Sajjad Ghaffoori

Author Archives: Sajjad Ghaffoori

Cisco CyberOps Associate

Information Security was one of the fields that Cisco systems used to, and still heavily participating.

Now a days not just information security, but cyber security as well, is a field that Cisco is going in and training many

of their engineers to profession.

Information Security vs. Cyber Security

The main difference summarizes the concept of both the domains, that is for information security, it is mainly

About securing the network components and assets from unauthorized access starting from physical access

Towards the control access, and by that it means accessing the nodes controlling the network, and affecting it.

Cyber security on the other hand is about protecting the same components from attacks, inside and outside attacks.

The attacks aim is usually either stealing sensitive data, or sabotage network components, or sometimes “both”.

Cisco’s role in the fields

Information Security wise, or IT Security wise, Cisco have been there for years, and they’ve been famous for their IT Security programs including the old obsolete CCNA Security, and the CCNP/CCIE Security programs that are still valid and refreshing till now a day.

Cyber Security wise, Cisco have evolved and developed their programs to present the CyberOps programs that includes the:

AWS SAA vs. CLF – Can I skip one?

AWS are known for their famous highly demanded Solutions Architect Associate (SAA) Certificate, and many thinks that it is the first step with AWS and Cloud Computing, the question now is it?, or is there any step that should be taken before, like the AWS Cloud Practitioner CLF exam?.

in this blog post we will discover and compare the agenda and the main pillars each exam teach you, and see if it worth skipping CLF and start directly with SAA.

Cloud Concepts

Your very first chapter to start studying AWS CLF with will be the cloud concepts, this will give a general overview of what is the idea and concept of cloud computing, what would AWS provide regarding that, and are you about to experience.

Luckily this part is shared between both the exams of AWS CLF and SAA, and we’ll find a share for it here and there, to understand what we are about to start with such exams.

that makes them equal here, 1-1.

Security and Compliance

Having zero knowledge about cloud computing and the restrictions and differentiations that might occur with it, upon implementing a new network on the cloud for the first time will require Continue reading

OSPF Administrative Distance – How preferred is it

OSPF Administrative Distance, or OSPF AD, is the key of electing OSPF among other routing protocols (if existed) leading to the same target within the same routing table, in this blog post we will discover the basics and types of Administrative Distances for OSPF across multiple different platform.

Administrative Distance

For Cisco systems operating systems, regardless of their platforms, all the IOS-XE, IOS-XR, and NX-OS OS’s treats OSPF based on the “AD” which has the value of “110”.

Now the most important thing is not just to know the numerical value which will be useless without knowing its order of preference among the other routing protocol Administrative Distances.

OSPF AD with Cisco OS’s

The values will be as follows regarding the Static and Dynamic Routing Protocols:

  • Direct = 0
  • Static = 1
  • eBGP = 20
  • EIGRP = 90
  • OSPF 110
  • IS-IS = 115
  • RIP = 120
  • iBGP = 200

This Shows that OSPF routes to a specific target can be hidden if one of the dynamics (EIGRP or eBGP) routes was installed in the routing table, that also includes the Direct and Static as well.

Route Preference

Dealing with devices/platforms from Juniper Networks will get you to face and Continue reading

OSPF Configuration – A sample template on multi-vendor routers

There are commons and differences to the time when it comes to configuring an OSPF routing protocol on a router you manage, based on the router’s manufacturer.

We will take a look at the basic sample of configuring OSPF on Cisco IOS-XE and Juniper’s JunOS operation systems.

OSPF on Cisco IOS-XE

With ios-xe we start configuring OSPF by mentioning the numerical value of the:

OSPF Process ID

And what that does mean is just a number to isolate some hierarchical designs of the OSPF process on the router of cisco.

Does it have to be matched on both the peering ends?, the answer is NO

Does it affect some priorities in some OSPF election processes?, the answer is also NO

Is it that mandatory?, well based on that “OS” it is, but it is not a general OSPF concept?

As it is missing with the other vendors!!

