|
Home > Archive > Security+ > August 2003 > Trivial Pursuit and Security+
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Trivial Pursuit and Security+
|
|
|
| Attached as DOC file as well.
Play Trivial Pursuit with Security+ for Only $225!
Question: What is true about Kevin Mitnick?
A. He is a felon released from prison that now teaching social engineering tricks.
B. He is an amateur compared to Frank Abagnale, Jr.
C. He has a book out called the Art of Deception
D. All choices are correct
Answer: D. All choices are correct
If you are wondering how this data will make you a better IT professional in regards to security, all I can say is at least in the real-world; they can both teach you how to smell social engineering scams.
If you are reading this Mr. Mitnick, this is not intended to belittle you. I loved your book and suggest every IT person should read it. Hell, everyone should read it. Now I have never met you, and I did meet Frank Abagnale, Jr. Compared to him, you ARE an amateur. You wound up in prison, like Frank did. However it appears nobody wants to publicize that Frank escaped a Federal maximum security prison by walking out the front gate. THEN the FBI cut a deal. Its OK Kevin, Frank is much older and had more time to figure things out.
So, what does all this have to do with Security+? Plenty. CompTIA item writers come from the front lines. The only stipulation is the item writer cannot be a trainer or author. That pretty much insures you will get folks writing questions that have no relevance to the real world. I don’t have to have met, or even care who Phil Zimmerman is to use Pretty Good Privacy (PGP). Yet some item writers think knowing who Phil is creates a measurement of your Security abilities.
I would really like to know why having the name, Rijndael burned in my brain for creating ASE makes me somehow magically be more productive with this encryption scheme.
If you have taken the Security+ test, drop me a line for your favorite Huhs? I’ll update this document as they come in. Your tip could be worth $225 to someone. And if enough people pass this document around, maybe the folks writing A+ 2003 will get a clue that knowing Alan Shugart is the father of the SCSI interface doesn’t help me make a SCSI chain work better.
At Large,
Tcat Houser | |
| RussS 2003-07-23, 10:36 pm |
| I'm laugh if I hadn't blown so many bucks already on this exam ... $495 to sit it here 
Tcat - you know very well my thoughts on this damn exam. It still grates on me that a so-called professional certification can be so filled with subjective answers.
My fav is ... What is considered the most common form of Social Engineering? (not the exact wording, but close enough).
From experience working in different industries I would have to say that it depended on the location and the industry ... IE. In the fashion design area it would be dumpster diving as must designers prefer charcoal drawings above any
current computer based system, but in say something like the banking industry I
would guess the telephone would be the deal. | |
|
| Thanks Russ! (Other thoughts?)
Save some money Russ by using http://www.ExamVouchers.com (you can even put $5 in my pocket if you tell them I sent you).
The last CompTIA exam that was written by professionals was N10-001. Now David Groth and I are "competiors", and we still managed to put our head together and come up with questions that we're not subjective for that exam. No more 'professionals' writing CompTIA exams. I can't fix that. I can make dang sure we all don't pay over and over for subjective questions.
 | |
| RussS 2003-07-24, 12:21 am |
| I'll be sure to do that if they are useable here in NZ. | |
| RussS 2003-07-24, 12:53 am |
| other thoughts? hmmm, I guess there is overly much emphasis placed on operational/organisational policy. I think in most cases the CEO or the VP doesn't send memos to the tech staff about issues ... lol. Supposed to be 15%, but I would bet on my second attempt was much higher.
To quote a security analyst who missed
quote:
Bottom line is they're testing someone on their ability to guess for a good 20% of the questions. "Here's 4 right answers, which one do WE think is right?".
quote:
personally think that SANS has a better exam structure. not only do you have to write a practical essay for most of their GIAC certs you also have to take a multiple choice exam that is open book. because they realize that this day in age having access to online materials as well as print materials is essential. they know that nobody in their right mind is gonna remember all the different standards and RFC's and common criteria. the essay is a good way to gauge someone's grasp of the subject matter and their knowledge on the subject.
Have to agree totally there.
One of the areas that caught me the first time around was those odd ports ..
1293
1645
1646
1701
1723
1812
1813
3389
4500
yup - all those very well known ones ... lol
Myself, if I am reading port scan readouts I always check the iana.org site and do not rely on memory unless it is one of the well known ports that we see daily. They say there are 65,000 odd port numbers, but in reality the number is limitless from my calculations - anyway, who is gonna remember 65,000 ..... lol | |
| sapiens74 2003-07-24, 6:11 am |
| I can memorize ports.
