| Author |
Taking the exam soon...
|
|
| skepticalone 2003-05-12, 10:55 pm |
| Reading through these forums I'm getting scared! I was planning to just read the 364 page ExamInsight (Tcat) and the Syngress book and then go write it. I have some experience with the security side of things... and didn't have any problems with the A+ and CCNA exams... sure hope I pass.
I realize the same topics keep coming up over and over in here but I'd still like to know...
What topics were emphasized on the exam?
What is the one ultimate guide that has all the material in it? :P
Any other strategies?
What lists/material should be memorized other than ports/protocols? | |
| skepticalone 2003-05-13, 10:24 pm |
| aww c'mon guys.. surely someone must having some valuable advice they can share. I don't think I could handle failing it the first time. If I study Tcat and Syngress what is information that I should not go into the exam without. Just a few point form items? Strategies, crucial recent websites??  | |
| BrianS 2003-05-14, 8:48 am |
| I spent around 40 - 50 hours studying for this cert and failed with a 756. The test is not that hard. I came across about 10 questions that were poorly worded. I would recommend the exam-insight book and test king's practice test, there is a bunch of questions that are similar to the ones on the test. I also used MS press and Syngress. Definitely know every aspect of cryptography and certificates as covered in any of the above books. Hope this helps. | |
|
| My best advice is to go into the test room with the expectation that you are going to be baffled and surprised by the style, content and quality of the questions. That way you won't get a nasty shock from the crap that Comptia is serving up.
If I was you I would invest in Tcats full work. It is much closer to the exam as it is updated to cover areas that Comptia is focusing on. I would also perhaps invest in one other source for study - no matter what the exam cost in your area, another book isn't going to bust the bank and judging from the overly excessive number of people who miss this exam first time out it is certainly cheaper than adding another $200/$500 to Comptias coffers. Which leads me to .... nah, I'll leave that for later ... lol | |
| ShaneBrasher 2003-05-14, 8:09 pm |
| Amen on Russ's statement. I have also been burned by flaky questions. My jaw hit the floor when I was expecting tech questions but was encumbered by managerial jargon that was poorly worded. 
As a comprehensive resource, I fully recommend Tcat's guide. Well worth the 20 bucks. The guy knows his business that's for sure. | |
| skepticalone 2003-05-16, 12:13 am |
| Don't get me wrong, I'm glad for Tcat's document but now, having read the free version end to end, I feel that too much space was wasted on poor diagrams, excessive footnoting, and "summarizing" the previously discussed information all in attempt to lengthen the document. Some may consider this reinforcing what you have learned but...
What I was hoping to have answered here is what the most critical exam information is. eg. for the CCNA I would suggest that people memorize a subnetting chart so they don't waste time calculating, the administrative distances, costs, and OSI and write it down upon entering the exam room. | |
| azimuth40 2003-05-16, 12:49 am |
| Touching on this lightly, I have the impression that you are not listening to what is being said. CCNA is narrow study, A+ is narrow study compared to "any" security test. All security tests are wide study and has to be approched at the enterprise technical manager level. There are no quick study points other than all of it.
TCat's final product did not grow from 300 to 700 pages by accident. Most people have loved Meyers passport series for the tips that you are asking for. I have not seen a good comment about the passports completeness for this exam on any forum yet. The passport is good for what it offers, it is just not enough. | |
| skepticalone 2003-05-16, 1:26 am |
| I'm not studying for the CISSP here or hell, any SANS certs... this is Security+ and unfortunately I have found that it is not highly regarded nor is it likely to ever be. From what I have heard it sounds like the exam is plagued with unclear wording and although this particular topic may be new, CompTIA has been doing this long enough that they should be able to provide an exam that tests the taker's knowledge of the subject, not ability to decipher their questions and determine what is being asked... | |
| foxmedia 2003-05-16, 9:42 am |
| quote:
Originally posted by RussS
If I was you I would invest in Tcats full work. It is much closer to the exam
RussS,
What is the "full work". Tcat has 2 or 3...which one do you suggest?
fox | |
|
| Poorly worded questions,and unclear questions should not be part of any exam.
The exam should focus on subject matter, not on trying to decipher poor questions. Not all of the exam was worded bad, but there was a portion that was, and that portion was too large. I never complained about a exam before, but I could not hold back on this one. I do hope in furture versions on this exam they will take a serious look at this and make some adjustments. | |
| hot_rod_2727 2003-05-16, 11:39 am |
| Hello all. I'm not usually one to post, but this topic is an exception.
I'd have to agree with Azimuth40 on the Security+ issue. I know that the test is labeled as an "entry level" exam, but it deals with the topic of security. If you have dealt with any area of security, you will realize just how many facets are involved with any aspect of security.
In my personal opinion, the passport is way too brief and doesn't entail a thorough enough explanation of most topics. TCat's final version (yes, the one you have to pay for), is an excellent start. Realize, there is no one source to cover this exam.
Just so everyone knows, I did pass the exam (barely on the first attempt) and I thought many of the questions were confusing (poorly worded). But how crystal clear are most problems in the real world. | |
| azimuth40 2003-05-16, 1:19 pm |
| quote:
Originally posted by skepticalone
I'm not studying for the CISSP here or hell, any SANS certs... this is Security+ and unfortunately I have found that it is not highly regarded nor is it likely to ever be. From what I have heard it sounds like the exam is plagued with unclear wording and although this particular topic may be new, CompTIA has been doing this long enough that they should be able to provide an exam that tests the taker's knowledge of the subject, not ability to decipher their questions and determine what is being asked...
