Passed today!
Time was about 2 hours (on the nose). The results screen did not give me a score, but it did tell me I passed (maybe someone else knows why I didn't see a score?)
At any rate, I have a few tips for those that might be interested. I am going to divide them into three. 1, test tasking tips. 2, study materials, and 3. study tips.
1. Test Taking Tips
- When you finally go to sit for the exam, try to have a fresh mind. The test will take 2 hours or so, so be fresh.
- As your reading a question, read it quickly, and get a sense for what your guy reaction was
- Once you sort of know what your gut is thinking, re-read in slowly and make sure you understood it (If your interested in learning more about the power of quick observation, check out the book "Blink" - Your brain is a lot more efficient that you think it is)
- Don't hesitate to use the flag option and come back to a question at the end. Its better to power through the exam than to get hung up on one question for an extended period
- Don't let the question count fool you. Don't rush it because your on question 120/125 and you just want to be done!
- Once you see your "pass" confirmation, just take a second to take it all in
2. Study Material - Ranked Best to Not as good
- Real World Experience -- yeah, I know this isn't a material, but you really do need to understand things.
- Boson Test Exam - I am rating this even higher than the AIO book simply because the questions are great, the explanations are detailed, and it really get your head in the game. -- Just spend the money and do yourself a favor.
- Walker's AIO - This is a great resource. Read it. Absorb it and come back for more
- Cybrary.it - In particular, check out Georgia Wiedman's (author of "Penetration testing: hands on guide) videos and Leo Dreiger's videos. -- These wont make you a ultimate H4x0r or anything, but they will help drive home some tools and points
- **** Sheets - These are super useful for remembering syntax to commands, and don't forget sub netting!
- Sybex v9 - I rate this lower than the others simply because I dont feel like the book relays the information as well. Also, there are some issues around wording in the book, especially around phases and methodology
- Google Google Google -- (okay, I don't actually use google . . .but you get the point) As you are pouring through your material, if you see something you dont know, even just an acronym, write it down, and google it later. You will be amazed at how much you can learn this way.
- NIST, PCI DSS, Google, ISO, Wikipedia, etc . . Use these resources to figure out all of the different compliance level items we have to deal with in our industry.
- Recent \ Modern Vulnerabilities - Just as if you were actually in the job, make sure you know about all of the latest vulnerabilities
3. Study Tips
- Take the time to build out a lab. I am a virtualization guy, so my recommendation is to build out a virtual lab. Spend the money on a good virtualization platform (I am partial to VMware) and build out a few systems include a DC, AD server, Hosts, etc
- Be sure to check out Metasploitable or OWASP webgoat. These will give you a great playground to mess around with some of the tools you will be learning about
- On your first round just try to aborb as much high level detail as possible. Dont get hung up on details.
- On your second round, try to start figuring out where your knowledge holes are (sounds dirty . . . )
- On your third pass through your material, make notes of anything you dont get
- As you get closer to test date, this is the time to start filling in the very specific items. I consider these the items that you would (even if your seasoned) go to google for . . .things like syntax on some commands
- If you are hitting up your labs through all of this, you will have a pretty good shot
Overall,
I think the exam itself was a bit wonky here and there. Lots of typos, and strange wording, but overall its not that bad. If you can figure your way through a passing score on the Boson exams, you will probably be alright.
