Friday, July 29, 2016

Passing CyberSec First Responder Exam

I'm happy to say that I passed the CyberSec First Responder certification exam. Overall, it was an enjoyable experience - studying for it and learning some new things, taking the exam at a good testing center, and celebrating afterwards at IHOP.
One thing that I reaffirmed through the process is that it is a logical choice after the CompTIA Security+ exam to round out your resume. This is especially true if you're seeking a hands-on role in cybersecurity or IT forensics and it will be what I recommend to anyone that asks me about CEH.
As with any certification exam, there is a non-disclosure agreement (NDA) and I don't plan on violating the NDA. Still, there are some things I can share with you that you may find useful.

Taking the CyberSec First Responder Exam

First, the questions were all multiple choice or True/False questions. Many of the multiple choice required you to select two or three answers. A neat feature was that the exam had an internal check in it, helping me ensure I selected the correct number of answers.
Many of the "select three" answers were used instead of the NOT type of questions that CompTIA frequently uses. This will help many people avoid confusion.
As an example, consider this question.
Which of the following are colors (Select Three)?
  1. Blue
  2. Car
  3. Green
  4. Yellow
If you understand the content, this is often just a a matter of figuring out which answer doesn't fit with the others and not selecting it.
The same question could use the same answers, but reworded like this:
"Which of the following is NOT a color?"
One thing I was very grateful for was that the questions and content were never covered up. I could always see the full question and all the answers. In contrast, when I took the CompTIA Cybersecurity Analyst Beta Exam, it was often difficult to view the graphics, question, and instructions without moving things around. Typically, the question and instructions covered up the graphics and underlying hotspots making it tedious to just understand the questions.

How To Study for CyberSec First Responder

Here are a few methods you can use to prepare for this exam.

Attend a CyberSec First Responder Course

There are many training centers that teach the course. You can use the search feature toward the bottom of this page to find one near you. It’s labeled Find a CFR Class Near You.  Select the region (such as USA) and the Subregion (such as VA) and it’ll list training centers that you can click to get more information.
The course is typically taught in a five-day instructor-led format from 9 AM to 5 PM.
Some people love this format, and there was a time when I thrived in a classroom format like this. However, it's not for me today, so I needed another method.

Self-Study with the CyberSec First Responder Course Book

You won't find any resources for the CyberSec First Responder certification on Amazon. However, you can purchase the course book from Logical Operations here. They have several options such as:
Student: Digital Courseware
This includes the course book and other materials (such as a practice test) available online. I used this in my preparation. Unfortunately, minor eye surgery made it quite uncomfortable to look at a computer screen for more than five minutes while studying for this exam. Fortunately, I was able to print out the course book from the digital courseware - it was a little messy, but worth it.
Student: Print and Digital Courseware
This includes all of the digital courseware products and you also get a printed course book shipped to you. If you like a paper copy, the few extra dollars are worth it for this package (and definitely better than printing out the course book from the digital courseware.
Student: Print and Digital Courseware with the Lab Bundle
This includes the same resources as the Print and Digital Courseware product, but also with access to an online lab. I didn't use this, but the course book referred to it often within chapter Activities. You could create your own lab, but a ready-made lab would save you a lot of time.
Woo Hoo! Study Guide Now Available
Logical Operations recently created a study guide that you can purchase directly from them here.  It’s only $99 in the US and it includes all the resources available in the Student: Digital Courseware product that I used, except for the eBook. (Don’t get this if you’re planning on minor eye surgery soon, though. You won’t be able to print it out.)
Self-Study with Your Own Lab 
Another option is to create your own lab. You can do this in two steps.
  1. Install Oracle VirtualBox on your system.
  2. Install an instance of Kali Linux as a virtual machine (VM).
While you can also install Kali on a bootable USB, it's valuable to have it as a VM within your primary computer when studying.
Note that this will allow you to do many of the activities in the course book, but you'll have to adapt. If you've developed strong critical thinking skills, this is a good option. However, if you need step-by-step instructions that work without the need to adapt them to your own lab, the lab bundle is a better option for you.
If you're interested in building your own lab, check out this section on Kali Linux and CyberSec First Responder

How I Passed the CyberSec First Responder Exam

While your experience may be different, here are the things that I attribute to passing this exam the first time I took it.
  • Doing the best I could on the Security+ exam (and other security exams I've taken). I found that many of the topics were quite similar to the Security+ exam. When I learned those topics, I truly learned them, and they stuck with me.  For example, I don't need to study CIA or the order of volatility to know their meanings for any certification exam today.
  • Downloading and reading the objectives for the CyberSec First Responder exam.
  • Creating a virtual lab with Oracle VirtualBox and Kali.
  • Reading the CyberSec First Reponder course book  from cover to cover. While there were many familiar topics in this course book, it also gave me some valuable information needed for the exam.
  • Taking the course book online quiz. This is a 40 question quiz, which I took 3 times and ultimately dug into each of the questions and the answers. My intention wasn't just to get the questions correct, but also to know why the correct answers were correct and why the incorrect answers incorrect. During my IHop review after the exam, I realized this helped with many actual questions.
If you're planning on taking this exam, post a comment. I (and others) would love to hear from you.

