In my previous post I said I will share some info about how I prepared for CCSP, so here it is. First of all, the CCSP certification has CCNA Security as a prerequisite, so you can’t start without that one. Then you need to take 4 more exams, 3 of them are fixed and the last one you can choose out of a list of elective exams.
- CCNA Security – pre-requisite; Exam 642-553. This one is the entry-level certificate in the security train and introduces you to basic concepts about firewalls, securing the network, VPNs, ACS, network attacks and so on.
I used the official certification guide book from Cisco Press. I was already familiar with most of the technologies discussed in the book so this was an easy exam but I would say the book is good and you can use it to pass even if you are new to the security field. You do need to have CCNA passed though.
- IPS (Implementing Cisco Intrusion Prevention System) – mandatory; Exam 642-533. For this one you need to be familiar with the IPS sensors.
I didn’t have access to something like that to practice so I took the official Cisco class for this exam. It was a 5-day class at Experteach and I would say it did a decent job at preparing me for the exam. It was not exactly cheap though (none of the Cisco classes are).
- SNRS (Securing Networks with Cisco Routers and Switches) – mandatory; Exam 642-504. This exam builds upon CCNA Security and further introduces you to a bit more advanced concepts like Layer 2 security, network thread mitigation, DMVPN, GETVPN and so on.
I took the official Cisco class for this one as well but after I finished it, I realized I went there for nothing. Almost everything could’ve been practiced at home in dynamips/gns3. You can easily practice for this one at home based on the exam blueprint.
- SNAF (Securing Networks with ASA Fundamentals) – mandatory; Exam 642-524.This exam introduces you to the administration, management and troubleshooting of the ASA security appliance.
For this exam I decided to prepare myself at home and I rented for a week the CCIE Security rack from InternetworkExpert, a 6-hour slot each day. The rack is meant for CCIE practice but it did have all I needed for my exam (2 ASAs, ACS server, IPS sensors). It was really not expensive at all ($15 per day or so) and you get remote access to the rack equipment.
Having that, based on the exam blueprint, I designed my own practice scenarios and I just used them to practice the various technologies. It was not that bad, you have complete access to the equipment and you can familiarize with them in peace and configure them the way you want.
- SNAA (Securing Networks with ASA Advanced) – elective; Exam 642-515. This exam builds upon SNAF and introduces you to more advanced ASA topics such as dynamic routing, SSL VPNs, AIP and CSC modules and so on.
I wanted to study at home for this one as well but I looked around for a while and I ended up buying a one-week SNAA remote lab from NIL. The difference this time was that the lab is specifically tailored to the SNAA exam and they also give you a set of scenarios and exercises you can do, which cover the exam blueprint. Another plus is that once you log into the remote lab, all equipment are already pre-configured and you can start immediately to do your exercises, without wasting time to prepare them.
And I forgot to mention that for both SNAF and SNAA exams I used the Cisco Press book Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance. Good book.
And that’s pretty much it. What’s next ? CCIP, which is geared towards service providers and it’s much more related to what I do at work these days.
And after quite some time, I have finally finished my Cisco CCSP certification, just got out of the testing center 10 minutes ago 
When I get home tonightI will put together a post with some information about the whole process, what exams I took, what study materials I used and so on. Who knows, it might help someone out there.
This week I stayed home and I studied. I am going to take my last exam of the Cisco CCSP certification soon so I needed to do some practice.
The exam is all about the ASA Firewall and since I don’t have one at home and none available to me at work, I decided to get a one-week of SNAA remote lab from , a slovenian Cisco training partner. I guess I could’ve also taken a course for this exam but I think the remote lab is a better deal if the subject is not a complete mistery to you. It’s not sky-high expensive, you get exercises to practice all the items from the exam blueprint and you get to do this at your own pace, on real equipment. Which worked perfectly, all from a browser. I was quite impressed.
Anyway, at least I get to stay home this week. Next one it’s Munich again which is gonna be real “fun” since it’s the last week of the . 6 million visitors come to … get drunk 
Yeah, really great. But I guess each with his own.
