Sunday, December 10, 2017

This Week in the Lab

 on  with No comments 
In , ,  
We moved, I was completely burned out from that, then this, then that, then the other and its already December. So it's time go get my butt back in gear. I'm under 2 years now to finish up the CCNP Security, or I get to retake the SENSS.

We made a little profit on the house and allowed ourselves a little bit of fun money out of it. Rather than blow it all on something stupid, I decided to make a little investment in my future and bought a couple of new items for the lab. I picked up a 5506-x firewall and a 2504 WLC.  Here they are in all their glory on my basement desk, along with the desk's 2940 switch and a 1242 access point I picked up out of the recycling pile a few years ago.

In the last few days, I've been pounding away at the WLC, trying to learn the basics.  One big lesson right away was the AP's MIC, which was expired on the first of the 1242's I tried (I grabbed 2 of them).  I spent a coupe of days reading blog posts and Cisco PDFs trying to figure out some way to get the thing working, but eventually threw in the towel.  I tossed all my old APs back on the shelf and figured I may as well buy a 3602i like all the cool kids who's blogs I read have.  But for the heck of it I tried the other 1242 and it worked.  Since I don't envision myself needing a second AP for any exam in the Security track, I'll ride out this AP until I come up against missing features.

I've already made my first pass through the SISAS Certification Guide and AAA Identity Management Security before life slowed down my studies, so I'm starting my second pass on them, and I'll be watching videos from Labminutes. I'm also going to go through Controller-Based Wireless LAN Fundamentals. And of course, following along on my new WLC, and my old ISE server.

Happy labbing.

Saturday, August 12, 2017


 on  with No comments 
In ,  

1. What kind of Questions should I expect to see on the CCNA exam?

All the information that is known about the exam is available on the Cisco Certifications pagerelating to the exam in question. The Cisco NDA forbids us from telling you anything more. This includes how many of each type of question we saw, whether or not a specific topic is covered heavily, and what specific questions we were asked.

2. How much does the CCNA exam cost?

You can find the cost of the exam in your country at the above mentioned site where you register. Again, don't take anyone else's word for it. You're going to pay Pearson Vue to take the exam, not me. So it only makes sense to see what they say it costs, right?

3. How do I register to take the exam?

Cisco exams are proctored Pearson VUE. You will find everything you need to know about registration and exam locations on their site. Don't just take the word of some random person on Facebook, get the information directly from the authoritative source.

4. What book should I read for the CCNA?

I've blogged about this before very recently, and you can find that post elsewhere on my blog. But to summarize, I'm always going to recommend the Official Certification Guide from Cisco Press. I don't care if someone said Wendell Odom is too dry, or the books are too long. There's a lot to know, and you may as well understand now that there are no shortcuts.

Many like Todd Lammle's book because it's shorter and it reads more like a stand up comedy routine.  First, Lammle assumes you have a certain level of knowledge already before you pick up his book.  Odom doesn't.  Lammle gives you the bare minimum needed for the exam.  Odom doesn't.  If passing the exam is your only priority, you're in for a rude awakening on your first day on the job. The router that's down isn't going to go easy on you because the root cause wasn't a CCNA exam topic.

You can find a large list of free resources around the Internet to assist your studies.

5. I have a question about my final results.

There's a great post over at the Cisco Learning Network titled Demystifying the Cisco Score Report. It says it's posted by the Certs & Lab Admin, so I'm going to assume this is legit. And while this particular breakdown is for a CCIE Written exam, pretty much everything that is said in the post applies to any written exam.

6. What degree should I get for networking?

Nobody can speak for every hiring manager out there. Every one is different, so there is no answer for this. In my experience, a college degree was a yes/no question without too much focus on what the degree was in. Some hiring managers don't care about a degree while others only care that you have one, and others still want it to be something specific. I chose a degree that closely matched the work I wanted to do in the future. You can't go wrong with that way of going about it. One thing I can guarantee is that nobody is looking specifically for somebody with a masters in Botany to work in their NOC.

7. Why did I get banned from the CCNA group?

The group has rules, and the rules are enforced. Its nobody else's fault that you either posted without knowing the rules, or you knew the rules but chose to disregard them. Every Facebook group, Website, Online Forum, etc. has rules and it's up to you, the user, to seek them out and follow them. This is true with anything you do in life.