Unfortunately the basic body of knowledge is the same regardless of the cert only the depth changes. If you do not agree with that already then nothing is going to convince you. "Plagued with unclear wording" is hearsay until you take the test yourself. People have been saying the same thing about server+ since it started and when I took it I just did not see what the complaints were about. It was a test to partially test your analytical skills and I expect Security+ has similar thorny questions based on known 'sploits.
I'm trying to clear some time in the next couple of weeks tops to find out for myself. My opinion after that may still be biased because I have been in heavy I.T. since 1970 and what is right or obvious to me may not be to others. When reading some of the study material, I find myself saying yes yes thats right, so I'm going in expecting a situational and hypothetical event biased test.
Many of the writers of these questions hold (ISC)2 and SANS certs so what would they write about except with an eye jaded by those certs. As far as highly regarded how can anything 4+ months old be highly regarded. Highly regarded compared to what? Is a high school diploma highly regarded compared to a Masters or Phd?
It is an entry level cert, nothing more. It has its place compared to having nothing or hiring CISSP's to be network administrators rather than in a corporate security position.
I'm predicting that people that have no type of security cert or training will be required to have something starting within the next 18 months, cisco, ciw, scp, something. Given that you are not likely to get a CISSP in 18 months unless you already work in one of the ten security domains, only time will prove anyones point. | |
|
| foxmedia - the full version is the one you pay $20 for.
Comments about nebulous wording will continue to grow as many more candidates are faced with the shocking quality of the exam. Comptia has been known for a long time as having their collective head up their A** whenever there is any form of constructive criticism - take the quality of the graphics in the A+ exam for an example. Any company that offers certification should be able to be held accountable for the accuracy and quality of their offering, and if Comptia was located in my country I would have them held to account. | |
| skepticalone 2003-05-18, 11:45 pm |
| Wow I'm glad I didn't get flamed. ;P
Also glad I can speak my mind regarding what it means to be Security+ certified and such.
Anyways, still planning to take it within the next week (keeps getting slightly postponed :P). Here's hoping... | |
| azimuth40 2003-05-19, 12:12 am |
| quote:
Originally posted by skepticalone
Wow I'm glad I didn't get flamed. ;P
Also glad I can speak my mind regarding what it means to be Security+ certified and such.
Anyways, still planning to take it within the next week (keeps getting slightly postponed :P). Here's hoping...
Best of luck to you. All the test centers down my way are booked almost solid through the 2nd of june with those free Microsoft beta tests. | |
| skepticalone 2003-05-21, 1:14 am |
| Help! Save me from myself!
Feeling impulsive I just booked my exam for next Monday. I have studied little up to this point and thought it might "motivate" me. :P Now would be a good time to offer any additional suggestions...
But while I'm at it I have a few questions... I saw this question posted somewhere (may have been here) yet I haven't seen any study material that refers to it. This is only one question of many like this I have seen. It's a little bit unnerving.
"The defacto IT security evaluation criteria for the international community is called?
1- Common Criteria <--
2- Global Criteria
3- TCSEC
4- ITSEC"
Also, I have seen mention of "calculations" but assume this is mentioned generally... ie. "scratch pad for notes and calculations and such".. what calculations could there be?
Besides the OSI, what other other topics are typically focused on by non-security exams?
Any more suggested websites that focus specifically on Security+ content?
... I'm sure I will have more questions as panic sets in. I love the rush on exam day. :P | |
| 117wik 2003-05-21, 7:39 am |
| first of all.. good luck to you.. i am thinking of sitting the exam coming Friday too ...
Yes i think the answer for that is 'common criteria'
calculation?? The only one that i am aware of is the one for risk analysis??
I have done all exam Q for Boson, BQF (beta), preplogic free 100Q etc etc. I am going to redo all of them again and try to finish reading the passport book.
let us know how ur exam go... | |
| lodogg 2003-05-21, 12:07 pm |
| Don't be fooled the prep logic is nothing close to this exam!!!!! Does T-Cat's 20 dollar purchase include test questions too?
Thanks
Lo | |
| azimuth40 2003-05-21, 4:25 pm |
| quote:
Originally posted by lodogg
Don't be fooled the prep logic is nothing close to this exam!!!!! Does T-Cat's 20 dollar purchase include test questions too?
Thanks
Lo
Yes. I am told just reading the glossary in TCat's book is good for a few questions.
The test also seems to assume some web programming background and of course networking and server background. I am suspecting that may be one reason for some confusion with questions. Several people that have taken it suggest that while it may be entry level security, it is not entry level IT and assumes a varied background in the field. | |
| lodogg 2003-05-21, 4:49 pm |
| That's what pisses me off i'm not entry level I have a good back ground in networking with some web development and all the basic tech stuff. Well I'm going to purchase the book and just hope that I can pass!!!!!!!!
be cool
lo | |
| skepticalone 2003-05-22, 2:58 am |
| Well I went through Tcat's free version and didn't learn anything until the Cryptography section. I'm half-way into the Syngress book and have found it the same way. I just don't want to be surprised, I prefer to be prepared and while I don't typically prepare with an excessive amount of studying necessarily.. I still like to know what I'm up against.
