The CCIE Security written exam uses the typical certification test format of asking multiple-choice questions with one or more correct answers per question. What makes some of the questions more difficult is that more than five answer choices are listed on some questions. This reduces the power of eliminating answers and choosing from those remaining. However, the number of required answers is given for each question. You might be required to give only one answer or select a couple of correct answers. Attempt to answer every question to give you the best chance of passing, even if you have to guess.
After completing the test, you will be given a percentage for each section. The following are the sections you will be scored in:
• Security Protocols
• Operating Systems
• Application Protocols
• General Networking
• Security Technologies
• Cisco Security Applications
• Security General
• Cisco General
If you do not receive a passing score, compare your results with Table 1-1 to identify the areas you need to concentrate on for your next attempt.
You will also be given the passing mark, your score, and your grade. The grade is either a pass or fail.
The examination is similar to other Cisco certifications, albeit it is a little more difficult with many more in-depth questions. You can view some sample questions from the similarly formatted CCIE Routing and Switching written exam at the following location (there are currently no available security questions):
The CCIE Security written exam requires test-taking skills that many of us learned in high school or college. This section is a refresher for many and important for all.
The first thing to focus on is time management during the test. The CCIE exam allows 120 minutes to complete the test. You have 100 questions, so if you allow 1 minute per question and 20 minutes to review your answers, you will be doing well.
Some questions require more time, so you can mark and skip them if you want and complete them later. Be sure before moving on to the next question that the application on the testing device permits a review of questions; Cisco can change this at any time.
Remember that a wrong answer incurs no extra penalty, so answer all the questions. Another advantage of marking difficult questions and returning to them at the end is that the answer for a previously asked question will often appear in a later question. I have also found that at times when I can't remember an answer that I should know, my memory is later refreshed by another question. Remember to just mark questions that you can't answer and come back to them at the end.
Read every question and all the possible answers carefully. The CCIE Security written exam has many questions that are designed to be tricky, so they require careful examination of the syntax. Many of the questions refer to exact commands required to implement a function on a router. It is important to know the different syntax and to recognize small differences in commands. This book has similarly formatted questions in each chapter and in the sample questions on the CD-ROM. Go through these questions, study areas of weakness, and go through the questions again to ensure your understanding of a subject.
Make sure you read every answer before choosing one. One answer might sound great; however, another answer could be more correct than the first. The fact that on these exams one answer can be more or less correct than another is a concept you should keep in mind when taking any Cisco exam. In addition, saying questions out loud or writing them down on your scrap paper might help you understand the question easier than viewing it on a computer screen.
NOTE Occasionally, Cisco announces a beta trial for the written exams, and if you book the test, you pay only a small fee compared to the standard fee of approximately U.S.$250. The following link has more information:
Cisco exams have a reputation for including questions that can be difficult to interpret, confusing, or ambiguous. In my experience with numerous exams, consider this reputation to be completely justified. The Cisco exams are deliberately tough.
The only way to beat Cisco at its own game is to be prepared. You'll discover that many exam questions test your knowledge of things that are not directly related to the issue that a question raises. This means that the answers you must choose from—even incorrect ones—are just as much a part of the skill assessment as the question itself. If you don't know something about most aspects of the CCIE Security written exam topics, you might not be able to eliminate obvious wrong answers. In other words, the more you know about Cisco IOS Software and securing Cisco internetworks, the easier it will be for you to tell a right answer from a wrong one.
Questions often give away their answers, but you have to be Sherlock Holmes to see the clues. Often, subtle hints appear in the question text in such a way that they seem almost irrelevant to the situation. You must realize that each question is a test unto itself, and you must inspect and successfully navigate each question to pass the exam. Look for small clues, such as access list modifications, problem isolation specifics (such as which layers of the OSI model are not functioning correctly), and invalid Cisco IOS commands. Little things like these can point to the right answer if properly understood; if missed, they can leave you facing a blind guess.
Another trick is to watch out for keywords, such as not or choose the best; these words will define the required answer. If you miss keywords, your answer will be correct in your mind but might not be the correct answer. Read questions out loud or write them down to ensure you identify keywords and fully understand what the question is asking.
For questions requiring more than one answer, be sure to view how many answers are required and remove the obvious choices before making your selection. These questions are frequently ambiguous, and you need to be on your guard.
