I recently failed the 210-255 by 25 points. I was thrown by several topic areas which weren't covered in any depth in the OCG. Namely the following, if anyone has any learning resources or suggestions I'd be grateful to know:
1. IP Header fields used to evade IDS/IPS and/or which fields (specifically for HTTP) might be manipulated OR configured to detect (as an IDS/IPS) - things like user-agent (what is this?!) - there's no info in either book about protocol analysis in any depth.
2. Reading the network file trajectory screen (and other screens in the FMC) - obviously it's impossible to get a home licence for cisco IDS/IPS kit, so where is there more screenshot examples of the AMP screen for file trajectory, and/or FMC whitelist violations screen (and others?).
Any other materials for testing my understanding of an inc response plan, process (including forensic processes for collecting data) would be appreciated.
I've also bought the 60% discounted video content '210-255 Complete Video Course and Practice Test' - which has been about 10% useful thus far. I had expected it would not just regurgitate what is in the OCG (which it does, even the test questions are from the book!).