Wednesday, December 10, 2014

Free Online Course to Earn 3 CompTIA CEUs

You can earn 3 CompTIA CEUs with the new Mastering Security Basics course.
CompTIA recently approved this course for 3 Continuing Education Units (CEUs) for the following certifications:

  • CompTIA A+
  • CompTIA Network+
  • CompTIA Security+ certifications.

Mastering Security Basics Course CompTIA CEUs

The Mastering Security Basics Course covers the following topics:
  • Core Security Goals
  • Basic Risk Concepts
  • Authentication Concepts
  • Authentication Services
It is derived from Chapter 1 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide and includes all of the practice test questions from that chapter. It also includes the labs from Chapter 1. Because I didn't have to worry about print space for the online course, I also added some additional graphics.  

Includes PDF for CompTIA CEUs

CompTIA Authorized PartnerWhen you complete the course, you can print out a PDF documenting your completion. The course also includes basic instructions on how you can submit the PDF to CompTIA for CEUs.

Full Chapter Content

You can also use this course to get a peek at the content of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.

For example, if you're considering pursuing the Security+ certification, this gives you a free opportunity to view some of the content.

You might be surprised how easy some of this content comes to you.

How Many CEUs Do You Need?

You need to either pass a higher level certification or earn a specific number of CEUs during a three-year period. As an overview, here are some of the requirements.
  • CompTIA A+ 20 CEUs
  • CompTIA Network+ 30 CEUs
  • CompTIA Security+ 50 CEUs
This online course is covered under the activity title of Complete a Training Course. The max number of CEUs that you can earn through courses such as this are:
  • CompTIA A+ 16 CEUs
  • CompTIA Network+ 24 CEUs
  • CompTIA Security+ 40 CEUs

Friday, November 28, 2014

Hashing Practice Test Questions

Hashing is an important concept, especially if you plan on taking any type of security exam. This includes the CompTIA Security+ and CASP exams, and (ISC)2's SSCP and CISSP exams.

Can you answer these Security+ questions?

As with any practice test questions, not only should you know why the correct answers are correct, but also why the incorrect answers are incorrect. This way, no matter how CompTIA words the questions, you'll be able to answer them correctly.

Hashing Question 1

Of the following choices, what can you use to verify data integrity?
A. AES
B. DES
C. RC
D. SHA

Hashing Question 2

Lisa manages network devices in your organization and maintains copies of the configuration files for all the managed routers and switches. On a weekly basis, she creates hashes for these files and compares them with hashes she created on the same files the previous week. Which security goal is she pursuing?
A. Confidentiality
B. Integrity
C. Availability
D. Safety

Wednesday, November 19, 2014

7 Steps to Get the Security+ Certification

The CompTIA Security+ certification is popular, and for good reason. Businesses are concerned about security, and this helps them realize job applicants have some awareness about security.

Add this certification to your résumé and you'll be more marketable in today's job market.

 Get your Security+ Certification 

Security+ Certification in 7 Steps

Because of this many IT professionals have this certification and it doesn't have to be difficult.
There isn't any guaranteed path to pass the Security+ Certification. However, you can use the following 7 steps to add the Security+ certification to your résumé. This is the path that thousands of others have used to get the Security+ certification, and you can use them too.
  1. Get a good study guide.
  2. Set a goal 45 days out from the day you receive your study guide.
  3. Start studying the book.
  4. Supplement your studies with online materials such as blog posts.
  5. Buy a voucher (assuming your employer doesn't buy it for you).
  6. Schedule your exam for your target date.
  7. Use quality practice test questions with explanations.
Note that these steps assume you meet the prerequisites and have relevant networking knowledge. However, you don't need to have any other certifications such as Network+ before getting the Security+ certification.

Step 1 of 7 to get the Security+ Certification 

Get a good study guide.

One of the best ways you can identify a good study guide is by the online reviews. The CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide has about 500 5-star reviews a total of around 600 reviews.

The CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the 301 study guide and has all of the same elements that made the 301 study guide so popular. It hasn't been out as long so doesn't have as many reviews, but the reviews that are up are favorable.

