NetworkJutsu

Networking & Security Services | San Francisco Bay Area

Certifications

Passed the CISSP exam!

By Leave a Comment

Yesterday was a good day, at least for me. I passed the CISSP exam on my first attempt! While it wasn’t that hard (in my opinion) compared to other exams that I have taken, it still felt awesome to pass it on the first attempt.

Quick background

As of this writing, I have been in the IT field for 13 years. The last ten years of my IT career has been in the networking field. I’ve heard from some CISSP folks that people in the networking field have some advantages when preparing and taking the exam. The reason could be because there are some overlapping topics in networking and security. Additionally, information security and networking departments work closely together, so there is some knowledge sharing.

Exam preparation

Technically, I started reading CISSP topics back in January. However, I wasn’t that serious about it and stopped reading. Sometime in February, I took the CISSP boot camp from Global Knowledge. I had hoped that I would learn a lot from it but ended up learning only a few things. Though, nothing that I wouldn’t learn from the book.

If you’ve decided that you’re going to take the boot camp, then I would suggest to take it only from SANS – the MGT414 class. They charge more than other vendors out there, but I have read and heard many good things about their training.

I initially considered taking it from SANS but decided against it. The main thing that discouraged me in taking it from them was the price. While I didn’t have to pay for it, their pricing was significantly more than Global Knowledge. The certification isn’t a requirement for my job, so I figured might as well save some money for the company. Furthermore, the training vendor included a “free” CISSP exam voucher, which was probably the most valuable thing I got from the boot camp.

Anyway, after the boot camp, that’s when I shifted into a different gear. I started reading the CISSP book every day. I also watched training videos. Though, to be honest, I didn’t finish them all.

The latter part of March, I knew that I would be finished reading the CISSP book by mid-April. I wanted to schedule the exam, but I kept procrastinating and lost my spot. I had to push my schedule longer than I wanted to. However, it gave me some time to take practice exams and review some more topics that I don’t quite know.

Study materials

In this section, I’ve listed all of the study materials that I had access to or have used. I clearly stated below if I used it or not. Hopefully, it would help CISSP aspirants for their preparation.

Books

I used Sybex’s CISSP Official Study Guide as my primary resource for my studies. This book is the best seller and has good ratings on Amazon. For good reasons, I feel that the book is sufficient by itself as the only resource in preparing for the exam. I read all 21 chapters of the book even though I have a great understanding of one of the domains.

UPDATE: The one I used was the 7th edition which was applicable to the CISSP 2015 exam objectives. The Sybex’s CISSP Official Study Guide 8th edition is meant for the CISSP 2018 exam objectives.

Another book that I used was the Eleventh Hour CISSP. This book has only 21 reviews, but the rating is high. I read this book from cover to cover. It is good for a refresher before the exam, but I still think that the previous book was enough. I’d say, just go back to the topics that you’re weak on and you should be good to go.

Since I took a boot camp, I have access to Official (ISC)2 CISSP training handbook, flash cards, and Guide to the CISSP CBK book. I didn’t use any of them, but it’s good to have for reference.

Videos

I have or had access to boot camp recordings and Cybrary. Out of the two, I’ve used only the Cybrary.

Cybrary’s instructor is Kelly Handerhan. I haven’t come across her name in the years I’ve been in IT field. That’s not a shot to the instructor since I mostly know people in networking. The videos are good, so I recommend to go through them. I think for the level being tested on CISSP, their videos are a great learning tool.

Honestly, I stopped watching their videos because they were making me fall asleep. Again, not a shot to the instructor. I just couldn’t finish the videos without falling asleep. Your mileage may vary.

Practice tests

I have or had access to Transcender practice exams (included with the boot camp), Sybex’s CISSP Official Study Guide practice tests and Sybex’s CISSP Official Practice Tests. Out of the three, I’ve used only two of them.

The Sybex’s CISSP Official Study Guide have four full practice tests accessible via online. Each full practice tests contains 250 questions. I’ve only tried two out of the four practice tests.

When I took the first full practice test, I scored around 77 – 78%. It is a low score but still a passing mark. At the time, I felt so confident that I will pass the CISSP exam if I took it that day. Boy, I was wrong. Because the following day or so, I took the second full practice test and I failed. I scored between 65 – 66%. To my defense, I was quickly picking the answers and weren’t paying too much attention. My average time taking the practice exams was between 70 – 95 minutes (can’t remember). Not very long at all.