What kind of details are tested?
Do they pretty much stick with the most common software/utilities and DoS attacks and the like? I know one guy who wrote the test said that he was caught off-guard by not just the testing of port numbers but whether UDP, TCP, both, neither, etc. heh
I hate to say it because it sounds like clichee and I hate clichees but ... the vast vast majority of this material is just plain common sense. :P
I think what I would like to see more of is simple condensed cheat sheets that present the most crucial topics in a limited amount of space. Granted, as some of you have noted above, this test is different from A+ and CCNA and the like in that it tests a wide range. But still.. a chart with the most common port numbers and such... etc. would be nice.
I guess I'll be checking back here with increased frequency as Monday approaches. :P Let the pearls of wisdom flow... I do not want to fail this exam, my schedule is pretty tight.. | |
| lodogg 2003-05-22, 7:14 am |
| common sense stuff is port numbers and such just kidding.
know port numbers for DHCP and all VPN protocols, SSH, FTP, SMTP the basics!!! Some of the questions are in left field trust me. I will be taking this thing for a third time. But not till I buy T-Cat's book!! I need mre info. I'm not failing for a third time!!! | |
| noreika77 2003-05-22, 8:59 am |
| does anyone know the correct site to purchase this info or any other related study material? thanks... | |
| lodogg 2003-05-22, 9:05 am |
| http://www.alphageekproductions.com/
The free *.pdf is good but I'm going to spurlge the 20 bucks and get the full thing.. It is packed with info!
Thanks
Lo | |
|
| These should about cover what I have been questioned on - plus one or two others.
110 – POP3 Post Office Protocol
111 – RPC Unix (Remote Procedure Call)
119 – NNTP Network News Transfer Protocol
123 – NTP
135 – RPC Locator service (Windows NT only)
137 – NetBios Name
138 – NetBios Datagram
139 – NetBios Service
143 – IMAP Internet Message Access Protocol
161 – SNTP
389 – LDAP (TCP)
443 – SSL Secure Socket Layer ( HTTPS )
500 – ISAKMP/IKE
530 – Remote Procedure Call (RPC) – Win NT WinLogon + other high-level network applications
1071 – L2TP (UDP)
1293 – IPSec (TCP & UDP)
1701-L2F (TCP)
1723 – PPTP (TCP)
3389 – Windows Terminal Services (RDP protocol)
4500 – ISAKMP/IKE (with NAT)
It was the last half dozen that had me scratching my head the first time around. | |
| skepticalone 2003-05-22, 7:47 pm |
| Great, thanks Russ.. and everyone else for their tips. I am bound to have a panic attack this weekend before the exam for not being prepared but what the hell. :P It's only $225 US which is about $6000 Canadian. Wait, exchange rates are better these days -- maybe only $5000. But seriously I will be rather choked and vocalizing my displeasure here if I do not pass. heh. | |
| Tarzanboy 2003-05-23, 1:56 am |
| Correct me if I am wrong:
SNMP uses UDP 161 (SNMP run in non-standard TCP mode uses TCP 161)
SNMP Trap = UDP 162 (SNMP run in non-standard TCP mode uses TCP 162 for SNMP Traps)
VoIP uses TCP/UDP 1071
L2F and L2TP use UDP 1701
I am a bit surprised that through your experiences, the test didn't ask about FTP (TCP 21 for control/TCP 20 for data), Telnet (TCP 23), SMTP (TCP 25), DNS (53) or TFTP (UDP 69)?
Now I feel dirty remembering all of those ports for nothing. 
Cheers,
TB | |
|
| Hi Folks. First an apology. I have had my head down in some serious R&D for a month.
I want to try to explain how this test stuff works. If you follow me, on this, you have an outline for the IT Project+ test 
My background on the matter is in the past I have served on a number of committee's with CompTIA and I used to write test questions. Since the rule change that writers/trainers cannot write test questions, well I didn't give up my profession just to write test questions.
I believe it was Russ who said CompTIA has their head up their A** when it comes to fixing things. Yeah... he is right, and there is a reason for it.
Here's what happens in pretty much ANY CompTIA test.
One or more members say we want this test and back their mouths with money.
CompTIA assigns a project manager. The project manager combs the member's personal for people who can help determine the scope of what should be tested, and encourages these people to get more people so they have a somewhat rounded idea.
They write objectives that everyone (finally) agrees to.
The Project Manager asks for Subject Matter Experts (SME's). This is happening on A+ 2003 now.
There is a change in how the SME thing works. When it was me, there was a small group that spending their own cash went to the mountains of Utah and sat with a psychologist. In my particular work, 2 of us we're professional writers (me and David Groth).
Today, maybe 100 or 200 people did/will contribute to security+/A+ 2003. None of them are/will be professionals in writing about tech. (rule change).
The body of folks after a certain point turns the work over to another body of folks who check the work. Again, no professional writers, but good g33ks.
That gets blessed and sent to beta. This is where the fun starts. Personally, I feel I am solely responible for FUBARing Security+.
CompTIA did not put much effort out to announce the beta. It almost slipped past me, and I was watching. One little line item popped, and it was 9 days before beta, day 1.