When shopping for a study guide, ensure you get one for the exam that you're planning to take. Exams periodically change and using an old book to take a new exam is not recommended. At least not if you want to pass the exam the first time you take it.

Pass the First Time with the

Step 2 of 7 to get the Security+ Certification

Set a goal 45 days out from the day you receive your study guide.

A target of 45 days will let you master about 1 1/2 chapters per week. Some of the chapters might take you less time and some might take you more time. No problem. You can modify your target date later or reschedule your exam.

However, a recipe for success in almost any pursuit includes setting a goal.

If you look at the reviews on Amazon, you'll see that quite a few people followed this advice, and took the exam within 45 days. They did it. You can too.

First step though, is to get a study guide.

Step 3 of 7 to get the Security+ Certification

Start studying the book.

Set a time to read the study guide daily and stick to your schedule. It might be in the morning, in the evening, late at night after everyone else is in bed. It doesn't matter when you study. However, you do need to study every day.

Most study guides include an objective map. For example, the CompTIA Security+: Get Certified Get Ahead SY0-401 Study Guide lists the objectives for the exam in the introduction. It also lists the chapters where you can find the relevant content right next to the objective.

Here's a snippet from the book so you can what to expect:
1.0 Network Security 
1.1 Implement security configuration parameters on network devices and other technologies. (Chapters 3, 4, 6, 8, 9)
  • Firewalls (Chapter 3)
  • Routers (Chapter 3)
  • Switches (Chapter 3)
  • Load Balancers (Chapter 9)
  • Proxies (Chapter 3)
  • Web security gateways (Chapter 3)
  • VPN concentrators (Chapter 4)
  • NIDS and NIPS (Chapter 4)
    • Behavior based (Chapter 4)
    • Signature based (Chapter 4)
    • Anomaly based (Chapter 4)
    • Heuristic (Chapter 4)
  • Protocol analyzers (Chapter 8)
  • Spam filter (Chapter 6)
  • UTM security appliances (Chapter 3)
    • URL filter (Chapter 3)
    • Content inspection (Chapter 3)
    • Malware inspection (Chapter 3)
  • Web application firewall vs. network firewall (Chapter 3)
  • Application aware devices (Chapter 3)
    • Firewalls (Chapter 3)
    • IPS (Chapter 4)
    • IDS (Chapter 4)
    • Proxies (Chapter 3)
Objective maps such as this allow you to easily review the exam objectives and see where they are covered.

Step 4 of 7 to get the Security+ Certification

Supplement your studies with online materials such as blog posts.

When a topic isn't clear, research online for more information. I regularly post articles about Security+ and other topics on the Get Certified Get Ahead blog site. This page is a good place to read about changes to the certification exam.

Readers often post comments on the pages and it's worth reading their comments too.

Step 5 of 7 to get the Security+ Certification

Buy a voucher (assuming your employer doesn't buy it for you).

Purchase a Security+ certification voucher for the exam. These are typically good for a year. Purchasing it early can provide some motivation to keep you studying.

You can get a code for a 10% discount on all CompTIA vouchers here.

Be careful about buying vouchers from unknown sources. Some people have purchased vouchers through sites such as eBay only to learn that the voucher isn't valid.

Step 6 of 7 to get the Security+ Certification

Schedule your exam for your target date.

Contact a Pearson Vue testing center and schedule your exam.

With the exam scheduled, it also provides some motivation for you to keep studying. Don't worry if a life event pops up and slows you down though. You can still reschedule the exam if necessary.

Step 7 of 7 to get the Security+ Certification

Use quality practice test questions with explanations.

Practice test questions help you gauge your understanding and ability to pass the actual exam. These can be very useful. However, beware of questions without explanations.

Many "unauthorized braindumps" lack explanations for the majority of the questions. Worse, many of their answers are incorrect. The result is that people using these memorize inaccurate information and do not understand the content.

When CompTIA modifies the questions just slightly, these test takers fail the exam without understanding why.

