Eunjoy Blog!
How I passed the CCNA IT Certification Exam!
Sun, Dec 28, 2024 08:07 am by Julie Lee
I wanted to share my story of how I was able to pass the CCNA (Cisco Certified Network Associate) IT certification exam while working full-time. I hope this could be helpful to you to pass your desired exam.
Whenever I start a new certification journey, I am so excited and eager to begin. However, I warn myself that I need to prepare well before I begin my journey because sooner or later I will experience pain, loneliness, and resentment during the course of learning. This is like a long marathon. I start with a clear reason why I need this certification. I need motivation to finish my race successfully.
My purpose of this particular certification was to excel in my new role, and I wanted to pass within five to six months. My company sent me a CCNA online boot camp worth $5000. Since many colleagues knew that I was studying for the CCNA exam, I had no choice but to pass. I didn’t want to start my new job with a bad reputation. When I announce my plan to people around me, this gives me pressure to stay in study mode. I know that they will constantly remind me about the exam. In the past, I had an experience where I took the wrong version of the test. Also, as a previous certification exam proctor, I had seen candidates who came to the testing center without even not knowing what the test name is. In fact on the actual testing day, you need to fill out the form with the name and number of the test. I even had a student who took the wrong test and did not even realize it was the wrong version of the test until he finished the test. Therefore, I started my research on the exam version and found out the current exam is expiring in a few weeks. I had to make a decision whether to take the old version or new version. The new version will be harder, but I know that one month is not enough time to prepare all the objectives. So, I purchased a CCNA Exam Safeguard offer voucher where I had 2 attempts with an additional $75, and I must use both attempts within 3 months. This gave me huge relief with the pressure of the new version. Once I bought the voucher, I couldn’t return it, so it forced me to prepare for the test more seriously.
First, I had to know myself. Metacognition! I have to be honest with myself about my knowledge, time, and situation. Since I am working full-time, I have limited time to study. It is very difficult to focus at work, and there are always some projects going on, so I had to allocate consistent study time during the non-working hours. I could cram the old version of the exam, but I knew myself better. I am not learning anything. The new version had only 10% of new materials, and I learned that it took a few months to create new test banks. Therefore, I need to take the test within 2-3 months before the new questions are affected.
Second, I need the right resources and maps to guide me in the right direction. I collected all the resources from the people who passed the exam. Some of them I talked to in person or learned online, especially those who had a similar situation as me. I liked to use several different resources to make sure I covered the concepts in different points of views. Based on the research, I learned that there were a total of 89 multiple choice questions and 3 labs during the test that randomly appeared in emulation mode, which is very similar to actual cisco production. Additionally, I used the paid resources since they have reliable explanations. Fortunately, I found a 20% discount code online. I picked the 2-3 resources and made sure I learned 100 percent. During the course of the study, you might have the temptation of other books, such as video courses, practice questions better than the ones I picked. That is why I spent enough time to choose the right materials for me. I need official exam objectives, video courses, books and practice questions. I tried to do as many labs as possible in practice and at work as well.
Third, stick to the plan. Once I found the materials, I needed to find my chunk of time. I need 2-3 hours of daily dedicated commitment. This is my appointment time with myself, and I must take it seriously every day. Find the location where I can focus. It could be the library, home, school, or work. I chose to study at home where I can study in comfy clothes and save transportation time.
Some days, I could not study for thousands of reasons. Then, instead of blaming myself, I revisited my plan and saw if I made my study plan reasonable. I only studied new materials during the week and reviewed them over the weekend so that I have time to complete the missing parts. Although I had missed the planned study, I tried to maintain my confidence level and complete it the next day.
In addition, I used the 30 minute time planner. This was especially helpful during the last few weeks prior to the test because I saw myself watching Youtube shorts, cooking for a long time, or cleaning the house. I wrote down what I did every 30 minutes and I was able to see how I spent my day. I was proud of myself when I had productive days. I wrote Congratulations! Pass CCNA!!! on a sticky note top of the daily planner to set the positive mind set. Each day, I transferred the sticky note to reassure myself and imagine the day I passed. Last four weeks I filled out the time planner, and it really motivated me to stay focused on my goal.