8. Will you do my homework for me?

No, we absolutely will not do your homework. Do your own homework. I already know the material and your homework is one of the steps involved in your education. You want to pas the exam and earn the certification? Then you need to learn this stuff, not just write down what I told you. Obvious homework questions will be deleted, and the poster will be mocked. I don't care if you say it's not homework, we know homework when we see it.

Besides that, half of the "answers" I see given to homework questions are wrong anyway.

9. Which certification pays more, Cert A or Cert B?

Follow your heart, not your greed. If you want to strike it rich, maybe come up with the next Google or Facebook.  Every certification path has great opportunities, and you'll be paid well in any IT specialty if you do your job well. And you will do your job a lot better if you're doing something that you actually enjoy doing. If you don't know what you enjoy doing yet, you should be spending more time getting a job and gaining experience and less time worrying about 3 jobs ahead.

Bottom line, if it wasn't a marketable job skill, Cisco wouldn't bother maintaining a certification program for the skill.

10. What is router?

This question, and any basic question like it, doesn't have any place in a Facebook group or an online forum. It's something that you can easily Google, and not waste everyone's time. In case you're still unsure how, I wrote a post on how to Google things. Try it sometime, you may like it.
"What is the CCNA" is especially offensive. Why did you join our group if you don't even know what it is? If you don't know, then Google it.

When in doubt, try this post on how to ask better questions. Better questions get better answers. Take note when you will not show any router configs but still want us to figure out why can't ping across your 5 router topology.

11. Any question that conntains "Class A," "Class B," and/or "Class C".

Let me stop you right there. Classful networking is a relic of ancient days, and we simply don't use it any more. CIDR and VLSM aren't something that's off in the distant future (insert IPv6 or Duke Nuke 'em Forever joke here), they are the here and now. If your "practice test" or study guide that you obtained from some shady website talks about classful networking, you're going to fail.

12. I don't like the rules, who can I complain to?

Basically nobody. The admins set and enforce the rules. And as long as we do not violate any part of Facebook's TOS, that will not change. If you dislike the group that much, there's certainly other groups elsewhere that you would like better. Try one of them.

Of course, if you do want to scream at somebody, then by all means send me a private message on Facebook, even if it was a different admin that annoyed you. I've actually grown to enjoy the abuse.

13. I was treated unfairly by an admin, who can I complain to?

See question #12. I have nothing but respect for the other admins of this group, otherwise they wouldn't be admins. It's not very likely I'll take your side over them.

But again, feel free to scream at me all you want on Facebook.  I love the abuse.

14. Will the CCNA help me find a job?

The same goes for this as it does for the degree question. While experience trumps all, certifications and a degree will help you stand out from other similar candidates who you are otherwise similar to. But at the end of the day, it's up to the individual company to decide what they want in a candidate. Some want a degree, some want certifications, some want something else still. The job posting will tell you exactly what they're looking for in a candidate.

The bottom line is that having a degree and a CCNA helped me get my first job in I.T. Everyone had zero experience at one point, and yet the senior members of the group are all working in the field, right?

15. I has cert, job me now!

Sorry, but this isn't a jobs board, and these types of posts can and will drown out everything else if we allow them.. Since there's really no such thing as a "CCNA Job" despite what many posters say, there's no connection here. If you wish to explore career opportunities in your area, seek out a group dedicated to that topic.

16. I'm the network administrator or engineer and everything is broke. Help me!

Let me guess, you passed the CCNA by using Testking, and somehow lucked your way through the job interview. The hiring manager must have figured they could pay you less since you really didn't interview well. Now you see why you shouldn't have cheated. You can't afford my hourly rate as a consultant, so pick up a book and start learning. You're in for a long night.

