tieudao
12-21-2018, 05:11 AM
On my first exam in October, I got TS2, H2+ Diag and H3. I passed on TS and Diag but failed on Cfg. I ran out of time fixing R14 Internet/NAT with Lo123 and some others key points. However, I really thought that I passed.
On my second exam, I got TS1, H3+ Diag and H1 Cfg.
TS1:
It was a mixture from different variations in our WB. Tickets were similar with some minor differences. Please make sure to understand the TS1 and TS2 topology and should help to resolve problems. I finished in 1:20 minutes but I used an extra 25 minutes to go back and validate all the tickets again.
The Pen and Paper(s) are also your best friends. Use it to TRACK your work. No need to be fancy, as long as its readable for you.
Example:
Ticket
Points
Status Check #1
Status Check #2
1
OK
OK
2
Not OK, check later
OK
3
Half OK, comeback
All OK
4
OK but not 100% sure
All OK
5
Half OK, comeback
All OK
Also, in any access-list or prefix-list with a deny sequence, I did not remove the deny sequence. Instead, I changed it to seq permit. Also, I did not remove distribute-list command but just manipulate on the prefix-list from deny to a permit.
Example:
Access-list 5 deny host 1.2.3.4/32 - access-list 5 permit host 1.2.3.4/32
Access-list 10 permit any - access-list 10 permit any
ip prefix-list DENY 5 deny 1.2.3.4/32 - ip prefix-list DENY 5 permit 1.2.3.4/32
ip prefix-list DENY 10 permit 0.0.0.0/0 le 32 - ip prefix-list DENY 10 permit 0.0.0.0/0 le 32
router eigrp x
distribute-list prefix DENY in
H3+ DIAG
Same as WB.
Consider this also as High- Important and make sure to study it a lot of time. Know the Attacker and Victim addresses.
H1 Cfg:
Make sure to track your work in a Paper (Similar in TS). Also, try to have at least an hour or so of validations and checks before the lab end. At least, you have an opportunity to fix some missed items, and it helped for me.
Section 1 Layer-2 Technologies
All look same except that I added VLAN1 as included in the ODD VLAN list in spanning-tree.
Section 2 Layer-3 Technologies
All look same
R15, R16, 17 are required a metric-version 64-bit (Named Mode). Others are just in classic-mode.
Section 3 VPN Technology
Looks same.
R6 has an extra pre-config VRF RED. Just leave it or do not delete. Its not in use.
R7 has an extra pre-config of VRF BLUE. Just leave it or do not delete. Its not in use.
In DMVPN Encryption, I had to refer Cisco documentation for the Crypto configs. Highly advised to practice using the Cisco Configuration Guide and Command Reference so that its easy to find on the exam.
Section 4 Infrastructure Security
Same but the banner login was a little different context but was easy.
Section 5 Infrastructure Services
Same
Some other helpful in your preparation:
Try to use dual-monitors at your Home Lab. At least 21 or 23 inches that is similar to the real lab. At home lab, I am just using a 1 big screen and I got used to it and I forgot in the real lab about the second monitor. On TS ticket1 to 4, I was using 1 screen for everything and forgot the second monitor. So, my bad and able to use the second screen after a while.
Always use Putty, the single Tab only.
I also use a config tool comparison http://kdiff3.sourceforge.net/. The idea is, comparing your lab configs and show commands output. In Putty, enable logging. And, then run the script on every device or a simple (show run). It will track your config between labs.
Example. In my case, I did something like this but you dont have to do a long list.
Link to Download
Practice or familiarize to navigate the Cisco Configuration Guide, Command Reference and Master Index. This is available in the lab.
Send also your configs to Combat or CC Dreamer for validation.
Hope youll get your number soon, too. Thanks.
On my second exam, I got TS1, H3+ Diag and H1 Cfg.
TS1:
It was a mixture from different variations in our WB. Tickets were similar with some minor differences. Please make sure to understand the TS1 and TS2 topology and should help to resolve problems. I finished in 1:20 minutes but I used an extra 25 minutes to go back and validate all the tickets again.
The Pen and Paper(s) are also your best friends. Use it to TRACK your work. No need to be fancy, as long as its readable for you.
Example:
Ticket
Points
Status Check #1
Status Check #2
1
OK
OK
2
Not OK, check later
OK
3
Half OK, comeback
All OK
4
OK but not 100% sure
All OK
5
Half OK, comeback
All OK
Also, in any access-list or prefix-list with a deny sequence, I did not remove the deny sequence. Instead, I changed it to seq permit. Also, I did not remove distribute-list command but just manipulate on the prefix-list from deny to a permit.
Example:
Access-list 5 deny host 1.2.3.4/32 - access-list 5 permit host 1.2.3.4/32
Access-list 10 permit any - access-list 10 permit any
ip prefix-list DENY 5 deny 1.2.3.4/32 - ip prefix-list DENY 5 permit 1.2.3.4/32
ip prefix-list DENY 10 permit 0.0.0.0/0 le 32 - ip prefix-list DENY 10 permit 0.0.0.0/0 le 32
router eigrp x
distribute-list prefix DENY in
H3+ DIAG
Same as WB.
Consider this also as High- Important and make sure to study it a lot of time. Know the Attacker and Victim addresses.
H1 Cfg:
Make sure to track your work in a Paper (Similar in TS). Also, try to have at least an hour or so of validations and checks before the lab end. At least, you have an opportunity to fix some missed items, and it helped for me.
Section 1 Layer-2 Technologies
All look same except that I added VLAN1 as included in the ODD VLAN list in spanning-tree.
Section 2 Layer-3 Technologies
All look same
R15, R16, 17 are required a metric-version 64-bit (Named Mode). Others are just in classic-mode.
Section 3 VPN Technology
Looks same.
R6 has an extra pre-config VRF RED. Just leave it or do not delete. Its not in use.
R7 has an extra pre-config of VRF BLUE. Just leave it or do not delete. Its not in use.
In DMVPN Encryption, I had to refer Cisco documentation for the Crypto configs. Highly advised to practice using the Cisco Configuration Guide and Command Reference so that its easy to find on the exam.
Section 4 Infrastructure Security
Same but the banner login was a little different context but was easy.
Section 5 Infrastructure Services
Same
Some other helpful in your preparation:
Try to use dual-monitors at your Home Lab. At least 21 or 23 inches that is similar to the real lab. At home lab, I am just using a 1 big screen and I got used to it and I forgot in the real lab about the second monitor. On TS ticket1 to 4, I was using 1 screen for everything and forgot the second monitor. So, my bad and able to use the second screen after a while.
Always use Putty, the single Tab only.
I also use a config tool comparison http://kdiff3.sourceforge.net/. The idea is, comparing your lab configs and show commands output. In Putty, enable logging. And, then run the script on every device or a simple (show run). It will track your config between labs.
Example. In my case, I did something like this but you dont have to do a long list.
Link to Download
Practice or familiarize to navigate the Cisco Configuration Guide, Command Reference and Master Index. This is available in the lab.
Send also your configs to Combat or CC Dreamer for validation.
Hope youll get your number soon, too. Thanks.