 In contrast, when you use questions with explanations, you'll understand why the correct answers are correct, and why the incorrect answers are incorrect. You'll be able to answer the questions correctly no matter how CompTIA words the questions.

Monday, November 3, 2014

Security+ SY0-401 Study Guide

Woo Hoo! The CompTIA Security+ SY0-401 Study Guide is now available.

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide
I'm am very happy to say that the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is now available in both paperback and Kindle versions. This is the update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

With over 400 realistic practice test questions including in-depth explanations, you'll be able to test your comprehension and readiness for the exam. The book includes:
  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter
Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

CompTIA Approved Quality Content (CAQC) 


CompTIA Authorized Quality Content (CAQC)
One thing I'm really grateful for is that I was able to get this book reviewed and certified under the CompTIA Approved Quality Content (CAQC) program.

Many instructors have asked for this in the past so that they can use it in colleges, universities, and training institutions that require this certification.

Online Resources for the
SY0-401 Study Guide

The gcgapremium site has online practice test questions derived from the book. As with the past versions, I'll update them as time moves forward.

They are currently available with introductory pricing and I've been getting great feedback from people that are using them. Additionally, I've created labs to go with the book and they are available here: http://gcgapremium.com/labs/. I expect to add additional labs to help readers too.

More to Come to Supplement the SY0-401 Study Guide

I'm still working on other materials related to this book including:
  • Instructor materials. These will include PowerPoint files at a minimum.
  • Apps. My partners at LearnZapp are creating the apps for the SY0-401 exam.
  • Audio files. These will include the Remember This blocks, practice test questions from each chapter, and the end of chapter reviews.

Monday, April 21, 2014

SY0-401 Differences

CompTIA is rolling out the next version of the Security+ exam (SY0-401) in May 2014.

On the surface, it looks like the changes are minor. However, when you dig into the details, you'll see that CompTIA has made several significant changes that require you to know a lot more.

This series of posts covers all the changes:

If you're studying for the SY0-301 version of the exam, don't worry. You can still take it up to midnight on December 31, 2014.

Study packages to help you pass the SY0-301 exam the first time you take it are available here.

SY0-401 Differences in Domains

As an introduction, the following table shows the differences in the SY0-401 domain weighting. The new version includes the same six domains, but reflects changes in domain weighting.

Domain SY0-301 SY0-401 Change
1.0 Network Security 21% 20%  -1%
2.0 Compliance and Operational Security 18% 18% --
3.0 Threats and Vulnerabilities 21% 20% -1%
4.0 Application, Data and Host Security 16% 15% -1%
5.0 Access Control and Identity Management 13% 15% +2%
6.0 Cryptography 11% 12% +1%

From the perspective of the domains, you can see that the changes are relatively minor. The biggest change is that Access Control and Identity Management bumped up 2%. Also, you can see that the Cryptography domain increased by 1%. The following links will take you to pages identifying the differences in each of these domains.

However, when you dig into the details, you'll see that many of the changes within the domains are significant.

CompTIA Security+: Get Certified Get Ahead: Study Guide

I'm frequently asked if I'll be updating the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide to the 401 exam.  The answer is yes, but it takes time.

If you're interested in the progress of the book, feel free to sign up to the Get Certified Get Ahead newsletter. For a limited time, you can get a free copy of the chapter 1 of the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide.

Subscribe to the mailing list

* indicates required
Currently studying for:
Email Format

Thursday, March 13, 2014

Get Certified Get Ahead Blog Site Back Up

Woo Hoo!

After an extensive outage on the Get Certified Get Ahead blog site, I'm happy to report that the blog site is back up. This includes the popular Security+ Blog Links page which includes links to many blog articles on performance based questions. 

If you tried to access this site between Mar 1 and Mar 10, you probably noticed some problems. It was on a shared server and the shared server was attacked. It took the technicians over a week to restore it and even after restoring it, the server continued to have problems.

Sometimes, when you pay more, you get more.

That's why I upgraded that site to "Business Class" last year hoping for better performance and reliability. 

Unfortunately, sometimes when you pay more, you get less.