Saturday, August 5, 2017

The Elusive Java Sweet Spot

 on  with No comments 
In , ,  
If you've worked been on the Cisco cert train and/or worked with Cisco products (particularly their security products) for long enough, you know exactly what I'm talking about here.  My first taste of this came with Cisco's Security Device Manager (SDM).  I've never seen SDM actually used in production, but at the time that I was studying for the CCNA, it was still a required topic for both the CCNA and the CCNA Security.  The problem was that at the time, it was old.  It was old, and was not receiving updates as Cisco had moved on to the Cisco Configuration Professional (CCP) program already but had not updated the exams content yet.  Because it was old, it didn't work well with Java that was newer than JRE 6 update 43 (and didn't work well with many versions that were older than that either).

The first issue here is that we all know about the security track record of Java.  Being forced to use a version that is several years old is just asking for trouble.  Every month, the Nessus scan is updated to look for yet another new version of Java as the previous one has several critical vulnerabilities.  You can read all the gory details here if you care to.  I don't know what's worse, Java or Flash in this regard, and CCP just happens to use both.

And it's not just SDM/CCP that has given me fits about Java versions.  Most of the Cisco ASA's that I've installed were for small businesses (the 5505 and 5506-x models), so I have to set up ASDM for their use as there's never an actual IT guy on staff.  And since I'm rarely a party to the purchase of the ASA, I'm also rarely a party to the decision of which version of the ASA software it comes with.  Which means I rarely see the same version of the ASA software, and by extension the corresponding version of ASDM, on more than one firewall.  There was a firewall install that I literally spent 2 hours trying out different versions of Java on my computer in order to find one that would work with both the client's ASA 5506-x and my ASAv that I was using to study at the time.  Yes, I could just change out Java when I move to a different ASA, but I'm not trying to keep track.

Also using Java, though not as much of a headache is the Cisco Configuration Assistant (CCA).  Not a product that I particularly like, but good luck with Cisco support on a UC500 series PBX if you're not using it.

Saturday, July 29, 2017

Attacking the 300-208 SISAS Exam

 on  with No comments 
In , ,  
After passing the CISSP back in April, I have gone back and forth on which exam I want to attack next.  After passing the SENSS, I'm on the clock to finish the CCNP Security.  On the other hand, I also want to do the 70-743 Upgrading Your Skills to Windows Server 2016 before Server 2016r2 comes out and all the r2 stuff gets added to the exam.

After taking a little time off from studying and then going back and forth for a while, I've finally settled on the SISAS.  Here's the plan so far.


AAA Identity Management Security - A great primer on AAA and 802.1x that I am able to access via Books 24x7 (Thanks Eastern Michigan!).  The sections on theory, as well as configuration examples for switches, routers and firewalls are great, especially if you're not very experienced in this. However, the book goes over Secure ACS 4.x and Secure ACS 5.x rather than ISE.  The sections covering ACS 4.x are definitely not necessary at this point, though I did read through them while following along on my ACS 4.2 server.  You can never have too much exposure to the topics, right?  The jury is out on the ACS 5.x sections though.  While not specifically listed in the exam topics, I have heard that there are products not covered in the topics and the OCG that do appear on the exam.  ACS 5.x perhaps?  Maybe, maybe not.  So if you have access to an ACS 5.x server, it definitely wouldn't hurt to spend a little time familiarizing yourself with the interface.  I definitely did.

CCNP Security SISAS 300-208 Official Certification Guide - The previously mentioned certification guide, which I've purchased a copy of. I've heard mixed reviews on it.  Some say it covers everything pretty well, others say it's lacking in some areas, specifically in the equipment covered.  This is why I'm not using it as my only study source.

Practical Deployment of Cisco Identity Services Engine (ISE) - Here's another title that I have access to via Books 24x7.  I'll definitely read it if I find the Official Cert Guide lacking, but with the OCG, videos, and labbing to go, I don't know if I'll get through the entire book.

The Cisco Learning Network lists a few other things on their page for the SISAS. There's a number of PDFs including the SAFE Architecture Guide and the TrustSec 2.0 Design and Implementation Guide that I'm sure I'll read again,


CBT Nuggets - Keith Barker wrote the Certification Guide for the version of the CCNA Security exam that I took, and he also did the video series for that exam as well.  I've always been a fan of Keith, and I'm sure he'll knock it out of the park again for the SISAS.  I've heard good things about this series.