How Long Did You Study?

Several people have asked me how long I studied for this exam. I started looking at it closely when I wrote a blog about it about three weeks ago. I then studied the coursebook daily for about two weeks before I took the exam.  Again though, I stress that doing the best I could on previous security certification exams helped me with this exam.
Of course, the implied question is "How long will it take me to pass this exam?" If you've recently passed the Security+ exam and truly learned the content, I'd say that you can get this certification within 30 days by following these steps.
  • Get the study guide.
  • Study the study guide daily.
  • Get a voucher and schedule your exam (10% discount available here).
  • Take the online quiz until you're acing it and you understand all of the answers.
  • Take the exam, celebrate your success, and let us know what worked for you and how long it took.

Thursday, July 28, 2016

Common Hashing Algorithms

Can you answer this sample Security+ question?

Q. Of the following choices, what can you use to verify data integrity?

A. AES
B. DES
C. RC4
D. SHA

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.


Monday, July 25, 2016

Vulnerability Assessment Techniques

Can you answer this sample Security+ question?

Q. Your organization develops application software, which it sells to other companies for commercial use. Your organization wants to ensure that the software isn’t susceptible to common vulnerabilities, such as buffer overflow attacks and race conditions. What should the organization implement to ensure software meets this standard?

A. Input validation

B. Change management

C. Code review

D. Regression testing

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.



Saturday, July 23, 2016

Network+ and Logical Tokens

Can you answer this sample Network+ question related to logical tokens?

Q. Computers within a network are only able to transfer data when they have access to a logical token. What type of topology does this describe?

A. Star
B. Ring
C. Bus
D. MPLS

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.

Wednesday, July 20, 2016

Wireless Antenna

Omnidirectional (or omni) antennas are the most commonly used wireless antenna on access points and wireless devices, but there are others. If you're planning on taking the Security+ exam, you should have a basic understanding of the different types of wireless antennas, and their purpose.

For example, can you answer this sample Security+ question?

Q. You need to provide connectivity between two buildings without running any cables. You decide to use two WAPs and a high-gain directional antenna. Which of the following antennas is the BEST choice to meet this need?

A. Yagi
B. Omni
C. Isotropic
D. Dipole

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.


Monday, July 18, 2016

Spear Phishing Versus Whaling

Beyond typical social engineering attacks, it's also important to know about common email attacks spear phishing and whaling. Do you know the differences between them? You should if you plan to take the Security+ exam
For example, can you answer this Security+ question:
Q. Attackers are targeting C-level executives in your organization. Which type of attack is this?
A. Phishing
B. Spear phishing
C. Vishing
D. Whaling
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.

Friday, July 15, 2016

System Configuration Baselines

Baselines are known as a starting point and organizations commonly use baselines to provide known starting points for workstations and servers. If you're planning on taking the Security+ exam, you should have a basic understanding of the several different types of baselines.

For example, can you answer this question?

Q. Maggie is compiling a list of approved software for desktop operating systems within a company. What is the MOST likely purpose of this list?

A. Host software baseline
B. Baseline reporting
C. Application configuration baseline
D. Code review

More, do you know why the correct answer is correct and the incorrect answers are incorrect?

Thursday, July 14, 2016

Collision and Broadcast and Domains

If you're planning on taking the Network+ exam, you should have a basic understanding of collision and broadcast domains, along with network segments. For example, can you answer this sample Network+ question?

Q. How many broadcast domains and collision domains are on a basic 12-port switch using half-duplex mode?
A. 12 collision domains and 12 broadcast domains
B. 12 collision domains and 1 broadcast domain
C. 1 collision domain and 12 broadcast domains
D. 1 collision domain and 1 broadcast domain

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.

Sunday, July 10, 2016

Understanding SQL Injection Attacks

Do you know about SQL injection attacks? For example, can you answer this sample Security+ question on SQL injection attacks? Q. Attackers have attacked an online web server using a SQL injection attack. Which of the following BEST describes this? A. The attacker is attempting to overload the system with unexpected data and access memory locations. B. The attacker is attempting to impersonate a user using HTML code. C. The attacker is sending random data into a program to see if the application will crash. D. The attacker is attempting to pass commands to a back-end database server to access data. You can see the answer and explanation here.

Friday, July 8, 2016

CyberSec First Responder

Have you heard about the CyberSec First Responder (CFR) certification? If not, it's worth a look, especially if you recently passed the Security+ exam (or will soon). I recently learned about it and the more I learn, the more I like.

Check out this blog post for more information.
CyberSec First Responder

Tuesday, July 5, 2016

Continuity of Operations Planning (COOP)

Continuity of operations planning (COOP) sites provide an alternate location for operations after a critical outage. If you're planning on taking the Security+ exam, you should have a basic understanding of  the most common sites and how to test their effectiveness. 

For example, can you answer this question?

Q. Personnel within your organization turned off the HR data server for over six hours to perform a test. Which of the following is the MOST likely purpose of this?
A. BIA
B. Succession planning
C. Tabletop exercises
D. COOP

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.