yuppy ... Just passed ... thoughts & questions

ROMGabe

Hi All, thanks for all your posts discussing this important topic - IT Security. I finally went in to take the exam today (was supposed to do this back in 2004) and passed with 825. I expected a higher score, but I appreciate how the exam results printout outlines what areas were missed (for post-exam review).

The test site was very close to home, located in a business complex, in a rather midium sized room, quiet and simple. I wish all the test questions would have been in black type-letters, instead of gray, de-emphasized background. Having the review buttons on upper left was really useful.

FOR THOSE planning on taking the SY0-101 EXAM are some mental notes (pls BE AWARE that your exam will not be the same and the number of questions per subject may be very different):
* I was given the 2007 version of the test.
* of the 100 questions, 3 of them were outside the 5 required domains (they are wild-card questions that do not count towards final score).
* 2 easy questions on the same thing .... "single sign-on."
* 2 more difficult questions on PGP (know it well; what algorithms used - symmetric + hashing ones) and also 2 questions on S/MIME.
* only 2-3 questions on port #s.
* my module had very little PKI related questions (nothing on the specific keys but only on the general infrastructure models: web-of-trust, hierarchical, etc), but a ton of MAC/DAC/RBAC and also surprisingly IDS.
* for some reason my module had a lot on network/system security and planning ... and a lot of emphasis on social engineering (education, awareness).
* ESP IPSec protocol (choices: 51,50,25,20) ?
* Longest atack time from the following: rainbow, birthday, dictionary, brute force ?
* Quite a few questions on attack types and social-engineering.

Next I plan on taking Network+ (next month) so I can be forced to have a good general review of Networking technology. Any advice on how to prepare (best books out there) ??? I hear the passing rate for Network+ is much lower than Security+

RESOURCES: used to pass Security+ were the Notes on this site and O'Reilly's "A+, Network+, Security+ exams in a Nutshell" recently published book. Four years ago I had purchased and read from cover to cover "All-In-One" and "Exam Cram II" both books which had areas that could be improved and their CDs with sample questions were too easy and with a very bad format (CDs were a waste of time).

I can't believe the amount of money I had to pay for a test (like Security+) that is so little known or respected. Well, it is no wonder that IT security is one of the least valued area of IT infrastructure. At lest this exam covered a very wide range and I feel the it was a good stepping stone for future security related industry exams.

dynamik

Congratulations on the pass! That's a great score.

RomGabe wrote:

I can't believe the amount of money I had to pay for a test (like Security+) that is so little known or respected. Well, it is no wonder that IT security is one of the least valued area of IT infrastructure. At lest this exam covered a very wide range and I feel the it was a good stepping stone for future security related industry exams.

I'm not sure how you came to this conclusion. While the Security+ isn't as popular as the A+ or Network+, it's a respectable certification, and others such as Microsoft and ISC^2 (you can use it to drop an entire year off your five-year work requirement for the CISSP) recognize it. Security is also an extremely hot area of IT, so I'm not sure why you feel it's one of the least valued areas.

P.S. Sharing exam experiences is great, but I think some of your points contain a bit too specific information. I encourage you to edit some of that out.