Another common difficulty with certification exams is vocabulary. Be sure to brush up on the key internetworking terms presented in this guide. You may also want to read through the Terms and Acronyms on the following Cisco website:
The test questions appear in random order, and many elements or issues that receive mention in one question might also crop up in other questions. It's not uncommon to find that an incorrect answer to one question is the correct answer to another, or vice versa. Take the time to read every answer to each question, even if you recognize the correct answer to a question immediately.
Because you're taking a fixed-length test, you can revisit any question as many times as you like. If you're uncertain of the answer to a question, check the box that's provided to mark it for easy return later on. You should also mark questions you think might offer information that you can use to answer other questions. Candidates usually mark somewhere between 25 and 50 percent of the questions on exams. The testing software is designed to let you mark every question if you choose; use this framework to your advantage. Everything you want to see again should be marked; the testing software can help you return to marked questions quickly and easily. Be sure to check out the latest updates from Cisco because policies like these can change; see the following URL for more details:
The best method to pass any Cisco written exam is to go through each question and answer the questions you are confident with in your first pass and mark the remaining questions. After you complete the 100 questions, review all your marked questions.
On your second pass, survey the questions you marked more thoroughly as you begin to answer them systematically and consistently. Try to eliminate the choices that are way off base and make an educated guess with the remaining choices. Continue to mark and ignore the clueless questions, and on pass three, attack the totally clueless ones; by then, you might be able to make a more educated guess from clues in the context of other questions you already answered.
If you have time, you can go back and check all your answers. Experience has shown me that your first reaction to a question is typically the best choice unless you see a glaring mistake.
The best way to prepare for the test—after you study—is to take practice exams until you feel comfortable with your results. This certification guide includes over 300 simulated test questions on the CD-ROM that allow you to take the sample examination (in study and exam simulation modes) as many times as you like until you are comfortable with the test format and your knowledge level. Try to identify subject areas where you are weak and use this book and other resources to study those areas more.
Give yourself 120 minutes to take the practice exam, keep yourself on the honor system, and don't look at text in the book or jump ahead to the answer key. When your time is up or you finish the questions, go back and review your correct and incorrect answers. You learn more by making mistakes in a simulation than from the real examination, which provides little feedback on incorrect answers. Study your incorrect answers very carefully. Practice the three-phase approach I mentioned earlier, or if you have your own strategy, practice this strategy a few times before attempting the real examination.
I have attempted to estimate the number of questions that are taken from each subject area to give you an idea of where to focus the majority of your time. Each chapter contains a weighted number of questions to match those on the examination, and similarly, the CD-ROM simulation examinations are weighted, as well. For example, 50 percent of the CD-ROM questions are based on Routing and Switching topics, 50 percent are on Security topics, and so forth to mimic the questions on the real exam. The percentage of questions you get for any topic will vary. The passing score will also vary. If you concentrate on the questions and think clearly, you will not need to worry about the passing score. Typically, the passing range is from 65 to 75 percent depending on the scoring rate for that month. Cisco will not release the passing score. As far as I have discovered, the passing score is static for the Security examination at 70 percent, but don't be surprised if this changes in the future.
Knowing how to recognize correct answers is good, but understanding why incorrect answers are wrong can be equally valuable.
I cannot stress how much getting hands-on experience with Cisco routers and switches will help you pass not only the written exam, but also the more difficult lab examination. A small test bed with two Cisco routers and a PC is the best way to learn and reinforce your theoretical knowledge. I strongly recommend it even for the written exam, which, in turn, aids your preparation for the lab examination.
Cisco provides a Cisco Documentation CD with every shipment with a wealth of documentation that you can implement on test equipment. The documentation CD is a great study tool. The documentation CD is not provided for the written exam but is provided for the laboratory exam. Understanding how a protocol works is only half of your goal; you need to appreciate how Cisco routers and switches operate when a certain protocol is activated with IOS.
Talk to all your colleagues or friends that attempted the written exam and find out what they studied to help them. Of course, all who have taken the exam are bound by the nondisclosure agreement, so you cannot share specific details about exam content, but you can share study tips and habits.
On exam-day eve, you should relax and spend a maximum of one hour studying. Don't sit up all night studying and worrying—if you want to do your best, you need to feel refreshed. Have a good meal, scan your study materials (such as the "Foundation Summary" sections in this book), and get a good night's sleep.