When I was so sleepy, I sprayed my face with mist. I used a few different scents depending on mood. Sometimes, I applied a face mask, then I felt refreshed. I don’t drink coffee, but the last few days before the test, I was so sleepy, so coffee was very helpful. Some people use cough drops and gum to stay awake as well. Another quick snack I personally used was frozen grapes. I ate 2 frozen graphs whenever I was sleepy. Also, I made sure I intake vitamin jelly in the morning to keep my immune system because I cannot get sick.
The maximum I was able to study daily was 5 hours. After intensive study of 3-5 hours, I felt my brain capacity was full. It was meaningless if I kept sitting down and reading the ones I don’t understand. Instead, I tried to take a break such as showering, eating, walking, watching funny clips, motivational videos, and listening to music. I tried the many happy buttons and used them during the break time. I even tried to avoid the talkative people because they not only wasted my time but also drained my energy. To reduce the stress, I met friends who make me happy. I ate delicious food and watched movies. It is too risky to take the entire weekend off, so I studied a few hours in the morning and enjoyed the rest of the day. Then, before I went to bed, I reviewed the ones I studied. I was mocking the test during the morning. I was scheduled to take the practice test to simulate the actual test. Also, I concentrate as much as I can during the practice test time. Since I will use the dry eraser and board during the test, I used the dry eraser pen to solve the problems rather than paper to feel the same as actual testing day. I tried to wake up at the same time around 6 – 7 am to stay awake during the day. When I studied at 4 am, I was dizzy, I could not concentrate all day. When I could not absorb new information, I listened to my recorded voice to review the questions. This is my secret recipe I use every time I take the certification exam. I record the questions I missed and keep listening to them pretending I am listening to the music in public. Once I passed all the practice tests over 90 percent, I knew I was ready to take the test. I scheduled the test in the morning on Friday, which was a holiday. I choose the testing day which is either a holiday or Saturday. Otherwise, I take two days off.
I took the test and passed the certification exam after studying for about 2 months. Now, I am enjoying my normal life. I travel, watch the netflix, and hang out with my friends and families. I rewarded myself with gifts. I was so happy when I saw the screen with Congratulations! I even received a one day complimentary day off by passing the certification exam at work. I am proud of myself and will take Linux+ next. .
Hot Potato
Sat, Jan 6, 2025 08:15 am by Julie Lee
A hot potato is a game where players pass around an object around a circle as quickly as possible to the next player. Sending a message over the Internet is similar to a hot potato game because our primary goal is to send our message to the next location without any delay. In fact, early exit or hot potato routing is a BGP (Border Gateway Protocol) basic principle where a network sends the data to a neighboring network at the nearest possible point. BGP is a policy created in January 1989 by Yakov Rekhter of IBM and Kirk Loughheed of Cisco. It has the nickname of the “Three Napkins Protocol” because the initial concepts were sketched on the back of the napkins during lunch at the IETF (Internet Engineering Task Force) conference to capture their scribbling ideas for a growing internet solution. BGP is a standard policy we use these days to send messages across the internet between ASs (Autonomous Systems). BGP allows two ASs to communicate with each other to connect and share information. An Autonomous System (AS) is a collection of networks and routers managed by a single organization with a uniquely identified number called ASN. For instance, in North America, you submit a request to ARIN (American Registry for Internet Numbers) with fees and you receive the ASN upon approval.
BGP uses 3 common strategies to route traffic to the destination. The first strategy is that peer networks (share resources without centralized control) are preferred over internet service providers (centralized) because peer networks are free. The second strategy is the use of shortest paths that are better than long and big AS. The final strategy is to choose the route and prefer the lowest cost path (cost = reference Bandwidth / interface Bandwidth). The Bandwidth is the maximum amount of data in time that can be measured in mbps (Megabits per second).