The Sybex’s CISSP Official Practice Tests have 100 questions per domain plus two full practice tests. The best way to use this resource is to access the online portal. To me, it is hard to use it as physical book or ebook. The online portal was more convenient than using the book.

I didn’t try the domain tests. I felt that it would go into too much detail compared to the CISSP exam. Having said that, I went straight ahead and took one of the full practice exams. Again, I failed. I scored 69.20%. Since it was a practice exam, I also rushed taking the exam and didn’t pay full attention.

Days before the exam

I booked the exam probably six weeks ahead of time. At the time, I was not sure if I was going to be ready or not. Though, I knew I had plenty of time. I just had to make sure I used my time efficiently. Though, I would say that the last two weeks before the exam, I relaxed and started watching some Marvel shows on Netflix. The relaxation that I did was the main reason why I was panicking few days before the exam.

24 – 48 hours before the exam, I had a mixture of relaxation and also some exam cramming. I focused reading my weak topics because if I were to get those questions, I would totally fail. I guess my cramming for the exam worked because I passed it.

Day of the exam

I slept late the night before and woke up at 5:30 in the morning. Having enough rest is important when taking any exam so make sure you do. Even though I didn’t have enough sleep, I felt fine.

Since I woke up early, I had plenty of time to prepare and get to the Pearson Vue testing center. I made sure I ate breakfast before I left, prepared my snacks, meal, and water to bring to the testing center. Since the test won’t stop the timer when you take a break, it is important that you bring food. Do not attempt to skip your snack or meal. I think it is important to have food in your body.

Arrival

When I arrived at the testing center, I was 40 – 45 minutes early. I talked to some of the test takers that day and found out they weren’t taking any exam related to IT or IS. Makes sense since Pearson Vue handles non-IT related exams as well.

The testing center’s employees started to arrive and eventually let us in 30 minutes before our scheduled time. During all of this, I was still having some second thoughts if I was going to pass. I was saying to myself that it’s okay if I pass or not. At least I attempted it, and failure is part of any journey.

When it was my time to check in, the person almost turned me away because of the two forms of identification rule. I did have my government-issued ID and credit cards, but they weren’t signed. The person eventually decided to let me through. It would’ve been bad if I was denied to take the exam. I would’ve wasted the “free” exam voucher.

Exam experience

As I was going through the questions, I started gaining confidence that I will pass the exam. But then, I started getting questions that I am not sure if I answered correctly. As time went on, I knew I was going to pass the exam. I would’ve been shocked if I didn’t. Don’t get me wrong though I had plenty of flagged questions for review. However, I was sure with my answers on a lot of them. I just wanted to go over again just in case I wasn’t thinking right.

I thought the questions weren’t as hard as the full practice tests I have taken. While I didn’t take a lot of them, I feel that they were similar to the real one. Unfortunately, due to NDA and the fact that I don’t know what I could say, I will stop discussing the exam now.

Breaks

As you know, a CISSP exam taker can take up to six hours to finish it. In this timeframe, exam taker can take breaks at any time. This break could be used to go to men’s or ladies room, eat some snacks or meal. It is up to the exam taker on how he/she would use it.

I took four or five breaks. The first break was around my 77th question. I took a restroom break and also walked around the hallway to relax a bit. My second and third break were pretty much the same. During this time, I had plenty of time left. On my fourth break, I ate my sandwich and walked around a bit. Close the 250th question I had to go to the restroom. Apparently, I drank too much of water.

Review flagged questions

As mentioned, I had plenty of flagged questions. I went through all of them and changed some of the answers. On some of the flagged questions, I just didn’t know how to answer them. I just picked whatever I felt like the best answer. The review took probably between 40 – 50 minutes. By the time I was done, I had between 40 – 45 minutes left on the clock. I didn’t feel like going through the questions again, so I ended the exam.

Exam Results

Apparently, (ISC)2 CISSP exam does not give the results on the screen. I actually closed my eyes when I hit the end exam button and waited few seconds before I opened my eyes. It was for nothing because I had to go to the front desk for the printout. Since I’ve taken quite a bit of Cisco exams, so I assumed that it would be the same thing. I couldn’t be more wrong.