I've since moved the site to a dedicated server with LiquidWeb, famous for its heroic support. I've been running gcgpremium.com (the site hosting study packages such as practice test questions and flashcards) with LiquidWeb and have experienced firsthand their heroic support. It's not exaggerated. I still have some things to fix on the blog site after the move, but thankfully, it's doing much better.

I'm Celebrating

In celebration of restoring this site I'm holding a short sale on the Security+ Full Access Package (60 day access). This package includes practice test questions (including five sets of simulated performance based questions), flashcards, Remember This slides, and over four hours of audio. 
  • Total when purchased separately: $53.94
  • Introductory price: $39.98
  • Special until March 17: Only $19.99
You can pay a lot more for Security+ materials with other testing providers. 

Just remember, sometimes when you pay more, you get less.


Thanks to everyone that has shared their success with me after passing exams with some of my materials. I love the note I received from a recent user: 

"Passed it, mate. Cut a 825 after only 24 hours of intense study using your website. Best $30 I spent. Thanks." 

Sunday, February 2, 2014

How To Pass the Security+ Exam


Years ago, I failed the Security+ exam the first time I took it.

Failed it.

Two hundred and some dollars wasted.

It was a humbling experience. It wasn't because the knowledge was beyond me. Instead, I took the exam for granted and didn't study. It's not a mistake I wanted to repeat.

Within about a month, I retook the exam and passed it.The exam didn't change. Instead, I changed my approach on the exam. Here is what I did:
  • Purchased a couple of study guides
  • Reviewed the objectives
  • Researched unclear topics for clarification
  • Used practice test questions to test my comprehension
If you have the requisite experience in IT, these are the same steps you can use to pass the Security+ exam within about 30 days.

Find Good Study Guides

First, get one or two Security+ study guides. I have earned almost all of my certifications through self-study. When available, I get more than one study guides.

Ideally, a single book is enough but in general, it's always a good idea to get more than one. If you don't  understand the concepts described by one author, you can get a different perspective from another author and you end up with a deeper understanding.

Many people have said they used the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guideas their single source of study. I'm grateful and humbled to hear this. If that works for you, that's great, but I still recommend getting two or more study guides to pass.

How do you know what guides are good? Look at the Amazon reviews and see what people are writing. Remember, if you're looking for a book to help you pass the exam, pay attention to the reviews that indicate the book helped them pass the exam. Some people post miscellaneous comments referring to shipping, or how the book doesn't mention questions from another source. While these comments might still be valuable, they don't indicate if the book will help you pass the actual exam.

Review the Objectives 

The objectives identify what you can expect to be tested on. When reviewing the objectives, your goal is to identify familiar and unfamiliar topics. A study guide can help you clarify these objectives and how you might be tested on them.

You can access the Security+ exam objectives on the CompTIAs web site.

Many study guides  include the objectives in the book along with an objective map telling you exactly where that objective is covered in the book. This book uses that format: CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide.

Research Unclear Topics to Pass a Certification Exam

As you're reading the study guides, some topics might not be clear.

When you have two study guides, you can review the topic in the other guide. Seeing the topic from a different point of view is often helpful to clarify it.

You can also do some an Internet search. A simple Google search on "security+ blogs" can list some useful places where you can review Security+ topics.

Similarly, it's useful to review somewhere that has some up-to-date information. For example, CompTIA changed the  way they are testing Security+ topics with new performance-based questions. This page includes a section titled Performance Based Questions, which lists several posts on these.

Additionally, there are many forums where people provide helpful answers to each other. People that post well thought-out questions to these forums, often get some great responses.

Use Practice Exams to Pass a Certification Exam

After you've studied the concepts related to the objectives, use practice exams to test your readiness. If the study guide includes questions, use them.

For example, the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide includes a pre-test at the beginning of the book, practice test questions at the end of each chapter, and a post test at the end of the book. Use these to test your comprehension of the topics.

Additionally, there are many other sources for practice test questions such as the Get Certified Get Ahead Premium site.

When using practice test questions, your goal is not to get them all correct.

Really. Your goal is not to get them all correct.

