Saturday, February 25, 2012

Sixth Update: Certification: 642-617 FIREWALL v1.0 Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)

Sixth Update: Certification: 642-617 FIREWALL v1.0 Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)

I decided to get back on this horse, so here it is. I'm basically starting from scratch, as I have not really touched the text for this one since September 2011, except for a time a few weeks ago when I re-organized my study room, and had to relocate the shelving unit :D. I got side-tracked by a lot of my Master's program work, which is ongoing, I got sidetracked by the Certified Ethical Hacker I had to do for school as part of my degree program, I was looking through the CCNP R&S materials for a change-of-pace from day-to-day work, but it just makes sense right now to get down into this stuff, and to do it really well, and complete this one. I'll be re-setting the counters, and will just explain everything again from scratch.

Also, I realized that I hadn't updated my blog since September 2010, when I ... actually went through a lot of life-changing experiences, that I might tell you about person-to-person, but not on this blog! Needless to say, the experiences that I have had definitely changed me for the better. Sometimes it takes things like that to really get you in the proper perspective. I'm trying to get hired on at a job now where it's not even important to get certifications (from what I can tell), but it is always important to keep learning and improving yourself, and that is what it is really about, right? I feel that if you don't grow, then you're probably shrinking! So, let's grow together! My parents installed (yes, not instilled, because I feel they gave me an implant) in me a desire for life-long learning and curiosity (whether or not you get a piece of paper for it). I am doing my best to honor them.

(If you're wondering why this is the "sixth" update, then see the post here: http://www.techexams.net/forums/ccnp-security/68730-my-journey-642-617-firewall-v1-0-1-4-exams-required-ccnp-security.html)

000.00% - Overall Preparation
=============================
000.00% - Reading
000.00% - Carding
000.00% - Labbing
000.00% - Viewing
000.00% - Studying
000.00% - Practicing
000.00% - Confidence
====================
Header Explanations
====================

[insert word here] Update:
Which update I'm on. I like to use initial, second, third, etc. Hopefully, I clear the exam before the thirtieth update!

Certification: [title]
Title of certification I'm working on

Overall Preparation:
Basically, a mathematical average of the numbers of Reading, Labbing, etc.

Reading:
Reading will be the percentage that I have read the official certification text. Reading other texts is ancillary, and I will be reading several other texts, based on what has worked in the past. You can never rely on one source to tell you the complete story. I have great book access through my school, from Books 24x7. If I didn't use that, then I can also use Safari Books Online, which is a great option, also.

Carding:
This refers to making flash cards to study for the exam. This has worked quite well for me in the past, and I recommend it to everyone. Based on past experience, I can make most efficient usage of my time if I concentrate on making the flash cards while I'm reading the text, as it makes me more of an active reader. (That is, I pay more attention to what I am reading.)

Labbing:
This is doing labs. If there aren't explicit "lab" activities, then I'll just make up my own, based on the materials presented, and/or make ones based on the Global Knowledge course, that publishes a very good curriculum on their website that you could emulate if you're doing this on a self-funded budget, like me.

Viewing:
This refers to watching the INE video series for the course. I went "all-in" and bought the 2 years for the price of one All-Access Pass. If I pass even a single cert from it, the investment will have paid for itself, as it is a lot less costly than an individual boot camp.

Studying:
This refers chiefly to reviewing the flash cards, as well as possible ancillary reading if I find myself tripping up on some concepts. Spaced repetition is a wonderful thing.

Practicing:
This refers to taking practice exams once I think I'm close to ready. After looking at the cost of the Boson kit, I may very well skip this one, as the exam is $200 alone, the individual test prep is $100 each (half the cost of an actual exam, and the kit discount is only $31 bucks off getting them all individually, $369 versus $400... not a great deal, if you ask me.) For self-funded people like me, every dollar spent has to be well-invested, and I have not heard any great clamors on the difficulty of this kit, so not sure I see a need to be worried to the extent of practice exams. I will keep this figure here, just to completely represent whether or not I end up getting practice exams, so as to provide a complete review, in case someone decides to follow in my footsteps.

