|
Home > Archive > Security+ > March 2003 > Hey RuSS
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Justin2112 2003-03-07, 12:12 pm |
| Russ,
What material do you think the passport and the Syngress books lacked in depth, specifically ? I've heard that PKI is hit really hard on the test.
Thanks,
Justin | |
|
| Hey Justin
Personally I no not believe that either book was really lacking. Where I came unstuck was the depth of a few of the questions - I can not remember exactly any of them as I was kinda pi$$ed at the time, but the ones that caused the most concern were port questions outside of the "well known port numbers".
The other thing that screwed me up was the way many of the questions were worded - ?????? is considered to be the ...... whatever - WTF - I can consider anything and come to whatever assumption I wish. In an exam a question should be.
????? IS the ..... whatever. Hell, I wrote a quizzer for Sec+ and even though my questions are nowhere as difficult as the real ones at least I believe they are understandble.
The places I would concentrate on are - everything. Make sure you don't get symmetric and asymmetric confused - understand PKI - know the port numbers for all the usual stuff, but also do a little research on things like ssl-ldap and a few others.
I guess the thing I would reinforce is that with 100 questions in 90 minutes and needing 764 on a scale of 100-900 there isn't a whole lot of room for error. Once you are confused on 1 or 2 things you have to be able to put that out of your mind and move on. I consider my confusion and annoyance at the style of question more the cause of my not passing rather than the questions I just did not know. It is all in the mind, and how you react  | |
| Justin2112 2003-03-07, 2:23 pm |
| RuSS,
Thanks a million - Thats actually really good adive about focusing on everything. The Secuty+ seems to have quite a LARGE exam outline and cover a lot of material.
I appreciate you sharing your experience on the exam with me. ( and everyone ) I am never looking for test questions, just an insight into how Comptia thinks at this point. Tcat made reference in his .PDF that Microsoft is a 'partner' of Comptia; also Microsoft has the only 'Comptia' Authorized study guide for Sec+ ( that I know of ) The strange wording on the test may be that of MS authors . . . just a thought.
Thanks again ~ PEACE
Justin | |
|
| I thought about that, but Microsoft questions (no matter if they are not real world) are much better written. Some of the Comptia ones are just nebulous.
The only reason they are a Comptia authorised guide is because they paid for the privilege. | |
|
| I don't want to make waves large enough to have a special detail from the MS EP team attempt to track my current physical location so read between the lines of my following thoughts....
MS had a Bill Memo laid on them.... The likes of the last one was in the roughly mid-90's that MS had missed the Internet.... This happend 24 hrs after Bill walked the floor with Dan Rather, on camera at Comdex...
MS has a 'emperor' on the Security+ committee, serving in at least a co-chair status.
The test was written by about 100 Subject Matter Experts, over the Internet. The SME's are front line people doing real jobs. That does not make them excellent authors and certainly not psychologists or having degrees in communications....
Food for thought. ;-)
Tcat | |
| ShaneBrasher 2003-03-09, 12:11 pm |
| Hello,
I took the exam and failed it by a few points. What blew my socks off were the managerial and policy questions. I knew the technical stuff like the back of my had. I have been taken the MeasureUp exams, PrepLogic and the Syngress online exam and have been consistently passing with all three with %95 and above for about a month now. When it came time for the test about 1/3 of the questions were as follows:
"A document written by the CEO that outlines PKI use, management and deployment is a...
a. PKI policy
b. PKI procedure
c. PKI practice
d. best practices guideline
When an employee is terminated the HR representitive should fill out the ______?
a.employment termination packet
b.NDA on behalf of the terminated employee
blah, blah, blah..."
WHAT THE HELL WAS THAT ALL ABOUT?!?!?!?!
I was terrified of the wireless and PKI portion that I studied my XXX off almost to the point of memorizing the RFC's each product. I am currently MCSE (NT/2000), MCSA (2000) and A+. I am well versed in the quirkyness that some exams can provide but I never expected anything like this. Instead of being hit with a barrage of technical questions, I was grilled on company policy mumbo jumbo and BAM, I'm out $199.00.
