Help!!!!
I am scheduled to take the test in two weeks and still having issues identifying various attacks from a string of code. It seems like I have searched far and wide for materials to help but am still falling short.
Any advice?
Any advice?
Comments
Open and do some labs. A great place for labs with walkthroughs is at irongeek. Just google irongeek and mutilldae tutorials.
Most are pretty quick and you will actually see how SQL / http / buffer overflows and injections work because your doing it. Choosing a few was part of a college class assignment and it helped immensely. I was easily able to recognize and answer these questions on the CASP.
Good luck.
I am doubling back on the labs in the Sybex book, attacks and mitigation strategies, stream vs block, risk management formulas, protocol analyzers vs vulnerability scanners, Linux commands, and symmetric vs asymmetric.
Hoping to get it this time so I can take the project + between November-December and then finish up my Bachelors in January. Fingers crossed.
Thanks for the heads-up. Are there two questions about devices blocking attacks on the network or just one?
I always need an analogy when studying for these certs...
How I differentiated between (S)ymmetric = (S)ame key & Asymmetric (opposite of same, meaning 2 keys - encrypt/decrypt)...hope that helps.
On the algorithms, distinguishing between those...
With Symmetric - I found the ones that end in "S" are no brainer - like AES, 3DES, DES...and since "R" is next to "S" in alphabet then you know RC4/5 are symmetric too, I haven't figured out an analogy for the Fish alg (Blowfish/TwoFish)...
With Asymmetric - I found the ones ending in "A" - Like RSA, DSA are easy to remember...but ECC is one that is difficult to distinguish - except R(A)M in servers.
If anyone else has any pointers, feel free to jump in!
I had two PBQ on my exam. I don't really want to say too much about the problems themselves but I will tell you how I attacked them (hopefully that is okay). First I looked at the list of attacks and the list of appliances such as firewalls, switches, routers, anti-virus, etc and did a process of elimination. Using the scratch paper they give you, I wrote down all the items you have available and simply crossed them out if they didn't fit in the scenario. Example, if the scenario says nothing about needing a router or switch, I crossed it out. Once you whittle down the list, it becomes quite clear what you need, then it is just a matter of knowing where to put it. Doing it this way will save you a lot of time on the test and makes what seems like an overwhelming PITA task much easier. If I remember, I was able to eliminate about 60% of the possible choices quickly on both of the PBQs. Trust me spend the time to write down your options on paper and cross them out. Otherwise you will be constantly looking at a huge list, going over every appliance you need and what problem they solve trying to pick the right one.
There were a few regular questions where you need to know what appliance is used to block specific attacks, but you have to navigate lengthy questions to understand what they are getting at. A lot of the questions included unnecessary information but I think that was by design. The majority of the questions were not straightforward.
That’s a pretty awesome technique.