Tweet
Highlights from the May 2008 CCIE Security “Ask the Expert” Session
In January I wrote a summary of a past CCIE Security “Ask the Expert” Session from 2007. Yusuf Bhaiji, the CCIE Security Proctor, just completed another session and it was full of some more good information. I don’t think this one was quite as good as the last one, but here are the highlights:
General Test Information
Security Configuration
Other Configuration
General Test Information
- A 3.0 version of the lab is in the works. As always, there will be an announcement of any changes six months in advance, but there is no announcement planned at this time.
- There are no plans for a CCIE Security Assessor program.
- Each Cisco facility has a self-service area where you can help yourself to drinks for free. Lunch is also included.
- Yusuf’s study recommendations are:Lab: Network Security Technologies and Solutions (ISBN# 1587052466)Written: CCIE Security Exam Quick Reference Sheets (ISBN# 1587053349)
- All the routers in the lab are running 12.2T. Don’t expect to see anything else.
Security Configuration
- You can always use an ACL entry of “permit icmp any any” in the lab.
- Numbers such as CBAC clamping thresholds are rounded when grading the lab. For example, if the question says, “start deleting half-open sessions at 1500,” you could go with 1499 or 1500.
- The GUI is only available for the IPS and the VPN 3000.
Other Configuration
- Even though you should do it before you go, it’s OK to leave debug commands on when you leave the lab. A proctor will disable them.
- Leaving “extra” commands on devices is OK, as long as those commands don’t hinder or violate some part of a question. Yusuf gives the example of an “alias” command being OK.
- Windows XP Pro is used on the test PC.
- The serial interfaces in the lab exam are used to connect to a Frame Relay cloud. The Frame Relay switch will always be pre-configured. It’s tough to understand what he means here, but I think he’s saying that IF you need to change the frame relay configuration, the necessary information is provided. Here’s the quote:”You have to configured the client-side, and the necessary information (DLCI numbers, etc) will be provided in the exam.”Do you read this differently?
- IP routing and basic Layer 2 (basic switching, Frame Relay) will be pre-configured on routers and switches only. In some cases, you may also have to do some additional Layer2/3 configs to complete a task.
- Some questions in the exam relate to troubleshooting skills, which will require you to identify errors in the preloaded configs. These errors can show up in any part of your network. It will be network-wide troubleshooting.
Comment