dan congratulations on your achievement and many thanks for the info on your journey
-----Original Message----- From: ccie_security-boun...@onlinestudylist.com [mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Dan Gericke Sent: 05 January 2014 22:00 To: ccie_security@onlinestudylist.com Subject: [OSL | CCIE_Security] Pass CCIE Security - My Experience Hey All, I finally passed my CCIE Security exam on Dec 13 on my second try. I wanted to share some of my experiences and answers to the major questions I had about the lab exam. I passed the written in early July 2013, so it took me about 5 months of studying to get ready for the CCIE Security lab exam. I started out using the IPExpert workbooks and then moved over to the INE workbooks. More on that later, but if you watch both of these companies forums, you might see this post twice, since they both contributed to my success. When I started using the IPExpert workbooks there were some major hardware issues with the proctorlabs equipment. On top of that, they didn't have after hours support for a while either, so when I did have issues(which I did), I couldn't get any help. Needless to say, I wasted a ton of time waiting on things and having to cancel my lab time due to issues that couldn't be resolved. I had purchased the bundle that included the 2 week online bootcamp, workbooks, and videos, so I didn't want to give up the bootcamp and videos due to my issues. I ended up purchasing the INE workbooks so I could actually get some studying in and waited for the online bootcamp and Proctorlabs to fix the issues. Here are my thoughts on the workbooks and lab environment between Proctorlabs and INE. I used both extensively. INE's workbooks weren't fully developed when I started using them. Actually, they barely got them fully updated a couple of weeks ago, the last update came a day or two before my second attempt. What I do like about INE's workbooks is that they are online and broken up in a way that makes different exercises easy to access. I also like that you can pretty much start anywhere in a section, because their workbooks were written in a way to allow that. The modularity, however, makes it difficult to build upon earlier exercises like IPexpert's workbooks do. INE also doesn't have ANY mock labs available for the CCIE Security lab yet. Mock labs are where I gained the most knowledge. You need to do these to figure out how things interact and how to allow different things through the various firewalls. So in the end, INE's workbooks are great for working on one specific piece of technology, but they aren't good for learning how to make them work in more complex topologies. I only used the IPExpert workbooks up to the ISE section, which I think is Section 4(out of 10). When I got to the ISE section, I ran into the issues with the proctorlabs equipment I mentioned previously. Which is why I had to switch to INE. I find that the IPExperts workbooks I did go through were very in depth. They definitely taught you everything about each technology, and applied them in decently complex topology where you had to configure multiple 'middle' items to make things work(just like the real exam). What I found overwhelming about the workbooks is their length. Some of them would take you 10-20hrs to go through the first time, and since there isn't an easy way to restart in the middle, you have to try to commit larger chunks of time. I found it difficult to do 4 hours one day, then start back up the next day for another 4 hour session. The only way I could figure out to do this was to manually save all the configs myself, then re-apply them the next tim e. This is also a bit of a pain since the configs require a bit of massaging(like adding no shuts) to get back in properly. Also, if you are doing something like ISE, that becomes impossible, and you have to go back in through the GUI and redo everything again. As far as the Rack Rental dashboards and scheduling for INE and Proctorlabs, I preferred INE's set up much more. INE now allows you to schedule lab time in pretty much any increment you want, at any time. So, I can schedule 1 hour tonight, or 6 hours. Their interface also adjusts to my timezone(which is in Asia), which makes scheduling easy. Proctorlabs still has 4 hour timeslots, and shows me everything in Eastern time, so I have to do all the calculators myself. Once Daylight Savings Time his in the states, my study time had to be adjusted by an hour, which was frustrating. Overall, the INE rack dashboard is also much better than proctorlabs'. I don't need to VPN in(like proctorlabs) to access the VMs, as they are available through a web plugin version of VNC. Loading configs takes about 12 minutes, while proctorlabs I have experiences of it taking more then 20. Sometimes, on proctorlabs things don't reload, or get configured, and I typically waste 30 mins to an hour making sure a rack on proctorlabs is fully set up. I never had that problem on INE racks. The dashboard on INE is just way more intuitive. The most valuable part of my training was the IPExpert online boot camp with Piotr Kaluzny. The first week is all theory via powerpoint with explanations and demonstrations. The second week, the most valuable week in my opinion, is the mock lab week. You literally spend all day working on labs much harder than the real one. When you get stuck, Piotr can help you out and troubleshoot