Woot!!!
I passed the Security+ exam this afternoon. I scored a 855 so I am very excited about it. I know the score doesn’t matter once I get the pass but it feels good to have done well after I was so concerned about it.
The reason for my concern was twofold. First, the practice tests I was taking were giving me mixed results. I did okay on most of them but the Transcender questions were rough. There were things on those that I had not read about in any of the books I had used to prepare or any of the classes I had taken. (I have an AAS in Network management and Security and a MMIS in Management of Information Security - not a technical degree but really the management side of IT). Some of the questions seemed bizarre. Here is a sample question that really threw me: “You are examining a TCP packet that traveled through your router today. The protocol field of the IP Header contains a value of 115. Which protocol did this packet use?” The explanation reads: “The packet used the Layer 2 Tunneling Protocol (L2TP). L2TP operates at the Data-Link layer of the OSI model. A value of 6 would indicate the TCP protocol. A value of 17 would indicate the UDP protocol. A value of 1 would indicate the ICMP protocol and. A value of 2 would indicate the IGMP protocol.”
I knew that L2TP operated at layer 2 but I had never seen anything about the protocol field of packets. It makes sense that they do indicate individual protocols. I was just stunned by the question.
Second, this test is notorious for poorly or strangely worded questions. I cannot disagree with that. Of the 100 questions I knew 75 without any doubt. Of those remaining I would say that there were 15 questions that were confusing by the wording. It seemed that either of two answers could be correct depending on the context they were coming from. There was at least one question that the Grammar Application Protocol (GAP) was not in effect. I had to read it several times and still couldn’t really figure out what it was asking. I finally used key words to try to make an educated guess. There was another 10 that I just hadn’t considered important when I studied or otherwise couldn’t quite pull out enough to be 100% sure about. There were 9 questions that had multiple answers, however, the exam did tell you how many it was looking for.
I used the Syngress and Sybex books that so many people here in the forum suggest. I also used the Exam Cram2 book. I didn’t find it as useless as some people found it but it wasn’t the best. I also used Security+ Guide to Network Security Fundementals, 2nd Edition by Mark Ciampa. It was my text for both the AAS degree and the Master’s degree. Actually, I found this to be the least helpful for the exam. I really liked the Technotes from this site a lot. If I were to do it all again I would just use the Technotes, Syngress and Sybex books to prepare. Obviously, I did use practice tests. I found the Sybex material on the CD included with the book useful. Even the Transcender tests were helpful. Never anything wrong with learning to much or being over prepared. The test were actually very good with the exception of the more unusual questions. I would say that it is safe to assume that if you can pass Transcender, you are ready to go.
My goal is to get the MCSA: Security (assuming it is still available by the time I finish). I will do either the Vista 70-620 or the Server 2003 70-290 (I don’t enough about 2007 yet to brave it right now. I need to find a way to play with it.). I hope to have the MCSA done before next March. Then I will go for the CEH and ITIL certifications.
Sorry for such a short post put I a getting ready for a beer.
If anyone has any questions that I am allowed to answer just let me know.
Hey- My 100th post.
:P
