Security+ Exam Review :)
Hi all,
I just got back from the test center where I took the Security+ exam. OMG, what a weird exam it was. It was my first CompTIA exam, so I was more nervous then usually. After the first 7 or 8 questions I felt I could relax cause the answers seemed so obvious. I think I spent as much time on question 9 as on the first 8 questions, just trying to figure out what the question said. I even picked up some new English words.
It seems they customized the exam for me though, I got very few questions on policies and other less-technical topics. Overall it was pretty straightforward, and did not get many questions about unexpected topics.
Some things in general:
- Know those well-known ports... Use our Security+ ports quiz to memorize them, you won't regret it.
- Know the difference between non-repudation, confidentiality, encryption, integrity, authentication, etc., etc.
- PKI infrastructure
- crypto algorithms, asymmetric, symmetric, hashing.
- basic networking
- VPNs, make sure you understand L2TP and PPTP, and IPsec.
- IDS, make sure you watch the free video at www.cbtnuggets.com/techexams
- Since there were a hundred questions (somehow I expected 90) pretty much every exam objective listed at www.comptia.com was covered by the exam.
I used the following to prepare for/pass this exam:
- Experience. Although 'Security' was never part of my job titles, basic security is always part of a sys/network admin/designer's job. I.e. I've set up 509v3 certificates and S/MIME in a huge Exchange 5.5 environment, hence I didn't need to prepare for that. Preparing for this exam did change my point of view on security and gave me a healthy doses of paranoia.
- Other certs. Apart from MCSE in general and my cisco certs, the MS Exchange and MS Proxy exam covered a lot of these security 'basics' in detail.
- The Sybex Security+ Study Guide. I received a copy from Sybex over a year ago. One of these reasons I kept delaying the exam is that I had a real hard time finishing that book. Apart from several inaccuracies and repeated information, it never felt I knew enough about a topic from just reading that book. However, after taking the exam, it doesn't seem to be such a bad book at all. I wouldn't suggest it as the only source though...
- PrepLogic was so kind to provide me with a free copy of their Security+ practice exams. When I first started to use them, I thought some questions and explanations seemed weird and off-topic. But after I took those 300 questions twice, I realized I learned more than from reading the studyguide. And after passing the exam today I think they are actually pretty good and definitely worth the money.
- online practice exams from various sites
- reviewed my own TechNotes.
Nr. of question is 100, I had 120 minutes + 30 extra for being a non-native english, needed about an hour, passing score is 764, and in case someone cares, I passed with 852.
I hope this is somewhat useful to others. I've been working on more Sec+ TechNotes and practice exams for some time and will put some online soon.
Johan
I just got back from the test center where I took the Security+ exam. OMG, what a weird exam it was. It was my first CompTIA exam, so I was more nervous then usually. After the first 7 or 8 questions I felt I could relax cause the answers seemed so obvious. I think I spent as much time on question 9 as on the first 8 questions, just trying to figure out what the question said. I even picked up some new English words.
It seems they customized the exam for me though, I got very few questions on policies and other less-technical topics. Overall it was pretty straightforward, and did not get many questions about unexpected topics.
Some things in general:
- Know those well-known ports... Use our Security+ ports quiz to memorize them, you won't regret it.
- Know the difference between non-repudation, confidentiality, encryption, integrity, authentication, etc., etc.
- PKI infrastructure
- crypto algorithms, asymmetric, symmetric, hashing.
- basic networking
- VPNs, make sure you understand L2TP and PPTP, and IPsec.
- IDS, make sure you watch the free video at www.cbtnuggets.com/techexams
- Since there were a hundred questions (somehow I expected 90) pretty much every exam objective listed at www.comptia.com was covered by the exam.
I used the following to prepare for/pass this exam:
- Experience. Although 'Security' was never part of my job titles, basic security is always part of a sys/network admin/designer's job. I.e. I've set up 509v3 certificates and S/MIME in a huge Exchange 5.5 environment, hence I didn't need to prepare for that. Preparing for this exam did change my point of view on security and gave me a healthy doses of paranoia.
- Other certs. Apart from MCSE in general and my cisco certs, the MS Exchange and MS Proxy exam covered a lot of these security 'basics' in detail.
- The Sybex Security+ Study Guide. I received a copy from Sybex over a year ago. One of these reasons I kept delaying the exam is that I had a real hard time finishing that book. Apart from several inaccuracies and repeated information, it never felt I knew enough about a topic from just reading that book. However, after taking the exam, it doesn't seem to be such a bad book at all. I wouldn't suggest it as the only source though...
- PrepLogic was so kind to provide me with a free copy of their Security+ practice exams. When I first started to use them, I thought some questions and explanations seemed weird and off-topic. But after I took those 300 questions twice, I realized I learned more than from reading the studyguide. And after passing the exam today I think they are actually pretty good and definitely worth the money.
- online practice exams from various sites
- reviewed my own TechNotes.
Nr. of question is 100, I had 120 minutes + 30 extra for being a non-native english, needed about an hour, passing score is 764, and in case someone cares, I passed with 852.
I hope this is somewhat useful to others. I've been working on more Sec+ TechNotes and practice exams for some time and will put some online soon.