I scrambbled a team together and in 7 days we put out the free beta PDF. So whoever thought we we're just digging around for stuff to say was right, but it wasn't to make a free book big for the sake of being big. All we had to go on was the 3 and 4 letter acroyms, nothing like the other objectives which have terms like, be able to identify.
Friday evening (after CompTIA offices closed) before the monday launch, I emailed the PDF to two CompTIA officers. Saturday at lunch I handed it as a diskette to a MS employee who works courseware and is a friend of the person who is the MS-CompTIA Security+ person. No chance I cheated by seeing the test. At the same time, I blasted the work out to anyone I could find.
It turned out that gave the beta testers some pretty solid data to go on. Security+ has a very high cut score. Here is how that happens.
People take the beta. When the beta closes, CompTIA hands the results to Galton, Inc. This is a company filled with Phd's in math, psychology, etc. These folks crunch, fold, spindle, and otherwise rip the data apart.
In the case of Security+, most every beta tester had my teams work. So the vast majority of testers (%) we're able to figure out what the test was looking for to a high degree.
So, while a question may be poorly worded, it was figured out by the majority of folks. CompTIA drops a Ton of $ on Galton, Inc. to made sure a test is what is called defensable. To change it would require a new set of testing, then re-cycling through Galton again. That process costs more than that new 2003 Lexus you saw in the newspaper.
That is why the graphics in A+ suck. Once validated, well... thats it.
Final thought. CompTIA is changing with the times. The tests are getting harder with each round. Yes, CompTIA is entry-level, as it relates to certification. It certainly no longer means beginner, if it ever did. The next A+ is truely scary. That is why I have had my head down in R&D. I have to figure out how to explain more stuff than ever before.
Sorry for the long post. Tcat | |
| azimuth40 2003-05-23, 11:35 am |
| Thank you very much for stopping by and clearing up some of this Tcat. I knew about Galton but not enough to step in and try to describe it. So you really think that you busted the curve with you and Author Helens work? The new A+ is scary huh? I guess I had better speed up the updates to my fall lesson plans.
Thanks again. | |
| meijin 2003-05-23, 11:52 am |
| Tcat:
This is a little off topic for the thread, but based on your last post I thought you might be able to shed some light on the subject.
Do you happen to know why Comptia pulled the plug on the Wireless+ certification? Their official line was that the standard is still in too much of a state of flux. But, that seems a little odd. Hell, it should stay that way for quite some time to come! And I know that Todd Lammle was working on a Sybex Wireless+ book already in conjunction with the test moving forward.
Any insights or educated guesses as to what the deal is/was?
Just curious!
Thanks! | |
|
| Yes, A+ 2003 is scary. I've been working on new weaponary though.
Wireless+. Yes, there is truth in what was said. It was determined that it couldn't validate out and still have any real meaning. The G standard is the biggie. Looks like that one is going to win. The Wireless Firewire is too far out to matter.
And there was hum... legal/political issues with Wireless+ that needs to get settled first. That is the un-spoken part. CompTIA must think I have their phones tapped. I don't. And there are no secrets when one digs hard enough. | |
| meijin 2003-05-23, 1:12 pm |
| Tcat:
Care to comment on the political issues? That sounds interesting. I understand if you can't or would rather not.
Thanks for the insight.
ps - With "g" being so close to ratification, do you see a Wireless+ coming sometime in the foreseeable future? | |
|
| In my being scattered, I forgot to crete a post the new Spyware from the next version of Security+ Here it is. | |
|
| Political issues.... humm... Well I can speak generically eaisly enough. I will take a real Network+ meeting example then add a pretend story to paint the picture.
CompTIA is made up of member corporations. A long and funny set of rules have to be followed to make sure that the .Org does not violate Sherman Anti-Trust laws. This makes sense since you have two competiors at a table. (Say for example 3Com and Intel at a Network+ meeting). Now lets pretend that Cicso starts thinking that they should play with Network+ too. CompTIA would love to have Cisco play and contribute $$ so they can buy ads pushing Network+, have more lobbying $$ for Washington D.C. -- the things you would expect from an org like CompTIA.
Now Cisco isn't dropping $$ on the table because they want to be nice. They expect an ROI. That might mean to them more generic questions about routers, switches, and wireless networking. However, Cisco would get pretty hot under the router covers if the test started to look like it would be cutting into CCNA tests. If it started looking that that would happen, they would put political pressure on CompTIA.
And mgt. would HAVE to bow to Cisco, Being a member. CompTIA creates standards and agreement not only among different players like publishers and mfgs. They also act as a sort of a IEEE creating agreement among firms that compete.
I have been in a number of closed door meetings over the years. Frankly, given everything they have to balance, I'm amazed they do as well as they do.
On another thread, I mis-read what was being asked about future projects. Sorry. Security+ test sim (other than the BFQ one).
Now that I got the new features I requested from the developer I am in the painful process of training Dragon Naturally Speaking. I am phasing out Voice Xpress for the more powerful Dragon. While it is a recource HOG, it is much more accurate. It doesn't skip a beat in the differences between saying SNMP and SMTP. I just jumped to a Athlon 2000XP. Next month I will go up to a gig of DDR ram (from 512MB sd ram). That should give Dragon the room it wants to pump out a Security+ test sim without me staring at the monitor wondering if it heard me. | |
| meijin 2003-05-23, 2:31 pm |
| Hey Tcat, thanks for the response. I see what you mean about the politics.
