Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
Sort
Coming soon
madmike78 commented on
r/ccnaPosted by
9 points · 24 days ago

Don't do this in the car though...

see more

don't listen to him .... it's more exciting to do it at 75 mph ... makes the lesson stick better

practice under pressure

5 points · 23 days ago

I prefer to practice in live environments; while active surgery cases are going on; with my boss & some C-Levels and some surgeons calling my personal cell every 5 minutes; while trying to ignore the crushing weight of the prospect of losing my paycheck & being unable to support my kids, losing my house, and being arrested for non-payment of child support.

But to each their own.

see more

haha ... that sounds like every day IT

Load more comments

RSA is asymmetric, so there is a public-key and a private-key.

The public can be shared with anyone.

Transmission sent are encrypted with the public key that you accept

The transmissions are then decrypted with the private-key by the device.

The return transmissions are encrypted with the private key, and your host/pc decrypts using the public key.

a vlan interface (Layer 3) is an SVI because it is a virtual layer 3 interface ( uses ip addresses, is capable of routing outside of the broadcast domain ) ... standard routed interfaces are physical interfaces and not virtual

a vlan is a virtual layer 2 ( uses mac addresses, is restricted to a broadcast domain )

there are sometimes different ways to get the same information.

know multiple ways to get the same information if you can .... you can use ? to search through it, but just because it shows up does not mean it is available to use on the sim

i know for a fact that show run interface x/x will not work ... so you'll have to run through the full config to find what you are looking for .... | commands are also not available ...

when going through exsim, i recommend going through every answer-explanaition and following the links to read the full documents. it takes hours and hours, but it is an effective preparation method

2 frames walk into a bar

they both back off exponentially

madmike78 commented on
r/ccnaPosted by

ExSim = exam simulator

NetSim = Network simulator (for labs) and comes with labs

How many prep exam you get with the ExSim package ?

see more

the last one I got was for CCNA-Security ... i think there were 285 questions --- I was able to choose set A, B, or C ... or take them all at once .... the best thing about Boson ExSim is the answer explanations that come with the questions.

the more methods you use, the better it sticks.

writing the notes = visual

hearing the notes = auditory

grats

Hardware SKU: PAN-PA-220-LAB

Service SKU: PAN-PA-220-BND-LAB4

Here are my notes.

I used Chris Bryant, Boson Practice Labs, Boson ExSim, OCG (did not get much out of OCG), and OJT

https://dumptext.com/mmMiSeAE

I've never obtained a Cisco Cert past Associate level. I've had to learn topics at the Professional and Expert level for my job. I let mine expire because I have had the right opportunities present themselves that did not require NP level certs.

My thoughts are to do what interests you. If routing/switching is the most entertaining and challenging, choose that path and work up the chain. But, there is a shortage of qualified security professionals and the prediction is that the shortage will continue to grow. I chose the CCNA RS, Security, and CyberOps route. Instead of hitting CCNP level certs next, I am choosing PCNSE (Palo Alto Certified Network Security Engineer). After that, I might choose to go to NP level or evaluate what I think is best for my career.

7

I am relatively new to Palo Alto. I've been doing Cisco routing and switching for over 12 years, and Cisco firewalls for 2 and a half year. I recently made the move from networking to security. In 2 weeks I'll be finished with my Cisco CyberOps certification and plan to start on my PCNSE. Our Palo account manager is sending me a PA-220-LAB with the service bundle to help with my education.

My experience in Palo is pretty limited. I've installed / upgraded panorama, upgraded PA-2050's, worked with addresses and address groups, basic URL categorization and filtering, basic ssl decryption policies, and a few other odds and ends.

I am looking for fun/interesting/valuable things to do with this unit at home that might help with this certification.

7
13 comments
Original Poster1 point · 1 month ago

Thanks everyone, I appreciate your input and I am looking forward to putting it in action. Hopefully I can get the PCNSE done by February/March.

Application based rules! Going from ASA/L3 style rules to application based rules is pretty awesome, and fun to get started with.

Just don't do it when your wife is home and trying to use her iPad haha

see more
Original Poster1 point · 1 month ago

just from having to deal with IPads and wireless connections, i don't trust them for anything.

Load more comments

depends on what people are hiring for. Keep an eye out for network admin and network analyst jobs that emphasize experience with named vendors (cisco, juniper, brocade, etc.). Read the job posting, and if it fits, apply. Beware of job titles that say network admin/analyst but highly emphasize server experience.

