Tuesday, January 29, 2013

CompTIA Security+ Get Certified Get Ahead: SY0-301 Study Guide Excerpt


The CompTIA Security+ SY0-301 certification validates foundation-level security knowledge and skills and is recognized by organizations around the world. As an example, the U.S. Department of Defense requires personnel to have this certification to retain administrative access.

The CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide (ISBN 978-1463762360) covers all six domains of the Security+ exam. At the beginning of the book, you’ll find a listing of all the objectives along with the specific chapter where the objective is covered. Each chapter includes a list of the specific objectives covered in the chapter and Remember This blocks are sprinkled throughout to remind you of key information you’ll need for the exam.

It includes a pretest at the beginning of the book, practice test questions at the end of each chapter, and a post test at the end of the book. All of the practice test questions include detailed explanations so you’ll know why the correct answer is correct, and why the incorrect answers are incorrect.

Of course, there are also some great courses that many people find valuable to help them prepare. Infosec Institute hosts a five-day CompTIA Security+ Boot Camp taught by an expert security instructor.  They also have Security+ Online Training in two separate formats depending on your needs.

Tuesday, January 1, 2013

CompTIA A+ Training Kit (220-801 and 220-802) Excerpt


If you're planning on taking the new A+ exams (220-801 and 220-802), you know that they cover an extensive amount of knowledge and will take you some time to prepare. Your best bet is to get a comprehensive book such as the CompTIA A+ Training Kit (Exam 220-801 and Exam 220-802) (ISBN- 978-0735662681) by Darril Gibson. The book covers all five domains of the 220-801 exam and all four domains of the 220-802 exam. It includes a CD with practice test questions and the entire book in a searchable PDF format.

The book takes you through the inner workings of a computer in simple to understand language. Chapters 1 through 10 focus primarily on hardware components. Chapters 11 through 17 cover the specific Windows operating systems mentioned in the objectives. Networking topics are covered in chapters 18 through 24. Last, chapters 25 and 26 cover some security topics.

Each chapter includes a list of the specific objectives covered in the chapter to help you remember what is important for each exam. At the beginning of the book, you’ll find a listing of all the objectives along with the specific chapter where the objective is covered.

Most chapters start with a real world scenario illustrating how some of the knowledge directly relates to real world and on-the-job situations. Exam tips are sprinkled throughout to remind you of key information you’ll need for the exams and notes are occasionally used to provide amplifying information about a topic. At the end of most sections, you’ll find two or three Quick Check questions and Quick Check answers to help you test your knowledge of the key information in the topic.

At the end of the chapter, you’ll find a chapter summary along with some practice test questions. All of the practice test questions (on the CD and in the chapters) include detailed explanations so you’ll know why the correct answer is correct, and why the incorrect answers are incorrect.

Of course, there are also some great courses that many people find valuable to help them prepare. Infosec Institute hosts a five-day CompTIA A+ Boot Campwhich includes the cost of the exams and on-site testing. They also have A+ Online Training in two separate formats depending on your needs. 

Security+ and Performance Based Questions


If you’re planning on taking the Security+ exam you can expect to see performance based questions.  They have already been added to A+ and Network+ exams. You can read more about performance based questions here, but in short a performance based question requires you to perform a task rather than simply requiring you to answer a multiple choice question.
I've field several questions about these related to Security+ so here are some answers to some common questions.

When Do They Appear in Security+?

CompTIA has stated that these types of questions will begin to appear in the Security+ exam in the first quarter of 2013. This could be any time between January 1st and March 31st, 2013.
If you've taken the exam and you saw them, I'd love to hear from you so that I can let readers know they have started to appear. You can leave a comment on this page or send me a note through my contact page.

Pass the Security+ exam the first time you take it
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

How Many Questions Are on The Security+ Exam?

When you have only multiple choice questions, the Security+ exam includes 100 questions.
When performance based questions are added, you'll probably have 90 questions with 87 questions being basic multiple choice questions and three being performance based questions. Here are a couple of pages that give sample multiple choice questions:

What Performance Based Questions Should I Expect?