Baldev Singh on Udemy - I got in on a special promo and got Baldev's entire CCNA Security and CCNP Security series for free when I was working on the SENSS.  The stuff relating to the SENSS was quality stuff, so I'll lean on Baldev again for the SISAS.

Lab Minutes - The security videos done by Metha Cheiwanichakorn for Lab Minutes were brought to my attention by Katherine McNamara who I first came across on the TechExams forums and have since followed in various other places around the net as well.  I've watched several of Metha's videos relating to Secure ACS 5.x already and have enjoyed them so far.  I fully expect the ISE and the dot1x theory material to be as great.


Secure ACS 4.2 and 5.4 Servers - As previously mentioned, I have already been through the AAA book once and followed along on the the two versions of ACS.  I don't know how valuable this knowledge will be for the exams, but it's not like ACS will be disappearing from the world in the very near future.

ISE 2.x - I have a VM running ISE 2.0.306. Not the latest/greatest, but has been good enough for everything I've attempted to do with it thus far.  I also have an evaluation copy of 2.2, and at some point may also join the 2.3 beta program at some point.  I'm not sure how different 2.0, 2.2 and 2.3 are, but it's always beneficial to see multiple versions in real life, if not for the exam.

IOU based routers and switches on GNS3 - I'm doing most of my hands on virtually now.  The IOU images aren't the latest/greatest virtual IOS images any more, but they're still good enough for everything I've been doing thus far, and I have them set up already.  I'll continue using it as long as it's useful.

Physical 3750, 2821 and 1140 - The core of my home network, a 3750 switch, 2821 router and 1140 access point are available should I need them.

QEMU based ASA and ASAv - For firewalls, I'm exclusively virtual as I do not have a physical ASA at this time.  I do have a pair of PIX 515s for what it's worth, though I doubt they'll be of much use for this exam.

Virtual WLC 7.3 - I don't have a physical WLC at this time, so hopefully the copy of vWLC that I do have will get me through this exam.  I do know that there are features not available in the vWLC that I won't be able to do without beyond the CCNP Security though.

Misc Physical Aironet APs - A pile of older controller based APs that I'll be able to use with the vWLC.  Hopefully good enough for what little wireless I'll need for this exam.

Microsoft NPAS on Server 2016 - The MCSA upgrade is still in my short term plans, so I may as well play around with RADIUS here as well.  The Active Directory Infrastructure is already in place in the lab, so I it won't be much effort to add a NPAS 2016 server into the mix.

Saturday, July 22, 2017

That'll Never Work!

 on  with No comments 
In , ,  
While reading through a discussion on Slashdot today, someone linked a thread from 1999 as proof that the Slashdot community has always been pretty dumb collectively.  The thread was on the upcoming release of VMWare, a class of products that clearly hasn't been heard of on PCs at the time.

The thread can be found here.  It's amazing how a concept so ingrained today appears to be so foreign just 18 years ago.  My personal favorite is the very bottom comment "a great idea ROFL."

Wednesday, May 17, 2017

This week in the Lab

 on  with No comments 
In , ,  
The past couple weeks, I haven't been to productive in my studies, so I'm going to recap the few things that I've done so that I can reference it later. Everything here relates to the MCSA 2016 upgrade. 

I haven't done much reading at all, especially compared to my previous output.  But what I have been reading, slowly, is Mastering Hyper-V 2012 R2 with System Center and Windows Azure by John Savill on Books 24x7.  Hyper-V and the Cloud (ie: Azure) seem to be a big topic on the current exam topics, so I'm reviewing everything that I haven't touched much since doing the MCSA 2012 upgrade exam.  Thankfully I'm not seeing anything that feels completely new, just stuff here and there that I definitely need to knock the rust off on.  I've also started on Software Defined Networks: A Comprehensive Approach by Göransson, Black and Culver.  SDN was talked about heavily in the Introducing Windows Server 2016 book, so I figured I had better get the fundamentals down now.  Books 24x7 also has Mastering Windows Server 2016 Hyper-V, also by John Savill, which I'll start on once I finish the two titles I'm currently working through.