Confidence:
This is how confident I am in being able to pass this exam, if I took it today. Not very at this point, as I am starting ALL over again, from scratch.

===============================

Study materials that I will be utilizing: (Note: Of the books, the Official Cert Guide is what I will be reading 100%. I will use the other materials, as required, to get further understanding on topics that the Cert Guide isn't clear on, or if I feel that there are some "gaps".)

1. The official objectives:
https://learningnetwork.cisco.com/docs/DOC-8974

2. CCNP Security FIREWALL 642-617 Official Cert Guide
http://techbus.safaribooksonline.com/book/certification/ccnp/9780132378635

3. Cisco ASA Configuration (ISBN:9780071622691)
http://mmlviewer.books24x7.com/toc.asp?bookid=33518
Note: That's a books 24x7 link. The Safari links appear to include the ISBN, so I provide it here, for your convenience. I could not locate this text on Safari, but since it's a Richard Deal book (and I respect what he has to say about Firewalls) I included it here.

4. Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance, Second Edition
http://techbus.safaribooksonline.com/book/networking/security/9781587141010

5. Cisco Firewalls
http://techbus.safaribooksonline.com/book/networking/firewalls/9781587141140

6. INE All-Access Pass for CCNP Security
http://store.ine.com/cart.php?target=product&product_id=1479
I actually have a technical issue right now -- I know I was observing those classes a couple days ago, as I was watching a NAT video to review something, but can't figure out how to navigate to it now. Seems I can get to everything on the site in every track, "except" the CCNP Security material -- you tell me what's up with that? (Even looks like a "blank" on the page where that material should go ...) Their support is usually kinda quick to respond, so not too worried right now, as it is the weekend and I have other materials to use for the time being.

7. Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/config.html
By all accounts I can find online, the current version of the test is based on version 8.2. This is very important, with regards to NAT configurations. The configuration guide provides excellent information, and it also provides brief explanations about the items that you configure.

8. Cisco ASA 5500 Series Command Reference, 8.2
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/cmd_ref.html
Command reference comes in handy when you're trying to use a command that you don't use that often. Of course, I recommend being very familiar with everything on the syllabus for the exam, as they don't allow you to bring in reference material :D

9. Cisco Security Appliance Configuration Guide using ASDM, 6.2
http://www.cisco.com/en/US/docs/security/asdm/6_2/user/guide/asdmconfig.html
From what I can tell, this version of ASDM marries up with 8.2. When you look at the ASDM 6.3, it is attempted to marry up against ASA 8.3, which would be beyond what's necessary to study. I have heard numerous complaints that ASDM is used on these professional level exams, so my best strategy is to do my best to dual-configure everything on CLI and ASDM. (Note: some tasks are ASDM only, as I can't find a command line equivalent to the real-time log viewer, for example ... :D )

10. The Global Knowledge syllabus for the course:
http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=15525&catid=206&country=United+States
Note: I am not purchasing this course, but I am definitely using the syllabus as a guideline, ESPECIALLY for what labs I MUST know in preparation. For a comparison, you could get 2 years of INE All-Access for half the cost of this course. I am not knocking the training, as Global Knowledge is well known for quality content. If I had the funds to spare, I would take courses from them all the time. This site mentions ASA version 8.2

11. Firewall Data Sheet.
https://learningnetwork.cisco.com/servlet/JiveServlet/downloadBody/10869-102-4-42346/Firewall_DS_2011Jan26.pdf
This link from the Cisco Learning Network plainly tells you that the Firewall v1.0 exam does test on ASA 8.2

12. REAL ASA Firewalls
Can't beat the real thing. If you check the hacki forums, someone there has emulated 8.4(2), if that's your thing.

I will reiterate once again that I am not, and DO NOT plan on reading all of the books other than the OCG (Official Certification Guide), cover-to-cover, but will use them to reference any points I need some extra reading on. Just kind of including the links here, so people have a better idea about the good materials available to prepare for this exam.

As is my tradition, I must remind you that if you would like to reach out to me, Lewis Lampkin, III, I can be reached on linked in, at the following address:
www.linkedin.com/in/lewislampkin

I hope you enjoyed this post!

No comments:

Post a Comment