I kept referencing the top of the exam title bar to make sure it said "Security+". After rubbing my eyes and re-affirming that this was the correct exam, I went to the next question. This time it was a technical question, but was poorly worded.
Final 2 cents
*************
I wanted the Security+ certification to make my technical expertise more well rounded for job marketability. I was sorely disappointed in the exam layout. If I failed due to technical ineptness, fine but to fail on the non-technical crap, that's another story. I will NOT persue this certification but will look into other avenues for security certification. | |
|
| sorry to say you you did not use my free resource, which would have been a clear warning to you about these questions
Tcat | |
| ShaneBrasher 2003-03-09, 2:16 pm |
| Free resource? Where is this located at? | |
|
|
| Justin2112 2003-03-11, 9:50 am |
| You guys are scarin' me. I busted down and mought the Comptia authorized MS Press book this weekend because what Comptia wants on this exam seems to be really specific. ( Better to spend to $60 on the MS Press book than antoher $225 on a 2nd exam )
I also printed out TCAT's awesome work and I am going through that with a fine tooth comb. I was going to take the exam soon, but now I am going to study the Corporate polices/Documents side more.
I too, have been in the industry a while and don't want to be tripped up be these kinds of questions.
Thanks for sharing,
Justin | |
|
| Personally, I will be *very interested* in you're thoughts on the MS Press book. My rational is the MOC covers about 25% of what is required. No mention of MAC for example. That is because there is no MS O/S that uses either RBAC or MAC.
Any book that is CompTIA authorized means it "addresses at least two learning styles."
That is interpted as text and a Q&A section. It also means you paid the CompTIA fee, and the review fee. I have seen another CompTIA authorized piece that addresses the requirement to hit the domain objectives. Well what that work did was have an index in the back of the book that pointed to the Major domain, X. and the first tenth .X There was no indexing to the X.x.x because the material didn't hit all the points!
This is one exam where if the publisher has money, the work gets blessed. | |
| Justin2112 2003-03-11, 11:25 am |
| Hey Tcat,
I'll letcha know how I feel about the MS Press book after I get deep into it.
My reasoning behind the MOC purchase is this: When I did all my Cisco certifications, I always went straight to the source to study. ( Cisco Press ) I found that Cisco too has a 'specific' way they like to word things and sometimes this was reflected in their exam guides. This worked well.
Unfortunately, Comptia does not have a 'ComptiaPress'. The MOC may be the closest thing to that. Although you may be correct to assume that the Comptia seal of approval may be due to $$$; there may be other factors in the way the material is presented and what material is presented, even though it does not follow the exam domains.
It would be silly for me to rely upon one single source for any exam - I know you must have had to read a TON of stuff to build your awesome book, ( which is very well done by the way ) - so I know you know what I mean. MOC is only a suppliment.
I'll share my thoughts on it ( and the CDROM that comes with it ) when I get deep into it. Thanks for your thoughts on this - most excellent.
-Justin | |
| Justin2112 2003-03-11, 12:39 pm |
| Ohh . .one last thing . . .
I researched this:
My rational is the MOC covers about 25% of what is required.
The MOC I purchased has the CompTIA Authorized Quality Curriculum (CAQC)seal. According to Comptia:
The CompTIA CAQC symbol assures you that all test objectives are covered in the training material.
Perhaps the MOC covers a bit more than 25% ? ? But, I'll agree there may be things missing like you said. Good idea to have multiple sources no matter what 
- Justin | |
|
| Sorry, I wasn't clear at first. MOC is what a authorized CTEC *must* purchase. Frequently, MS-Press is a re-write of MOC.
Yes, the material that CompTIA blesses requires: A fee paid to CompTIA, (which I am told is priced to be self-sustaining for that sub-progam only). A fee to be paid to one of several independent reviewing agencies.
The reviewing agency is suppose to check that the material is meeting CompTIA objectives.
