Different candidates will have difficulties in different areas of the test, depending on experience with IOS routers and switches. For example, some candidates might have had extensive exposure to IPsec, and therefore questions on Site-to-Site VPN might appear trivial to them. Other candidates might have worked extensively with Cisco Intrusion Prevention Sensors, and therefore might be able to extrapolate their past experience to successfully answer some IOS IPS questions.
Candidates must familiarize themselves thoroughly with all the topics covered in the IINS Exam. However, special attention must be given to zone-based firewalls, as this particular topic has a disproportionate number of questions compared to the weight this section has in the official courseware used by Cisco Learning Partners.
Also, cryptography and IPsec tend to be trouble spots regardless of individual experience. Be familiar with the cryptographic components, such as symmetrical algorithms, asymmetrical algorithms, hashing, authentication methods and symmetrical key exchanges (Diffie-Hellman). Also, be familiar how those components are being used by the IPsec framework. Capitalize on this time of your IINS study to solidify your understanding of IPsec and its surrounding technologies this knowledge will be useful when you pursue your CCNP Security certification where IPsec is not longer dealt with in great details. During the CCNP Security, it is assumed that you know and understand IPsec thoroughly.
A major portion of the exam will test your comfort level with the user-graphical interface, Security Device Manager (SDM). Be comfortable navigating this GUI and know precisely where the main configuration and the fine-tuning is done for Access-list, Zone-Based Firewall, Intrusion Prevention system, and VPN.
Since candidates to the CCNA Security are already CCNA-certified, the access-list portion of the exam should not be the most challenging. However, it is strongly recommended that you brush up your skills at creating, optimizing, and reviewing access-lists.
Finally, you should master Layer 2, which was covered in your CCNA certification. The knowledge acquired here will also be useful should you pursue CCNP Security and the SECURE exam.