Saturday, July 29, 2017

Attacking the 300-208 SISAS Exam

 on  with No comments 
In , ,  
After passing the CISSP back in April, I have gone back and forth on which exam I want to attack next.  After passing the SENSS, I'm on the clock to finish the CCNP Security.  On the other hand, I also want to do the 70-743 Upgrading Your Skills to Windows Server 2016 before Server 2016r2 comes out and all the r2 stuff gets added to the exam.

After taking a little time off from studying and then going back and forth for a while, I've finally settled on the SISAS.  Here's the plan so far.


AAA Identity Management Security - A great primer on AAA and 802.1x that I am able to access via Books 24x7 (Thanks Eastern Michigan!).  The sections on theory, as well as configuration examples for switches, routers and firewalls are great, especially if you're not very experienced in this. However, the book goes over Secure ACS 4.x and Secure ACS 5.x rather than ISE.  The sections covering ACS 4.x are definitely not necessary at this point, though I did read through them while following along on my ACS 4.2 server.  You can never have too much exposure to the topics, right?  The jury is out on the ACS 5.x sections though.  While not specifically listed in the exam topics, I have heard that there are products not covered in the topics and the OCG that do appear on the exam.  ACS 5.x perhaps?  Maybe, maybe not.  So if you have access to an ACS 5.x server, it definitely wouldn't hurt to spend a little time familiarizing yourself with the interface.  I definitely did.

CCNP Security SISAS 300-208 Official Certification Guide - The previously mentioned certification guide, which I've purchased a copy of. I've heard mixed reviews on it.  Some say it covers everything pretty well, others say it's lacking in some areas, specifically in the equipment covered.  This is why I'm not using it as my only study source.

Practical Deployment of Cisco Identity Services Engine (ISE) - Here's another title that I have access to via Books 24x7.  I'll definitely read it if I find the Official Cert Guide lacking, but with the OCG, videos, and labbing to go, I don't know if I'll get through the entire book.

The Cisco Learning Network lists a few other things on their page for the SISAS. There's a number of PDFs including the SAFE Architecture Guide and the TrustSec 2.0 Design and Implementation Guide that I'm sure I'll read again,


CBT Nuggets - Keith Barker wrote the Certification Guide for the version of the CCNA Security exam that I took, and he also did the video series for that exam as well.  I've always been a fan of Keith, and I'm sure he'll knock it out of the park again for the SISAS.  I've heard good things about this series.

Baldev Singh on Udemy - I got in on a special promo and got Baldev's entire CCNA Security and CCNP Security series for free when I was working on the SENSS.  The stuff relating to the SENSS was quality stuff, so I'll lean on Baldev again for the SISAS.

Lab Minutes - The security videos done by Metha Cheiwanichakorn for Lab Minutes were brought to my attention by Katherine McNamara who I first came across on the TechExams forums and have since followed in various other places around the net as well.  I've watched several of Metha's videos relating to Secure ACS 5.x already and have enjoyed them so far.  I fully expect the ISE and the dot1x theory material to be as great.


Secure ACS 4.2 and 5.4 Servers - As previously mentioned, I have already been through the AAA book once and followed along on the the two versions of ACS.  I don't know how valuable this knowledge will be for the exams, but it's not like ACS will be disappearing from the world in the very near future.

ISE 2.x - I have a VM running ISE 2.0.306. Not the latest/greatest, but has been good enough for everything I've attempted to do with it thus far.  I also have an evaluation copy of 2.2, and at some point may also join the 2.3 beta program at some point.  I'm not sure how different 2.0, 2.2 and 2.3 are, but it's always beneficial to see multiple versions in real life, if not for the exam.

IOU based routers and switches on GNS3 - I'm doing most of my hands on virtually now.  The IOU images aren't the latest/greatest virtual IOS images any more, but they're still good enough for everything I've been doing thus far, and I have them set up already.  I'll continue using it as long as it's useful.

Physical 3750, 2821 and 1140 - The core of my home network, a 3750 switch, 2821 router and 1140 access point are available should I need them.

QEMU based ASA and ASAv - For firewalls, I'm exclusively virtual as I do not have a physical ASA at this time.  I do have a pair of PIX 515s for what it's worth, though I doubt they'll be of much use for this exam.

Virtual WLC 7.3 - I don't have a physical WLC at this time, so hopefully the copy of vWLC that I do have will get me through this exam.  I do know that there are features not available in the vWLC that I won't be able to do without beyond the CCNP Security though.

Misc Physical Aironet APs - A pile of older controller based APs that I'll be able to use with the vWLC.  Hopefully good enough for what little wireless I'll need for this exam.

Microsoft NPAS on Server 2016 - The MCSA upgrade is still in my short term plans, so I may as well play around with RADIUS here as well.  The Active Directory Infrastructure is already in place in the lab, so I it won't be much effort to add a NPAS 2016 server into the mix.

Saturday, July 22, 2017

That'll Never Work!

 on  with No comments 
In , ,  
While reading through a discussion on Slashdot today, someone linked a thread from 1999 as proof that the Slashdot community has always been pretty dumb collectively.  The thread was on the upcoming release of VMWare, a class of products that clearly hasn't been heard of on PCs at the time.

The thread can be found here.  It's amazing how a concept so ingrained today appears to be so foreign just 18 years ago.  My personal favorite is the very bottom comment "a great idea ROFL."