That makes the first line of configuration look like this:

        OERouter1(config)#router OSPF [Process ID]

i.e. “OERouter1(config)#router ospf 10

OSPF Network Advertisement

the later step after getting into the hierarchical mode of OSPF, specifying the process ID as well, is to advertise the networks.

these networks Continue reading

OSPF Protocol Basic Overview

What is OSPF

Language-wise it stands for Open Shortest Path First, and Family wise it belongs to the Link-State Interior Gateway Dynamic Routing Protocols.

done with the CV yet?, OSPF is an open standard internal routing protocol that is supported across all the different vendors manufacturing networking platforms.

In this article, we will review the basics and specs of this protocol, and see its own unique features.

OSPF Neighbor States

As a start, the OSPF routing protocol uses a multicast hello message that is destined to the OSPF Multicast address of seeking any possible other OSPF routers in the area.

This message keeps repeating every 10 seconds by default, and that will be out of the interfaces that announced an OSPF configuration, which depends on how you configured it + the vendor-specific configuration template.

Upon receiving a multicast hello message from another router we already sent it a hello message earlier, and that should be within the dead timer of 40 seconds maximum (by default).

An OSPF neighbor process will start by:

  • Init:

    • at the moment of confirmation that a bidirectional multicast hello has initiated
  • 2-Way:

    • communication from the 2 parts has successfully occurred
  • ExStart:

How to Pass AWS CLF


How to pass the Certified Cloud Practitioner from AWS, exam details and type, and what to expect

AWS CLF Exam Content & Topics

The exam agenda starts with the concept of cloud computing and differences of it with on-premise networks.

then it shows you all the AWS services that will be more than enough to migrate or establish a network on AWS’s cloud

which will have all the facilities and can be fully or partially managed by AWS for you.

and of course everything comes for a price, AWS will declare the prices of their services, what is for FREE and what is not

and will provide many easy tools for costs calculation and best practices with AWS.

Amazon’s Touch in the CLF Exam

Amazon provides a free tier 12-month access to whomever creates an account for the 1st time with them

the account has a free access to many AWS services that will allow for both studying and actual testing/benefiting from their services.

AWS CLF Exam Nature & Type

The current version of this exam CLF-C01 has a 65 written question in the exam.

all the questions are single/multi-answer MCQs and no other type of questions Continue reading

What is AWS CLF

What is AWS CLF

Amazon Web Services (AWS) CLF or CCP, how you want to name it (CLF is the official exam and badge name).

as it stands for Certified Cloud Practitioner, with the current version of CLF-C01.

AWS CLF is the very first step for any engineer, regardless of their experience in the IT domain,

to start understanding and put a step in the world of cloud computing.

CLF with AWS Services

The exam/certificate focuses on many different aspects, some are shared with other exams from AWS, some are CLF-Focused.

This includes the concept of cloud computing, comparison of many aspects of networking between On-premise networks and cloud networks.

Introduction to AWS and how much does AWS covers/offers of on-premise services on their cloud, ready to be directly initiated and used.

AWS most critical aspect when you decide to network on their infrastructure, and that is “Billing”, this is a very important and critical concept to really understand and know how to deal with when you start working with AWS networks.

Is AWS-CLF important?

Many tends to skip this exam, and keeps spreading the idea that “SAA is the Associate exam of AWS Services, and it should be the Continue reading

How to Pass CCNP ENARSI – Exam Review


It is the very version released for this exam, kind of replacing the Routing+TShoot exam of the old CCNP RS,
and it has the code of 300-410

CCNP ENARSI Exam Content & Topics

the exam generally has 4 modules to study and focus on, teaching you configuring and troubleshooting many protocols,

on the aspect of “routing, virtualization & security, IP services, and assurance”

Skills learned with ENARSI

Deep Dive Troubleshooting Mainly for:

  • OSPF
  • BGP
  • mGRE and IPSec (DMVPN)

Focus on for the CCNP ENARSI Exam

The carrier of this badge is expected to have a skills level for routing, security, and virtualization that is definitely higher than the level covered by the CCNP ENCOR exam, and near reaching the level of the CCIE Enterprise Infrastructure, so be careful by really LABBING every topic in the exam with all the possibilities and scenarios.