When I saw the congratulations part, I wasn’t shocked about it but I was relieved that it’s finally over. Another difference between the Cisco and (ISC)2 is that the results didn’t say what my score was. Not a big deal but it would’ve been nice to know.

Final words

As mentioned earlier, I believe that the Sybex’s CISSP Official Study Guide book is all one would need to prepare for the exam. Let me reiterate that this is coming from someone with networking and some security experience. Though, I still think that if one spends enough time understanding the book and some memorization, then anyone could pass the exam. So, if one is on a small budget, I’d say only buy that one.

If one wants to learn more about the topics, definitely go through the Cybrary videos. It will help in day to day operations and solidify the concepts that you read from the book.

Some people would like some exam tips. I’d like to give plenty, but I only have one. That is, read the questions carefully and pick the best answer.

Good luck in your CISSP journey and I hope you get the same success as I did!

Are you ready to improve your network security?

Let us answer more questions by contacting us. We’re here to listen and provide solutions that are right for you.

ENGAGE US

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.

CCIE R&S v5 Home Lab

By Leave a Comment

Cisco announced CCIE Routing & Switching Version 5 exam update back on December 3, 2013. Even before the announcement, there were already speculations on what will or will not be on the exam. There were two things we knew for sure that will not be in the v5 exam, Frame Relay and IOS 12 – we all turned out to be right. That being said, my old CCIE R&S v4 home lab needed an upgrade.

UPDATED: If you are running ESXi 6.x, please look at the updated section below.

Before the CCIE R&S v5 exam has been released, I’ve been studying for the written exam by using the two very well known books for Cisco routing and switching – it does not matter if one is studying for CCNA R&S, CCNP R&S, or CCIE R&S. These two books are very awesome resources to have on their bookshelf at work or at home. The two books are Routing TCP/IP, Vol 1 and Routing TCP/IP, Vol 2. While these two books are old, they are still very helpful! According to Jeff Doyle, he is working on updating at least one of the books. You can now order Routing TCP/IP, Volume II Second Edition!

The other two books that a CCIE aspirant must have are the following: CCIE R&S v5.0 Official Cert Guide, Vol 1 and CCIE R&S v5.0 Official Cert Guide, Vol 2. The first two books are also available in a bundled format, CCIE R&S v5.0 Official Cert Guide Library, which costs less than buying them separately. I do want to point out that these books are not a replacement for Routing TCP/IP Vol 1 and 2.

Cisco’s Recommended Gears

The recommended gears to prepare for the exam are ISR G2 2900s and Catalyst 3560X, as stated in this document. I can’t afford all of those gears, especially with INE’s hardware topology. As you can see, the topology has 20 routers for full-scale labs but the advanced technology labs require only 10 routers. Even with 10 routers, I still can’t afford to buy them. On top of all the routers, you still need the 3560X which costs an arm and leg just like the 2900s. Fortunately, there are other options in building a CCIE home lab that will mimic INE’s workbook topology. I opted for the CSR 1000v which requires a hypervisor, like VMware’s ESXi, Microsoft’s Hyper-V, Xen, and KVM.

The CSR 1000v takes care of the routing section of the lab, but I still need something for the switching section. Fortunately, I can reuse my two Catalyst 3560s loaded with IOS 15. Yes, you read that right. There are some versions of Catalyst 3560v1 that are capable of loading IOS 15 as long as you have the 32MB flash version. I have two flavors of 3560: WS-3560-24TS-S and WS-3560-48TS-S. If I try to log into Cisco’s IOS download page with your CCO account and start looking for an IOS 15 image for that model, you won’t be able to find one. The last version for these models is 12.x, but if you look under 3560G then you have the option to download IOS 15 and the images do work on these two models.

With two on hand, I needed to add two more to complete my CCIE home lab. Fortunately, we have tons of them at work that aren’t being used at all. I wanted to buy them from my employer but was told that I didn’t have to. I was given a permission to borrow two of them for a long period so I took that opportunity and borrowed two more of the WS-3560-24TS-S. With four 3560s, I now have a complete CCIE R&S v5 home lab! While it won’t do 100% of the topics covered in the lab exam, at least I can still do the majority of the topics with my home lab. For the topics that won’t be able to do with my home lab, I can always do rack rental or probably use VIRL (Virtual Internet Routing Lab).