In the basement, I rebuilt both of my Hyper-V servers to Server 2016 Data Center, and put another physical disk in my domain controller and shared it out via iSCSI.  Then over the next few days, I built a Hyper-V Failover cluster with those two hosts and the iSCSI storage.  Rather than follow a step by step guide, I instead did it all from memory and a whole lot of trial and error, only consulting a book or TechNet when I was completely stuck.  Hence it taking a few days rather than a few hours.  But the cluster is up and running.

The first high availability VM that I built was a new IPAM server running on Server 2016.  The nice thing here is, when you use 2016 Data Center edition, you can build an unlimited number of Server 2012r2 and 2016 VMs on those hosts, you just use the AVMA keys to activate them and those VMs will run just fine on any host with 2012r2 or 2016 Data Center.  I started out with an IPAM server because I'm past the point of outgrowing the spreadsheet I use to track everything, especially now that I've started moving to IPv6 in the lab.

Next up, I need to take care of that 2012r2 domain controller so I can raise my DFL/FFL to 2016 before I start running into things that require that.

And for 70-417 study guides, there's the MS Press book, and the Sybex book.  Does anyone have a preference?  With everything else that I have read/am going to read, I don't imagine there being a need to buy both. I just want something comprehensive that goes over all the topics to gauge where I'm at as I get towards the end of this journey.

MCSA Study Progress by Topic:

Install and configure servers - I've installed and configured hundreds of servers on all editions of Windows, both in the lab and on the job.  I need to work with Storage Spaces some more, but overall I'm good here.
Configure server roles and features - Haven't done much with non-domain joined servers, but I'm good here as well.
Configure Hyper-V - I've done a lot of work here, especially recently and I've been trying to pay careful attention to what's new in 2016 as I go along.  But overall, I'm good here.
Install and administer Active Directory - Need to work on IFM and AD IaaS from Azure.
Deploy, manage, and maintain servers - My old nemesis from the 2008 and 2012 exams.  Data Collector Sets, monitoring, perfmon, and all that.  Need a lot of work here.
Configure network services and access - DirectAccess, something I want to setup for practical purposes.  Implementing DirectAccess with Windows Server 2016 is on Books 24x7 and I'll follow along in the lab while reading that.
Configure a network policy server infrastructure - a lot of fun stuff here, and I need to put in some time on all of it.
Configure and manage Active Directory - A lot of newer advanced features of AD.  I need to put in some time on most of it.
Configure and manage Group Policy - Looks like there's not really anything new here and it will focus on topics that have been around in previous versions of Windows.  Just need to knock off the rust here.
Configure and manage high availability - A lot that I've already suffered through with my Hyper-V cluster.  Need to continue practicing.
Configure file and storage solutions -  Looks to be all recent additions to windows and stuff I haven't seen before.
Configure business continuity and disaster recovery - I need to hit the Azure stuff, but it's just more Hyper-V topics for the most part.
Configure network services - IPAM.  Labbing this now.
Configure access and information protection solutions - ADFS.  This is the stuff that I've always avoided getting too deep into because I never had the capacity to really implement it in the lab.  I do now, so I'll be spending time on it. The servers are being provisioned now that the Hyper-V cluster is up. Related topics such as AD RMS will be worked on too even though they're not specifically mentioned in the topics.

Wednesday, May 3, 2017

Moving to IPv6 in the Lab

 on  with No comments 
In ,  
IPv6 is one of those technologies that I've been wanting to dig into further.  I know enough that I can get through the certification exam of the day with a little book time to refresh, but I don't know it well enough.  It's not something I've been avoiding, just something that I've kept putting off because something was more pressing, more interesting, or potentially more useful.  So there's no time like the present. Let's get started.

I began by reconfiguring the network to better align with all the blog posts and docs that I've read to date.  I originally had the 3750 doing the intraVLAN routing, but I decided to simplify and push everything out to the 2821 at the edge for now.  So the 2821 and 3750 are doing router on a stick.  There are 2 VLANs I'll be using (10 and 20 for now, additional VLANs are there but not IPv6 enabled yet), so the /60 Comcast is currently handing out that can be broken down into 16 /64's will suffice.  I think a lot of areas are getting more than a /60, but it's more than enough for now.

