Price Free!

Features
language
Passing Rate: 100%
access_time
15 Candidates Passed Last Week
playlist_add_check
Stable
spellcheck
Update Time: 2019/11/21
terrain
Provider: SPOTO

CCIE Security Lab exam focus on testing the candidates’ skills to plan, design, implement, operate and troubleshoot a complicated security condition in a given specification. With the CCIE Security certification can prove you master an expert-level knowledge of Cisco security products and solutions. Candidates should pass the lab within 3 years of passing the written to achieve certification. Your first lab attempt must be made within 18 months. SPOTO offers custom study plan for every candidate so that you can prepare and pass the CCIE security lab exam easily and fast. Contact us to know more details!

Latest Passing Reports from SPOTO Candidates

Description

CCIE Security V5.0 LAB Examination Content
SPOTO CCIE Security v5.0 lab exam material includes 3 modules: TS, DIAG and CFG.
Here are the details:
TS: 5 Sets TS1, TS2,TS3,  TS3+, TS3++
DIAG: 5 Sets DIAG1, DIAG2,DIAG2+, DIAG2++, DIAG2+++
CFG: 1 Sets LAB1

Study Plan

Choose SPOTO CCIE Security V5.0 lab study materials, we will help you to pass the exam fast. Now, we offer 75 days service time for our CCIE Security LAB candidates. Generally, you can complete all CCIE Security Lab training within 71 days if you practice lab materials 4 hours per day. SPOTO Tutors and services will assist you along with the whole preparation. Every module we do provide workbooks, solutions, and videos tutorial. You can watch videos first, and practice with materials access to our rack.
CCIE Security LAB Study Plan
Step 1: Tutors advice to spend 31 days on practicing Configuration module(CFG1)and 7 days on reviewing;
Step 2: 2 Days to practice Diagnostic Module: DIAG 1、DIAG 2、DIAG2+、DIAG2++、DIAG2+++;
Step 3: 19 Days to practice all incidents of TS, including TS1, TS2, TS3, TS3+, TS3++. You can access to all TS materials after completing CFG module. Study materials will cover video tutorials, workbooks, and solutions;
Step 4: 19 Days to Review all modules, including CFG, TS and DIAG;

SPOTO CCIE LAB

CFG Demo

Task 1.1a : configure ASA1_V and ASA11_V For Active-Standby Failover

Your configuration should meet the following requirements:
ASA1_V
Interface Gi0/0 :
Address Primary-Standby: 20.1.1.1/24-20.1.1.2/24
Name: outside
Interface Gi0/1:
Address Primary-Standby: 10.1.11.1/24-10.1.11.2/24
Name: inside
Interface Management 0/0:
Address Primary-Standby: 150.1.7.53/24-150.1.7.54/24
Name: mgmt
Security level : 100

Failover :
Unit primary
Lan-link interface: Gi0/2
Primary-standby:10.10.11.1/24-10.10.11.2/24
Name: FO

EIGRP Routing :
Autonomous system: 12
Network:10.1.11.0/24
EIGRP Authentication :
Mode MD5
Key-ID : 1
Password:cisco

ASA11_V
Failover:
Unit secondary
Lan-link interface Gi0/2
Primary-Standby : 10.10.11.1/24-10.10.11.2/24
Name : FO

Note:
Make sure that all the interface are being monitored for this failover implementation。
Points:2

Solution
=================================================================
ASA1v/ASA11v:
ASA1v(config)# show firewall
Firewall mode: Router ———-correct mode
Or
ASA1v(config)# no firewall transparent
ASA1v(config)# show firewall
Firewall mode: Router
=================================================================
Failover
=================================================================
ASA1v/ASA11v:
interface GigabitEthernet0/2
no shutdown
———————————————————————————————————————-
ASA1_V:
failover lan unit primary
failover lan interface FO GigabitEthernet0/2
failover link FO GigabitEthernet0/2
failover interface ip FO 10.10.11.1 255.255.255.0 standby 10.10.11.2
———————————————————————————————————————
ASA11_V:
failover lan unit secondary
failover lan interface FO GigabitEthernet0/2
failover link FO GigabitEthernet0/2
failover interface ip FO 10.10.11.1 255.255.255.0 standby 10.10.11.2
———————————————————————————————————————
ASA1v:
ASA1V(config)#ping 10.10.11.2

ASA1V(config)# failover

ASA11v:
ASA11V(config)# failover
===================================================================
Verify
===================================================================
ASA1V:

ASA11V:

===================================================================
ASA1v: Primary/Active
===================================================================
interface GigabitEthernet0/0
no shutdown
nameif outside
security-level 0
ip address 20.1.1.1 255.255.255.0 standby 20.1.1.2
exit
interface GigabitEthernet0/1
no shutdown
nameif inside
security-level 100
ip address 10.1.11.1 255.255.255.0 standby 10.1.11.2
authentication key eigrp 12 cisco key-id 1
authentication mode eigrp 12 md5
exit
interface Management0/0
no shutdown
nameif mgmt
security-level 100
ip address 150.1.7.53 255.255.255.0 standby 150.1.7.54
exit

