Friday, November 28, 2014

Hashing Practice Test Questions

Hashing is an important concept, especially if you plan on taking any type of security exam. This includes the CompTIA Security+ and CASP exams, and (ISC)2's SSCP and CISSP exams.

Can you answer these Security+ questions?

As with any practice test questions, not only should you know why the correct answers are correct, but also why the incorrect answers are incorrect. This way, no matter how CompTIA words the questions, you'll be able to answer them correctly.

Hashing Question 1

Of the following choices, what can you use to verify data integrity?
A. AES
B. DES
C. RC
D. SHA

Hashing Question 2

Lisa manages network devices in your organization and maintains copies of the configuration files for all the managed routers and switches. On a weekly basis, she creates hashes for these files and compares them with hashes she created on the same files the previous week. Which security goal is she pursuing?
A. Confidentiality
B. Integrity
C. Availability
D. Safety

Wednesday, November 19, 2014

7 Steps to Get the Security+ Certification

The CompTIA Security+ certification is popular, and for good reason. Businesses are concerned about security, and this helps them realize job applicants have some awareness about security.

Add this certification to your résumé and you'll be more marketable in today's job market.

 Get your Security+ Certification 

Security+ Certification in 7 Steps

Because of this many IT professionals have this certification and it doesn't have to be difficult.
There isn't any guaranteed path to pass the Security+ Certification. However, you can use the following 7 steps to add the Security+ certification to your résumé. This is the path that thousands of others have used to get the Security+ certification, and you can use them too.
  1. Get a good study guide.
  2. Set a goal 45 days out from the day you receive your study guide.
  3. Start studying the book.
  4. Supplement your studies with online materials such as blog posts.
  5. Buy a voucher (assuming your employer doesn't buy it for you).
  6. Schedule your exam for your target date.
  7. Use quality practice test questions with explanations.
Note that these steps assume you meet the prerequisites and have relevant networking knowledge. However, you don't need to have any other certifications such as Network+ before getting the Security+ certification.

Step 1 of 7 to get the Security+ Certification 

Get a good study guide.

One of the best ways you can identify a good study guide is by the online reviews. The CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide has about 500 5-star reviews a total of around 600 reviews.

The CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the 301 study guide and has all of the same elements that made the 301 study guide so popular. It hasn't been out as long so doesn't have as many reviews, but the reviews that are up are favorable.

When shopping for a study guide, ensure you get one for the exam that you're planning to take. Exams periodically change and using an old book to take a new exam is not recommended. At least not if you want to pass the exam the first time you take it.

Pass the First Time with the

Step 2 of 7 to get the Security+ Certification

Set a goal 45 days out from the day you receive your study guide.

A target of 45 days will let you master about 1 1/2 chapters per week. Some of the chapters might take you less time and some might take you more time. No problem. You can modify your target date later or reschedule your exam.

However, a recipe for success in almost any pursuit includes setting a goal.

If you look at the reviews on Amazon, you'll see that quite a few people followed this advice, and took the exam within 45 days. They did it. You can too.

First step though, is to get a study guide.

Step 3 of 7 to get the Security+ Certification

Start studying the book.

Set a time to read the study guide daily and stick to your schedule. It might be in the morning, in the evening, late at night after everyone else is in bed. It doesn't matter when you study. However, you do need to study every day.

Most study guides include an objective map. For example, the CompTIA Security+: Get Certified Get Ahead SY0-401 Study Guide lists the objectives for the exam in the introduction. It also lists the chapters where you can find the relevant content right next to the objective.

