CCIE Security Challenge - 1 Week Out - Opening Moves
I think it was my dear friend Bruce Caslow of NetMasterClass.com who first
used the words opening moves when it comes to the CCIE Lab Exam.
I have been speaking with many CCIE Security Instructors about the CCIE
Security Exam and the smartest opening moves for this beast. It is pretty
interesting because my approach and opening moves to this exam will vary
dramatically from what I did in my Routing and Switching exam.
In this post I am going to accomplish a couple of things:
1 - Write out my opening moves so I am completely clear on them for my
upcoming CCIE Lab Exam attempt.
2 - Publish these in an as many spots as I can to gather any feedback about
them, or collect some opening moves ideas that my peers and I had not
thought of.
3 - share these moves with anyone that might be preparing for this CCIE
Security Version 3 lab exam.
4 - share these strategies and the overall strategic approach for candidates
of other CCIE tracks to get them thinking about such planning.
So what are the opening moves I am planning to make in the CCIE Security 3.0
Lab Exam? Here they are:
Step 1 - Confirm the proper setup of my lab materials. Since this exam is
paper-based - I will examine my lab notebook and make sure all pages appear
to be there, and that they have not given me a Voice lab :-| I will then
use any logical topology diagram in the lab notebook to ensure that my
initial configurations have loaded properly. I will check one router and one
ASA; or two routers if it appears I have to configure both ASAs from
scratch. I will notify the proctor IMMEDIATELY should there be any issues
with my initials. Time: 2 minutes
Step 2 - I will then read the entire exam paper closely. I will try and spot
interdependencies and pitfalls in how the security tasks relate to each
other. ASA filtering, Zone-Based Firewall filtering, the IPS policy, and NAT
are all areas worth noting considering that configurations here can easily
cause lab exam failure. I will also examine the diagrams provided closely to
ensure that they are going to work for me in the exam. I will determine at
this point if I will be re-diagramming any areas. Time: 10 minutes
Step 3 - I will then begin any re-diagramming I might need to do and start
my first configuration. I presume I will be starting with an ASA, but I have
certainly made no assumptions where I will begin as my lab will ultimately
dictate that. Before beginning the configuration of any device - I will copy
the initial configuration of that device into Notepad on the desktop. When I
copy this configuration, I will visually parse it and look for any setting
that Cisco may have introduced in the interest of forcing me to
troubleshoot. Areas to look for include ACLs, VACLs, shutdown ports,
incorrect or duplicate IPs, incorrect physical port settings, and default
command reversals.
Step 4 - start my Skipped Task Tracker and track any tasks that I am
skipping, either due to level of difficulty, or the fact that the task would
be best completed at a later time in the lab construction.