Archive for March, 2009
We are updating the Core Knowledge Simulation to provide what many of you have asked for – a link to More Information for every question. Also, during use of the All Questions version, the correct answer will display after each question.
As we update each question with the More Information feature, the question will receive a Question ID number visible in the lower right corner. If you see this Question ID number during one of the random quizzes, you will know More Information can be found in the All Questions master database. Remember, when navigating in the All Questions product, you can use the slider bar at the bottom to quickly move around in the database.
Thanks so much for all of the feedback regarding this product! As promised, this product will continue to improve over time.
To test drive a sample of the new All Questions functionality, click the link below:
as promised before, we posted the initial update to our Security Workbook VOL1 matching new new CCIE Security v3.0 blueprint. It covers the “ASA Firewall” section of the lab exam blueprint and contains 50 technology focused mini-scenarios. All customers with active subscription to the existing version of IEWB-SC VOL1 should see the new material under their members site accounts. The new content has been rewritten from scratch, with the task wording changed along with breakdowns, comments and explanatins added. You will see the mini-labs presented in “challenging” format, matching our new philosophy for the updated line of CCIE products. Of course, there are new scenarios covering the updated CCIE Security lab blueprint. If you are wondering why we jumped from version 3.2 to v5.0, there are few good reasons. Firstly, it symbolizes the unified design philosophy of our RS and SC products as the most recent version of RS products is v5.0. Secondly, you should remember how they jumped to IPv6 from IPv4. We thought that’s a good idea too. And last, but not least – Cisco did the same trick to their line of unified communication products!
Finally, Here is the list of topics covered in this update. The highlighted topics correspond to the completely new scenarios added to the section. Notice however, that all other tasks have been completely updated as well! Happy studying!
The CCIE R/S Written Exam is more important than ever! Click the link below to sample our new course. This course will be available in all formats (Live, Live Online, and Class On Demand) in May of this year! This course will be unmatched in the industry and will prepare students fully for the CCIE R/S Written and beyond. Enjoy!
Required Exam: 640-816 ICND2 (Interconnecting Cisco Networking Devices Part 2)
I. Module 1: VLANs
A. Advanced Switching Technologies
C. VLAN Configuration
D. VLAN Trunking
G. Advanced Switching Verifications
H. Basic Layer 2 Security
II. Module 2: IP Addressing/Services for Medium-Sized Network
C. IPv6 Requirements
D. IPv6 Addressing
E. IP Address Troubleshooting
III. Module 3: IP Routing
A. Routing Methods and Protocols
D. Verification and Troubleshooting
E. Basic Router Security
IV. Module 4: NAT and ACLs
A. Access Control Lists
B. Verification and Troubleshooting of ACLs
C. Network Address Translation
D. Troubleshooting NAT
V. Module 5: Implementing WANs
A. Frame Relay
Labs 4 and 5 in the CCIE Routing & Switching Lab Workbook Volume 2 Version 5.0 is now posted on the members site. More labs in this series will be posted shortly, along with more updates to Volume 1.
Many people studying for CCIE are looking for a solution to better memorize and retain the new information. The biggest enemy of good memory is the fact that speed of forgetting is directly proportional to the amount of information learned. One can actually start off this and write a simple ordinary differential equation that models the forgetting process:
dY(t)/dt = V – aY(t)
where Y(t) is the amount of information memorized at moment t and V is the speed of the new information being memorized. The component -aY(t) demonstrates the forgetting effect described above (speed of the forgetting is directly proportional to the amount of information learned). Integrating the equation we easily obtain:
Y(t) = V/a+const*exp(-at)
What it basically says, is that the amount of information that we memorize is proportional to the speed of learning! The exponentially decaying component does not play any major role as the time passes, and thus your know as much as you learn. As soon as you stop learning new information (or repeating the old info), your knowledge volume will decay with the speed of exponent. Not the best news in our already uneasy world!