Thing is they will put stuff like
Which port is used for Yahoo IM:
A. 80
B. 119
C. 21
D. 5000
I know the first 3 aren't right.
Only good thing about ports I guess | |
|
| heh heh heh - so true  | |
| Adheer 2003-08-01, 2:24 pm |
| Tcat and Russ ....you guys are critical about these exams in general....but seem to be critical and wise only after aquiring so many certificates as mentioned in your profile. Is it like ...you loose the value of money if you have lots of it...? | |
|
| I don't fully get the question 
I know I have to take every exam because I would have no credibity as a author if I didn't pass what I was writing about.
Security+ is a much needed cert for the industry. And yes, I am wondering in public why knowing who Phil Zimmerman is helps you run PGP. Since the next subject matter expert writing the questions for CompTIA xyz+ maybe *you* or another reader here, hopfully this line of public questioning will notch things up for say, A+ 2003. If not, we're going to get questions about who was Alan Shugurt?  | |
|
| Someone wrote me privately and complained about SkipJack. Judging by the persons age, he would have been playing with tonka trucks when SkipJack was a hot topic.
I present my "skipjack" piece from the aborted i-Net+ Ik0-002 book.
"(Wise Owl) Asymmetric encryption involves two keys (public-private)
(Wise Owl) Symmetric encryption uses one key (secret key)
Skipjack
Contrast Skipjack with the offerings you just read. It is not a public key solution such as PGP and RSA. With this encryption scheme transaction carries its own key, enfolded within it. This means that even if one transaction is compromised, that information cannot be used to compromise another transaction since each key is unique to each transaction. And it is nearly impossible to break even one transaction, even by brute force techniques.
One measure of security is often taken by judging key space - the bigger the key space the better. Compare Skipjack to PGP or RSA that supports a key space of 2 to the 2048th power. By comparison, Skipjack supports a minimum key space of 225 to the 2000th power.
While the term Skipjack may not be familiar to you, if you watched the news in the mid 1990’s, you are familiar with Skipjack. Remember the United States government pushing the idea of the Clipper chip? Clipper is the popular name for Skipjack. In the real world, Clipper is dead."
(Real World Owl) i-Net+ objectives say know what Skipjack is. Know it when over like a lead balloon. | |
| Adheer 2003-08-01, 3:43 pm |
| I agree with you. I just wanted to say that for beginners it doesn't matter if they have to know any subjective matters like people who created the algorithms etc. Infact some knowledge on people behind IT security is helpful to retain related information.
This being an introductory exam I think one or two such questions are ok. It is like in school physics exam we used to learn answers to questions like who discovered x-rays?!!! | |
|
| http://www.takedown.com/evidence/voicemail/th1.au
!!!!!
I remember a long time ago I went to take this bio final for my GF being this hot shot bio major and all...
and question 1 was...
who is the author of the book we used in class...
I went WTF...
look around and the girl next to me who was studying before the class left her book on the floor, so I used my low kick technique and realign it just so to ensure a perfect 100! | |
|
| Adheer - I think we are at cross purposes here. Yes I have a couple certifications and I am intending to get more as I have have an interest to know and understand about various areas of this filed I have decided to enter.
However quote:
Tcat and Russ ....you guys are critical about these exams in general....but seem to be critical and wise only after aquiring so many certificates as mentioned in your profile. Is it like ...you loose the value of money if you have lots of it...?
is far from the situation. I fully understand the value of money as I left an extremely well paid position to study something I have great enjoyment doing. Here in New Zealand the Sec+ exam is $495 and for me to blow that twice is not good for my pocket and extremely frustrating.
I know that I should have passed the exam and am very self critical about my inability to ignore what I know is fact and to just try to understand Comptias reasoning. However, as a professional in a technical field I expect - nope DEMAND, that an exam for a professional certification is..
1. Based on FACT and not opinion.
2. Is error free.
3. The question percentage actually matches the objective percentage.
4. Questions are based on the working of a topic and not who discovered it and who he was sleeping with at the time (lol).
Unlike Tcat I am not much of a writer and find that I lean more towards working with other students and think perhaps a position as a tutor is something I may enjoy. However that can wait a whaile as there are a lot of systems and networks out there that I wish to explore and learn from first. |
|
|
|
|