On the day of the exam, eat a well-balanced breakfast and briefly review your study notes. Make sure that you arrive at the testing center at least one hour before your scheduled time. Find a quiet corner to relax and mull over the main exam subjects.
When you're sitting in front of the testing computer, there's nothing more you can do to increase your knowledge or preparation. Take a deep breath, stretch, and read the first question.
Don't rush; you have plenty of time to complete each question. Both easy and difficult questions are intermixed throughout the test in random order. Don't cheat yourself by spending too much time on a hard question early in the test, depriving yourself of the time you need to answer the questions at the end of the test.
On a fixed-length test, you can read through the entire test and, before returning to marked questions for a second visit, figure out how much time you have per question. As you answer each question, remove its mark. Continue to review the remaining marked questions until you run out of time or you complete the test.
After you complete the exam, your test will be scored immediately. A few moments after you finish, the computer will indicate whether you passed or failed.
Passing the CCIE Security exam means that you're ready to take the lab examination. Within 48 to 72 hours, Cisco will be notified of your result. There is no need to fax your result, as was previously required. To set a lab exam date, visit tools.cisco.com/CCIE/Schedule_Lab/jsp/ login.jsp and select the location and examination date you prefer. (Hopefully, seats will be available.) The lab exam is popular, and you might need to wait a month or more for an opening. Some locations have a waiting list of six months or more. For example, the Sydney, Australia CCIE lab is generally not fully booked, and you might get a seat at a time of your choice; in Brussels, Belgium, you might need to wait six months. Make sure you agree to a testing date that you feel comfortable with, and leave yourself plenty of time to study for the rigorous lab exam. After passing the written test, you have one full year to pass the lab examination, so, if necessary, you can study for a few months before taking it.
If you fail the CCIE Security written exam, don't worry about the result. You can still take advantage of the situation. While the test is fresh in your mind, jot down problem areas on a notepad (the sooner you make notes for yourself the better). Try to remember questions you felt less comfortable with and study those areas before taking the exam again.
The CCIE Security written exam is not an easy exam to pass. In fact, this examination ranks among the toughest networking examinations in today's certification market. If you really want to be a CCIE, a first-attempt failure should not discourage you. A failed attempt should encourage you to invest in some serious study time so that you can pass on your next attempt. A number of candidates have noted that the second attempt is much easier than the first. Remember that the reason Cisco Systems makes the written examination hard is to ensure that you are fully prepared for the challenging lab examination.
That's it for pointers. Here are some frequently asked questions about the written examination followed by some bonus information on the lab examination.
This section answers some common questions about the written CCIE Security examination. These frequently asked questions should help dispel any confusion surrounding this exam.
1 How many questions are on the CCIE Security written examination?
There are 100 questions. All questions are multiple choice. Some questions require a single answer, whereas other questions require more than one answer to earn a point.
2 What is a passing score?
Cisco no longer publishes a set passing score for the written examination. Instead, Cisco supplies you with a pass or fail grade. The actual passing score (a percentage) is based on a statistical analysis system that checks the scores of all candidates over three months and adjusts the score needed to pass accordingly. For example, the passing score for one candidate might be 70 percent, but it might be 75 percent for another candidate, depending on what results candidates are attaining.
3 Can I change an answer after working through all the questions? Yes, as long as time remains, you can return to any question.
4 How long is the examination?
The exam is two hours long. Make sure you use your time wisely—you want to have an opportunity to answer as many questions as possible. If you find you are spending too long on a single question, mark it and move on. If time permits, you can return to difficult questions later.
5 What happens when I finish the examination?
The computer scores your test within minutes and indicates whether you passed or failed. You receive a printed score sheet with a grade for the entire exam and a percentage score for each of the topics. If you fail, you must wait at least 24 hours before retaking the exam.
6 Can I use the Windows calculator during the exam?
No. You are not permitted to use any Windows tools. You are supplied with a pencil and some white paper or an erasable sheet.
7 How many times can I retake the written examination? You can retake the exam as many times as you like.
8 What do I do after I pass the written exam?
You do not need to fax your test results to your nearest CCIE lab administrator. Visit the following URL to set a lab examination:
9 Where can I find further information about the CCIE Security exam? Cisco provides additional information online:
Was this article helpful?