However, BGP has critical cybersecurity flaws. BGP automatically allows users to trust and share router’s information. This creates a hackerville, hacker town which is accessible by any users with necessary skills and access. For instance, a Pakistani company made a mistake in BGP configuration, resulting in YouTube traffic being sent to Pakistan and YouTube servers were down for two hours. In May 2014, attackers took control of traffic in Amazon and Alibaba, stealing the online currency bitcoin, $83,000 worth of bitcoins had disappeared according to a report by Dell SecureWorks.
After critical cyber attacks, several solutions like encrypting, filtering, and digital signatures
have been developed. Unfortunately, industry people get used to BGP, and they are reluctant to change it because they do not feel the sense of urgency. Although several experts warned about the vulnerabilities of BGP, industry companies insist that no one is buying the secure version. The better BGP security is to use cryptographic keys to authenticate identities in cyberspace and replace the secure version BGPSEC for better protection. It is questionable how long it takes to secure 100 percent and hopefully it is not after the major loss.
https://datatracker.ietf.org/doc/html/rfc4271
https://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/What Is BGP? Border Gateway Protocol Explained | Fortinet
https://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/
Computer Networks by Tranenbaum & Wetherall
January 2023
Back up Plan
E4.2023.1.14
By Eun-Joo Lee
Recently, on Wednesday, January 11, 2023, the Federal Aviation Administration(FAA) system went down for about 9 hours due to an overnight computer outage causing over 10,561 delays and 1,353 cancellation on January 13, 2023. One data file was corrupted and all the US flights were grounded. This is a single point of failure which we definitely need to avoid by creating a proper back up plan. In October, 2022, one of the internet giants called Kakao located in Seoul, Korea had a security incident due to the lack of a proper Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP). Kakao’s services went offline for approximately 11 hours because 32,000 Kakao servers were affected by a fire at the SK C&C data center.
The proper BCP/DRP plan should provide mechanisms from Natural Disasters like earthquakes, floods, storms, outages or fires. The power outages should be protected by Uninterruptible Power Supply (UPS) devices to keep them running to get emergency generators up and working. Businesses need to identify and prioritize critical business units and functions so that they can restore the highest priority units first then move on to lower priority units. When a disaster occurs in an organization, people panic, so it is a good idea to have crisis training personnels for key employees who know how to handle emergency situations properly. It is also important to communicate internally and inform the outside world. The organization must have alternate ways to communicate in case normal communication is not available. When designing a disaster recovery plan, it is essential to develop separate recovery facilities. The organization should consider proper alternate processing sites depending on the organization’s goals such as cold sites, hot sites, warm sites, mobile sites or multiple sites. In order to recover from a disaster, access to back up data is very important. The organizations need a proper backup strategy that combines more than one of the three backup types (full, incremental and differential backup plans). In addition, the storage of the backup media is critical to keep copies of the media in at least an offsite location. The FAA should have owned server infrastructures and a well designed backup process to prevent this disruption in the future. Action plans should be placed before, not after the disaster happens.
Top 5 Cyber Security Movies
E3.2023.1.7
By Eun-Joo Lee
Happy New Year! I would like to introduce some good cyber movies you can watch during your break time. First movie you can watch is WarGames (1983): a young computer genius kid accidentally connects into a top-secret super-computer to impress a girl, which has complete control over the U.S. nuclear system. President Reagan watched this movie and raised a cyber security concern to the U.S government. Second movie is The Social Network (2010): this is a story about the founder of facebook, Mark Zuckerberg in 2004. Facebook started with Harvard students and expanded with other universities like Yale, Columbia, and Stanford. Now, Facebook is the world’s largest social networking website. In October 2021, Facebook changed the company name to META, which owns Facebook, Instagram, and WhatsApp. As of today, META was fined $414 million for using personal data without user consent from the Irish Data Protection Commission (DPC). MET violated the EU’s General Data Protection Regulation (GDPR). The third movie is The Imitation Game (2014): It is a story about Alan Turing who saved millions of lives during World War 2 by cracking Germany’s Enigma secret code. And the fourth movie is Sneakers (1992): This movie is about a group of spies who discover a cyber attack program can be penetrated. The fifth movie is Enemy of State(1998): This action movie stars the famous actor, Will Smith who is a successful Washington D.C. Attorney, involved with a top-secret video from the National Security Agency. There are more good movies: Hackers (1995), The Net (1995), and Steve Jobs (2015). I want you to smell the roses during your journey and have some quality time to enjoy your life with your loved ones. Enjoy the movies!.
