Passed this afternoon

Just passed with a 790. Let me first start off by saying this exam is not to be taken lightly. While have a technological background and the experience to go with it, you need to be able to make good decisions. I feel this exam requires tech experience, but mainly attempts to test your judgment on security.

This exam also attempts to trick you and strives for you to choose an answer without considering the rest. For example, I would receive an easy no brainer question and choose the acronym that fits the answer. After closer review, you will notice two acronyms that are the same, but the first word may be off. This is the first exam where I reviewed my questions and am thankful I did.

Basically read the requirements on which you will be tested and you will not have an issue. I think a big part of the complaints about this test come from the fact that exact terminology or technology is not used in a question, but if you know how that technology works you can answer the question (for example viruses, worms and Trojans as opposed to explicitly saying Sasser or Nessus). I finished without about 30min to spare, and now that I think of it I changed a few I should not have.
I read past reviews of this exam and people stated they received no questions on which specific ports, while I can remember about 10 questions asking to define a port number. You should make sure and know:

1) IDS – HIDS & NIDS – It felt like IDS made up about 40% of the exam. Know them inside and out, policies that go with them, various flavors offered, how you should implement them, etc. Also how to read the results obtained by and IDS. Don’t forget those honey pots!

2) Encryption and Algorithms – Know about PKI and certificates, as well as how VPN’s work and their counterparts used to secure the connection (L2TP is the tunneling protocol while IPSec secures the payload). Memorize hashing algorithms and their associated specifications, AES – 256bit and symmetric, etc.

3) Social Engineering – Know the different methods of social engineering as well as the slang names that define the different approaches. Every company needs some sort of security training and awareness, know the steps to planning them and when to put them in to practice.

4) Know the difference between Viruses, Worms, Trojans, Rootkits, etc. Know how they work and replicate.

5) Know your Access models (MAC,DAC,RBAC) and when you would implement one over the other.

6) Understand various software and freeware tools that may be used maliciously (NMap, Nessus, etc.) and what protocol analyzers do. Make sure you have a good grasp on how to check for vulnerabilities. I remember quite a few questions on this matter.

7) Read the questions thoroughly and make sure you understand what the question wants. Do not choose an answer even though you think you know it without reading the rest. A lot of times a question will give you four correct answers, however you will need to pick the one that best represents the question.

All and all I enjoyed studying for this exam. This was definitely a different experience compared to the MCSE series. Where the Microsoft exams give you paragraphs and expect technical explanations, these seemed much different and were more one and two liners. Like I said, they test your thinking more than anything on this exam.

I used the Sybex 3rd edition book and can say with that alone you will not pass the exam. The only reason I did was in my previous experience I’ve had hands on implementations in a production environment with the material being questioned. My company sent me to a CEH (Certified Ethical Hacker) bootcamp a few weeks before and during the class we used some tools discussed on the test. However, I don’t recall reading about any of them in the Sybex book.

One word of advice, when you think you’re ready; open the book or visit the website to make sure you understand the objectives on the test. A book might not cover an exam objective or give as much detail as needed. If you find a one, search the web on it and make sure you know it. If you know the exam objectives, there will be no surprises. Next is a cram session for the CEH followed by the exam.
Good luck to everyone sitting this in the future!

Find more posts tagged with

Comments

janmike

Congratulations!
I sounds like you have both network and computer security and CompTIA figured out!

techaus

Congrats!

I have a question though - I've read a few posts stating that you should know tools like Nessus. I'm using mainly the Sybex third edition book for studying, and as they don't cover them, can someone tell me what tools I should be familiar with?

wheely

congrats!

cashew

techaus wrote:

Congrats!

I have a question though - I've read a few posts stating that you should know tools like Nessus. I'm using mainly the Sybex third edition book for studying, and as they don't cover them, can someone tell me what tools I should be familiar with?

Nessus is the only one I remember off the top of my head. Only a few questions I saw that presented software options. Google vunerability scanners (Nessus) and get familiar with the search results returned. You don't have to know how the program works or which switches does what, rather you need to know what Nessus is.

Checkout sniffers as well.

7255carl

congrats

nel

congrats man, excellent feedback too.

jdixon63

techaus wrote:

Congrats!

I have a question though - I've read a few posts stating that you should know tools like Nessus. I'm using mainly the Sybex third edition book for studying, and as they don't cover them, can someone tell me what tools I should be familiar with?

I only recall a 2-3 tool specific questions on my exam. However, be forewarned -- many people have learned the HARD WAY that Sybex may not be adequate to pass the exam...especially if the exam taker lacks hands-on IT security experience.

shednik

Congrats on your pass cashew, and thanks for the excellent review on the exam I hope to take this exam sometime in the next year when I have time.

peanutnoggin

Congrats on the pass... good luck on the CEH.

~Peanut Head

Anward

Congratz on the pass!!!

The best book to get for this exam which covers the objective thoroughly is the Syngress Security+
2nd Edition. I've read it once and I'm currently going over it again.

Good luck on your future certs

khanman22

Congrats to previous poster! I passed with a 780. I am going to keep this post short as I feel that the previous post said it all. I'd have to strongly agree that you need to know IDS,HIDS,NIDS as I also felt like this was a large part of the exam. I am not sure if all those questions counted if they are trying to put those in there in preparation of there newer test this year. But, definitely study those. I studied using the ucertify prep test and the sybex book.

Good luck all... now on to studying for the SSCP.

Slowhand

Congratulations on the pass, not a bad score at all. The review of what you studied, and what the exam was like for you will no doubt be helpful to others preparing for the test. Good luck on your C|EH studies, as well.

In regards to other posters' questions about Nessus and what other software to know for this exam, I had a little bit of 'insider information' when I sat for my exam. My networking teacher was heavy on network security, and he recommended that I learn a little bit about Nessus, Snort, and Ethereal/Wireshark in order to have a better idea of some of the things covered by the exam. Basically, learn about vurnerability scanning, intrusion detection, and packet inspection by playing with the most widely-used tools out there. Since then, I've also added one more to the list, as network monitoring has become a bigger part of a sysadmin's repsonbilities: Nagios.

None of these are required for the exam, and you won't really find mention of them in the official study guides, but they're good to have in your bag of tricks and will look good on a resume when you interview for security-related jobs. If nothing else, you'll have experience with the de facto standard security applications, and be able to learn customized versions or similar tools with relative ease. And make no mistake, there are LOTS of tools out there to learn, for various purposes. There are backup solutions, file-recovery software, and a whole slew of other things to keep you busy for a long, long time.

cashew

Thanks for all the positive feedback. This site helped me obtain my MCSE by answering various questions I had . I felt it was only necessary to provide the steps I took as well as give as much detail as possible without violating the rules.

The bootcamp for the CEH was really cool, especially the books and software that came with it. I have an older laptop that I'm ready to use as a tester on my network. I can honestly say I've never looked forward to a certification like I do this one.

ROMGabe

Congrats!

I passed the exam over 6 weeks ago and the distribution and emphasis on the exam seemed to be a bit different than what you had experienced.

What exams are you planning on taking next ?

cashew

I attended the CEH bootcamp, so after a month or so of cramming I will take that one. Then my company is sending me to a CWNA bootcamp at the end of June. Repeat the previous step and pass that one. Busy summer, but worth it!

danclarke

Congratulations - and great comments.