ASA1V(config)#ping 20.1.1.10
ASA1V(config)#ping 10.1.11.10
ASA1V(config)#ping 150.1.7.201

router eigrp 12
network 10.1.11.0 255.255.255.0
==================================================================
Verify
==================================================================ASA1v:

Task 1.1b : configure ASA2_V and ASA22_V For Active-Standby Failover

Task 1.2 : configure ASA1 and ASA2 For the Active-Active Failover

Task 1.3 : configure ASA3 and ASA4 for Clustering

Task 1.4 : configure Access Policy On NGIPS

Your configuration should meet the following requirements:

Rule 1: Permit EIGRP routing process between R1 and R2.
R1 Should be in the external Zone.
R2 Should be in the internal Zone.
Enable Logging for the rules at the beginning of the connection.

Solution
*****************************************************************************************************
Tips:
1、Sometimes should reconfigure Objects and Rules
2、NGIPS has registered to FMC in the exam
*****************************************************************************************************

===================================================================
Permit EIGRP traffic
===================================================================
Just confirm eth1-external zone , eth2-internal zone


===================================================================
Check the preconfig of Objects
===================================================================
Add Rule 1
===================================================================

TS3 Demo

Incident 1

Failover has issue between ASA1 and ASA2. Resolve the issue and verify failover state.
preconfig
ASA1
①ASA1(config)# more system:running-config | include failover
no failover
failover lan unit primary
failover lan interface FO GigabitEthernet0/2
failover key cisco
failover interface ip FO 10.10.11.1 255.255.255.0 standby 10.10.11.2
ASA1(config)#

ASA2
①ASA1(config)# more system:running-config | include failover
no failover
failover lan unit primary
failover lan interface FO GigabitEthernet0/2
failover key ccie
failover interface ip FO 10.10.11.1 255.255.255.0 standby 10.10.11.2
ASA1(config)#

=====================================================================
Solution
=====================================================================
ASA2
① ASA1(config)#failover key cisco
ASA1(config)#

ASA1
①ASA1(config)#failover
ASA2
①ASA1(config)#failover
verify
①ASA1(config)show failover state

②ASA1(config)#write memory

FAQs

1. How long is my service period?
Our standard service period is 3 months.
In case you failed your first LAB-attempt within our standard 3 months, we will extend 1 month free(with our rack) of charge providing that you send us proof of your first failure, such as result screenshots with your full name on it.
Please note we will stop all your services 3 days after your exam date if we were not notified of your free extension request.
We will stop providing services once you pass the exam in 3 months.

2. How many hours are included on remote rack? 
Up to 234 hours within your service period,including 80 hours virtual rack sessions, 96 hours physical sessions and 58 hours TS sessions.

3. How to use a remote rack?
You use the software of CRT to login. We have a tutorial to show you how to use.
there is no requirement for PC performance when remote access rack.
You can schedule your practice time on our schedule system, it is 4 hours per session. you can schedule practice time before 24 hours.

4. What is the difference between physical rack and virtual rack?
The difference between physical rack and the virtual rack is the interface of 4 firewalls. Others are the same.
Virtual rack:The interface of 4 firewall use E0/0,
Physical rack:The interface of 4 firewall use G0/0.

5. What happens if the exam becomes unstable?
We make sure you will receive updated information and materials as soon as we learned any changes to the exam. In case we learned any major changes happened during your service period, your remaining service period will be calculated from the date we learned the exam becomes stable again.

  • Bernard P. Lee

    i have passed the ccie security V5.0 Lab exam last week with the help of the SPOTO. I am so glad to tell you the news. i want to really thanks for SPOTO. i have failed the exam in the first try with the other IT institute’s dumps. Accordance with my friend’s suggestion, i chose the SPOTO. SPOTO provided some valubale and valid dumps, and gave me some help during the preparation. what’s more, they have made some study plans for me. i have practiced the simulated rack from the SPOTO. i think the SPOTO is the best choice for all candidates who want to take the exam.

Add a review

Your email address will not be published. Required fields are marked *

chat_bubble_outlineReviews

Average Rating

5
5.00 1 Votes
Free!
1 Ratings

Detailed Rating

5 Stars
0
4 Stars
0
3 Stars
0
2 Stars
0
1 Stars
0
  • Bernard P. Lee

    i have passed the ccie security V5.0 Lab exam last week with the help of the SPOTO. I am so glad to tell you the news. i want to really thanks for SPOTO. i have failed the exam in the first try with the other IT institute’s dumps. Accordance with my friend’s suggestion, i chose the SPOTO. SPOTO provided some valubale and valid dumps, and gave me some help during the preparation. what’s more, they have made some study plans for me. i have practiced the simulated rack from the SPOTO. i think the SPOTO is the best choice for all candidates who want to take the exam.

Add a review

Your email address will not be published. Required fields are marked *