your issues, which is exactly how you learn. Lab 3 from the class, specifically, had pretty much every technology I encountered on the real exam, plus many more. After the 2 week boot camp, I used my weekdays to study smaller pieces of technologies, and used my weekends to do 1 to 2 mock labs(usually Lab 3), until I knew it like the back of my hand. These mock labs were hands down the most important part of my training as they teach time management, complex topology, and technology interaction. Now, about the lab exam itself. The lab is much less in depth than the mock labs I did, which was definitely a relief. On my first try in Hong Kong, I ran into several problems that I couldn't figure out and caused me to waste a lot of time, and inevitably fail. My major issue, was actually a lab issue with a windows firewall. When I was asking the proctor about my problems, he kept telling me it was a switch issue, in the last hour of the exam after coming back to those issues I finally discovered the windows firewall was on on the test pc, luckily they had wireshark on there or else I would never have noticed I was receiving the packets by not replying. The proctor told me the windows firewall was not supposed to be on, but mine was, and it caused a bunch of issues. He did give me a few extra minutes, but I had wasted too much time by then for that to matter. Something for everyone to check before you start I suppose. When I pictured the lab environment in my head, I was picturing a cold server room with some desks where you could actually see the equipment. It turns out that in both San Jose and Hong Kong you take the test in a room full of cubicles or desks, and all the equipment is somewhere else. That part is actually better, since there is less noise, and I didn't need the sweater Cisco told me to bring. It's good to bring snacks and some water or drink of choice though. I found a couple of bananas and a granola bar really helped me recharge a bit during small breaks I took. The computer only had putty(tab-less), which meant that you had to open 1 window per device, which is a serious pain in the butt. You should practice managing putty windows in the mock lab, as you need to make sure the firewalls are visible to see any blocks. The topology, questions, VM RDP and doc-cd are all on the same computer. There is no printed topology, and there aren't any dual monitors. You have y ou really flip through a lot of windows during the lab, and this can become a bit confusing. It's something to be mentally prepared for. If you study with printed materials, then you might want to try your last few sessions only using 1 monitor with all the info and questions. I also found that the menu environment(where the questions are and access to passwords, etc) was different between Hong Kong and San Jose. I couldn't for the life of me find the password for the RDP session in San Jose, the Proctor would not help me, and kept telling me to read the lab guidelines, she was kind of short with people. Needless to say, the lab guidelines didn't say anything about passwords. I finally found them in one of the submenus, as things are broken up in San Jose between menus, and they were all on 1 long page in Hong Kong. The Doc-CD was accessible via a link on the desktop. It is fully searchable with Ctrl+F, which makes it easier to find key words inside the various docu ments. You can also load the PDFs for each major topic if you choose,and search through that way. I had access to all the documents I needed, and access was pretty fast. The VMs for the lab were also fast for me in both locations, and I had no issues with ISE speed or anything else. I found the lab environment to be very stable. I really struggled in Hong Kong, but I did get the same or very similar lab when I tried again in San Jose, which I guess was lucky. During my second attempt I felt much more at ease, and found myself going through and masking off tasks quickly. I did still use the entire time, but I was on my third run-through of the questions when time expired. These extra run throughs are important, as I found a few minor, but important, mistakes that probably could have cost me points on those run-throughs. Before the test finished I ensured that all my logging that I turned on was turned off and that my debugs were disabled. In San Jose the day was broken up into 3 hour and 5 hour pieces, separated by lunch. At first I thought that I wasn't making good time, since I didn't have that many tasks done by lunch, but then I realized I still had 5 hours to go. This is why it's important to have a snack, because you tend to get hungry again later. I rebooted my equipment twice to ensure things still worked afterward. They generally give you show command outputs to test your solutions against, so it's important you pay very close attention and match those outputs. To those of you still studying, I wish you good luck. There's plenty of material out there, but I think if you are currently only using INE, you might have a hard time on the exam until they come out with a complex mock lab. If anyone has any questions, you can send them my way if you'd like. Remember, if you fail the first time, use it as an opportunity to regroup, drill down a bit more on key technologies, and try again. Good luck everyone. -Dan CCIE #41750 - Security _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
