I know it's late but I still feel like I wanted to give my objective view about what this exam is all about and what type of content that it includes (within the NDA of course).
In short - the stories are true, the OCG is almost of no use to pass this exam. If i wouldn't be working with a lot of different cisco technologies (thanks to my work) i would not be able to pass this exam.
It doesn't go very deep in most topics, but it covers a lot of topics that....just is not included in the books that are supposed to be covering this exam.
.....my passing score was a tight one, very very tight one (860/860) and it didn't feel like I could do much more to increase it based on the OCG and the book from the Networking Academy.
Let's consider some of the topics from this Exam.
- -Security concepts (12%)
- -Secure Access (14%)
- -VPN (17%)
- -Secure Routing & Switching (18%)
Let's consider those topics for a while.
We can always argue what should be included in these bullet-points, but in general I think that most would agree that:
- Security concepts = General security terminology.
- Secure Access = how to secure who may access your network
- VPN = Obviously how to work with VPN-technologies.
- Secure Routing & Switching = how to secure the infrastructure.
These topics cover 60% of the exam, and are considered topics that most of us would say are "good to know if you are working with security" on your day-to-day basis.
Now with that in mind, you could make a fair assumption that around 6/10 questions would be focused around any of those topics since it's what the blueprint says it should include.
If we consider the rest of the topics:
- -Cisco Firewall Technologies (18%)
- -IPS (9%)
- -Content and Endpoint Security (12%)
I think it's a fair assumption that we could place those questions into something like this:
- -Cisco Firewall Technologies = How the ASA works along with Firewpower/Sourcefire
- -IPS = Either configuration of IPS and deployment of IPS solutions from a Security perspective.
- -Content and Endpoint Security = How to protect end users and to filter content that end users are trying to access.
These cover the rest of the 40% of the questions, with a strong focus on the ASA. So it's a fair assumption that we can expect about 4/10 questions to be based around these concepts. Or rather 40% of the points during the exam to be based around this.
Before I will give you my view of the exam, let me tell you what I expected from this exam when I walked into it.
What I thought would be included based on the above topics at CCNA-level of Security understanding
-In general a lot of "basic" security stuff for example Port-security, Private VLANs, White hacker, Black Hacker, Honeypots, Worms, Viruses, Malware, Proxy, Firewalls...you name it...just some basic understanding of security.
-How to actually configure your network to be "protected" from most things.
-General information about how various security related products work and what they can mitigate (ips, ids, firewalls, vlans, access-lists, proxies etc)
-Some information about the other cisco security-technologies but nothing major (like TALOS, Stealthwatch, Firewpower/Sourcefire)
-How to protect your VPN-tunnels in various tunnel-modes, site-to-sit, client-vpns etc. IPSEC and that sort of stuff.
And....more like that, Like I said...at a very basic security level of understanding. I don't expect a CCNA-level of exam to dig deep enough to discuss various modes or protocol-level specific stuff. After-all we have the CCNP+ for that sort of stuff. Especially when a LOT of the exam objectives say things like this:
- Describe SIEM technolog
- Describe confidentiality, integrity, availability (CIA)
- Describe social engineering
- Describe hash algorithm
- Describe digital signatures, certificates, and PKI
- Describe RADIUS and TACACS+ technologies
- Describe authentication and authorization using ACS and ISE
- Describe the BYOD architecture framewor
- Describe hairpinning, split tunneling, always-on, NAT traversal
- Describe IPsec protocols and delivery modes (IKE, ESP, AH, tunnel mode, transport mode)
- Describe STP attacks
- Describe ARP spoofing
- Describe MAC spoofing
- Describe CAM table (MAC address table) overflows
- Describe CDP/LLDP reconnaissance
- Describe VLAN hopping
- Describe DHCP spoofing
- Describe the security implications of a PVLAN
- Describe the security implications of a native VLAN
- Describe mitigation technology for email-based threats
- Describe mitigation technology for web-based threats
- Describe mitigation technology for endpoint threats
- ....and so on ...