Yep, today I passed yet another exam and I now have only one more left until I finally obtain the CCSP certification: the SNAA exam. I have no reason to hurry now, so I figure I’ll have that by the end of September.
I am still around and I did not forget the blog, it’s just that I’ve been a bit busy with other things lately. During the week not much special is happening, it’s just work as usual. Most of the time in München, some of the time in this shithole small town called Rheinbach on the other side of Germany. Which is where I will be next week, actually. I can hardly wait, I am trembling in anticipation. Umm .. no, not really. In any case, not much I can do about that right now so I have to go.
Otherwise we’ve been working on our house, which we nicknamed “The Cave”, don’t ask why. The Cave is starting to look better now. We are also trying to do something about what we call “city rats”. They are not actually rats, just pigeons. We don’t like them, they are all over the roof, they make weird sounds and they shit everywhere. Luckily Freya might’ve found a solution:
Yes, that’s a pump-action water gun with a pretty good range. We hunt them down now and I think they are learning that it’s not so safe anymore to sit anywhere they please.
At the beginning of June I finally have a week of vacation, which should be kinda nice. As it happens, my parents will also be visiting and they will also bring a very special little somebody, which I will very happy to see again. That’s also the reason we have accelerated a bit the renovation inside The Cave. It’s not yet ready to receive too many guests but hopefully we’ll get it ready in time
Professionally I am still kinda working towards my CCSP, I have two more exams left in which the Cisco ASA firewall plays a major part. That’s one thing I can’t practice with at home so I don’t have many choices. Either classes or I just get whatever books I can for self study and I do the practice online. Which is what I will do actually. Internetwork Expert is a well-known site for the candidates to the CCIE, the Holy Grail of the Cisco certifications. They also have rack rentals and I noticed that the security rack has all the equipment I need to practice for my ASA exam: 2 ASA’s, IPS sensor, ACS server and so on, just perfect.
So I just rented rack slots for one week and at the end of June and I will just stay home and practice. It’s actually not that expensive either, about $15 for a 5.5 hour slot. My boss agreed with the plan, probably the $90 price for one week plus some books as opposed to many thousands of euros for a 4-day Cisco course plus travel expenses might’ve had something to do with it.
Last but not least, I am still trying to convince Freya to do a guest post on the blog but so far no success. I am still working on it, she has some funny stories to tell from her daily trips to work I even offered to translate it into romanian but I guess I need to offer more incentive. We’ll see.
Tags: ccie, ccsp, cisco, germany, house, munich, pigeons, rack, rheinbach, watergun, work
Daily stuff, Our House, Pictures | Stefan | 
20 May 2009 6:33 AM | 
Comments (3)
I forgot about this. Last week I passed yet another exam, only two more to go until my CCSP. After that .. I don’t know. I imagine my boss will want me to start working towards the CCIE Service Provider but I don’t think I will go for that just yet. I simply don’t have time for it. I think I will continue with CCIP but we’ll see, I still have some time.
One more down, 3 more to go until CCSP
Warning: geeky talk.
This is what course “rack” looks like. Each student has his own “pod” (I have no idea why they call it that) which consists of a 2811 router, a 2960 switch and 2 laptops, which simulate a client and a server. The thing is pretty compact as you can see, the trainer only has to plug it into a socket for power then just hand out two network cables to each student.
The course is about securing Cisco devices (routers and switches), VPNs and ACS. I have already worked quite a bit with most of the technologies mentioned in the course so it comes a bit earier for me, I don’t think there will be any problems at the exam. As a “deadline” I have to pass the exam until end of March. I have to pass also the CCNA Security exam until end of March, new prerequisite for the CCSP certification. But I think it’s going to be ok too.
The main reason I came to this course is the lack of books on SNRS. For some weird reason, Cisco hasn’t published any books about the CCSP exams. All you can get is the study guides they hand out in the course, there is not much else. Or at least I could not find anything. If I would’ve found books about this I would’ve stayed home because most of the things in this course can be simulated in GNS3.
Well, back to the class
