Monday, December 17, 2012

Comparing Decimal, Hexadecimal, and Binary


If you're working on a certification exam such as the CompTIA A+Network+, or Security+ certification, you might need to review your knowledge of decimal, hexadecimal, and binary. It's basic knowledge, but it's needed and I've found that some people never learned it.

Decimal

Decimal numbers use a base of ten and include the numbers 0 to 9.

Hexadecimal

Hexadecimal numbers use a base of 16 and include the numbers 0 to 9 and the characters A to F.

Binary

Binary numbers use a base of 2 and include only the numbers 0 and 1. The following table shows how binary is raised to different powers to give different values in a four bit binary number.
2^32^22^12^0
8421
  •  Any number raised to the power of 0 is 1 so 2^0 is 1.
  • Any number raised to the power of 1 is itself so 2^1 is 2
  • 2 raised to the power of 2 is the same as 2 x 2 (2 squared or4)
  • 2 raised to the power of 3 is the same as 2 x 2 x 2 (2 cubed or 8)

Comparing Numbers

The following table compares each of these number systems side by side.
DecimalHexadcimalBinary
2^32^22^12^0
000000
110001
220010
330011
440100
550101
660110
770111
881000
991001
10A1010
11B1011
12C1100
13D1101
14E1110
15F1111

Other Resources

If you plan on taking the A+,  Network+ or Security+ exams to give yourself the CompTIA Trio, check out these resources:

A+

Network+

Security+

Wednesday, December 12, 2012

CISSP Rapid Review Book Excerpt

CISSP Rapid Review

If you're planning on taking the CISSP exam, you know that it covers an extensive amount of knowledge and takes quite a bit of time to prepare. Your best bet is to get a comprehensive book such as the CISSP: Certified Information Systems Security Professional Study Guide (ISBN-13: 978-1118314173) by Darril Gibson, James Stewart, and Mike Chapple to learn as much as possible about the exam domains. You'll also want to take some practice test questions to get an idea of the exam questions.

As a late stage study tool, you might like to use a recently released book titled CISSP Rapid Review (ISBN-13: 978-0735666788) by Darril Gibson. The book is currently available as an eBook on O'Reilly's site.

This book is designed to remind you of the important concepts and help you determine if you still understand them. A common phrase with the CISSP exam is that it's a mile deep and an inch deep.  That's certainly true, but when you're studying you often have to study topics at some depth so that you understand them even if the actual questions might only expect you to have surface knowledge.

With that in mind, you won't find a lot of depth in this book, but instead, it gets right to the point reminding you know what's important. It includes listings of key exam topics, true/false questions to check your knowledge, and key information for each of the domains.

The following is a short excerpt from chapter 5 covering objectives 5.3 to give you an idea of how the book is laid out.

Of course, there also some great courses out there that are valuable to take prior to the exam. Infosec Institute hosts a seven-day CISSP Prep Course Overview that reports a 93 percent pass rate by the students.

Full post continued here....

Monday, December 10, 2012

CompTIA CEUs


If you have the CompTIA A+Network+Security+, Storage+, or CompTIA Advanced Security Practitioner (CASP)  certification, you're required to complete and register continuing education units (CEUs). This blog covers many of the common questions surrounding CEUs.

Common Questions 

Here are some of the common questions related to CEUs. You can also view some questions and answers on the CompTIA site at the following pages:

Which Certifications Require CEUs?

Only the following certifications are currently in the CompTIA CEU program.
  • CompTIA A+
  • CompTIA Network+
  • CompTIA Security+
  • CompTIA Storage+
  • CompTIA Advanced Security Practitioner (CASP)

How Much Does it Cost?

