Why cybersecurity certifications suck
Robert Graham wrote a great blog post explaining why so many IT certifications suck.
TL&DR: because they are trivial pursuits instead of knowledge assessment tests… but do read the whole post and compare it to your recent certification experience.
I do agree that a lot of tests aren't great. At the same time I've sat on the other side of the table as well on the development side and I know how challenging it is to produce content. Testing is much more difficult than people can imagine. Finding the minimally qualified candidate, statistical analysis and so on.
If you really care about making certifications better you should join a subject matter expert (SME) program to bring valuable input into the development phase of these exams.
2. A network engineer that has ever studied for her CCIE using a Linux box knows the default Linux traceroute behavior. You will bump into this trivia knowledge during your studies when having a multipath that does per-flow load balancing in your topology and you see your traceroutes all over the place.
3. The cisco exams, (even some tasks of the ccie lab) are choke-full of trivia (if not exclusively). I think most cisco cert test-takers are used to this, and this is what they prepare for.
4. CCAr and VCDX do a board review of candidates and their designs. I don't know if they also test trivia.
I am working with pretty complex networks and see no correlation between CCIE program and real life networks where working wit the sniffer is a must and complex issues does not fall into any CCIE program scope.
PS- I agree with Daniel Dib, be part of the solution and participate in exam question creation where available.
Also it's always hard to understand what level of theoretical knowledge exam expect from you. Forget about Traceroute implementation, even if we go back to TCP-IP, how many people you think could answer difference between Push and Urgent flags ? While the exam blueprint will just mention - Understanding and Troubleshooting TCP/IP network.
When my friend wanted to be a Cisco TAC engineer a few years ago and Cisco simply wanted him to pass an exam to prove his knowledge. The funny thing is that he was an active CCIE;).
Case in point:
R1 has two eBGP sessions to ISP1 and ISP2 (one to each ISP router), and R1 receives the same prefixes through both links. Which configuration should be applied for the link between R1 and ISP2 to be preferred for incoming traffic (ISP2 to R1)?
A.increase local preference on R1 for sent routes
B.decrease local preference on R1 for sent routes
C.increase MED on ISP2 for sent routes
D.decrease MED on ISP2 for sent routes
THAT is a good example IMHO. As soon as you go the "but you know what they want you to answer" you are lost