ESXi Server

Since I already have a VMware ESXi home lab, it was an easy decision on which hypervisor to use and it’s what INE is using anyway for their rack rental. The ESXi server build that I have is a couple of years old so if you’re looking for a new one, then check out my new build to get some idea.

Related: VMware ESXi Home Lab – Intel NUC 10 (Frost Canyon)

My new build is underpowered compared to my first ESXi host, but the Intel NUC Skull Canyon is a great candidate for your home lab. If the build is still pricey for you, eBay is there for old servers. I almost bought the Dell T5500 but glad I decided to hold off on the purchase. Also, I didn’t like the fact that it was too big since I do not have space for it unless I clear out my rack. Anyone wants to buy my old routers and switches that were part of my CCIE R&S v4 home lab? The decision to hold off turned out to be a great decision since I was able to squeeze all 20 CSR 1000v with 2.5GB RAM configured on each VM, more on that later.

Installation

I am not going to do a tutorial on how to install it since INE has one already. However, I do want to show some tips that I’ve learned from the INE’s forum members on both CCIE R&Sv5 Equipment Build and Building INE’s RSv5 topology on CSR1000v threads.

INE’s blog post about how to install CSR 1000v is a bit old, but you can still follow the wizard since it’s pretty self-explanatory. One of the differences would be after the Name and Location section, which is new with the OVA file that I downloaded. The Deployment Configuration section will ask you what type of deployment you would like to use – Small, Medium, Large, and Large + DRAM Upgrade. For the lab environment, a small hardware profile is sufficient.

If you still decided to use ESXi 5.5, then deploying the OVF template install is different from ESXi 5.1. Different in terms of how it creates the VM. The ESXi 5.1 used hardware version 9 versus hardware version 10 of ESXi 5.5. You’re probably asking, so what if ESXi 5.5 uses hardware version 10. Well, you cannot edit the VM using the vSphere client. You would need to use vSphere Web Client to edit the VM, as seen below. That means you would need to run a vCenter Server instance to just run vSphere Web Client which complicates your home lab. Then again, if you are studying for VCP or will study for it, then it doesn’t really matter. However, for people who just want to get their CCIE home lab running, then it will be annoying to go through the process of building a vCenter Server instance just to edit the VM.

editing the vm
Editing the VM

Tips

If you still decided to use ESXi 5.5, then there are ways around the error that you get when trying to edit a virtual machine that is version 10 or higher. Some people decided to copy the VMX file from the ESXi server to their desktop and edit the file and re-upload it. I decided to use CLI of the ESXi server since I am familiar with it. To access the CLI, you’ll need to enable SSH, it’s mentioned in one of my blog posts. Next, you will need to find the VMX file of your CSR 1000v. In my case, my baseline VM is called CSR1000v and normally what you call your VM will be also the name of the folder within your datastore.

~ # vi /vmfs/volumes/nfs01/CSR1000V/CSR1000V.vmx
.encoding = "UTF-8"
config.version = "8"
virtualHW.version = "10"
nvram = "CSR1000V.nvram"
! Output omitted for brevity !

The line that we’re looking for here is the virtualHw.version = “10”. We need to change it from 10 to 9 and save the file. We’re still not quite done yet, even though we’ve changed the hardware version. The vSphere Client will still give you an error if you try to edit it since it still thinks that the VM is version 10. We need to remove the VM from the inventory and add it back in. Once added, the VM can now be edited. My suggestion is not to edit this and make this as your baseline VM for CSR 1000v needs. Since we need 20 CSR 1000vs for INE’s full-scale labs, we need to start cloning the VM. Once you’ve created all 20 VMs, you’re now ready to edit them.

In INE’s blog post, it tells you to issue the command platform hardware throughput level 50000 but this one doesn’t prompt you to activate the evaluation license with a newer CSR 1000v image, at least on the one I downloaded – csr1000v-universalk9.03.12.00.S.154-2.S-std.ova.

R1(config)#platform hardware throughput level 50000
R1(config)#
*Aug  6 04:36:20.067: %VXE_THROUGHPUT-3-CONF_FAILED: Configuration failed. Installed license does not support the throughput level. Please install the valid license

To activate the evaluation premium license, you need to issue the command below and accept the EULA. Before activating the license, you may want to do a snapshot or configure your VM’s Virtual Disk to non-persistent. This way, you can still take advantage of the higher throughput level compared to a measly 2.5Mbps once the evaluation license expires. For the lab environment, though, the basic throughput is enough so it’s really optional. Another option is to activate the license and put all the initial configs and then convert the VM’s Virtual Disk to non-persistent. This will give you fresh evaluation license every time you the shutdown and power up the VM.

