CNV1 -- IINS 640-554 Test -- Failed

I recently took the Cisco CCNA Security 640-554 test and failed with a 888 with an 898 needed Yeah, big suckage. 5 days for Cisco before retake and I do know now how long for the WGU retake.

Thoughts on the test without hopefully violating the terms.

• Know the CCP GUI for all the sections and material you are responsible for. The test expects some level of knowledge here
• This includes how to do a configuration of the selected tasks.
• What the path/where to click to access the task or information. (IE, where do you go to configure NTP Servers in CCP).
• The tasks to know
• How to view and configure everything related to an access-list
• How to view and configure everything related to IOS VPN
• How to view and configure everything related to IOS Firewall
• How to view and configure everything related to AAA
• How to view and configure everything related to time
• The tasks and steps under the security audit tab
• Know the same topics from the command line too. :)
• Know your ASA for SSL VPN options and setup
• The books provide most of the test information you will need. However, some areas that I think the books, practice tests, video (CBT) were short on.
• IPv6
• IPv6 access-lists
• PVlan
• Layer 2 (books and video especially)
• Have a better understanding than the books give for the other Cisco products basically outside the scope of the test. Inside the scope would be CCP, ASA, IOS, IOS IPS, & ASDM. The books do cover these other items (SecureScan, IronPort, SCM). You don't need a detailed knowledge of how to configure or use these devices, but know the feature sets they offer.
• Have a good understanding of layer 2 protocols and protections. Understand Layer 2 from what the Boson practice test quizzes you over. The books and videos aren't enough.
• Know the Cisco answer to the question. I got a question that there were 3 rights and I had to pick 2. It wasn't one of the, "which of the following is the best..." either. Experience in the real world can be good AND bad.
• The study material probably covers only 85-90% of what I was tested on.
• Review the official Cisco Exam topics. Like everything else in life, what you don't prepare for  always seems to show up.

Personal thoughts:

• I think I might have got a pretty crappy role from the RNG on what I was tested over in certain areas. I'm sure life evens itself out eventually.
• Never forget Cisco certs are highly sought after so the questions and material will reflect it. Lots of opportunity for "bad" people to dump answers and raise the bar for the rest of us. Cisco has to make it harder somehow so they will do the following:
• Expect poorly worded questions to distract, confuse or frustrate you.
• Expect to see some minutiae questions. They will test you over a single sentence from the book.
• Test outside of the book & video but still within exam objectives (NOT NICE!)
• Studying for this one isn't fun. You will spend quite a bit of time messing with the environment to get enough hands on practice. You will be reloading OS, configs, scenarios, waiting for CCP, etc...

From the WGU Perspective:

• There's NO help in the forums for the current version of the test. You are on your own.
• Again there is a large gap between the test and the material. As a college course you kinda hope to have materials that provide you an environment to simulate the material on the test especially if it is hands on. Access to IOS, ASA, ASDM, IOS IPS, CCP are either memorize the lecture steps (hahahaha), buy equipment to practice, or find emulators to practice.

WGU -- CNV1, IINS 640-554 Studying

Well this has been among the most frustrating courses to study. I have grabbed my voucher and am looking to schedule the test this week. Wish me luck. Onto the study material.

First, the course of study read likes, here's the material, good luck. The forums mention little to worse. So, based on the C.O.S., the CBTNuggets are entertaining and good. The only thing is having to setup a lab or 2 that emulates the commands. Even having 10+ years of experience on Cisco gear, learning zones, zone pairs, ccp, etc are newish to me. I can't imagine learning this from start. Here is what I did and built.

Host machine: Win 7 box with quad core proc and 16G of rams with dual monitors. I wish it had 3. One for the lab setup (including putty), one for the CBT at full screen, one for the virtual machines in the labs. It has worked well.