Johan
Comments
-
bjuarbe Member Posts: 29 ■□□□□□□□□□Congrats!
Cant wait for your complete Security+ tech notes.
The one you did for Network+ really got me through the exam!!!Theres JUSToneBOBBY! -
Ten9t6 Member Posts: 691Congrats.... I didn't think you would have a problem after reading some of your notes. ...And don't worry about having to re-read the questions...English is my primary language and I had to re-read the questions.....But, in saying this, get used to those types of questions if you continue take security tests. Haha..Thats why they give you six hours to take the CISSP...so you can read the test multiple times....Also, if you want to increase your paranoia, study for the CEH exam!
Congrats again!!!!!! That is a great test, that I feel everyone should take....
KennyKenny
A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA -
Webmaster Admin Posts: 10,292 AdminMerci
I agree this is a test everyone should take, or rather at least study for it/know the material. I'd bet a truck with beer that I can social engineer myself into every company I worked for. I think this cert does contribute to creating awareness but CompTIA could improve the exam a lot. I do realize it is difficult to create a CompTIA-level exam about security topics though, most topics just cannot be explained in just a couple of words.
The CEH is actually on my wish list for this year. Security has never been a primary role in my jobs, so I hope to get through the application process, cause I don't want to take the course. I heard some bad things about the official study guide, did you use anything in particular to prepare for the CEH? I played with some of the tools years ago, but I will have to learn a lot of new tricks to pass that exam.
I've read the CEH brochure where they claim many great job opportunities will be the result of being a CEH. I doubt that a lot though, or am I wrong?
CISSP seems to be a logical next step as well, but the exam is so darn expensive. I think I'll save that one for when I get that great CEH job as a penetration tester -
theICE Member Posts: 84 ■■□□□□□□□□Gratz dude i knew u could to it. but on the beer truck, u can drop by my house first if u want and we can have a party lol drink some beer and celebrate :P
-
Ten9t6 Member Posts: 691I was actually suprised about the exam itself. It was much harder than I thought it would be....I used the self study kit from Ec-Council. The book was great and you get a printout of their ppt presentation of their class. It is great to see the areas that they focus on so you can do more studying. The only part of the process that I did not like was scheduling the test. Ec-Council was VERY slow in responding to emails and phone calls. I was ready to take the test when it was version2. When I tried to schedule it through Prometric Prime (which is online testing) they said that I needed an Ec-Council certified proctor to watch me take the exam. The only problem was I could not find one in the Texas area. So, several months went by and they went to version 3 of the test which is available through "Some" of the Prometric centers out there. When I tried to schedule it through them, they told me that I needed an approval code from Ec-Council. So, after browsing their site again, I saw that I needed a form to prove that I had two years experience to take the test, since I did not attend one of their schools. Well, I faxed in the form and waited 2 weeks to get the approval voucher.....I finally had the test scheduled almost a year later.
I did like the test though....You will not pass this exam without messing around with a lot of the programs, that come in their study kit. (Same programs that can be found all over the net). You will have to know command line syntax with the different switches for several programs. You will need to know what the code looks like for several worms and viruses......lots about DNS and SQL...and so on...I was suprised at how in depth it went.....It will also scare you to find out how easy a lot of the stuff is to do.
Oh yeah...another part that I did not like was the 250.00 price tag and the 120 questions....
I hope this helps shed some light on the test....Kenny
A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA -
RussS Member Posts: 2,068 ■■■□□□□□□□Most excellent Johanwww.supercross.com
FIM website of the year 2007 -
Webmaster Admin Posts: 10,292 AdminThanks RussS, our discussions about the access control models proved to be very useful.
And thanks Kenny, for the info on the CEH exam, it certainly helps. It is probably a good thing they don't make it too easy, but although I don't plan on rushing just to take the exam, I hope don't have to wait that long. I'll send in my application soon and see what happens.Oh yeah...another part that I did not like was the 250.00 price tag and the 120 questions.... -
Ten9t6 Member Posts: 691Webmaster wrote:Thanks RussS, our discussions about the access control models proved to be very useful.
And thanks Kenny, for the info on the CEH exam, it certainly helps. It is probably a good thing they don't make it too easy, but although I don't plan on rushing just to take the exam, I hope don't have to wait that long. I'll send in my application soon and see what happens.Oh yeah...another part that I did not like was the 250.00 price tag and the 120 questions....
WOW! thats expensive......And if you get the approval voucher now...I think it is good for 2 years...Kenny
A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA -
janmike Member Posts: 3,076Congrats, Johan!
Excellent reporting."It doesn't matter, it's in the past!"--Rafiki -
skully93 Member Posts: 323 ■■■□□□□□□□Those are some hefty requirements. I would be interested in eventually taking the CISSP, in roughly 100 years when I meet the prerequisites .
I don't have a degree, and I've only worked in a single 'domain' as a physical security agent.
But, if you look at salary estimates for people that have that cert, it looks like it could pay off!I do not have a psychiatrist and I do not want one, for the simple reason that if he listened to me long enough, he might become disturbed.
-- James Thurber -
princess4peace Member Posts: 286Congrat Johan: "For what is the best choice, for each individual is the highest it is possible for him to achieve." Keep the flag flying.Knowledge is life