Watch out for the EarSpy attack!
E2.2022.12.31
By Julie Lee
Today is the last day of 2022. Happy New Year! Wishing you a joyous 2023! There is an attack called EarSpy that eavesdrops on ear speakers on Android 12 or higher phones via motion sensors discovered by five American University researchers (Texas A&M university, New Jersey Institute of Technology, Temple University, University of Dayton, and Rutgers University). Ear speaker is a built-in internal speaker located on top of the smartphone. The user uses an ear speaker to listen to the conversation while the phone is held to the ear. Researchers analyze the motion sensor (accelerometer) data and use machine learning algorithms and deep learning techniques to find out if they can detect the caller’s speech information. They used the MATLAB and third-party app Physics Toolbox Sensor Suite to analyze the data for this study. As a result, researchers reveal that attackers can recognize the caller’s gender, identity and even private speech. Ear speakers used to be too weak to generate vibration for eavesdropping than the loudspeaker (located bottom of the smartphone). However, newer versions of smartphones produce much better stereo sound quality and stronger vibrations. In order to prevent the EarSpy attack, users should reduce the volume levels at a reasonable level during a phone conversation and also be more comfortable for the ears. In addition, smartphone manufacturers should design larger volume control options and properly place the motion sensor to minimize the vibration impact. This EarSpy brings more opportunities to work on preventive and mitigative plans for eavesdropping from ear speakers. The powerful speakers have benefits but it also could cause potential risk to cyber attacks.
Read the original article on Cyware.
Educational Institutes are Targeted by Ransomware!
E1.2022.12.26 By Julie Lee
Happy Holidays! Let’s take a look at what’s going on during holiday seasons before we end 2022. There is lots of news on ransomware. Ransomware attacks take advantage of cryptography to exfiltrate data from compromised systems and threaten victims to leak it online if ransom is not paid. Vice Society is one of the hacking gang groups targeting U.S. educational institutions in 2022. Typically, Vice Society uses a countdown timer before publishing files online. Vice Society uses common tools like custom PowerShell scripts, backdoors (SystemBC or PortStarter) and Advanced Port/IP scanner. In June 2022, the Austrian university had a cyberattack by Vice Society affected 3,400 students and 2.200 employees. In September 2022, Los Angeles, the second largest school district with more than 640,000 students in the US, was another victim that lost 500 GB of data from Vice Society. Here’s how the attack works. First, the attacker gains access from the weak valid accounts to foot in the networks. Then, the group gathers credentials using RDP (remote desktop protocol) and gains elevated privileges to deploy ransomware. Why does Vice Society target educational organizations? Because this Vice Society gang targets organizations with weak security systems. After the cyberattack, Los Angeles district is strengthening user accounts by a multi-factor authentication process. CISA (Cybersecurity and Infrastructure Security Agency) announced the #STOPRANSOMEWARE to help network defenders to mitigate cyber threats from ransomware to proactively reduce the likelihood and impact of ransomware incidents. According to CISA, organizations prioritize and remediate known exploited vulnerabilities, train users and enforce multi-factor authentication. It is a wakeup call for other education organizations to review their current vulnerabilities and take proper procedures to protect against cyberattacks.