R1(config)#license boot level premium 
         Feature Name:prem_eval
! Output omitted for brevity !
ACCEPT? (yes/[no]):yes
*Aug  6 04:41:05.560: %LICENSE-6-EULA_ACCEPTED: EULA for feature prem_eval 1.0 has been accepted. UDI=CSR1000V:9L5WSSXMWKP; StoreIndex=0:Built-In License Storage% use 'write' command to make license boot config take effect on next boot
*Aug  6 04:41:09.344: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = csr1000v Next reboot level = premium and License = prem_eval
R1#show license
! Output omitted for brevity !                
Index 30 Feature: prem_eval                      
        Period left: 8  weeks 3  days 
        Period Used: 0  minute  3  seconds 
        License Type: Evaluation
        License State: Active, Not in Use, EULA accepted
        License Count: Non-Counted
        License Priority: Low
! Output omitted for brevity !

Once the license is activated, then you can now change the throughput to 50Mbps.

R1(config)#platform hardware throughput level 50000
R1(config)#
*Aug 21 01:34:36.573: %VXE_THROUGHPUT-6-LEVEL: Throughput level has been set to 50000 kbps

What happens when the evaluation license expires? Well, as stated earlier the throughput goes back down to 2.5Mbps but you still get all the premium license features. You also get an annoying message about the license being expired. If you’re doing debugs and what have you then it gets annoying to see one of the lines is about the license. That said, the non-persistent disk or snapshot becomes handy in this situation.

R1#show platform hardware throughput level
The current throughput level is 2500 kb/s
R1#             
%LICENSE-1-EXPIRED: License for feature prem_eval 1.0 has expired 7 hours and 30 minutes ago. UDI=CSR1000V:905F9PPAKYB

Since my ESXi server only has 32GB of RAM (maxed out), the amount of CSR 1000v VMs that I can do is probably around 12 excluding my other VMs. That means I will be short of 8 routers for the full-scale labs. My original plan was to do memory overcommitment and take advantage of the performance that you get from SSDs. That said, I bought a 128GB Samsung SSD to be used as a host SSD cache. In theory, the swapping to SSD shouldn’t be noticeable for a lab environment. I was ready to install the SSD until I saw a guy posted in the IEOC thread about disabling the Transparent Page Sharing (PDF) Large Page support feature. By default, some ESXi versions support large pages and small pages. By disabling the large page support for OS, VMware ESXi kernel will force the guest OS to use small page support and will increase the chances of TPS being able to keep one copy of the page and share it among the VMs. Since we’re running the same OS twenty times over, there are some contents that will be the same for each and every VM. That said, it would make sense to just keep one and share it among the VMs, which reduces the amount of physical memory being used by the VMs and allows a higher level of memory overcommitment. That’s how I was able to run 23 VMs concurrently and use only about 16GB of physical memory.

To disable the large page behavior and instead force small pages, go to Configuration tab > Advanced Settings (under Software) > Mem > Mem.AllocGuestLargePage > Change the value from 1 to 0.

Forcing small page support
Forcing small page support

Once disabled, it would take some time to scan the VMs and reduce the amount of RAM used. That being said, just try to run 10 or so CSR VMs and wait several minutes for the ESXi server to scan them for duplicate memory pages. Once ESXi is able to scan fully, you should start to see your memory consumption to drop significantly.

UPDATE: For those people who are running certain versions of ESXi 5.x and now 6.0, the TPS is disabled by default. My ESXi hosts are now on 6.0U2 6.5 and noticed that Mem.AllocGuestLargePage setting changed back to the value of 1. Please check your settings and change it back to 0. In addition, there is a new setting in certain versions of 5.x and version 6.0 that needs to be changed. This is to revert back to the traditional behavior of TPS. The setting is the Mem.ShareForceSalting and needs to be changed to 0. Please be aware that there is a VMware KB that talks about security concerns of TPS. In a CCIE home lab environment, I do believe that it is perfectly OK to revert back to the traditional behavior.