Instead, your goal is to test your comprehension. Ideally, you should be able to look at any question and know why the correct answer is correct and the incorrect answers are incorrect. This way no matter how the questions are worded on the actual exam, you will be able to answer it correctly.

Some questions seem incomprehensible if you only look for the correct answer. However, if you eliminate the incorrect answers, the correct answer becomes obvious. I described this process in this video. The video is focused on Security+ performance-based questions, but also includes an explanation of eliminating incorrect answers with a typical multiple choice question.

Make sure practice test questions you're using have explanations. The explanations help you understand why the correct answers are correct and why the incorrect answers are incorrect. Some questions have a subtle twist of words making one answer incorrect that might make the same answer correct in a similar question. Without the explanations, you might not notice these.

Beware of Brain Dumps

Some criminals use illegal and/or unethical methods to capture questions. After guessing the correct answers, they sell them.

Brain dumps rarely include explanations. People that buy these memorize the questions and answers.

They often memorize incorrect information without understanding the reasoning behind the question. Subtle changes to the questions elude them. They fail and don't understand why.

I've had students in classes that memorized incorrect brain dump answers and had problems trying to relearn the correct information.

Also, you can have your certification revoked if it's discovered you use brain dump sources. This page lists unauthorized sites.

Practice Test Questions Should Not be the First or Only Option

Practice test questions are useful to test your comprehension, but should not be the only source of study.

The goal of any certification is to understand the underlying concepts so that you can pass. Practice test questions might help you pass, but you may be missing an understanding of some important concepts.

Certifications such as Security+ might help you land an interview for a job. However, without an understanding of the underlying concepts, you might falter during the interview. Also, you might pass the interview, get hired, and your lack of knowledge might come to light on the job.

Summary How To Pass the Security+ Certification Exam

As a summary, here's what you can do to pass the Security+ exam:
Good luck.

Thursday, January 30, 2014

Security+ Performance-Based Questions Video

I recently posted a video on YouTube for Security+ performance-based questions titled Master Security+ Performance-Based Questions. In this video I compare some of these types of questions with traditional multiple choice questions.
Master Security+ Performance Based Questions

Security+ Performance-Based Questions

While I've written several articles about these types of questions, I still hear from people occasionally that are either surprised by them, or that are very nervous about them. One of my goals with this video is to reassure people that if you know the concepts related to the objectives, many of these questions aren't that difficult.

Most of the test takers I hear from confirm this. They mention that based on their understanding of the objectives and the underlying concepts, they were able to answer these correctly, even when they were surprised by them.

In the video, I discuss the following three types of performance-based questions:
  • Drag and drop
  • Matching items
  • Order items

Drag and Drop Security+ Performance-Based Questions

In a drag and drop type question, you use the Windows drag and drop feature to answer the question. For example, you might see a list of different security types where some security types are unique to mobile devices such as smartphones, and other security types are unique to servers. The question might ask you to drag each of the items on the left to the appropriate device in the table on the right, similar to the following figure.
Drag and Drop Security+ Performance Based Question
These concepts are covered in the following objectives:
  • 3.6 Analyze and differentiate among types of mitigation and deterrent techniques
    Physical Security
  • 4.2 Carry out appropriate procedures to establish host security
    Mobile Devices
Global Positioning System (GPS) tracking is only used on mobile devices. You can use it to locate a missing smartphone or iPad. In contrast, servers operate in a stationary data center or server room. You don’t need GPS on servers because they’re always at the same place. With this in mind, you would drag the GPS Tracking security type to the Mobile Devices list like this.

Drag and Drop Security+ Performance Based Question

Admittedly, if someone breaks into your server room, they could steal the servers, and GPS might help you locate them. However, money spent to protect servers is more appropriately spent on physical security to prevent access to the server room and the servers within it.

Matching Items Security+ Performance-Based Questions

Here’s an example of a matching question. You can see a list of protocols on the left, and a list of ports on the right. In this question, you might be asked to match each of the protocols with their well-known port.
Matching Items Security+ Performance-Based Questions

For example, port 80 is the well-known port for HTTP. You would match HTTP and port 80 so that it looks similar to the following figure.