The following list shows the annual fee and cost for each of these certifications.
  • CompTIA A+ $25 (Total $75)
  • CompTIA Network+ $49 (Total $147)
  • CompTIA Security+ $49 (Total $147)
  • CompTIA Storage+ 49 (Total $147)
  • CompTIA Advanced Security Practitioner (CASP) $49 (Total $147)

Do I Have to Earn CEUs for All CompTIA Certifications

No. You only need to earn certifications for the highest level of certification.  The following list shows the order of lowest to highest level of certification.
  • CompTIA A+
  • CompTIA Network+
  • CompTIA Security+
  • CompTIA Storage+
  • CompTIA Advanced Security Practitioner (CASP)
In other words, if you have A, Network+, and Security+, you only need to meet the requirements of Security+.

How Many CEUs Do I Need

The following list shows how many CEUs you need for each certification.
  • CompTIA A+ 20 CEUs
  • CompTIA Network+ 30 CEUs
  • CompTIA Security+ 50 CEUs
  • CompTIA Storage+ 50CEUs
  • CompTIA Advanced Security Practitioner (CASP) 75CEUs

What Can I Do To Earn CEUs?

The most common way to earn CEUs is to pass the most current version of the exam or a higher level exam.  For example, if you have the A+, you're required to gain 20 CEUs. If you then pass the Network+, you earn 30 CEUs and met the requirement for the A+.
You can also meet the requirement taking and passing another vendor's higher level certification.  For example, if you have the CompTIA Security+, you'll meet he requirement by taking and passing the ISC2 SSCP or CISSP. This page lists the other certifications that give full credit.  Click on the [+] to view the qualifying certifications for each group.
Some other activities that qualify are:
  • Teaching or lecturing on relevant topics.
  • Attending courses or computer based training
  • Attending relevant conferences or events
  • Attending a CompTIA exam development workshop
  • Publishing, books, blogs, articles, or whitepapers
A full list of qualifying activities including how many credits for each are listed in this PDF.

Do I Need To Pay If I'm In The DoD?

No. If you're in the United States Department of Defense (DoD), these fees are paid for by the DoD. This does not apply to DoD contractors but instead only active duty and civil service employees. This page has most of the information you need.

How Do I Register my CEUs?

You first need to register with the CompTIA site. You can do so from here. If you've registered before, you can log in from here.
You are required to comply with the CompTIA Code of Ethics Policy and be up to date for the required maintenance fees before you can register.

Summary

The following list summarizes the order of the CompTIA certifications requiring CEUs, the annual and total cost of each, and how many CEUs are required.
  • CompTIA A+ $25 (Total $75), 20 CEUs required
  • CompTIA Network+ $49 (Total $147), 30 CEUs required
  • CompTIA Security+ $49 (Total $147), 50 CEUs required
  • CompTIA Storage+ 49 (Total $147), 50 CEUs required
  • CompTIA Advanced Security Practitioner (CASP) $49 (Total $147), 75CEUs required

Friday, December 7, 2012

A+ and RAM


If you're planning on taking the CompTIA A+ exams, you should know some basics about random access memory (RAM) including how to recognize it, how to install it, and how to troubleshoot it. I just had to troubleshoot a minor problem with a system that required me to do some basic troubleshooting with RAM and it reminded of how easy things can be if you know the right steps and can follow them.

Some Basics

First, here are some basics about RAM used in most PCs:
  • The primary type of RAM used in a PC is Double Data Rate 3 (DDR3).
  • DDR and DDR2 are also used but have largely been replaced with DDR3.
  • You can't mix and match DDR versions. In other words, DDR2 memory won't fit in DDR3 slots.
  • RAM comes in memory sticks known as Dual Inline Memory Modules (DIMMs).
  • RAM for laptop computers comes in small outline DIMMS (SODIMMs).
  • Error Correcting Control (ECC) is an added feature that improves the reliability of RAM by detecting and correcting errors. However, it is rarely used in desktop or laptop PCs. Instead, it is used in high-end servers to improve their reliability.
  • Parity is another added feature in that can improve the reliability of RAM by detecting errors but it is rarely used in desktop or laptop PCs.
  • When replacing RAM, you should use the same speed. If speeds are mismatched, the RAM will operate at the slower speed. Also, if the RAM is rated at a faster speed than the motherboard can handle, the RAM will run at the slower speed of the motherboard.
  • When installing dual-channel RAM, you should install a matched set of DIMMS into the same bank. A bank will be two slots of the same color.

