yuppy ... Just passed ... thoughts & questions
Hi All, thanks for all your posts discussing this important topic - IT Security. I finally went in to take the exam today (was supposed to do this back in 2004) and passed with 825. I expected a higher score, but I appreciate how the exam results printout outlines what areas were missed (for post-exam review).
The test site was very close to home, located in a business complex, in a rather midium sized room, quiet and simple. I wish all the test questions would have been in black type-letters, instead of gray, de-emphasized background. Having the review buttons on upper left was really useful.
FOR THOSE planning on taking the SY0-101 EXAM are some mental notes (pls BE AWARE that your exam will not be the same and the number of questions per subject may be very different):
* I was given the 2007 version of the test.
* of the 100 questions, 3 of them were outside the 5 required domains (they are wild-card questions that do not count towards final score).
* 2 easy questions on the same thing .... "single sign-on."
* 2 more difficult questions on PGP (know it well; what algorithms used - symmetric + hashing ones) and also 2 questions on S/MIME.
* only 2-3 questions on port #s.
* my module had very little PKI related questions (nothing on the specific keys but only on the general infrastructure models: web-of-trust, hierarchical, etc), but a ton of MAC/DAC/RBAC and also surprisingly IDS.
* for some reason my module had a lot on network/system security and planning ... and a lot of emphasis on social engineering (education, awareness).
* ESP IPSec protocol (choices: 51,50,25,20) ?
* Longest atack time from the following: rainbow, birthday, dictionary, brute force ?
* Quite a few questions on attack types and social-engineering.
Next I plan on taking Network+ (next month) so I can be forced to have a good general review of Networking technology. Any advice on how to prepare (best books out there) ??? I hear the passing rate for Network+ is much lower than Security+
RESOURCES: used to pass Security+ were the Notes on this site and O'Reilly's "A+, Network+, Security+ exams in a Nutshell" recently published book. Four years ago I had purchased and read from cover to cover "All-In-One" and "Exam Cram II" both books which had areas that could be improved and their CDs with sample questions were too easy and with a very bad format (CDs were a waste of time).
I can't believe the amount of money I had to pay for a test (like Security+) that is so little known or respected. Well, it is no wonder that IT security is one of the least valued area of IT infrastructure. At lest this exam covered a very wide range and I feel the it was a good stepping stone for future security related industry exams.
The test site was very close to home, located in a business complex, in a rather midium sized room, quiet and simple. I wish all the test questions would have been in black type-letters, instead of gray, de-emphasized background. Having the review buttons on upper left was really useful.
FOR THOSE planning on taking the SY0-101 EXAM are some mental notes (pls BE AWARE that your exam will not be the same and the number of questions per subject may be very different):
* I was given the 2007 version of the test.
* of the 100 questions, 3 of them were outside the 5 required domains (they are wild-card questions that do not count towards final score).
* 2 easy questions on the same thing .... "single sign-on."
* 2 more difficult questions on PGP (know it well; what algorithms used - symmetric + hashing ones) and also 2 questions on S/MIME.
* only 2-3 questions on port #s.
* my module had very little PKI related questions (nothing on the specific keys but only on the general infrastructure models: web-of-trust, hierarchical, etc), but a ton of MAC/DAC/RBAC and also surprisingly IDS.
* for some reason my module had a lot on network/system security and planning ... and a lot of emphasis on social engineering (education, awareness).
* ESP IPSec protocol (choices: 51,50,25,20) ?
* Longest atack time from the following: rainbow, birthday, dictionary, brute force ?
* Quite a few questions on attack types and social-engineering.
Next I plan on taking Network+ (next month) so I can be forced to have a good general review of Networking technology. Any advice on how to prepare (best books out there) ??? I hear the passing rate for Network+ is much lower than Security+
RESOURCES: used to pass Security+ were the Notes on this site and O'Reilly's "A+, Network+, Security+ exams in a Nutshell" recently published book. Four years ago I had purchased and read from cover to cover "All-In-One" and "Exam Cram II" both books which had areas that could be improved and their CDs with sample questions were too easy and with a very bad format (CDs were a waste of time).
I can't believe the amount of money I had to pay for a test (like Security+) that is so little known or respected. Well, it is no wonder that IT security is one of the least valued area of IT infrastructure. At lest this exam covered a very wide range and I feel the it was a good stepping stone for future security related industry exams.
----
Studying CCENT/ICND1 (640-822)
Future tests:
in 2008: CCENT, SSCP, Linux+, A+,
in 2009: CCNA/ICND2 (640-816), C|EH, CWNA, CWSP,
in 2010: CCNP, CCSP.
Studying CCENT/ICND1 (640-822)
Future tests:
in 2008: CCENT, SSCP, Linux+, A+,
in 2009: CCNA/ICND2 (640-816), C|EH, CWNA, CWSP,
in 2010: CCNP, CCSP.
Comments
-
dynamik Banned Posts: 12,312 ■■■■■■■■■□Congratulations on the pass! That's a great score.RomGabe wrote:I can't believe the amount of money I had to pay for a test (like Security+) that is so little known or respected. Well, it is no wonder that IT security is one of the least valued area of IT infrastructure. At lest this exam covered a very wide range and I feel the it was a good stepping stone for future security related industry exams.
I'm not sure how you came to this conclusion. While the Security+ isn't as popular as the A+ or Network+, it's a respectable certification, and others such as Microsoft and ISC^2 (you can use it to drop an entire year off your five-year work requirement for the CISSP) recognize it. Security is also an extremely hot area of IT, so I'm not sure why you feel it's one of the least valued areas.
P.S. Sharing exam experiences is great, but I think some of your points contain a bit too specific information. I encourage you to edit some of that out. -
Nishesh.Prasad Member Posts: 185good work. congratulations.MCITP: EA 2008| VCP4| MCSE 2003 | CCNA | MCSA 2003: Security | MCDST | Security+ | ITILV3
-
Pash Member Posts: 1,600 ■■■■■□□□□□Too much information is bad information. Some of your stars come worringly close to telling us test questions.
Congrats on the pass.DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me. -
Megadeth4168 Member Posts: 2,157Congrats!
As already stated, you may be giving too much information about the exam. Just don't be surprised if your post is edited later. -
ROMGabe Member Posts: 66 ■■□□□□□□□□Dynamic, you raise a good point.
I think from the perspective of a techie, one understands how important IT Security is. Unfortunatelly from my experience, management hasn't always seen the importance of seriously investing in latest security technology, and sometimes seems to delegate the security duty to net.eng., sys.eng. groups. Case in point, my current employer which has a large online merchantile presence, has a dedicated Security group, but it is tiny in comparison with the rest of the IT groups in # of personel, or perceived-presence/existance in the corporation.
Thanks for your feedback to my slightly exagerrated comment. In a way it was also meant to foster some discussion. Now I am more aware and knowledgeable about future exams and certs.
RomGabe----
Studying CCENT/ICND1 (640-822)
Future tests:
in 2008: CCENT, SSCP, Linux+, A+,
in 2009: CCNA/ICND2 (640-816), C|EH, CWNA, CWSP,
in 2010: CCNP, CCSP.