|
Home > Archive > Security+ > May 2003 > Got a 740! Ouch
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| beekeeper 2003-05-01, 7:40 am |
| I did not like many of the questions (of course, I got a 740). I would say half I felt confident and some were very strange and some subjective, like 'whats the most common way a person can compromise a system?' Or 'A client can view but not navigate a web site, what could be the problem?'
I used the TCAT pdf which was good but not deep enough. I did most of my studying off the dummies book, ORielly Comp Sec Basics and the Web. Just bought the Sec+ Prep guide and going to hit the books for another month and then give it another try.
Still POed that I missed passing by three questions. | |
|
|
|
| 740 - hmmm, been there - done that ... lol
Hopefully once someone with clout takes Comptia to task they will review their question pool and make it relevent. I have investigated options in my country, but short of having the Ministry of Education review/audit Comptias offerings here ther is little I can do.
Comptia claims around a 65% pass rate, but investigations shows this number to include many CISSP who should be able to clean this level exam easily. Not sure if their figure include those who took the beta, but comments I have picked up on seem to lead to that conclusion. I also understand that the pass mark for the beta was way lower and they raised the mark to try to make this a valid exam. A load of BS is more like it and I would suggest that if the current buzz about how shabby this exam is continues people in the industry will discount it very soon. | |
|
| All I can say is that I knew the CA and cryptography like the back of my hand. Encryption deployment and troubleshooting, not a problem but you get to the exam.....
"A document drafted by management that outline security is a:
a. procedure
b. policy
c. standard
d. guideline
A team of people who gather to discuss security issues within a company is a:
a. council
b. security team
c. security advisement group
d security review board
WHO CARES.
I have never walked into a network and said, "Well here is your problem right here Bob, I can correct it with ease but first let's encumber ourselves with managerial/HR mumbo jumbo. In two months when a standard is drafted, policies are created and are backed up procedures and guidelines we can then address the issue...blah, blah, blah...."
For a technical certification ask me technical questions not political garbage devised by some bean counter with nothing better to do than try and come up with this kind of stupid line of questions trying to justify his job.
| |
| azimuth40 2003-05-02, 12:36 pm |
| If these are the types of questions that are upsetting you, may I ask just what is wrong with the questions that you listed? Similar ones appear in most security bodies of knowledge including NIST's oversight papers and Ciscos take on security.
The U.S. National Security Agency Router Security guide also specifcally mentions policy in what was intended to be a technical guide. It is under the heading Security Policy for routers. I would think that a good manager would have a statement stating amoung many things what a companies router policy should be, and that their would be an oversight committee within the company. Like the Comptia server test it appears that you must think like you are representing the largest companies in the world to fathom the questions.
The Comptia objectives seem to imply that you will be tested on other than pure technical things. PMI rules...A project with no implementation plans or policies is a project doomed to eventual failure.
Computer related security policy failure just may cost the regents of the U.S. Lawrence Livermore Labs a contract that they have held since world war II. | |
| azimuth40 2003-05-02, 1:00 pm |
| Oh if those are real questions, I would imagine the need for them came from the U.S. Dept of commerance pub 800-12 National Institute of Standards and Technology (NIST) An Introduction to Computer Security.
II. MANAGEMENT CONTROLS
Chapter 5
COMPUTER SECURITY POLICY
5.1 Program Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
5.2 Issue-Specific Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
5.3 System-Specific Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
5.4 Interdependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.5 Cost Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Chapter 6
COMPUTER SECURITY PROGRAM MANAGEMENT
6.1 Structure of a Computer Security Program . . . . . . . . . . . . . . . . 45
6.2 Central Computer Security Programs . . . . . . . . . . . . . . . . . . . . . . 47
6.3 Elements of an Effective Central Computer Security Program 51
6.4 System-Level Computer Security Programs . . . . . . . . . . . . . . . . 53
6.5 Elements of Effective System-Level Programs . . . . . . . . . . . . . . 53
6.6 Central and System-Level Program Interactions . . . . . . . . . . . . 56
6.7 Interdependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
6.8 Cost Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 | |
| azimuth40 2003-05-02, 4:02 pm |
| For those of you that may have realized that you have a hole in your study material, SANS has quite a bit of free stuff in PDF or word format. A primer on policy development is here
http://www.sans.org/resources/polic...licy_Primer.pdf
Policy templates for 22 different security areas including technical, physical and social engineering can be found here.
http://www.sans.org/resources/policies/
In case you may not know what SANS is, they do the GIAC cert. "SANS is the trusted leader in information security research, certification and education. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. The SANS Institute enables more than 156,000 security professionals, auditors, system administrators, and network administrators to share the lessons they are learning and find solutions to the challenges they face."
You can bet that just a few of the Security+ subject matter experts used by Comptia were SANS members. Hope this helps  | |
|
| Being new to these boards, I do feel I need
to respond to this exam which I failed today.
The questions and context of the wording was
subpar to say the least. I have never failed
a exam, but there is a first time for everything. I hope that COMPTIA will improve on this exam in the future being this is a new exam. For now more research on my part
and I plan to nail-it next time!!!!!! | |
|
|
|
| Thank you for the welcome, but I will never ever complain about a Microsoft test again.
I have gotten use to their tests, and need to refocus a little. Round 2 will come soon and then I will put this one behind me.
|
|
|
|
|
I think the real problem with comptia questions on all of their tests is that they are not consistant. 