Original Poster1 point · 1 month ago

by definition, a network address cannot be a host address -- 2n -2 concept -- the first and last ip addresses in a network are reserved for specific purposes (network address and broadcast)

You're missing the question: why is the first address reserved?

see more
Original Poster1 point · 1 month ago

Did you link the wrong RFC? That one is talking about broadcast (all-1s), not network ID (all-0s).

Also, that still doesn't answer the question of "why".

see more

it was originally used as a network-prefix-directed broadcast

https://tools.ietf.org/html/rfc1812

{ <Network-prefix>, 0 } is an obsolete form of a network-prefix-directed broadcast address.

recommended to be disabled (silent discard) to avoid participation in SMURF arttacks.

Load more comments

2 points · 1 month ago · edited 1 month ago

U.S. Army communications for 6 years - E-5

Network Analyst promoted to Lead 5 and a half years $36-40k

CCNA

Network Admin w/ clearance overseas 13 months $150k

CCNA / Sec+

Network Engineer w/ clearance 2 years 9 months $92k

CCNA / Sec+ / CISSP

Sr Network Engineer sub-contract LLC 1 year $132k

CCNA / CISSP

Sr Network Engineer 2 years $110k

all certs expired - retaking them all - CCNA / CCNA-Sec

IT Security Engineer 6 months in $118k

CCNA / CCNA-Sec -- working on Cyber


Advice: come into a job looking to prove your value, take the things other people don't want and try to be the best at it. If they offer training, be eager to take it without letting your work slip. If something new is introduced to the team, try to become the subject matter expert on it.

I do Cisco routing, switchings, firewalls, AnyConnect VPN's, ACS, Palo Alto firewalls, Fortigate Firewalls, IPSec VPN's -- I know basic fundamentals of DNS, DHCP, packet captures, python scripting baseline configs, ForeScout, Riverbed ... and a lot of other odds and ends ..

Original Poster1 point · 1 month ago

Thank you for your thorough answer! Prior to your post I had not heard of ForeScout or Riverbed, I'll have to brush up on those subjects. How big of an impact has your CISSP made? Are there good opportunities in Net Sec that do not require a clearance?

see more

CISSP was a job requirement for IAT III positions (DoD). It was useful for opening the door for my current job. It was also useful for the cert i am working on (CyberOps).

There are a lot of great opportunities in NetSec across the board. Anything that answers to a government entity or processes sensitive information (PII, PCI, HIPAA) will appreciate any added focus on security, but it usually takes a lot of either network experience or higher end certs (Palo Alto / ForeScout).

make friends with the network people. ask them if there is something that you can help with if there is any downtime. tell them the direction you want to go and ask them what is valuable to them. A good relationship could move you to the top of their list if they have to fill a position.

3 points · 1 month ago

Plus, from what I can tell the NetSim is only available for CCEnt CCNA and CCNP. For CCNA Sec (that I'm currently on) I only have the Pract Lab option :)

see more

If you have production equipment to memorize menus with, Practice Labs are mildly useful. If you don't have production equipment, Practice Labs are extremely useful.

Let me know if you want a copy of my CCNA Sec notes.

If you have CCNA Sec notes I'd love to see them. Preparing for this one now.

see more
3

score Break Down

Endpoint Threat Analysis and Computer Forensics - 60%
Network Intrusion Analysis - 86%
Incident Response - 50%
Data and Event Analysis - 73%
Incident Handling - 64%

Basically my study habits were crap ... lots of family stuff going on and I was inconsistent and unable to dedicate time.

Things I need to go over before re-take

VERIS attributes

CVSS attributes

Volatile Data Collection

Forensics Collection, Storage, Custody

Regex Expressions - specifically (, ), and +

Wireshark File Extraction

Filters involving host names (not sure if wireshark or something else)

Identify application protocols through WireShark

3
8 comments

Were you in the cisco scholarship program?

see more
Original Poster1 point · 1 month ago

yes ... cohort 6

3 points · 1 month ago · edited 1 month ago

I am in cohort 6 as well. I had a lot of family things and work obligations going on that killed my study time. Though I had the material down. studying the meat and potatoes the night helped me pass the test on the first try. I remeber reviewing the lessons on CSIRT, VERIS. I did fairly well on my sec+ and secfnd and maybe that cross-over information saved me. The final review mentor sessions are gold. Honestly, the mentor recordings were the biggest help for me. They highlighted hot areas and what was missing from the online material. Also, they provided how this information works in the real world. There is also post in the forum where the two mentors provide links to some hot areas. I basically studied the meat and potatoes from those links the night before. I found the screenshot questions to be easy if you knew the 5-tuples. PM me if you need the links from the forum or have any questions on how I winged it.

