CCNP-Security Recertification Stunner

deanwebb · January 08, 2016, 06:15:37 PM

So... I'm getting ready to submit my training request for 2016. I need to re-cert on my CCNP-Security, and I'd like to take an official Cisco class for it. I'm thinking the Firewall class, so I can get some infos on SourceFire, which intrigues me.

Why not is when I read over the CCNP-Security tests that had gotten a "total revamp" in 2014.

With the exception of adding material on ISE, they were identical curriculum to the tests that they replaced.

The only reason I wanted to take a class was if it had stuff in it about SourceFire, which intrigues me. The IPS curriculum still covers the CX module in the ASA and Cisco IPS with IME, which are end-of-sale.

OK, well, no class, then. I'll just buy the new Official Cert Guide for the new test and study/lab at home. Except... except...

Except that the new CCNP-Security books don't even exist! Well, there's one, for 300-208 SISAS, but that's it. See for yourself... http://www.ciscopress.com/markets/detail.asp?st=44730

I know, right? Four exams, one book. Might as well get my old FIREWALL exam book and flip through that again. I should, after all, given that it's been a while since I last used an ASA on code version 8.2. Heck, it's been a while since I used one on 9.03... sheesh...

So now, I've gone from requesting a class to dusting off my old book. It's ridiculous.

wintermute000 · January 08, 2016, 06:41:16 PM

yeah, I had a colleague considering CCIE security v4 recently. That idea got flushed as soon as I told him sourcefire was not on the syllabus BUT the old IPS stuff was ROFL

CCNP-SEC is for sure but the lack of sourcefire is hilarious and again you are studying EOL stuff (CX IPS). Also WSA/ESA - do we want to get into Cisco security acquisition b1tching? LOL
At least DMVPN is in though.

Its no different to when we did our old CCNP-SECs - I've never seen a customer deploy the old IPS stuff, that is probably the single Cisco exam/topic that was a complete waste of time IRL.

I still have my ironclad alibi - "no boss I don't know Sourcefire or Ironport, get a security guy to do this project, and I pinkie swear I've forgotten most of my ASA

"

If I were you I'd just read then smash out the ISE exam, at least that's semi-up to date (though I hear ISE v2 has gotten a lot of new stuff). Our security guys tell me that sourcefire is relatively easy to pick up as long as you've driven another IPS/NGFW before.

deanwebb · January 08, 2016, 07:15:13 PM

Yeah, I'm not worried about eventually learning SourceFire. Once we get it turned on, I'll be sent to that class.

In the meantime, I'm happily re-living the glories of 2013. Doing quite well on this pretest...

DanC · January 10, 2016, 04:43:23 PM

Yep , it's annoying! I've taken one exam out of the 4 but the only ones I can see merit in learning are the firewall, vpn and ISE to a certain extent (I can't remember the exact acronyms). The other one is a waste of time IMO.

deanwebb · January 10, 2016, 04:57:52 PM

The other one is the IPS one, and, yes, waste of time to bone up on end of sale gear, although it has some useful concepts when deploying TippingPoint IPS devices. I don't think that's what Cisco intended, but it's what's happened.

Said the TippingPoint IPS to the Cisco IPS:

CCNP-Security Recertification Stunner

deanwebb

wintermute000

deanwebb

DanC

deanwebb