I may need to take this offline as it is getting a bit off topic, but I am curious as to how you are using Dragon for the sim. Are you just dictating the questions and answers? I looked at Dragon a while back and it really blew. Maybe it is time to re-visit it.
Thanks! | |
|
| I couldn't do the volume of writing and research in the time I do it without speech software.
The *hot* tricks for anyone here who has to do research are:
2 monitors, one PC. (I've been using matrox since NT and 2 ISA cards)
Bring up a bunch of search engines on one monitor. Speak the term you are researching, say, "POST CODE" hit enter. In another search engine, "POST CODE" hit enter. Keep going. Glance through the data. Formulate thoughts. Switch focus to word processor on Second monitor. Start talking. Grab links for footnotes with Copy/Paste. New topic. Repeat.
For those with less rescources, like the laptop I do my email on (and this site) the old 1G athlon-M isn't enough for Dragon. Voice Xpress V4 is a good match, and cheap on e-bay as new product. | |
|
| Whoops - sorry tarzanboy ... my cut & paste missed ...........
Ports
7 – Echo (Ping)
20 – FTP Active Control Port
21 – FTP Active Control Data Port
22 – SSH Secure Shell (L2TP – TCP)
23 - Telnet
25 – SMTP Simple Mail Transfer Protocol
53 - DNS
67 – BOOTP – Server
68 – BOOTP- Client
69 – TFTP – Trivial File Transfer Protocol
70 - Gopher
79 - Finger
80 – HTTP Hyper Text Transfer Protocol
88 – Kerberos (TCP & UDP)
Lots of those are very important | |
| net_grl 2003-05-23, 8:25 pm |
| I have found this Sec+ an interesting thread. I have heard others who I know personally that have taken the exam say the same things about the way it was wording, which includes an instructor who is now teaching it, in which I sat through this week. I actually took SCNP classes Hardening and Network Countermeasures and Defense. After those classes, Sec+ seemed really basic. But I had a more clear understanding after attending those classes.
I will be testing Friday week myself. I will share some port #'s that I have been told by people who have tested are on the Sec+ test.... Kudos to you all!
19 Chargen
42 WINS Name Server
49 TACACS
88 Kerboros
110 POP3
135 EPMAP
143 IMAP
161 SNMP
389 LDAP
445 MS-DS
464 Kpassword
500 ISAKMP
636 LDAPS
993 IMAPS
995 POP3S
1701 L2TP
1723 PPTP
1812 Radius
Back Orfice TCP- 54320
UDP-54321
GRE Protocol 47 | |
| Tarzanboy 2003-05-24, 2:49 pm |
| Just in case protocol numbers...
1 - ICMP
6 - TCP
17 - UDP
47 - GRE (PPTP)
50 - ESP (IPSec)
51 - AH (IPSec)
88 - IGMP
89 - OSPF
Cheers,
TB | |
|
| Some of them are 100% promised to be seen. | |
| skepticalone 2003-05-24, 5:31 pm |
| ug. tell me what else is 100% promised to be seen. ;P
I hit the wireless section in the syngress book and I think it is waaaaay more than I need to retain for exam purposes. It's throwing me off a bit considering e-day is Monday. I plan to finish off reviewing books and stuff today and study/cram notes all tomorrow.
I'm hoping since I can already discuss/describe each of the topics in the objectives and tell the vulnerabilities and ways to lessen each when applicable I have a good start. Now I need to know what else isn't covered there! Like port/protocol numbers.. which are common sense.. but what else??? :P | |
| 117wik 2003-05-24, 5:36 pm |
| have u done all Boson and Exam Wise etc? | |
| 117wik 2003-05-24, 5:38 pm |
| Also have u read cramsession?? Not sure how good it is but i have used it for other exams and seems ok... let me know if u need any of them | |
|
| IMHO, wireless was way too weak on SY0-101.
Some folks do confuse protocol # with Port #'s. After all, they do both being with "P". | |
| Tarzanboy 2003-05-24, 8:59 pm |
| Hmmm.... Portocol?
Cheers,
TB | |
|
| Dyslestic's of the world... UnTie! | |
|
|  I am scared now.
I work in an IT Development Role in the UK.
I just wanted to read up about IT Security Issues and am now interested in doing the exam.
I have read the Syngress & Sybex books to date. I have not bothered with anything else yet as I am unsure what to do next.
The syngress book was in depth, the sybex book, short to the point, but may be a little scant.
I have scanned the PDF provided by TCAT and may consider the $20 fee, which is not a lot of dosh.
I do not get much hands on at all with security matters, but can if needed speak to people in our IT Dept for advice and to see things like Firewalls, IDS etc. etc.
I was considering looking at the objectives and revising using them as the body and focusing in on them.
I usually buy the Examcram books, but a number of people think that these are not focused on exam content.
Any ideas let me know. I might go for the exam in early July 2003. See how I get on. | |
|
| I am in dicy position, as I don't like to say bad things about other books. Let me just suggest you look around the planet at what others have said about different books, with a keen eye on:
Osborne-McGraw Hill
Syngress is pretty good, missed a few points.