Calculating RAM Speeds

You should also be able to calculate the names and performance characteristics of RAM based on the the clock, or identify the clock based on the name.  First, there are two types of names.
  • DDR Standard Name (such as DDR3 800)
  • DDR Module Name (such as PC3 10600)
It's important to understand these names, especially when you're purchasing replacement RAM or upgrading RAM. DDR3 is often listed with the PC3 name. If you know what clock your system is using (you can check the BIOS), you can identify what RAM to purchase. For example, if your system is running a 200 MHz clock, you can purchase DDR3 RAM named PC3-12800 or DDR3-1600. If you buy faster more expensive RAM, it will still run at the slower speed of the clock.

DDR Standard Names

You can calculate the standard names when you know the clock with the following formulas for DDR, DDR2, and DDR3 type RAM.
  • DDR Standard Name
    Clock x 2 (double pumping)
  • DDR2 Standard Name
    Clock x 2 (Clock Multiplier) x 2 (double pumping)
  • DDR Standard  Name
    Clock x 4 (Clock Multiplier) x 2 (double pumping)
For example, if the clock on a system is 100 MHz, the RAM would have the following names:
  • DDR Standard Name = DDR-200
    100 Mhz x 2 (double pumping)
  • DDR2 Standard Name = DDR2-400
    100 Mhz x 2 (Clock Multiplier) x 2 (double pumping)
  • DDR Standard Name = DDR3-800
    100 Mhz x 4 (Clock Multiplier) x 2 (double pumping)
The shortcut formulas for these DDR Standard Names are:
  • DDR Standard Name
    Clock X 2
  • DDR2 Standard Name
    Clock X 4
  • DDR3 Standard Name
    Clock X 8

DDR Module Names

You can calculate the module names when you know the clock with the following formulas for DDR, DDR2, and DDR3 type RAM.
  • DDR Module Name
    Clock x 2 (double pumping) x 64 (bits) / 8 (Bytes)
  • DDR2 Module Name
    Clock x 2 (Clock Multiplier) x 2 (double pumping) x 64 (bits) / 8 (Bytes)
  • DDR Module Name
    Clock x 4 (Clock Multiplier) x 2 (double pumping)  x 64 (bits) / 8 (Bytes)
For example, if the clock on a system is 100 MHz, the RAM would have the following names:
  • DDR Module Name = PC-1600
    100MHz x 2 (double pumping) x 64 (bits) / 8 (Bytes)
  • DDR2 Module Name = PC-3200
    100MHz x 2 (Clock Multiplier) x 2 (double pumping) x 64 (bits) / 8 (Bytes)
  • DDR Module Name = PC-6400
    100MHz x 4 (Clock Multiplier) x 2 (double pumping)  x 64 (bits) / 8 (Bytes)
The shortcut formulas for these DDR Module Names are:
  • DDR Module Name
    Clock X 2 X 8
  • DDR2 Module  Name
    Clock X 4 X 8
  • DDR3 Module Name
    Clock X 8 X 8

Troubleshooting RAM

I was just working on a computer running Windows 7 that has 12 GB of RAM installed. I added two virtual machines (VMs) with 3 GB each, but the second machine wouldn't run. I figured with 3 GB each for two VMs, that left 6 GB for Windows 7 and everything should have been fine.
I double-checked how much RAM was installed using the Computer Properties page.  (Click Start, right-click Computer and select Properties.) It showed 12 GB of RAM was installed.
I started the System Information applet (click Start, type in msinfo32 and press Enter). I looked at the system summary page and saw that the Installed Physical Memory was listed at 12 GB but the Available Physical Memory was only 8 GB.  Hmmm..
If I was running Windows 7 Home Basic, my system is limited to only 8 GB but I was running Windows 7 Ultimate which supports as much as 192 GB of RAM.  That's not the problem.