Here's a snippet from the book so you can what to expect:
1.0 Network Security 
1.1 Implement security configuration parameters on network devices and other technologies. (Chapters 3, 4, 6, 8, 9)
  • Firewalls (Chapter 3)
  • Routers (Chapter 3)
  • Switches (Chapter 3)
  • Load Balancers (Chapter 9)
  • Proxies (Chapter 3)
  • Web security gateways (Chapter 3)
  • VPN concentrators (Chapter 4)
  • NIDS and NIPS (Chapter 4)
    • Behavior based (Chapter 4)
    • Signature based (Chapter 4)
    • Anomaly based (Chapter 4)
    • Heuristic (Chapter 4)
  • Protocol analyzers (Chapter 8)
  • Spam filter (Chapter 6)
  • UTM security appliances (Chapter 3)
    • URL filter (Chapter 3)
    • Content inspection (Chapter 3)
    • Malware inspection (Chapter 3)
  • Web application firewall vs. network firewall (Chapter 3)
  • Application aware devices (Chapter 3)
    • Firewalls (Chapter 3)
    • IPS (Chapter 4)
    • IDS (Chapter 4)
    • Proxies (Chapter 3)
Objective maps such as this allow you to easily review the exam objectives and see where they are covered.

Step 4 of 7 to get the Security+ Certification

Supplement your studies with online materials such as blog posts.

When a topic isn't clear, research online for more information. I regularly post articles about Security+ and other topics on the Get Certified Get Ahead blog site. This page is a good place to read about changes to the certification exam.

Readers often post comments on the pages and it's worth reading their comments too.

Step 5 of 7 to get the Security+ Certification

Buy a voucher (assuming your employer doesn't buy it for you).

Purchase a Security+ certification voucher for the exam. These are typically good for a year. Purchasing it early can provide some motivation to keep you studying.

You can get a code for a 10% discount on all CompTIA vouchers here.

Be careful about buying vouchers from unknown sources. Some people have purchased vouchers through sites such as eBay only to learn that the voucher isn't valid.

Step 6 of 7 to get the Security+ Certification

Schedule your exam for your target date.

Contact a Pearson Vue testing center and schedule your exam.

With the exam scheduled, it also provides some motivation for you to keep studying. Don't worry if a life event pops up and slows you down though. You can still reschedule the exam if necessary.

Step 7 of 7 to get the Security+ Certification

Use quality practice test questions with explanations.

Practice test questions help you gauge your understanding and ability to pass the actual exam. These can be very useful. However, beware of questions without explanations.

Many "unauthorized braindumps" lack explanations for the majority of the questions. Worse, many of their answers are incorrect. The result is that people using these memorize inaccurate information and do not understand the content.

When CompTIA modifies the questions just slightly, these test takers fail the exam without understanding why.

 In contrast, when you use questions with explanations, you'll understand why the correct answers are correct, and why the incorrect answers are incorrect. You'll be able to answer the questions correctly no matter how CompTIA words the questions.

Monday, November 3, 2014

Security+ SY0-401 Study Guide

Woo Hoo! The CompTIA Security+ SY0-401 Study Guide is now available.

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide
I'm am very happy to say that the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is now available in both paperback and Kindle versions. This is the update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

With over 400 realistic practice test questions including in-depth explanations, you'll be able to test your comprehension and readiness for the exam. The book includes:
  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter
Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

CompTIA Approved Quality Content (CAQC) 


CompTIA Authorized Quality Content (CAQC)
One thing I'm really grateful for is that I was able to get this book reviewed and certified under the CompTIA Approved Quality Content (CAQC) program.

Many instructors have asked for this in the past so that they can use it in colleges, universities, and training institutions that require this certification.

Online Resources for the
SY0-401 Study Guide

The gcgapremium site has online practice test questions derived from the book. As with the past versions, I'll update them as time moves forward.

They are currently available with introductory pricing and I've been getting great feedback from people that are using them. Additionally, I've created labs to go with the book and they are available here: http://gcgapremium.com/labs/. I expect to add additional labs to help readers too.

More to Come to Supplement the SY0-401 Study Guide

I'm still working on other materials related to this book including:
  • Instructor materials. These will include PowerPoint files at a minimum.
  • Apps. My partners at LearnZapp are creating the apps for the SY0-401 exam.
  • Audio files. These will include the Remember This blocks, practice test questions from each chapter, and the end of chapter reviews.