I did like Exam Cram 2 for what it is. Sorry, it was not written with your mind in mind It is for those that deal with a broad range of security issues everyday. | |
| skepticalone 2003-05-25, 12:51 pm |
| Question... according to IANA virtually every one of these ports is designated for TCP and UDP. You guys have supplied a good list of ports for the exam but which ones are they going to get picky on with respect to TCP vs UDP? Everywhere I check on the net seems to disagree. I understand they typically arise in the "which ports would you open up on a firewall to run ____ service" format?
Here is the list I am going with...
7 Echo (Ping)
19 Chargen
20 FTP Active Control Port
21 FTP Active Control Data Port
22 SSH Secure Shell (L2TP – TCP)
23 Telnet
25 SMTP Simple Mail Transfer Protocol
42 WINS Name Server
49 TACACS
53 DNS
67 BOOTP – Server
68 BOOTP- Client (TCP/UDP)
69 TFTP – Trivial FTP
70 Gopher
79 Finger
80 HTTP
88 Kerberos
110 POP3 Post Office Protocol
111 RPC Unix
119 NNTP
123 NTP
135 RPC Locator service
137 NetBios Name
138 NetBios Datagram
139 NetBios Service
143 IMAP
161 SNMP
389 LDAP (TCP)
443 HTTPS/SSL Secure Socket
445 MS-DS / CIFS
464 Kpassword
500 ISAKMP/IKE
530 RPC
636 LDAPS
993 IMAPS
995 POP3S
1293 IPSec
1701 L2F, L2TP (TCP)
1723 PPTP
1812 Radius
3389 Terminal Services
4500 ISAKMP/IKE (with NAT)
8080 HTTP-Proxy
This should be simple but no two sites agree! | |
|
| I agree. It was tough for me to "nail down" the data too. For the large PDF I just watched the firewall to get my answers.
I wouldn't worry (at all) about protocols of yesteryear (finger, gopher ....) Good to know the details of FTP, Kerberos, SSH (which is really just an updated FTP)... Basically the modern and popular stuff. | |
|
| Thanks for your reply Tcat.
As I say, still unsure what material to use next. I personally dislike MS Guides and feel I need a different slant on things.
I will scan the beta pdf tonight, with a view to getting the full one.
Could you clarify, (as there are many threads on here) the full pdf ($20) what is in it. I understand that is also published by amazon. I checked on Amazon.co.uk and there is a 4-6 week wait for your books. I cannot wait that long, hence I may check the pdf out. I could also print it out at work, and use their ink and paper.
| |
|
| The small print publisher is still gearing up in areas outside the USA.
The PDF that I put out is really InsideScoop without the CD test sim. It is maxed at 700 pages as that is the limit in printing/binding outside the USA.
This has 100 Q&A in print from the CD and the glossary. Both these are missing from ExamInsight (print and PDF sold by TRP).
I know it sounds wierd, and it becomes much simpler to understand when you think TRP gets to sell the work without a typical binding $$ advance, and I get to see some print $$ because I'm not playing with Amazon, etc.
I should mention there is a *tad* bit of a difference between the Beta PDF and the "final". 10 months, 5 versions, with the 6th coming out in June. (New web links and more English editing). That is the good news of electronic. If you can print at work, I think you will be a very happy camper. | |
|
| I trust that once you pay for a version, you get the free updates? Not a problem if not, but if that is the case, I will wait til june.
Thanks Tcat.
Lewy. | |
|
| Upgrades are free for the life of SY0-101. This includes unannounced products in development (a thanks for the support). Change announcement are pushed giving new download instructions. | |
|
| Hey Lewy
I would recommend that you get the pdf - my understanding of several areas increased dramatically after I obtained it. Full wraps to Tcat & Helen for a tremendous insight in this area. | |
| Tarzanboy 2003-05-25, 6:41 pm |
| I'll take a stab at it based on the traditional "Microsoft rules" on ports....
TCP/UDP 7 Echo
TCP/UDP 19 Chargen (Stream of chars= TCP, packet of chars = UDP)
TCP 20 FTP Active Control Port
TCP 21 FTP Active Control Data Port
TCP 22 SSH Secure Shell
UDP 22 PCAnywhere
TCP 23 Telnet
TCP 25 SMTP
TCP 42 WINS Name Server
TCP 49 TACACS
TCP 53 DNS Zone Transfer
UDP 53 DNS request
UDP 67 BOOTP – Server (DHCP)
UDP 68 BOOTP- Client (DHCP)
UDP 69 TFTP – Trivial FTP
TCP 70 Gopher
TCP 79 Finger
TCP 80 HTTP
TCP/UDP 88 Kerberos
TCP 110 POP3 Post Office Protocol
TCP/UDP 111 RPC Unix
TCP 119 NNTP
UDP 123 NTP
UDP 135 RPC Locator service
TCP/UDP 137 NetBios Name
UDP 138 NetBios Datagram
TCP 139 NetBios Service
TCP 143 IMAP4
UDP 161 SNMP
UDP 162 SNMP Trap
TCP 194 IRC
TCP 389 LDAP
TCP 443 HTTPS/SSL Secure Socket
TCP/UDP 445 MS-DS / CIFS
TCP/UDP 464 Kpassword
UDP 500 ISAKMP/IKE
TCP/UDP 530 RPC
TCP 543 Kerberos Shell
TCP 544 Kerberos Remote Shell
TCP 636 LDAPS
TCP 993 IMAPS
TCP 995 POP3S
TCP/UDP 1293 IPSec
UDP 1701 L2F, L2TP
TCP 1723 PPTP
UDP 1812 RADIUS Authentication
UDP 1813 RADIUS Accounting
TCP 3389 Terminal Services
UDP 4500 ISAKMP/IKE (with NAT)
TCP 8080 HTTP-Proxy
Don't confuse the TCP/UDP Echo command, which repeats whatever was sent to it (ie: Fraggle attack) with ICMP Ping command.