On the 2821, we'll start by enabling ipv6 routing.  Naturally, the commands are a bit different here and there.

ipv6 unicast-routing
ipv6 cef

Then on the outside interface, we'll pull our /60.  If your ISP is handing out bigger chunks, adjust your hint accordingly.

interface GigabitEthernet0/1
 ipv6 enable
 ipv6 address autoconfig default
 ipv6 dhcp client pd hint ::/60
 ipv6 dhcp client pd COMCAST

First we enable ipv6 on the interface and then pull a /60 and put it into a pool called COMCAST.  In a lot of other docs online, I see the addition of "ipv6 address dhcp" added on the outside interface as well.  But my router/IOS combination wouldn't take that command and it's working fine without it, so keep this in the back of your mind.

Next, we'll go onto the inside interfaces.  We'll set up the IPv6 addresses and have a little ROAS review here too.

interface GigabitEthernet0/0
 no ip address
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ipv6 address COMCAST ::1/64
 ipv6 dhcp server COMCASTPOOL
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ipv6 address COMCAST ::2:0:0:0:1/64
 ipv6 dhcp server COMCASTPOOL

What we've done here is put the first /64 from the COMCAST pool onto VLAN 10, and the second /64 onto VLAN 20.  The next line on the interface sets up the dhcp options for the two VLANS.  The only options that I've currently configured are the DNS servers.  I'm actually using my own Domain Controllers (which is what you should use if you have them), but for here I'll put in Google's.  There's some timers that may need tweaked in regards to neighbor discovery, but that's a little beyond my understanding at this point.  I'll get into that at a later date.

ipv6 dhcp pool COMCASTPOOL
 dns-server 2001:4860:4860::8888
 dns-server 2001:4860:4860::8844

So now we have full IPv6 connectivity on just about everything in the lab (for some reason, none of my Virtualbox guests can ping past their own Ethernet NIC, but that's a topic for another day).  I've disabled IPv4 completely on a test machine (Server 2008 Enterprise) and loaded up Yahoo.

So far so good.  We've got connectivity.  The NIC settings are shown to demonstrate that IPv4 is indeed disabled.

What's next?  I would like to move intraVLAN routing back down to the 3750 and have a single routed link between it and the 2821. Then I want to move the DHCPv6 functionality for each VLAN down to the domain controllers so I can manage all the IPv6 bits with Windows IPAM as I do now with the IPv4 bits.  And finally, I need to update the IOS on my 3750 to an image that supports IPv6, among other shortcomings I'm currently hampered by.

But first things first, I'm going to move my Hyper-V servers from Server 2012r2 to 2016 and finally get them into a failover cluster.  Between that and getting some shared storage together for the cluster should get me through a good section of the MCSA 2016 topics.

Wednesday, April 26, 2017

The Nation of Tokelau

 on  with No comments 
In , ,  
Tokelau is a self-governing territory of New Zealand consisting of three coral atolls in the southern Pacific Ocean. It lies north of the Samoan Islands, east of Tuvala, south of the Phoenix Islands and northwest of the Cook Islands. It's believed that the islands were first settled approximately 1000 years ago. Tokelau is a free and democratic nation with no political parties, holding elections every 3 years. And Tokelau is the first 100% solar powered nation in the world.

So if you know anything about this blog, you're probably wondering why I have an interest in this small group of islands in the Pacific.  Well, it's not the islands, the nation, or even the people per se that interest me, it's their ccTLD, .tk that I have recently become aware of.  Tokelau allows any individual to register a domain under this ccTLD, and with few restrictions (such as sexual, drug, hate and firearms content), users and small businesses may register any number of domains free of charge.  "Special" .tk domains, such as those conatining the trademark domain names for most Fortune 500 companies must be purchased. Users may also opt to forward their web and email traffic.

The nation of Tokelau boasts a population of 1,499 as of the October 2016 census, good for 237th in the world.  What makes this small population most remarkable is the fact that more than 28 million domains have been registered under the .tk ccTLD.  According to a McAfee survey in 2006, .tk domains were twice as likely to be used for "unwanted behaviors" when compared to the global average. In 2010, the Anti-Phishing Working Group noted that 21.5% of all worldwide phishing originated from .tk domains.

