Should I take this exam?

Training Daze

First off...AWESOME website! I am indebted to the creators, moderators and members of this site for posting and sharing so much useful information.

I am a college student and have no background in this field. I crammed for both the A+ and Net+ earlier this year and passed both on my first attempt...and now Sec+ is soo tempting to take as my final compTIA cert. I am really nervous though b/c this test is scored 100-900 points and I would need a 764 to pass....so with my broken math skills that means I need to get about 85 out of the 100 questions correct to pass this thing. This is intimidating b/c I have struggled to get the $220 to take this (i.e. broke college student).

I guess to sum it up I really want to take this but am 2nd guessing spending so much on such a high fail rated exam. Perhaps it would be better just to move on to 70-270 and take advantage of the cheaper price tag and 2nd chance offer Microsoft is doing until the end of Jan. 08.

For prep work I've spent the past 2 months memorizing the sybex and most of the syngress books (syngress was really long and boring). Also the technotes on this site have been a huuuuge help. I went through the exam cram book at borders and got an 86% on the practice test....guess I am just nervous...I'll update this if I do take this exam and tell you all how it went.

Sorry for rambling ...great site again! I can't imagine how lost I would have been without it!

Greg

spree610

this is an excellent entry cert. it especially makes you more marketable due to the growning requirement for IT security. Even the DoD requires that all IT administrators be security certified and this cert meets their requirement. Will this get you that 60-70k Job? probably not but it is a great start.

Mishra

You studied for it already. Don't let that time you spent go to waste and finish your studying and take the test.

bertieb

Welcome! I'd suggest you carry on with the cert, it's obvious you've put a lot of effort in already and it's a decent one to have, IMO.

Don't get too hung up on the score, some questions are not scored and some may be weighted differently, so you'll never know how many you really need to pass. Concentrate on knowing the material and you'll be fine. Put it this way, imagine how good it'll feel when you get that 'Pass' on screen after all the effort and worry.

Good luck!

Training Daze

Thanks for the posts...I decided to take this exam...just waiting on Preplogic to email me my voucher #, hopefully i can get it done on Monday. It would be nice to pass but the information absorbed just studying for this exam really laid out a nice security foundation. I really feel comfortable with all of the terms and I am sure this will pay dividends with my future IT classes and certifications....

For some reason my brain had trouble with remembering the cryptology material and keeping it all organized. I made a quick cram sheet that I quickly went over everyday before i was about to study and it really helped, feel free to correct it if you notice an error.

I couldn't get the concepts associated with asymmetric, symmetric and hashing sorted so I came up with a quick pneumonic device which helped enormously. Use SHA (like the hash type) and CIA ( like conf., integrity and availability...except I switch availability for authorization)....so just line up..
SHA==with==>CIA

Symmetric ===>Confidentiality
Hash=======> Integrity
Asymmetric===>Authenication

Also a quick way to know if the algorithm is asymmetric is
==>REED
Rsa
Ecc
El-gamal
Diffie-helman
........................if it's not 1 of these you know it's symmetric!


Hashing (integrity)
SHA – Secure Hash Algorithm
- Ensures integrity of message
- 160 bit hash value
- More secure
- One-way hash

MDA - Message Digest Algorithm
- One-way hash
- 128 bit digest
- MD5 most commonly used hash
- MD5, MD4 & MD2

Symmetric Algorithms (confidentiality)
- Private key encryption
- Use block/stream cipher

DES - Data Encrypted Standard
- 56 bit key
- Outdated (replaced with 3DES)

AES - Advanced Encryption Standard
- Uses Rijndael algorithm
- Supports 128, 192, and 256 bit keys

3DES -Triple DES

CAST - 40 and 128 bit keys
- Fast and efficient

RC -RC5 and RC6
- Keys up to 2,048 bits
- Block up to 128 bits
- Strong system

Blowfish – 64 bit block ciphers
- Very fast, symmetric block cipher

IDEA - International Data Encryption Algorithm
- 128 bit key
- 64 bit blocks
- Used in PGP!!!

Asymmetric Algorithms (authentication)
- Uses two keys
- Public and private
- Used in PKI

RSA - public key encryption & digital signatures
- De facto standard
- Used in SSL!!!!

Diffie-Helman - doesn’t encrypt or decrypt messages
- Used to securely transmit keys

ECC -Elliptic Curve Cryptography
- Used in mobile devices

El Gamal - Transmits digital signatures and keys

Digital Signatures - validates integrity of message and sender & authentication
- Used to authenticate asymmetric keys
- Uses message digest, hash value and pu/pr keys
- Sender uses pr key to sign the message and receiver uses sender’s pu key to verify.

PKI - Public Key infrastructure
- Asymmetric (2 key) uses: CA, RA, RSA and digital certificates
- Just a framework
CA - Certificate Authority
- Associates public key with an individual
- Can be either public or private
- RA (registration authority) helps out (can’t issue certificates though)
- LRA helps too (local registration authority)
x.509 - most popular certificate

CP, CPS, CRL, OCSP

Policy – rules and requirements which should be adhered to by an organization.
- Contain conditions of expected performance and consequences of non-compliance
Standards – detail rules and best practices that must be complied with, ARE MANDATORY
Guidelines – similar to standards (both detail rules and best practices) but the guidelines ARE NOT MANDATORY
Procedures – detail steps of how policies should be implemented w/in a production environment


Hope this helps anyone struggling with the same stuff i was! I'll update my impression of the exam next week after i take it.[/b]

sir_creamy_

If money is tight don't even bother with this "certification". Your money will be better spent investing in textbooks that cover the topics in depth from the ground up.

Training Daze

Took the exam this morning and passed with an 825. Really happy I decided to go for it. The exam itself was pretty straightforward and the difficulty level was about what I expected. If you are planning on taking this I suggest taking all of the practice exams you can find and once you score at or above 85% on a consistent basis then take it. Time to mosey on over to the 70-270 forum and start the MCSA.

dynamik

Congratulations. Why is this your last Comptia exam though? Go for the Linux+ and get an introduction into Linux, and the Project+ will come in handy if you ever have/want any IT-related management responsibilities.

bertieb

Well done