Cheers,
TB | |
| Tarzanboy 2003-05-25, 6:47 pm |
| quote:
Originally posted by Tcat
SSH (which is really just an updated FTP)...
Don't let the *IX geeks here you say that. They'd most likely pan fry you for being a heathen and lecture you about the old days of rlogin and telnet...
Cheers,
TB | |
|
| Of course you are correct! As a trainer I must Really Pee off the various splitting o' hairs geeks. As a person who tries to get a point across, I tend to paint a broad brush.
I tend to tick off others by saying things like Catholic's and the Luthern's all lump under the concept called Christian Religons. That upsets both sides
I guess its that wierd thing I got for looking at bottom lines... What ports do I need to open on the firewall? Of course it doesn't help any if the hosting site requires SSH V2 and you don't have a SSH V2 client... So sometimes the hair splitting is the difference between success and failure.
And for Security+... Well I'll just think about my first comment on the matter and shut up before CompTIA says I'm brain dumping.
| |
| skepticalone 2003-05-25, 7:00 pm |
| I hope you're right! I made some small changes in the list I thought was right to match yours. :P If you are right and it contributes to me passing, thanks! ;P
I also wanted to mention that it is particularly cruel for study guides to have the kinds of errors I have seen lately.
One lists MAC in the context of DAC/MAC/RBAC as "message authentication code". Another different guide lists RBAC in the same context as "rule based access control" and then goes on to stress why you shouldn't confuse the two.
What is up with that?!
btw. Exam day is tomorrow but panic hasn't quite set in. I am not prepared nearly as much as I'm sure most of you were/will be when writing. That's what I get for booking impulsively! ;P Any other last minute reminders, tidbits, lists, definitions, major concepts are appreciated!! I will surely be checking back regularly. :P | |
|
| Wow... I will be the first to admit that RBAC and MAC are similar (when compared to DAC)... But message based ?!
Labels = MAC
Roles of work = RBAC
DAC = what we know that is not A-x, B-x based according to DoD (most of what we know is C-x, D-x Security). C-x Netware/NT, D-x Win 3.x,9.x, DOS.
Know your PKI stuff. Remember with Computer Forensics, you are an ID10T. Stop Attack by killing connection (physicaly) Don't touch equipment, get help. (you are supposed to be 1-2 years experience).
Social Engineering shows up in several formats. Hope you read Minticks book. (If you didn't do so after you test --- just for real life).
If you have my final PDF, look for the owls with the grad caps on :-) as major a hint as I can do without being a brain dump. | |
| Tarzanboy 2003-05-25, 8:06 pm |
| A number of the exam study guides are seemingly put together through search engine queries. Hence, MAC can equal Manditory Access Control (classification levels) or Message Authentication Code (encryption).
Since some people are putting these items together in a hurry, they don't notice that they are not the same and unfortunately place them together.
And now back to watching Windows Server 2003 pillage my network, I mean studying....
Cheers,
TB | |
| skepticalone 2003-05-25, 9:20 pm |
| Hmm I did a bit more poking around.
The place that confuses role based and rule based is this site.
(http://www.examnotes.net/forums/def...=153&work=print)
It says not to configure Rule Based with Role Based. I assume it means not to "confuse"???
It says "...know the differences between Mandatory Access Control, Discretionary Access Control and Rule based Access Control. DO not configure Rule based with Role based."
Now on another set of forums of which some of you are participants this was argued out a month ago I now see. With people saying two things.
1) rule based and role based are the same... or at least "RBAC" means rule based. Neither of which I believe are true.
2) that in the context of MAC/DAC/RBAC, that it is perfectly okay to say that MAC refers to "message authentication code" -- this, too, I believe to be false although they explicitly defend it there.
All I know is it makes it pretty confusing for someone trying to get their facts straight for the exam. :P | |
|
| Ok, without going through the futile attempt of putting Chapter 0001 on line...
Mandatory Access Control.
Minimum level of Security is B(x).
Uses Labels on EVERYTHING (required).
So, (simple example) a printer in the secret class cannot print Top Secret in any event.
RBAC Role Base Access Control
Very similar to MAC, *based* on rules built by ROLES. A person could be A doctor on one shift, a "nurse" on another. Do you let Dr. Jeckle in because s/he is a MD? With DAC, yup. RBAC ? depends on the rules/roles written.
I haven't seen much discussion about Diffie-Hellman or Rivest Hellman and A? (forget his name) RSA <<< Get it...?
