security has user/file permissions issues, as well as Kerberos implementation on Unix. topic.
So the security protocols that need to be mastered are: IPSec (IKE, AH, ESP, Transport/Tunnel Mode), L2TP, GRE/PPTP (not much, but still have it), Kerberos (I basically don't look at the Kerberos protocol, but Tested two or three questions), SSH, SSL. There are also things in CA, the common commands for configuring CA on the router, what is RA/CRL, and the difference between several authentication methods, Preshared key/Encrypted Nonce/Digital Signature, must be clarified.
There are also a lot of AAA parts, including some case questions, such as various aaa authentication/aaa authorization, plus some privilege exec level commands, which are the last valid privilege commands. In addition, the port number used by the radius and tacacs+ protocols and the message packet type used when the AAA Server interacts with the AAA Client, and the format of the Attribute value Pairs in both protocols are also familiar.
In addition, it should be noted that CBAC and Auth-Proxy in IOS will be tested, and the application of ACL will have actual case questions.
Of course, IDS will not be lacking, although the test is not deep, IDS Sensor / IDS Director in the various config, managed, etc. daemon each do what to figure out. Also important to remember is the general working principle of each of the common types of attacks. The distinction between several attacks like Ping of Death/Land.c/Smurf/SYN Flood is to be distinguished.
In addition, I want to remind everyone that to take this test is a must back - backport number. The port number used by various security protocols and the port number of various common network services must be remembered because it is definitely tested.
P.S. My test preparation book:
1. "Network Security Principles and Practices"
Good book, five-star books on Amazon, highly recommended. The author is also a member of the CCIE Security Written/LAB team. I recommend the following sections that are more closely related to the exam: IPSec, Intrusion Detection (full chapter), AAA (full chapter), Using Access Control Lists Effectively (more useful section), and Troubleshooting (full chapter. This chapter must To be serious, I also tested CCIE R&S Written. Compared with CCIE Security Written, the characteristics of the CCIE Security Written are more cases, and the actual engineering experience is of course good. If not, the IPSec and AAA parts must be tested one by one. To put it bluntly, there is no IS-IS in the routing protocol part of the Security exam. I have not encountered BGP, and the content of VPN3000 is not.
2. "Enhanced IP Services For Cisco Networks"
This is another good book. Although it is a 99-yearbook, it still has 4.9 stars. Look at the reader's evaluation of it and know how it is written:
There are other classics (such as Routing TCP/IP 1 and 2 by Jeff Doyle), but the author of this book describing things so clearly and with a minimum of complexity that wishes wish he had authored ALL the Cisco Press books.
Unfortunately, this author seems to have not written any other Cisco books other than this book.
3. "CCIE Security Exam Certification Guide"
I have read the chapter of General Networking Topics in this book, but I haven't finished reading it yet. Time is not enough. Although some people don't judge it very well, from the perspective of coping with the test, this book and the test content should be the most closely attached, because the biggest problem of the two books mentioned above is that neither WIN/UNIX is mentioned. The operating system is secure, and there is no mention of SSL/Kerberos/NTP, but it is all in this book. If I read this book, I hope that the first half of the exam will not be so tight (then I thought I would hang it). Of course, the bible also mentions that CCIE security has less bible, I found TestKing (version 3.1) and ActualTests, and ActualTests is basically copying TK. TK's title has two halves, the latter half is simple and many come from Boson. The first half is good, the topic is explained, some explanations can be seen that the author is still level, but can not be fully convinced, some answers/explanations are wrong, the first half of the topic is closer to the real topic, but not in the real topic More than 1/4 of the time, plus the wrong answer, it is basically impossible to get back to TK. Boson 1 is close to the actual exam, but the topic is somewhat shallow; Boson 2 is good, the technical understanding can be seen in Boson 2, but it is different from the actual exam; Boson 3 and the actual exam are not close, the topic is not difficult, I made a few questions Just gave up.
Although I have been working in CISCO for more than three years, it is the first time for me: because of my limited ability, I don’t have much involvement in community activities. Now I realize that I am wrong. . . I hope to recognize more friends in the community. . . The article is about how to prepare and test IE security written without relying on TK and not buying books.
I took the exam on April 22 this year and took 79 points. The motivation for testing the IE stems from the challenge of Security: So after the NP, it went straight to the track, plus the things that the company researched in the past year are related to security, plus the R&S laboratory equipment requirements. It's quite high, so we need to study hard.