Inter-VM Transparent Page Sharing

Previously, once the Mem.AllocGuestLargePage has been changed to 0 the inter-VM TPS will kick in after several minutes. However, I noticed that the behavior of ESXi 6.0U2 is quite different. The inter-VM TPS did not kick in until the VMs were powered down or migrated (vMotion) to a different host. Once done, RAM consumption will start to decrease but may take 15 – 30 minutes before it goes down to around 14 GB. Ignore the other VMs on the left since those are on a different host. The RAM consumption of 20 CSR1000v should be around the same as mine.

TPS Enabled
TPS Enabled

Thoughts

If you haven’t been living under a rock, then you definitely know that there are several options out there. Some people decided to use Web IOU or Unified Networking Lab by @adainese, GNS3 v1.x, IOSv that is extracted from the OnePK, or a combination of hardware and virtual. If you are not Cisco employee, then you shouldn’t be running IOU/IOL since it is against Cisco’s EULA. That said, run it at your own risk.

The GNS3, Web IOU, and Unified Networking Lab options are great since you can take them on the go because the system requirements are not very high so any decent notebook can run it. The problem with IOU/IOL, they weren’t designed to be used for learning so some features may not work properly and can be frustrating at times. The IOSv’s, which is the software that will be used in VIRL, system requirements are not very high as well so if you have a not so powerful desktop/notebook, then this is definitely something you can consider.

Since I happened to have an ESXi server, I made a decision to utilize it since I was only using it for playing with some OS and a few VMs that I use for everyday use like FTP, proxy, Plex, etc. Another reason why I went with the CSR 1000v route is because the INE’s labs were written with their rack rental in mind. That said, the convenience that you get with following INE’s setup is priceless. I am quite happy with my setup and my ESXi server can handle the load that I am currently throwing at it. Then again, I haven’t finished the whole advanced technology labs so take it with a grain of salt.

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.

VMware Certified Associate Data Center Virtualization (VCA-DCV)

By 1 Comment

I don’t follow VMware certifications so I didn’t know that they even announced the new Associate level certifications last month. I recently just found out about it and decided to give it a whirl, since it’s free – for limited time only. This new certification level doesn’t really change how the prerequisites of the upper level certifications like how Cisco designed theirs. If you are familiar with Cisco certifications, then you know that the Associate level certifications are prerequisites for majority of the Professional level certifications.

Cost

The certification will cost you $120 if you take it after the promo period. VUE and VMware are offering all Associate level certifications for free, with exception of VMware Certified Associate – Network Virtualization (VCA-NV), until September 30th. If you take it after September 30th, then it’s $60 since VUE seems to offer their promo until the end of the year. Don’t quote me on that though.

If you schedule it right now online then it’ll cost you $60, but again since VMware has a promo so you can enter the coupon code to make it free. The code you need to enter is VCA501. If you happen to try to schedule online, you may get an error after going through the motions of registering for the exam. It seems like VUE has been having this issue for quite some time now since I’ve seen postings online that people are getting the same error as I did. While you can certainly try it out, I suggest that you don’t waste your time doing so and just give VUE a call. It should be less than five minutes to schedule via phone unless there’s a long hold time.

Certification

VCA-DCV is really a sales certification rather than a technical certification in my opinion. It didn’t really ask any technical questions at all, if my memory serves me right. It just validates that you know the features well enough to answer questions of clients that are interested in VMware’s virtualization software products.

The certification doesn’t really have a prerequisite, which is a relief for people wanting a VMware certification since VCP still has the class requirement. This is most likely VMware’s response to the outcry of a lot of IT professionals. While it’s a good attempt to appease the IT professionals, in my opinion, VMware failed. This certification is worthless in my opinion. I will definitely not even put this on my resume unless it magically made a reputation that everyone has to have it. I did, however, put it on my about page and LinkedIn just for the heck of it.

How to pass VCA-DCV exam?

At the time of this writing, I only needed to take the free VMware Data Center Fundamentals class offered by VMware and was able to pass the VCA-DCV exam. However, I have to say that I have personal experience with VMware ESXi (since 3.5) and the VMware vSphere: Install, Configure, and Manage [V5] class I took also helped me to pass the exam.