Things I studied the night before that helped on the test. The 4 As of Veris CSIRT responsibilities. 5-Tuples Evidence types Basic regex High level topics of NIST.SP.800-61r2.pdf MACE Linux and Windows file type.

see more
Original Poster1 point · 1 month ago

thank you -- that was very helpful.

Because there is a list of who owns what. Remember you're advertising these routes not just in your organization but to the world.

I /u/propulsions own 172.30.0.0/23. That subnet is associated with my own personal ASN of 64550. If you /u/daveba123 advertise my prefix with your ASN of 64560, I can prove that you're doing so mistakenly or in bad faith.

see more

172.30.0.0/23 is RFC 1918 private address space. It is not routable to the world. 64560 is also private AS space, not advertised to the world.

Only public (routable to the world) ip address space and ASN's are registered. The rest are free to use for any organization inside of their network boundaries.

https://tools.ietf.org/html/rfc1918

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13756-32.html

https://support.dnsimple.com/articles/differences-between-a-cname-alias-url/

you need an A record on your DNS server, whether that is Windows AD server, Bind, or something else .... it will need to be something that resolves a name to an IP Address

so... If I understand this right, in terms of the attack continuum:

CCNA Sec = Before

Cyber OPS = During/After

see more

both have their unique tasks before, during, and after an attack.

Before, CyberOps would review logs, response plans, and various other things

Before, Sec would evaluate configure, harden infrastructure, keep up with patching

During, CyberOps will notify the appropriate groups, investigate further, gather information

During, Sec would block, patch, or configure based on information provided by CyberOps

After, CyberOps would review threat response plans, validate containment, recommend strategies to prevent similar occurances

After, Sec would evaluate what's provided by CyberOps to re-mediate other potentially vulnerable systems

What CannibalAbgel said

Cyber Ops is more incident detection and response (SOC)

Security is more operations focused (Network Security)

Not always, but most of the time. Exceptions are usually (but not always) devices with dedicated management interfaces.

You just illustrated the reason for having a loopback. If all interfaces are down, you can still perform some level of testing with the Loopback interface.

You just illustrated the reason for having a loopback. If all interfaces are down, you can still perform some level of testing with the Loopback interface.

What sort of useful testing could you do with all the physical interfaces down and the logical loopback up?

see more

set an interface to be up regardless of physical state ... ping from loopback to physical interface. Test data plane internally.

Load more comments

I think Udemy is $10-15 ... Chris Bryant is a good instructor and i I think you can get ICND1/ICND2/CCNA-Composite materials.

Labs - look for cisco packet tracer - it is a low-level virtual lab that is free ... i think you just have to create an account on their learning portal ... for ICND1/ICND2 - you will not need physical gear

I personally like to approach studying with 3 vectors -- Video, Reading Materials, Note Taking (huge fan of notepadd++ and sublime text)

in the beginning since this is a new topic for you, I would start with packet tracer and Chris Bryant Udemy videos --- mimic everything he does in your packet tracer lab -- take notes as you go ..... when you are getting ready to test out, evaluate if you can afford to spend the money on Boson Exam Simulator

Original Poster1 point · 2 months ago

Thanks! I just purchased Chris Bryant's boot camp course so I will start there and also look into the packet tracer.

see more

1 year as an intern and 1 year as an analyst is still relatively new. Experience is worth a lot more than certs and will likely open more opportunities for you. I would spend another year working on the certs that point in the direction you want to go. That gives you another year of experience and a path towards what you want.

I've never used Pearson Practice exams.

I can vouch for Boson if you use it the right way. They helped me with a first time pass for CCNA-Security (crushed it 926/860) after 3 months study. Read every question and every explanation. Open every reference link provided and read it.

u/madmike78
Karma
1,958
Cake day
September 23, 2014
Trophy Case (2)
Four-Year Club

Verified Email

Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.