Software (sorry to my Linux/Apple host friends, but you can get pretty close, or better. GNS3 and most of the software works everywhere, and supposedly better in others. Lucky):

• Oracle's Virtualbox. If you are WGU student you should have it from your linux+ stuff. I used this to emulate some win7 and a radius boxes. And use your  WGU licensing from MS to spin up and clone. Plus, when you clone in the Virtualbox, the sheep makes me laugh every time. I have 3 win 7 clones sitting there. These boxes will need to be attached to GNS3. You don't have to setup the radius boxes, but i'm a nerd. 
• VMWare's VMPlayer -- This is so you can spin up the ACS server to see how tacacs+ works (if you want).
• Some people will find the need for MS loopback adapter for...
• GNS3. Godsend. If you want to practice without actually buying the hardware, you NEED this. This software is awesome. I will grab a list of links. Right now, they have just launched 1.0/1.1 version and a lot of the links are for 0.86 etc. here are some quick notes...
• First, it lets you spin up Cisco equipment sufficient enough to practice on the command line. Until you are can type en, cisco123, conf t, username admin secret 0 cisco, etc, until you are blue in the face. Plus these same boxes can be manage by your VM win7 box running in the same virtual environment. 
• On the ASA, do not put in options if you use 8.4.2. it simply works. However, it will chew up one of your 4 cores (at least it did mine). My proc runs at 25% all the time when i have an ASA up.
• Make sure you find a good idle time value. 
• If your connecitons are working but you -know- you have it setup right. save your GNS3 config, save your device configs, and restart GNS3. 
• GNS3 lets you attach your VMs to it. 
• Virtualbox works out of the box directly connected. Find the articles how to do it. I say this is pretty f-ing cool. 
• VMPlayer has to be attached via a cloud/loopback adapter. I used the Virtualbox adapters here. VMPlayer doesn't have the hooks to directly connect and the ACS boxes require VMWare in their hardware check. (Yes i am sure you can make it not, but my google-foo was exhausted, and my patience was gone by then. If you have the details, i'll add 'em). 

My actual study routine. I read the book first online. I used Safaribooksonline. I like this resource better than the WGU option. same book, different location. I took notes. I used 5*7 notecards. I take notes on concepts, not word x = definition. For example, my card on IKE Phase 1 has HAGLE, with all the parts of hagle broken out with details such has DH supports 1 @ 768, 2 @ 1024, and 5 @ 15xx, H has SHA1 (@ 160), and MD5 (@128). And it is a single bi directional tunnel. 

After reading the books, i watched the cbtnuggets material. Keith is a good lecturer. Most of the lectures takes 2 or 3 times the running time of the material for me. I typical pause and rewind him as he does the configuration. I made 2 or 3 instances of setup within my GNS setup. repetition makes perfect. 

Now I am on to the practice tests from Boson. It scares me to read the reviews. Not promising. Old test, missed material. We will see. This is the only test we have score an "A" on and our material and testing have left quite a few out in the cold. Scary. I made right at 80% on my first time through on Boson. I always use the practice method. Question, my answer, grade my answer, review the material. Also had my favorite, questions on material that my material didn't cover. They asked a concept PVLANs that are in the official cisco curriculum stuff, but not i don't recall it in either study material (book or cbt). Some of the details they asked, i didn't recall, but that's why we take practice test. honing and focus and repetition. 

Anyhow, the frustrations of this course...Once you figure out that GNS3 and VM and Virtualbox can solve some problems.

• Where do i get software?!? And what do I need to do.
• Ask your account mgr if you have a contract with Cisco. This will be the 1, most frustrating problem through the course. Plus from my understanding, the internet comes with a search function. 
• You will need IOS router software. I used 7200's with 15.0x running for my labs
• You will need to get IOS IPS Signatures. 
• You will need ASA software, 8.4.2 is supported.
• I used 3 Win7 virtual boxes, one for CCP, one for ADSM, one for AnyConnect.
• You can spin up the attack box our instructor uses. The product name has been updated. 
• GNS3 is excellent except for....
• My ASA won't save its config beyond a GNS restart (save a script, best i got so far)
• My ASA doesn't do DHCP right (save a script and restart the project)
• My ASA's chew up my processor. (agreed, shut 'em down when not in use)
• My cloud doesn't work right ( again saving and reloading my project)
• My switch doesn't work right (again, saving and reloading project worked for me)
• My routers cook my CPU (find your idle-timeouts and use a supported IOS).
• I get strange console errors (meh, i am not doing routing labs, so don't care -- yet).
• Where are the Cisco switches (not supported).
• Seriously, where do i get software. Search for GNS3 IOS images. I agree, frustrating, that a university, vendor, can get us time-bombed material so we can practice. 
• The forums are 0 help here WGU students. Sorry. Normally, they serve as a great guide.
• Pacing guide, read 2 chapters a week. That's not a guide....

I'll post an update how i do this week. Thursday is looking to be test day. Plus, I want to forget over Turkey day.