CCNP ENARSI Exam Nature & Type

The first and the current version of the exam has the code of 300-410.

even though that agenda barely have the word “describe” within its modules, and that most of the topics are to be configured

and troubleshooted, but just like ALL the new NON-LAB Continue reading



What is ENARSI, one of the “Specialist” level exam and certificate belonging to the CCNP Enterprise domain, that was announced on June 9th – 2019.

it is the first version of the ENARSI exam that not only participates in the CCNP Enterprise certificate, but also once passed, it will grant the candidate a certificate called:

ENARSI and CCNP Enterprise

ENARSI was not the only exam announced from Cisco regarding CCNP Enterprise Specialty, an entire new domain of knowledge and hierarchy was there as well.

ENARSI might be your first and best choice if one of 2 cases:

  • if you wish to go deep dive with routing protocols and services on enterprise level networks bases
  • if you already know the old CCNP RS and you wish to refresh topics related to it

The other exams are “ENSDWI, ENSLD, ENWLSI, ENWLSD, and ENAUTO

So as mentioned in previous blogs, the ENCOR + one of the exams mentioned above (could be the ENARSI)

will result in a CCNP Enterprise Certified

Is ENARSI Important?

It is actually very important not just to accomplish the nice, highly wanted, Continue reading

DEVASC Study Resources and Plan

DEVASC Exam for DEVNET Associate

DEVASC Study Resources and Plan are available and detailed in the course of DEVASC 200-901 on out website.

DEVASC Course and study plan

The exam is not simple or foundational level, it is as always with Cisco, starts with you from scratch.

up to a solid level where you are capable of discussing and implementing a solution.

so studying and preparing should be careful and detailed as well.

Even though the exam is considered a Written one, but preparation are almost 30% written only

and by that i mean theoretical parts where you only get some concepts and leave, no implementations.

SO 70% of the preparation should be practical, coding and validating a lot, constructing and encoding requests

to communicate and work with Cisco platforms remotely.

DEVASC and how to Study

studying should be by constructing and validating every code for every request and platform of Cisco mentioned in the exam agenda.

Constructing and sending API’s and requests will be by using:

  • Postman with XML, JSON, and YAML
  • CURL request using Git Bash CLI
  • Python Scripts from Python IDLE

Validating the results will always be through the same construction and pushing platform mentioned above.

Continue reading

How to Pass DEVASC

Cisco DEVASC Exam

How to Pass DEVASC? the new exam from Cisco, first version released in 2019, having an exam code of 200-901

DEVASC Exam Content & Topics

the exam generally has 6 modules to study and focus on, teaching you data encoding languages for the first time,

introducing the Cisco Sandbox for practices, and start automation Cisco’s platforms over the Sandbox.

Skills learned with DEVASC

many encoding, programming, and automation skills, including:

  • API’s
  • SDK’s
  • IaC and CI/CD
  • Python
  • Git bash & Github
  • Cisco Sandbox

Cisco’s Touch in DEVASC Exam

the presence here for Cisco is not to just TEACH you DEVNET/DEVOPS

but to allow you to implement and practice most of the tools/techniques on their platform

using the FREE new sandbox service.

DEVASC Exam Nature & Type

the first and the current version of the exam has the code of 200-901

it is kind of a written exam, why kind of?, because the exam questions can be:

  • MCQ’s (single/multi answer multi choice questions)
  • DnD’s (Drag and Drops)
  • Fill in the Blanks
    • that is the tricky one, as you will have to fill in the blank the missing parts of a Code
    • it Continue reading

What is DEVASC

What is DEVASC

What is DEVASC, a new question actually, DEVNET Associate from Cisco Systems is their first DEVOPS derived DEVNET certificate that was announced on June 9th – 2019.

it is the first version of the DEVASC exam that grants the Cisco Certified DEVNET Associate certificate,
and has the exam number of 200-901


DEVASC was not the only exam announced from Cisco regarding DEVNET, an entire new domain of knowledge and hierarchy was there as well.

DEVASC would be your first step in that hierarchy, then you will see DEVNET Professional which contains so many exams inside it.

one of them is mandatory, and a selective one of the others is required to become a CCDevP, that will be for another blog.

and the highest peak is the recently officially announced CCDevE, an 8-Hours LAB exam to validate how expert you are with Cisco DEVNET.