Hardware or Operating System

At this point, I know I have 12 GB of RAM, but the operating system is only seeing 8 GB. The way to tell if this is a hardware problem is check BIOS.
I restarted by system and pressed F2 to access the BIOS Setup page. (F2 and Delete keys are commonly used to access the BIOS.) When it started, I checked the System Information page and saw that the BIOS was only recognizing 8 GB of RAM. Aha! The problem is hardware.

Reseat the DIMMS

I shut down the system and opened up the case with the goal of reseating the RAM sticks.
When installing or upgrading RAM, you should follow electrostatic discharge (ESD) damage prevention practices such as with an ESD wrist strap. I didn't have one handy and didn't plan on touching any electrical components. However, I still did the standard self-grounding practice of touching the power supply case.  I also unplugged the power from the system to ensure soft power was not applied to the motherboard.
I then slightly pushed the tab on the left side of a DIMM to push it out of the slot slightly and then I pushed it back in until I heard a click. I repeated the same step on the right side tab and then I did the same two steps on each of the DIMMs.
Next, I closed up the case, plugged it back in and checked the BIOS. 12 GB was now recognized. I booted into Windows 7 and went back to work.

Other Resources

If you plan on following up your A+ studies with Network+ and Security+ to give yourself the CompTIA Trio, check out these resources:
If you're preparing for the A+ exams, make sure you know some basics about RAM. Also, when you're troubleshooting any PC components, don't forget about the simple steps to verify the BIOS can recognize the hardware, and if it can't try reseating the component. Sometimes, that's all it takes.

Tuesday, December 4, 2012

You Can Pass the Security+ Certification

Many times I hear from people asking if they can pass the Security+ SY0-301 exam and earn the Security+ certification. My answer is almost always a hearty yes, but I also spend some time telling them how.  If you were thinking of pursuing this, you might want to know how you can earn the certification. If you've been working with computers for a while (and most people have), this is achievable. And when you have you'll find that it often opens up doors of opportunity for you.

What's Required?

First, there are no prerequisites except for some money to pay for the voucher. The voucher is $276 though you can often find  discounted vouchers for cheaper. For example, this company often has discounted vouchers for cheaper. Sometimes they're just a little cheaper, and sometimes they are a lot cheaper.
Browse categories:
Beware of some unscrupulous people selling vouchers on eBay. Some have sold bogus voucher numbers that aren't valid and the buyers have lost their money. However, some people have had success this way too.

What's Recommended?

CompTIA recommends the following:
  • A minimum of 2 years' experience in IT administration with a focus on security
  • Day to day technical information security experience
  • Broad knowledge of security concerns and implementation including the topics listed in the Security+ objectives
The objectives include six domains:
  • 1.0 Network Security (21% of exam)
  • 2.0 Compliance and Operational Security (18% of exam)
  • 3.0 Threats and Vulnerabilities (21% of exam)
  • 4.0 Application, Data and Host Security (16% of exam)
  • 5.0 Access Control and Identity Management (13% of exam)
  • 6.0 Cryptography (11% of exam)
The exam is heavy on networking topics so ideally you will have some networking knowledge.  Ideally, you will have taken and passed the Network+ exam first but I have taught many students without this knowledge and they have taken and passed the exam.  If you're studying for the Network+ exam, check out these quality practice test questions for only $9.99.

What Should You Study?

Many people have used the  CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide to study for this exam. If you take a look at the reviews on Amazon you can see that over 85 people have given it five star reviews after using to take and pass the Security+ exam the first time they tried.
Some people with technical backgrounds have posted that they read the book over the weekend and took and passed the exam on Monday. I'm impressed that anyone could read that many pages over the weekend and I'm not in that category. However, it does give an idea of how the book has been able to fill in the right knowledge gaps for people so that they could quickly pass the exam.
Similarly, I've taught many classes with this book in a Monday through Friday daytime setting and people have taken and passed the exam on Friday afternoon or Sunday morning.
This blog includes multiple pages on Security+ you can check out too.