At this writing, the only people that know the answer to this question are people at CompTIA. However, based on how CompTIA has done this with other exams, we can predict what you might see.

Command Prompt

You might be asked to perform a task from the command prompt. You'll have access to a simulated command prompt and be required to perform a specific task.
In the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide, I gave an example (pages 411 and 412) with a couple of graphics that could easily be used in this exam.
The question could go like this: "Determine if the file shown in the graphic is valid."  The file in the graphic includes a valid MD5 hash.
You are then put into a command prompt with nothing more than a blinking cursor. What do you do?
The first step is to see what is in the current directory. You could do so with the dir command. More than likely, you'll see the file that was displayed in the graphic, along with programs that can be used to create a hash such as md5sum and sha1sum.
Next, you'd calculate the hash on the file using the correct program. This requires you to know that the hash shown in the graphic is an MD5 hash. You'd then run the md5sum program against the file to calculate the hash. If the hash shown in the graphic was a SHA1 hash, you'd need to run sha1sum instead.
That's it. In retrospect, you only need to enter two commands: dir and md5sum filename. However, you need to have some underlying knowledge to do so successfully.

Click on a Diagram

You might be asked to click on a diagram to select something. As an example, you might be tasked with giving a user appropriate permissions to perform job tasks. The diagram then shows a list of groups with specific permissions assigned. You then need to pick which group (or groups) to put the user into.
The key here would be to remember the principle of least privilege and ensure that the user is granted enough rights and permissions to perform the job and no more.

Learn by listening 
Key points from the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide
Over one hour and 20 minutes of audio from the "Remember This" blocks
Over three hours and 20 minutes of questions and answers on audio

What is the Biggest Challenge?

Many of the questions are straight forward and it's easy to identify what is desired. However, the biggest challenge many people report with these types of questions is figuring out what some of the questions are actually asking. For example, the sample in the Command Prompt section earlier only states "Determine if the file shown in the graphic is valid" and shows a graphic. It doesn't tell you to run the dir and the md5sum commands. However, this is the only way you can determine if the file is valid.
With that in mind, you often need to give these types of questions a little more thought and pay attention to the clues given in the question.

How Much Are These Questions Worth?

More than likely these questions are worth more than a typical multiple choice question. While CompTIA doesn't release the actual value of any single question, it's entirely possible that each question is worth a little more than 4 percent of the total.
If the original exam has 100 multiple choice questions and the new exam has 87 multiple choice questions with three performance based questions, these three performance based questions could be worth about 13 percent of the total. If you divide 13 percent by three, it's a little over 4.

Will Books Be Updated to Include Performance Based Questions?

It's unlikely that any books will be updated specifically for the Performance Based Questions. It takes an extensive amount of time and effort to rewrite, edit, layout, proof, and reprint books.
Certification books are typically only updated when the certification changes significantly. For example, the differences in the objectives between SY0-201 and SY0-301 Security+ objectives were significant. Publishers that had SY0-201 books in print published new books on the SY0-301 exam.
Further, most books include the content needed to successfully pass these performance based questions. The objectives aren't changing. The only that is changing is the way that the objectives are being tested. If you understand the content, you will be able to answer the questions.
Along these lines, I've been asked a few times if the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide will be updated. This isn't likely. I expect that CompTIA will be releasing new objectives for the SY0-401 exam sometime this year.  When they do, I'll be updating the SY0-301 Study Guide. You'll probably still be able to take the SY0-301 exam through at least part of 2014.
Realistic practice test questions for the Security+ SY0-301 exam
Available through LearnZapp on your mobile phone

Summary

If you’re planning on taking the Security+ exam any time from today on, you can expect to see performance based questions. These questions are different than multiple choice questions but they are not impossible to answer. If you understand the content, you will likely be able to answer these questions without too much difficulty.