I was feeling OK before (maybe because I was busy changing the hardware/software for the email/list support server so I was not paying close attention)
Now I am beginning to think maybe you should see about being sick and re-scheulding... | |
| skepticalone 2003-05-25, 9:59 pm |
| I have no shortage where paranoia is concerned.
Where the OSI is concerned, besides routers/switches/hubs, which topics should I pay attention to (and know what layer they function at)?
I mean sure, application layer firewalls function at the application layer along with software tools. Packet filtering firewalls and IPSec function at the network level. L2F, L2TP, and PPTP operate at the data link layer along with WEP?
What else am I missing? :P
I don't like surprises! | |
| Tarzanboy 2003-05-25, 10:02 pm |
| Configuring Role Based with Rule Based would be a bad thing too, but I imagine that they meant confuse.
RBAC is definitely Role Based, as per the NIST standard. NIST has some great nap time material on it at their site.
Rule Based is essentially a DAC item (although a small case could be made for inclusion in MAC as well, as some rule tenants apply in the Biba Integrity model) in that it uses ACLs.
Cheers,
TB
Post Script: Today's worthless trivia is that RSA is Rivest, Shamir and Adleman and PPTP is a layer 3 protocol. | |
| skepticalone 2003-05-25, 10:03 pm |
| Tcat, I was just pointing out errors I have seen elsewhere. I know that it's supposed to be Mandatory Access Control and Role Based Access Control. :P I'm just saying they shouldn't post that garbage all around because in a moment of confusion in the exam someone might remember it!
Anyways, thanks for replying to all my posts so timely. :P After going through as much material as I can find... I don't know, I might pull this off. heh. | |
|
| I really am here (to the limits of my physical ability) to help you get what you want.
Working against me helping you is I am only able to interpert the written word. Not a lot of subtle clues in that.
People do the best they can at the time. Even the beta work says some (with hindsight, very colorful comments from me I probably shouldn't have made). Chalk it up to pressures of time/best shot. At least I'm 'colorful' enough to say I haven't a friggin clue given the deadline.
You got a really nice 'useless bit o triva' in the past couple minutes. I would file that in my brain for tomorrow.
At this point... more as an old man, amatuer psychologist and long time trainer I would say... go get drunk, take a sleeping pill, whatever you need to do to relax. Tension is great at building neron in the brain that are the chemical pathways for retention. That is a longer term process than tomorrow :-( At this point your telling yourself you have prepared as well as you can prepare, sleeping well and having energy tommorow is more important.
Go to sleep telling yourself that you will find the answers when you see the questions, and above all tomorrow, *TRUST your FIRST hunch*. Don't change answers unless something later makes you go "OH!"... then scan by # before you hit done.
My thoughts are with you. Tcat | |
| skepticalone 2003-05-26, 7:46 pm |
| Wow, I passed. I had a bit of a work emergency today and so I wasn't able to even do a once over of my notes before the exam. Given the circumstances and such (as this made me panic) I don't mind that I didn't do as well as on the CCNA and A+ exams. 100 questions seems like quite a few but I made use of the "mark" feature and went back on a few.
I only found 2 questions that were worded awkwardly and was only asked for one port!
Thanks for everyone's help!
Trying to think of what else I can offer here to help people that wouldn't violate the agreement... I think that if you are familiar with each of the topics listed on the objectives (ie. can say a relevant thing or two about them) and then use common sense you should be fine.
And then there's the question everyone asks... what next? I can tell you what's next. No certification until the end of the summer at least!!! Fishing trip, trip to Europe, then start my MBA... there's no time even if I did want to torture myself again!!
Thanks again. :P | |
| azimuth40 2003-05-26, 8:20 pm |
| Congratulations
You studied hard, covered all the topics, did not cram at the last minute; excellent.
I might ask that considering how this thread started, was the hearsay that you heard worse or better than the reality. You said only 2 questions or two percent of them were worded badly. With a 85% pass requirement, that is still 13 questions that you were allowed to miss and still pass. I call that a pretty fair test.
Then again CompTIA may be still weeding out those initial questions and they are out of the test pool now. | |
| skepticalone 2003-05-27, 12:25 am |
| Studied hard but didn't take enough time to prepare to go in with confidence. :P But yeah there were other work circumstances that made writing this exma even more challenging.
In any case I am still choked about the misinformation in some of the documents out there. It can cause someone gearing up for an exam to second guess themselves because it's written in print. I agree that there will be mistakes but where typos are one thing, errors of the type I discussed earlier are not acceptable.
It is the equivalent of me writing a textbook on grammar and saying:
"Do not confuse their and there. The easiest way to remember the difference is that 'there' indicates possession. eg. Look at there website."
...then imagine that English is not your primary language (ie. that you're still learning!) and you have a fairly confusing situation. It takes a concept that even people who speak English natively often confuse and promotes it to those learning the language!
Call me anal but I think as soon as a study guide like that has more than 2 non-typographical errors it should be blacklisted as contaminated and unfit for study material. Maybe that's a bit extremist.. ;P | |
|
|
| skepticalone 2003-05-27, 8:04 pm |
| Hehehe. That's pretty funny. :P
I guess I went a little mental there for a bit -- but that's what this exam did to me!!!
Actually it's a damn good thing that I am leaving on that trip on the 20th. The CISSP writes in my city on like the 21st or something and I would be tempted to prepare for that! |
|
|
|