The VMware Data Center Fundamentals class is a self-paced and is approximately 2.5 hours long. It is a pretty short class so one could take this at one sitting. The exam might have changed by now so I suggest that one should buy the VCA-DCV Official Cert Guide: VMware Certified Associate – Data Center Virtualization book and also take the free self-paced class from VMware, especially for people who do not have experience with VMware vSphere.

Thoughts

If you are looking for a VMware certification to add on your resume, this is not it. Don’t waste your money on it. The $120 is better spent on a VMware vSphere: Install, Configure, and Manage class that you can take from a community college instead of paying for the pricey 5-day classes offered by training partners, like Global Knowledge. I took mine from Ohlone College for less than $100. However, that pricing is limited to California residents and non-CA residents have to pay over $300 to take the class, if I am not mistaken. One of the forum members on the site that I frequently go to found a lowest cost that can be taken from the comfort of your home that doesn’t require residency to a particular state. It’s from Stanly Community College and I believe it will set you back less than $300. Yes, these colleges are authorized VMware IT Academy as you can see from this list. The list no longer includes the schools that offer the VMware IT Academy program. Check the VMware IT Academy site to search for schools near your area.

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.

SolarWinds Certified Professional

By Leave a Comment

SCP


It’s been a while since I’ve posted any blog post and today I’ve decided to make some time to post at least one that is not technical. Writing a technical blog post is time consuming since you have to make sure that what you put out there is correct, so even though I think I know what to say it doesn’t mean it’s correct so research is very important. The research alone can take few hours to verify what I need to say is true. That said, I don’t really have much time to dedicate to write a new blog post as much as I want to. I’d also be lying if I don’t include that laziness trumps over the need or want to post a blog.

Anyway, enough with all that since the whole point of this blog post is about the certification. I found out about this certification on a technical forum. At first, I was like I don’t need to take that since I never really liked network management all that much. I find it very boring and not interesting to work on everyday. Heck, even in college when I had to take one class about network management, I didn’t really pay attention that much. Luckily, I passed that class! On all three employers that I’ve been a part of the network team, only one employer that required me to do something about network management. I was always the user of the network management tools so it wasn’t my responsibility to work on it. Those two employers have a team that manage the network management tools. My previous employer didn’t have that since it’s very small compared to my current and former employer.

If I found it boring and not interesting to work on everyday then why did I take the certification? Well, mostly, I was just curious what the exam would be like and it’s free (for now). I didn’t even prepare for this online exam. I just signed up one day and the next day I was given all the instructions on how to take the exam. Once I received all the necessary information to take the exam, I was already clicking through the website and filling out what needs to be filled out and started answering exams questions. Since this is an online exam, that can be taken anywhere with no camera or proctor looking at you, then it is technically an open book. I could’ve opened one tab and “google” every questions but what’s the fun of that if you’re trying to assess what you don’t know? To me, I was just really curious of the exam and what I still do not know about network management.

Exam

The exam contains between 70-80 questions, at least mine did, and you have 90 minutes (if my memory serves me right) to complete it. If you need more information about the certification then please click here. The site will contain links for the prep guide, videos that you can watch to prepare for the exam, types of questions that will appear in the exam, and other information about the certification and exam. This certification has been out for quite sometime now, I think. I think the beta started back in 2009 so it’s pretty old but not a very popular certification compared to Cisco, Microsoft, or VMware.

Sample questions:

Network Management Fundamentals

A network engineer has been asked to monitor an ObjectIdentifier(OID) using a custom poller. The custom poller does not seem to be working, so the engineer takes a packet capture from the router in question. To best filter the capture data and determine if the router is sending information about that OID, what would the engineer filter on?

(A) destination IP address of the network management system (NMS) and port162
(B) destination IP address of the router and port 161
(C) destination IP address of the network management system (NMS) and port161
(D) destination IP address of the router and port162

Network Management Planning

A managed service provider(MSP)is planning to deploy a network management system (NMS)to monitor multiple customer networks. The MSP must choose between a centralized or distributed management architecture. What are the two most important factors to consider? (Choose two.)

(A) available bandwidth between the MSP and customers
(B) total number of devices to be managed
(C) choice of SNMP version for polling
(D) overlapping IP address space between customers
(E) choice of SSL versusVPN tunnel for communication

Network Management Operations

Which type of Syslog message indicates the lowest severity level?