Is DEVASC Important?

not just because it is a fresh branch, or not something that is generally provided by other vendors, but because the agenda of the DEVASC are very useful.

they do as always with Cisco, start from scratch telling you what is DEVOPS, DEVNET, DEVASC, Continue reading

2022 Top 10 Cyber Security Certifications

Before Starting Cyber Security

Cyber Security, sometimes you might find it as Cyber Operations, CyberOps, is the branch of Network Security that focuses on attacks, from the internet or from the inside of the network, gaps, bugs, look for them before they get used, fix them, and look again.

so the engineers continue to keep looking and fixing, as the internet is always evolving and generating more threats.

How to Study Cyber Security

generally, the domain of security (Information Security, Cyber Security) has nowadays hundreds of certifications and exams from many different vendors.

some are involved in the industry of making security devices/components, others are there just to teach us and make us the best engineers in the domain.

and mostly, cyber stuff comes from companies that focuses on creating the content/references more.

rather than information security exams and books that comes from vendors that produces platforms (Firewalls, IPS, IDS, NGFW, NGIPS, ESA, WSA, and many others).

so as a beginner, up to higher than an expert, many exams should be studied.

of course alongside with some other general/networking exams that you might already hold before studying the cyber security, and these exams will be mentioned below.

Top 10 Cyber Continue reading



is it even related?, or should I ask “comparable?”

yes it is both actually, and in this blog we will review both of the exams, talk about the agenda, which one should be taken before the other, and result of both of them.

Relation between CCNP ENCOR vs ENARSI

both the exam belongs to the certificate of Cisco CCNP Enterprise,  and taking each individually will grant you A Certificate!

so it is a win-win scenario, but still the question is which one should i take first, and that will be followed below

Difference between CCNP ENCOR vs ENARSI Agenda

ENCOR first, generally a Technology Core exam, focusing on 7 domains of knowledge:

  • Architecture
  • Virtualization (Device, Path, and Network Virtualization)
  • Infrastructure (Switching, Routing, and IP Service)
  • Assurance
  • Security
  • WLAN
  • Automation

and NO DEEP DIVE in any of these!!!

while for ENARSI:

  • Virtualization (Path Virtualization)
  • Infrastructure (Routing and IP Services)
  • Security

and that’s it!,

  • no Architecture
  • in Virtualization no Device nor Network Virtualization, and for the path Virtualization it is different than ENCOR.
  • as in the ENCOR you Continue reading



The Enterprise Core Exam, that also leads to the certificate of:

Cisco Certified Specialist – Enterprise Core

is one of many new exams and certs that were announced by Cisco back in summer 2019.


What is The ENCOR?

this exam is actually jumping in the middle of the CCNP Certificate and labeling it as CCNP Enterprise

throwing the old label of CCNP Routing & Switching with all its old 3 exams (Routing, Switching, and Troubleshooting).

ALSO, interestingly it is replacing the old CCIE Routing & Switching Written Exam, with a new method of becoming CCIE

and that is the CCIE Enterprise Infrastructure, that only requires this ENCOR as a prerequisite.

so it is nice to pass the ENCOR exam and be involved on both CCNP Enterprise and CCIE Enterprise Infrastructure.


How Professional is the ENCOR?

The first impression that you might take when you hear about an exam that replaces the old famous CCNP Routing & Switching, also replacing that difficult, expert-rate, 100+ written exam of the CCIE Routing & Switching.

then you get either frightened of that exam’s level, or brace you yourself for something so advanced and challenging coming, well, the Continue reading


New Fashion:

On June 9th – 2019, Cisco made an announcement of deleting and replacing ALL their CCNP Level “Exams”.

saying exams instead of certificates, as the labels of most the Certificates remained the same

(except for CCNP RS, who got replaced with CCNP – Enterprise).


New Criteria:

The new Exams as they are linked to the CCNP badges, came with a new criteria of becoming “Certified”.

now you will need to pass ONLY 2 exams and you will get granted the CCNP Badge, rather than needing a minimum of 3-4 exams in the previous system.

The new system requires 2 isolated parts to fulfill, before you become certified:


1- A Technology Core Exam, which plays a role in engaging you in 2 paths of certs. (The CCNP & The CCIE).

– and that will be:

– Enterprise, Security, Service Provider, Collaboration, Data Center, and the newly established DEVNET & CyberOps

2- A Technology Concentration Exam, every domain of the 7 mentioned in Point “1”, has a 1-7 different technologies to concentrate on.


This will be kind of having a Master degree in engineering, you consider some general topics, and focus on some other.
Continue reading