Are There Any Practice Test Questions?

The  CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide includes over 450 practice test questions in it. This includes practice test question in a pre-assessment, after the end of each chapter, and a post assessment at the end. I recommend the study guide as the primary study source but if you've already been studying from another source and want to test your readiness with some practice test questions, you might like to check out one of these sources.
If you use any practice test questions you should ensure that they have explanations. In my experience, I've noticed that practice test questions without explanations often aren't the best quality and include incorrect answers. I have taught students that have memorized the incorrect answers to these types of practice test questions and they had a hard time unlearning the faulty knowledge they hammered into their head.
Also, you should take the time to ensure you know why the correct answers are correct, and why the incorrect answers are incorrect. Ideally, you should be able look at any question and be able to identify the correct answer knowing why it is correct, and why the incorrect answers are incorrect. This way, you'll be prepared to correctly answer the questions no matter how they are worded.

How Long Will It Take To Get Ready?

Exactly 64, 800 minutes. That might sound like a better answer than "it depends" but "it depends" is a more realistic answer. In truth, it depends on what your background knowledge is, how much time you have to study, and how determined you are to stick to a study schedule. However, here's a formula that works. Pick a day 45 days from today and set a goal. For example, it might be February 19th and your goal will be:
  • I will take and pass the Security+ exam by midnight on February 19th.
  • Repeat that goal to yourself every day between now and February 19th and start taking action to make it happen.
  • Buy a book such as the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide and spend time studying it every day.
  • If something doesn't come clear, post a question to a public forum such as at TechExams.net where friendly people are willing to help you achieve your goal
  • Buy a voucher and schedule the exam at a Pearson Vue testing center as soon as you can. You can reschedule later if you have to but when you're scheduled, you're more likely to follow through.
By the way, 64,800 minutes works out to 45 days.

Celebrate

If you follow these steps, you'll join the thousands of people before you that have become Security+ certified.  Other people have done this. You can too.

Summary

If you want to take and pass the Security+ SY0-301 exam and earn the Security+ certification, these steps can help you do so. The key is to take action now to get started. Good luck.

Monday, December 3, 2012

Network+ Performance Based Questions


Performance based testing is one of the biggest changes that have been occurring with CompTIA certification exams. They are in current 800 series  A+ exams, the Network+ exam, and coming after the first of the year in Security+ exams.  Instead of just multiple choice questions, you can expect to see a mixture of different types of questions.
An earlier blog titled CompTIA Performance Based Testing talks about some of the changes in more depth but here's just a few tidbits on the types of questions you might run across on  the Network+ exam. Overall, it's good news.
You probably won't see more than three of these types of questions and they are less about doing something than actively showing you have the knowledge.
Realistic Practice Test Questions for the Network+ exam.
CompTIA Network+ N10-005 Practice Test Questions (Get Certified Get Ahead)

Identify

As an example, objective 3.2 "Categorize standard connector types based on network media" expects you to be able to identify different types of connectors. You should be familiar with each of the media listed. One way to make sure you're prepared is to view pictures of the different types of media. You can easily do so with Google images to remind yourself.
This page includes some multiple choice practice test questions related to different connector types.
Realistic practice test questions for the Network+ N10-005 exam
Available through LearnZapp on your mobile phone

Tools

Similarly, you might be required to identify a tool based on a specific requirement. For example, objective 4.2 "Given a scenario, use appropriate hardware tools to troubleshoot connectivity issues" expects you to know the purpose of many common tools.  If you need to identify a tool by sight that can identify a short or open, what tool would you use?
A past post titled Network+ Hardware Tools includes basic explanations of these tools along with links to images of them.

Summary

If you're planning on taking the Network+ exam soon, make sure you can identify many of the different connectors and tools by sight. Good luck.