So what does this mean for you?  Have you ever done legitimate business with a person or organization coming from a .tk domain?  I can't say that I have.  And other than the free domain registration (which hardly matters with what GoDaddy and other registrars are selling domains for these days), why would anyone want to register their domain with such a small, and otherwise unknown nation?  They claim to have rules, but are clearly not enforcing them. And how could they with 28 million domains and counting registered? As of right now, it's probably safe to just blacklist the entire .tk for now.

Wednesday, April 19, 2017

Thoughts on the CISSP

 on  with No comments 
In ,  
Saturday afternoon, I took the CISSP exam and passed.  Not only is this a sweet certification on my resume, it's the final requirement for my Masters degree in Technology Studies, Information Assurance concentration.  So all in all, a pretty awesome weekend, even though it was quite stressful leading up with so much riding on this exam.

So the first thing that stands out on this exam is just how long it is.  250 questions long and by far the longest exam I've ever taken either for a certification or in academia.  I'm normally a fast test taker, and it still took me around 2.5 hours to complete.  I can't even imagine someone who is a slow test taker and up against the clock.

My road to success on this exam is not for everybody.  In 2008, I decided to use what I had left of GI Bill eligibility and make a career change into I.T.  Some of my earliest classes were infosec related, and I first read Shon Harris's incredible CISSP All-in-One Exam Guide somewhere in the neighborhood of 2009 as it was the textbook for a couple classes.  From there I went on to study Information Assurance at Eastern Michigan University, earning a Bachelors in 2012.  Many of these classes focused around CISSP topics.  Three years later I went back to Eastern to pursue a Masters degree, and many of these classes also focused on CISSP topics.  Everything from a class on Risk Management in my undergrad days, through graduate classes on Business Continuity and Incident Management recently.

For the capstone of my Masters program, I chose the option of taking this exam, and dedicated the semester to studying for it.  Over the course of the semester, I read Eric Conrad's CISSP Study Guide and Adam Gordon's Official Guide to the CISSP CBK, both on Books 24x7 (thanks EMU!).  I also watched a great video series on FedVTE (thanks government contracting position!).  I took it one domain at a time, first reading the chapter in Eric Conrad's book, watching the video, then reading the chapter in Adam Gordon's book, using each sources practice questions to gauge my progress before moving on to the next source.  Along the way, I kept notes on my strong and weak points of each domain (a learning log was a requirement of the class, otherwise I may not have) and spent the last couple weeks of the semester reviewing all the areas I wasn't comfortable with.

For anyone considering taking the exam, know that this isn't like your typical Cisco or Microsoft exam.  For those, you can almost always find a seat at a nearby testing center on the day you prefer to take your exam.  Not so with the CISSP.  In mid-February when I went to book the exam, I could find a couple seats in early March (way too soon!) or mid to late April, so I took it April 15.  My due date to present proof of passing was April 17, so there was no second chance.  So if you're up against the clock, either for work or school, book sooner than later.  I also ended up having to go with a testing center that was a little over an hour drive from my house, where as the one I normally go to is 15 minutes away.  I'm assuming it's the 6 hours you get for this, but there simply isn't a lot of available seats for this exam.  At least in early 2017 for the Detroit and Ann Arbor areas.

So no rest for the weary, its on to the next thing.  I'm initially leaning towards getting the "Upgrading Your Skills to MCSA: Windows Server 2016" knocked out now before Microsoft drops all the 2012 exams off of the list of available qualifications for partner status.  That wasn't a fun scramble when they dropped the 2008 exams.  Without school taking precedent in my mind, I probably won't take 6 to 9 months to prepare for a test this time.

Friday, April 14, 2017

It's been a while

 on  with No comments 
In ,  

So apparently it's been two and a half months since I've posted.  Where does time go?  I've been wrapped up in my final semester of school, preparing for the CISSP (which is the capstone of my Masters degree), and real life stuff lately. Yesterday was my final day of class (and I mean it this time) and the CISSP is booked for tomorrow afternoon (I got this!)  so in a couple days when boredom hits, I'll be back in the lab tinkering around with something.  I'll probably hit the MCSA 2016 upgrade to pay back some favors (and I'll probably even blog about some of that) and then finally back to something interesting.