This model, however is too simple to be valid. However, it demonstrates one important fact – unless you actively learn, you forget. The solution for the equation exhibits the well-know Ebbinghaus curve effect (Forgetting Curve), which has been known for over than century. Two methods can help you overcome the forgetting effect, and they are active learning and spaced repetitions. Let’s start with…
We are in the progress of upgrading our CCIE Security racks with the new software and hardware. Here are the specs that you can use to build your own rack. The rack consists of six routers, two switches, two ASA firewall appliances and one IPS sensor. The hardware models and their specs are outlined below:
R1-R5: 2611XM 32/128, IOS 12.4(15)T ADVANCED SECURITY
R6: 2811 64/256, IOS 12.4(24)T ADVANCED ENTERPRISE SERVICES
SW1-SW2: CAT3550, IOS 12.2(50)SEE
IPS: Cisco IPS 4235 or 4240, SW version 6.0(3)E1
ASA1-ASA2: Cisco ASA 5510, SW version 8.0
AAA/CA Server: Win 2k running CS ACS 4.0 and IPS Manager Express.
Test PC: Win XP workstation with ezVPN Client Installed.
You can find a more detailed topology description at IE’s Security Hardware List
All the hardware cabling remains the same and the backbone routers did not change. If you compare this to our current hardware blueprint, you will see that only R6 needs to be replaced with an ISR router. Optionally, instead of 2811 you can use another ISR such as 1841 64/192 for R6. If you are using the Dynamips emulator for you virtual CCIE rack, you can use 3725 model for SSL VPN, for instance. Simply put, you just need any router that supports SSL VPN and other ADVANCED ENTERPRISE features. As for the GET VPN feature – even though Cisco FN does not list it as being supported by 2611XM routers, it is still present in the ADV. SECURITY feature set. Surprisingly enough, ADVANCED ENTERPRISE SERVICES image for 2611XM does not support the feature
Now for the IPS appliance: the latest software version for the IPS is 6.2 and it does not support older 4235 or 4215 IPS sensors (nor does version 6.1). Instead the blueprint suggests using the newer 4240 model. However, if you look at the release notes for IPS SW 6.2 and 6.1 you will note the following tow major new features:
a) IPS management via IPS Manager Express
b) IPv6 support
Other updates are minor, including some cosmetic changes such as health monitoring, customizable dashboards, uauthenticated NTP etc. Of course, you can still configure the IPS using IDM (IPS Device Manager) or the CLI and use IMX for appliance monitoring. As for IPv6, it is not the part of the current blueprint; plus the blueprint specifies IPS version 6.1 which does not support IPv6. Therefore, until they announced IPv6 as being testing in the CCIE Security blueprint, you may freely hang with the older IPS models and save on buying the more expensive 4240. Even better, the older 4215 appliance could be emulated on VMware! Note, that you will see the older 4235 models for some more time in our racks, but they are going to be gradually replaced with the newer 4240 models. The labs will still rely on the 6.0 code.
As for the switches – right now we use the 3550s in the racks, but those will be gradually replaced with 3560s. The CCIE hardware blueprint states the use of 3560 and 3750 switches in the lab. If you compare the 3560 model against 3550, you will see the following major differences: different QoS features, IPv6 support in the 3560 and no Private VLANs in the 3550 (even though the FN states they are supported there, sigh). Everything else is virtually the same. While QoS and IPv6 are not very important from the standpoint of the Security exam, Private VLANs are. However, if you look at the CCIE lab exam blueprint, you will see that Private VLANs are not listed there. Based on that, you can stick with the 3550s switches for 99% of the Security features tested in the CCIE lab.
Also, until April 20th you will see the PIX and the VPN3k appliances in our racks. So even if you are still pursuing the old-blueprint exam, you can use the rental racks, as most features are upwards compatible with the updated software. And get ready for the upcoming initial update of our IEWB-SC VOL1 next week – 50+ technology-focused scenarios for the ASA firewall appliance.
Good luck with your studies!
Following the release of the highly rated CCENT course, Internetwork Expert is hard at work on the companion CCNA course! Look for more announcements regarding the release soon as well as plenty of sample materials.
As always – thank you for choosing INE for your Cisco Certification training!