I passed the CCNA Security 210-260 exam on February 22, 2020 just 1 day before it was retired forever. A lot of people want to know how I passed. What materials did I use? What were my study habits? And so on. So… here it is.
- CCNA Security 210-260 Official Certification Guide (OCG) by Omar Santos
- CCNA Security 640-554 Official Certification Guide (OCG) by Keith Barker
- 31 Days before Your CCNA Security Exam by Patrick Gargano
- CCNA Security Portable Command Guide by Bob Vachon
- Cisco ASA All-In-One Next-Generation Firewall, IPS, and VPN Services 3rd Edition by Jazib Frahim
- Chris Bryant’s CCNA Security Udemy course
- Boson’s ExSim MAX
- GNS3 Images:
- ASAv from Cisco’s VIRL
- IOSv Router from VIRL
- IOSL2v Switch from VIRL
- The Built-In VPC
I’ll break down each resource:
The CCNA Security 210-260 Official Certification Guide (OCG) by Omar Santos
This was one of four main resources I used for this exam (not including labbing). I read this book once, cover-to-cover, taking hand-written notes on anything and everything that I thought was important. I took my notes on a 10.5″ iPad PRO using the Apple Pencil and the Notability app. This has become my preferred method of note taking. It combines handwriting, which I feel is vital to remembering what you are taking notes on, and the digital world to store, categorize, and reference your notes easily. Plus, you don’t have to take pens/pencils and a paper notebook around wherever you go.
After I finished the book the first time, I went back and read it again. This time I highlighted and tabbed each chapter. I highlighted anything I thought was important again and made a TAB for anything I thought I may want to come back to quickly. I read the book twice instead of skimming it the second time to ensure that I didn’t miss anything my first time through and to really solidify the material into my brain.
As far as this book goes everything you have heard about it it true. It doesn’t cover everything for the exam (only about 70%) and it is lacking in depth on what it does cover. I have read two other books by Omar Santos (the two books for the CCNA Cyber Ops [now CCNA CyberOps Associate] certification) and they all read the same. I have nothing against Omar and am sure he is a great guy and he is obviously very knowledgeable about Security but in my opinion he just can’t write a good certification book. That said I still think it’s an essential read for this exam.
CCNA Security 640-554Official Certification Guide (OCG) by Keith Barker
Yes, I know this is for the previous certification version. The core material and concepts don;t change so I though that this would be a good supplemental read to the current OCG. My plan was to read the current OCG twice like I did then read this one once. Not taking notes or highlighting and tabbing it. Just reading it to see if there is anything wildly different or if it covered topics that the current OCG didn’t. That didn’t happen as I had intended. I only read about 2 chapters of it. Even so, I could tell that this book was much better written than the Omar Santos book. If I could go back and do it all again I would definitely read this one through like I had originally intended.
31 Days before Your CCNA Security Exam by Patrick Gargano
This is the second of my four main resources. If you can only read one book for this exam just don’t bother with the exam at all but if you can read two this would have to be the second (after the OCG). This covered topics that the OCG didn’t and expanded on once that were glossed over in the OCG. The command examples and day-by-day approach really make this book worth it’s weight in gold. It also includes references to the topics in other books such as the the OCG, Portable Command Guide, ASA, and others. I definitely recommend this one for sure.
CCNA Security Portable Command Guide by Bob Vachon
Again, another book that I didn’t use as I intended. I really wanted to read this one through but ended up just using it as a command reference. It is well written and if I could go back and do things over I would definitely read this along with the 31 Days book. I feel like they would complement each other nicely.
Cisco ASA All-In-One Next-Generation Firewall, IPS, and VPN Services 3rd Edition by Jazib Frahim
I never intended to read this one all the way through (it’s over 1200 pages!). This was always meant to be a reference for configurations. I didn’t use it too much and just referenced it for the initial ASA configuration. I can see this being a good desk reference for a job so I’d still recommend it.
Chris Bryant’s CCNA Security Udemy course
This is the third of four main resources that I used and honestly the most disappointing. Chris’s CCNA Routing and Switching course was so great and this came free with it so I thought it was going to be of the same caliber. It is not. Some of the videos are out of order. It is missing topics. The videos reference other videos that may have been in the old course but are not included in this one. There is a whole section on IPv6 that is just a copy/paste of the IPv6 content from the Route Switch course. I don’t think I had a single question on IPv6 on my exam. The VPN section just glosses over SSL VPNs using ASDM. I really didn’t like this course. That said, the content that was there was still helpful. I don’t think I would recommend this course and would instead defer to CBT Nuggets for a video course.
Boson’s ExSim MAX
This is the fourth of four main resources that I used and probably the most helpful of all. It is 100% true what they say that Boson is harder than the actual exam. I failed all 4 exams with a score in the mid 700s each time but passed the real exam with a score of 893. If you only had one resource to study for this exam, don’t and study for something else. But, if you are feeling adventurous, this is the one resource that I would recommend over everything else. The Boson exams were very heavy on authentication protocols, specifically EAP and it’s variants, where those are not covered in any other resource I used. It was also heavy on IPS topics, which no other resource was.
I labbed up every topic that I could in GNS3. Mostly the Layer 2 security, Layer 3 security, site-to-site IOS VPNs, and IOS Zon-Based Firewall topics. I do have a physical ASA 5550 but never turned it on in my studies. If I could do things again I would definitely use this physical ASA to lab the ASDM topics that I couldn’t in GNS3. I just could’t get ASDM to work on a Windows 10 image in GNS3.
I also purchased AAA Identity Management Security by Vivek Santuka.
I purchased this about 2 weeks before my exam. I didn’t realize that it was specific to Cisco ACS but it was only $5 so no big deal. I haven’t really looked at it too much but it should be a good reference if I ever need it.
Overall, I feel that this was a fair exam, despite what I have seen some say online. Know VPN, NAT, IPS, and ASDM (as well as the Layer 2 and Layer 3 security concepts) and you’ll be fine. If you have any specific question that I have not covered here please feel free to ask in the comments. As long as they do not violate the NDA and I have not answered them before I will answer any questions that you have.
Until next time…