Matching Items Security+ Performance Based Question

These concepts are addressed in the following objective:
  • 1.5 Identify commonly used default network ports
 The CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide covers all these ports and has a table with the ports and protocols listed . Also, there are some blogs on this site that cover these ports:

Order Items Security+ Performance-Based Questions

Order of volatility refers to the order in which you should collect evidence. “Volatile” doesn’t mean it’s explosive, but rather that it is not permanent. In general, you should collect evidence starting with the most volatile and moving to the least volatile. In this type of question, you might be asked to rearrange the data items based on what order you should collect the data for a forensic investigation. In other words, list the items from the most volatile to the least volatile.

Order Items Security+ Performance Based Questions
These concepts are addressed in the following objective:
  • 2.3 Execute appropriate incident response procedures
    Basic forensic procedures
    Order of volatility
With these items, memory is the most volatile and the memory contents will be lost when the system is powered down. More, the memory used with the processor, the CPU cache, is more volatile than the RAM. With this in mind, you would place the CPU cache first as shown in the following graphic.

Order Items Security+ Performance Based Question

Security+ Performance-Based Questions Summary

The Master Security+ Performance-Based Questions video and this article doesn't cover all the possible performance-based questions, but it does give you some insight into what they might look like. As long as you understand the objectives, and the underlying concepts, you'll find that these are not that difficult.
Good luck.


Security+ Practice Test Questions

Full bank of 468 realistic practice test questions with in-depth explanations. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect. This way no matter how CompTIA words the questions, you'll be able to answer them correctly.

These questions are from the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide. Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized.View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL). You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

Tuesday, January 28, 2014

How To Pass A Certification Exam

I am frequently asked how I have passed so many certification exams. The short answer is "one at a time." I don't mean to be flip with that answer, but it's the truth. If I could rephrase the question it would be "How do you pass a certification exam?" I can give you a much better answer to that one.
How To Pass a Certification Exam

Find a Good Study Guide to Pass a Certification Exam

I have earned almost all of my certifications through self-study. When possible, I get one or more study guides that cover the exam objectives. Ideally, a single book is enough but in general, it's always a good idea to get more than one. If you don't  understand the concepts described by one author, you can get a different perspective from another author and you end up with a deeper understanding.

I've been grateful and humbled that so many people have said tthe CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide was their single source of study. However, that isn't typical. Two or more study guides is common.

I Don't Have Time To Read The Book

I recently received an email from a reader indicating he didn't have time to read a book and asking what he could do.

The first option that came to mind isn't a good one. He could hire someone else to take the exam for him. It's expensive and unethical, but if he doesn't have the time to learn the material, it is one option.

Perhaps he meant that he doesn't learn easily by reading a book. Are their other options?  Yes.

One option is to attend a course. It's more expensive than buying one or two study guides though. For example, Security+ courses range between $1,000 and $3,000 per person depending on the location, the training materials used, what's included, and the trainer. Compare this to two study guides averaging $30 for a total of $60, and you can see the difference. Similarly, there are many video courses out there that teach the material. Some of these  video courses are expensive but there are also some videos available for free.

Another option is to look for audio on the topics. For example some books are available on the Amazon Kindle, and the Kindle has an audio feature that reads the book to you.  Additionally, you can sometimes purchase  audio files for some topics. For example, supplementary audio files for the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide are available here.

Look at the Objectives to Pass a Certification Exam

The objectives identify what you can expect to be tested on. For example, if you are studying the Security+ certification, you can check out the objectives for it on CompTIAs web site. Many study guides, including the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide include the objectives in the book along with an objective map telling you exactly where that objective is covered in the book.

When reviewing the objectives, your goal is to identify what is familiar and what is not familiar. A study guide can help you clarify these objectives and how you might be tested on them.

Research Unclear Topics to Pass a Certification Exam

It's entirely possible that all of the topics aren't clear to you. Some quick Internet searches should help you identify the answers. Additionally, there are many forums where people provide helpful answers to each other. If you post a well thought-out question to one of these forums, you can get some great responses.