As mentioned above, I don't have much involvement in the community. This has caused my weakness in learning thinking: not enough. Although I can put some books, theories, and one shot, in the end, the information is still not smooth enough. If I know TK very late, What is it. . . Although I feel that TK's method is somewhat speculative, the 300 knife is not a small amount for me. If Fail is used, it will be a long time, so I found some friends in the industry and wanted to get a TK. However, because this track is still rarely tested, for more than a month, my friend still didn't get it. I simply broke the mind.
In November last year, I watched the "CCIE security test experience" on other SPOTO official websites, and I got some information, but I didn't have many of the books mentioned in it. I didn't see the Chinese version until December. Security principal and practice, in general, I also wanted to get these books together and increase the insurance factor, but I still couldn't find it, so I gave up. And some of CISCO's books I also learned some ideas, basically things inside will not exceed the information on his website, there are many things repeated between various books.
So, in the absence of TK, without the book, into the sprint stage, sometimes feel a bit like a needle in a haystack, the scope is too big - the key is not knowing how deep the learning! ! ! Even if it's a small branch, if you want to get to the bottom, the documentation has hundreds of pages. . My principles must at least be fully understood and applied. On CISCO's website, there are very few materials to be found in the book, but there are still a lot of things that can be borrowed: White page, Configuration guide, Case study, etc., which I use the most, is the Configuration guide. Guide, there are still a lot of principles, explain things, of course, based on the configuration of Cisco products, less use. Such information, I think is a good thing to learn and test Cisco.
Nor is it not in addition to CISCO publishing. The principle of Security is actually universal. CISCO still has no overwhelming advantage in this respect, so it is not as many private protocols as IP routing. The principle of Kerberos is very difficult, and its description is no better than "computer networks (third edition)". Like RFC is also a treasure house, many topics I just look for at www.ietf.org. It is really tiring to see the RFC, 100 pages of English documents, but it is definitely beneficial - rigorous, authoritative, comprehensive and in-depth. Sometimes looking for introductory documents elsewhere, plausible, and not deep, it is better to simply look at the RFC: an article on a website run by an "authority" in China said: If there is no RA, then CA It can't work. Later I saw the RFC and knew that RA was just an option. . . Also, if you are also engaged in the development of standards and rules, then RFC is really a must.
Since it is an examination, the purpose must be very strong, and you must not look at it without any purpose. I printed the blueprint. If I didn't fully master a Topic, I would play a ditch next to it. I would review it after a while, and think that it would be OK to make a ditch again. This way, it is like snoring and hitting the Topic like A fortified fortress: When there are few trenches, there is a sense of urgency. When the ditch is more, the confidence in the heart grows. When I was a Topic, I insisted on doing Note, which can be simplified and made full use of time: like a few minutes of empty time, do not do anything else, take a look at it, when all Topic is At the right time, I know it's time.
4. Examination strategy
As mentioned earlier, in the absence of Tips, my heart is always hairy, that is, I don’t know how difficult it is. At this time, the Beta version came out: I saw Blueprint, and I got 20% more Topic, and the test results will take a few weeks to come out! However, I have Idea at this time: first test the Beta version, familiar with the question type, and then take the formal exam after 2 weeks.
5. Beta version
To be honest, my test is not ideal. First of all, the 30-minute extension of non-English speaking countries is gone. I can't do it in the last 2 questions. In addition, some details are neglected in advance: such as Microsoft's RC4, the re-creation threshold of IPSec SA, There is also the unfamiliarity of the question type.
In 2 weeks, I have strengthened the training in places that are not in the Beta exam, and I have re-reviewed some Topic for the characteristics of the questions.
The exam took 30 minutes more. It was ample, but it made me relax my vigilance, causing it to be loose and tight. Those who needed to look at the picture were too time-consuming. I would like to make a piece of advice here: You must hurry and don't let go when you are doing it easily. When I test NP, I also have the problem of looking at the picture, but the ratio is far from being so high. In addition, there are very few sub-questions that can be completed by common sense. There are also many traps. If you learn a little more, it is easy to drop. Go in. There are still some questions that are really tricky. I really can't do it. I will try to figure out what the questioner wants to do. Fortunately, the final grade of the exam is still satisfactory.
Regarding the content of the exam, "CCIE security exam experience" is very well written. I have encountered Kerberos's questions, as well as AD, SMTP and so on.
Finally, what I want to say is that no matter how well prepared, there will always be one or two questions that are very difficult.