- ....and so on ...
- ....and so on ...
Needless to say - i think the exam objectives are very much aligned with what I expected from this type of exam. Not so much about implementation, and much more about to explain some security related scenarios at a high-level overview.
Man....I was so wrong and those objectives are SO out of line!
Im not complaining about the quality of the questions or how easy they were to actually understand. But i think it's fair to say that these objectives are clear - you need to be able to DESCRIBE what these technologies are and what you can use them for. IT doesn't say implement, it DOESN'T say UNDERSTAND. It says DESCRIBE!
....my advice is that anyone taking this exam is that unless you know exactly how to also implement these technologies - then don't take this exam.
The questions were NOT based around the "describe" keyword, it was more focused around the "implement, verify, troubleshoot and understand" type of scenarios. For example around the VPN-section where the points say:
3.2 Remote access VPN
- 3.2.a Implement basic clientless SSL VPN using ASDM
- 3.2.b Verify clientless connection
- 3.2.c Implement basic AnyConnect SSL VPN using ASDM
- 3.2.d Verify AnyConnect connection
- 3.2.e Identify endpoint posture assessment
Pretty much all questions from all the other exam-topics were based around this.
I think it's a bit unfair considering that it makes sense that you need to be able to understand the above requirements during your exam. But when it says "describe" i don't expect anyone to actually need to know protocol specific stuff or even deep knowledge about how you would do it.
That's probably where most people taking this exam and failing it will fail the exam.
Describe = Much deeper than Describe.
From my personal perspective, i did very bad on this exam if i look at the complete scoring report. Lot of topics < 80% which is not where im used to score .
Security concepts = 75%
Secure Access = 80%
VPN = 75%
Secure Routing & Switching = 77% (my strongest security knowledge during work, so very surprised about this score)
Cisco Firewall Technologies = 69% (fair, or at least i expect this to be low since i rarely work with the ASA)
IPS = 100% (expected high score, done a lot of IPS)
Content and Endpoint Security = 63% (Really surprised to see this low score since i do a lot of proxy/nac stuff)
At the end of the day though....what i wanted to show you with this post was that - reading the book is not enough to pass the exam. You must do a lot of labs and implementations with the technologies, or you just won't stand a chance to pass this exam.
What do I think about it?
I remember I talked with Matt Saunders about it during CLEU, gave my honest opinion about it.
I said that I thought the questions were fair from the perspective that employers probably want you to know this stuff if you have CCNA-Security. But at the same time, it was not aligned at all with the level that you think you need to know in order to pass the exam. Also I mentioned that i had no issues at all with the mentioned SIM that everybody is having issues with, everything worked.
My honest opinion is that this felt more of a mix between a CCNP-exam and a CCNA-exam, and that it wasn't bad at all. It just wasn't the type of depth that you would expect from reading the blueprints.
The exam is FAIR. It's difficult! It's a good one!
...but it's just a bit unfair that they go to deep on stuff that they don't hint about from the blue-prints.
What is my main problem with this exam?
I feel like i have hinted about it in the beginning of this post.
The books you have to read they just don't cover it any deeper then the "describe" part for the "describe part".
Now if we look about it from that perspective....the books do about 80% of DESCRIBE-depth while it covers about 20% of IMPLEMENTATION depth.
While the exam itself is reversed, having roughly 80% based on IMPLEMENTATION and 20% based on DESCRIBE-depth.
That's my main problem with this exam. It's just unfair for students/people paying for this exam to study on the "describe" level only to find out that during the exam they are going to be tested on the "implementation" level.
I don't expect Cisco to do anything about it - considering how many people have actually discussed this exam here on CLN and other places, this exam seems to be one of the most....discussed one from an exam-quality perspective. I didn't have any problems with the quality of the exam at all - just to be clear. Only with the blue-prints-to-the Questions depth!
Hopefully this post will help some students to focus their studies beyond the Describe depth in order to pass their exam!