Many times when I'm studying for an exam today, it's before any study guides have been published. The Internet is a great resource for me.

Use Practice Exams to Pass a Certification Exam

After you've studied the concepts related to the objectives, use practice exams to test your readiness. Many study guides including the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide include practice test questions at the end of each chapter. Use these to test your comprehension of the chapter topics. Some books also have a pre-test before the first chapter and a post-test after the last chapter. Additionally, there are many other sources for practice test questions such as the Get Certified Get Ahead Premium site.

When using practice test questions, you goal is not to get them all correct. Instead, your goal is to test your comprehension.

Ideally, you should be able to look at any question and know why the correct answer is correct and the incorrect answers are incorrect. This way no matter how the questions are worded on the actual exam, you will be able to answer it correctly.

Some questions seem incomprehensible if you only look for the correct answer. However, if you eliminate the incorrect answers, the correct answer becomes obvious. As an example, I described this process in this video. While the video is focused on Security+ performance-based questions, I also included an explanation of eliminating incorrect answers with a typical multiple choice question in the video.

Along these lines, make sure the practice test questions you use have explanations.  After writing  thousands of practice test questions for several different certifications, I know how valuable these are to the user, and to the author.
  • As a user, you can use explanations to understand why the correct answers are correct and why the incorrect answers are incorrect. Many times, the questions have a subtle twist of words making one answer obviously incorrect. You might not see  this subtle twist when you read the question, but the explanation helps make it clear.
  • As an author, the explanation forces me to think about why each answer is incorrect. During this process, I often find that one of my answers is not not necessarily incorrect, and I change the question. In contrast, some authors do not provide explanations and do not see some of these issues.  As a reader/user, you might struggle with the question way too long trying to figure out why one answer is incorrect when it is actually correct.

Beware of Brain Dumps

Brain dumps are supposedly actual questions with supposedly actual answers. Some criminals use illegal and/or unethical methods to capture the questions, they guess at the correct answers, and then sell them. They do not include explanations. Instead, the buyers are encouraged to memorize the questions and answers.

If it's discovered that you used brain dump sources to pass an exam, you can have your certification revoked.  That's bad enough, but there's a worse consequence of using them.

Many have incorrect answers. People that memorize these questions and answers memorize incorrect information without understanding the reasoning behind it. Subtle changes to the questions elude them. They fail once, twice, and more and don't understand why. I've had students in classes that had memorized incorrect brain dump answers and had a significant amount of trouble trying to relearn the correct information.

Practice Test Questions Should Not be the First or Only Option

Some people turn to practice test questions as their only source of study. This isn't recommended, especially if your goal is to learn the concepts. Especially when they don't take the time to understand why the correct answers are correct and why the incorrect answers are incorrect, they fail and don't understand why.

Also, many people seek certifications to get ahead. The certification helps them land interviews and get new jobs with more responsibility and more pay.  However, many people that only study questions do not learn the concepts. They falter during the interviews, or worse, move into a new job and falter there and end up unemployed.

Instead, seek to learn the material, and then use practice test questions to test your comprehension.

Summary How To Pass a Certification Exam

While I've focused a lot of this on Security+, these same steps can be used on just about any certification you want to earn through self-study. As a summary, the steps are:
  • Get one or more good study guides
  • Review the objectives
  • Research further to clarify any unclear topics
  • Use practice test questions to test your comprehension
    • Ensure the practice test questions have explanations
    • Read the explanations to understand why the correct answers are correct and why the incorrect answers are incorrect

Security+ Practice Test Questions

Full bank of 468 realistic practice test questions with in-depth explanations. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect. This way no matter how CompTIA words the questions, you'll be able to answer them correctly.

These questions are from the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide. Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized.View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
Special Introductory Pricing
30 Day Access 60 Day Access
Normally $29.99 Normally $39.99

Now Only $14.99

Now Only $19.99

Buy Now Button with Credit Cards Buy Now Button with Credit Cards
Full Security+ Study Packages also available.

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL). You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

Full Security+ Study Packages also available.