Given another book I have reviewed carefully met Objectives at the X.x level (as outlined by CompTIA objectives) but not X.x.x or X.x.x.x (say something like M of N control) and got the Official Okey-Dokey from CompTIA, it appears that the term Meets Objectives does not have to mean Meets 100% of the CompTIA objectives.
This is why I have given a NO-GO to the print publisher of what I did in the big PDF for the CompTIA Approved bug. I do not want to have the small house spend the 2K or so only to be mixed in with work that does not cover 100% of the objectives.
It is also one reason why for the first time I have laid work out that in linear fashion, that just punches the numbers.
Is this 'clean'? A: No. Social Engineering for example shows up in several places. So I just remind the reader to "Also See", and try to hit the material from a different viewpoint to justify some tree killing.
And I don't find the 'tradional' approach very 'clean' either. Looking at i-Net+ IK0-001 I did for Coriolis... (Exam Prep). The second sub-domain in i-Net+ Basics (Domain 1)
"Identify the issues that affect Internet site functionality (e.g., performance, security, and reliability) See Chapter(s)
3,5,6,8, 10"
5 different chapters. Yeah, That clean
Assuming I manage to cover the bills with Security+, I think I will do A+ in fall with the same "punch the numbers" approach of Security+. I am giving away A+ now because I want to start over from square 1 and assume that print will be a 100% full-color book for A+ in 2004.
Sorry for the long rant  | |
|
| No rant my man - just some solid reasoning.
In it's basic beta form that I got your pdf back in September when I was investigating whether or not to have Security+ brought into the country. In it's rawest form it still covers a lot more bases than an offering from a certain technical publisher. | |
| Justin2112 2003-03-12, 10:22 am |
| Tcat,
You are very thorough . . . I appreciate you clarifying your answer. Thoroughness is what passes an exam; an thoroughness is a troublehooter's best friend during the toughest of situations.
Got to dig a bit into the MS Press book last night . . . more when I get much further in.
PEACE@
-Justin | |
| reason1000 2003-03-21, 7:52 am |
| What is "MOC" ?
Thanks,
Rod | |
|
| Microsoft is like the miltary. TLA galore!
TLA=Three Letter Acroynm
MOC=Microsoft Official Cirriclum
CTEC Certified Technical Education Center
(how did that slip in?)
I must have been the dumbest MCT (Microsoft Certified Trainer) because I would not collect the hordes of money being thrown around in the '90's to read the MOC at a CTEC to students. A CTEC *must* use MOC.
Since this is the Security+ forum, allow me to say that MS pulled a beauty. They have done MOC for Security+, not a Microsoft product. This requires CTEC's to use the MOC which is priced per student at about the monthly payment for a new car.
This 3 day course covers maybe, I will be kind, 25% of the Security+ objectives. Read the Security+ objectives, and you find real fast, DAC,RBAC, MAC. The MOC only talks about DAC. Why? Because that is all Microsoft supports in their O/S's. Not even a mention of MAC or RBAC. In short, it is a MS-self-serving rip-off.
I designed a 2 day class that covers 100% of the objectives. Of course, now I cannot deliver that at a CTEC.
I don't sound PO'ed do I :-( | |
|
| Ahhh don't take it hard Tcat - personally I prefer your integrity over some money hungry persons I know.
I consider the Microsoft Sec+ very substandard and have issues with the way Comptia has built this exam. I accept their claims that they are a non-profit organisation, but do not accept their assertions that they know what the hell they are doing. Many years experience has shown me that where there is smoke ther is fire, and boy am I seeing a lot of smoke over Sec+  The way Comptia has approved
CAQC is a load of crap and I have in fact challenged Comptia to find a minimum of 75% of their exam questions in either of the 2 they recommend.
Personally I believe that Sec+ is a very valid certification and if it is nurtured and supported the was it should be will become a valuable asset in ones resume, but to do that Comptia needs to help build credibility, and using the Ostrich head in the sand attitude does not do that ... lol
There is much more I would like to add to this rant, but I think I will hold on to it for a later date. |
|
|
|
|