(A) alerts
(B) critical
(C) debugging
(D) errors
(E) informational
(F) notifications

Network Fault & Performance Troubleshooting

Your network management system (NMS) indicates that a device is down. As a troubleshooting step you attempt to telnet to the device, and you are able to successfully connect. However, pinging the device fails. What should you do next to troubleshoot this
situation?

(A) verify layer 2 connectivity to the device
(B) verify that the “down” device can ping the NMS
(C) verify that the ICMP service on the NMS is functioning
(D) verify the SNMP community string for the device

SolarWinds NPM Administration

You need to create an account that can see only a subset of the nodes being monitored by SolarWinds NPM. What would you add to the
account to make this possible?

(A) account views
(B) account limitations
(C) account permissions
(D) view permissions

Score

So, what’s your score, you might ask. Well, I didn’t really do a good job but as one might say, a pass is a pass. A lot of people on the forum were getting 80+% score but I barely passed the exam on the first try – you have can have up to three attempts to pass the exam. I missed 23 questions which gave me a score of 70.1% and the passing is 70%. To give you some idea of what my background with SolarWinds, I deployed and used NCM, NPM, and IPAM at my previous employer. I’ve used all of them for less than a year and when I took the exam it has been almost a year since I’ve touched it so that also contributed to my bad score. I’ve never used SolarWinds ever before but to be honest it’s a pretty intuitive once you get the hang of it – the administration side that is. When I was deploying it, I had to use the Admin Guide a lot since I had no idea of how to even install and configure it. I’ve created weekly or monthly reports, custom views, and user accounts with different privileges, etc. I’ve never worked with NetFlow ever before and there were other NPM questions there that I’ve never really played with so those were also what contributed to my bad score. I am sure what I think I answered correctly were probably incorrect as well.

Thoughts

The exam itself is not that bad. According to Thwack members, it’s more challenging compared to the previous version of the exam. I’d take their word for it since I’ve never seen the previous version. If you know things about network management and especially SolarWinds NPM, then this should be a cake walk for you. For people who aren’t familiar with NPM and network management then I suggest you to read the prep guide and watch their videos. To be honest, I do not even know how long the videos are since I’ve never seen it. I didn’t really bother to read and/or watch the prep guide and videos.

The certification page does a good job in trying to convince you that it has real value in the IT world but it is yet to be proven. Since you can take the exam anywhere you want, then the value of the certification becomes questionable. If they change it to a proctor based type exam then it adds somewhat of a value to the certification. However, moving it to a proctor based type exam may mean that it won’t be free. If one needs to pay to take the exam then I am very skeptical that they’ll be able to attract more than 2000 people to take it. When I got my certification, my number is 2450. A month prior to that who took and passed the exam received 2405. Not bad of a number but I think the reason for the surge is because of the forum members taking the exam and of course it’s free so you have nothing to lose. Adding cost to the exam will definitely make this certification not very popular in the IT crowd who aren’t really interested in network management or do not work with SolarWinds products in a day to day basis.

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.

New CCNA Exam Announced

By 1 Comment

Screen Shot 2013-03-19 at 1.47.24 PM

Cisco Learning Networking might have inadvertently updated their site today because if I click the 200-101 ICND2 exam link then it will direct you to a page that says “It appears you’re not allowed to view what you requested. You might contact your administrator if you think this is a mistake”, as shown here. If you change the last character to 3 then it will show you “Not found. The item does not exist. It may have been deleted.” Since I was playing the link, I also tried changing it to ICND1_v2 and gave me the same error message as the ICND2_v2. All that being said, it sure looks like I was right with my prediction that CCENT/CCNA exam will change.

Majority of the exam content will remain the same so it’s really not big of a deal if the change takes effect before the year ends. Just make sure that you take it before the exam changes so the time that you’ve invested with the current exam topics won’t go to waste. By no means that I am suggesting that you hurry up and take the exam without thoroughly understanding the topics. Take your time to understand the exam topics because CCENT/CCNA are really great Cisco networking fundamentals.

Good luck with your CCENT/CCNA studies!

Use CCNA Routing and Switching 200-120 Official Cert Guide Library to pass your CCNA R&S exam!

UPDATE:
Cisco has finally announced the new CCNA Routing & Switching exam. CCNA is dead, hello CCNA Routing and Switching!

You might like to read

New CCNA 5.0 Curriculum

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.