Security+ Exam Review :)
Hi all,
I just got back from the test center where I took the Security+ exam. OMG, what a weird exam it was. It was my first CompTIA exam, so I was more nervous then usually. After the first 7 or 8 questions I felt I could relax cause the answers seemed so obvious. I think I spent as much time on question 9 as on the first 8 questions, just trying to figure out what the question said. I even picked up some new English words.
It seems they customized the exam for me though, I got very few questions on policies and other less-technical topics. Overall it was pretty straightforward, and did not get many questions about unexpected topics.
Some things in general:
- Know those well-known ports... Use our Security+ ports quiz to memorize them, you won't regret it.
- Know the difference between non-repudation, confidentiality, encryption, integrity, authentication, etc., etc.
- PKI infrastructure
- crypto algorithms, asymmetric, symmetric, hashing.
- basic networking
- VPNs, make sure you understand L2TP and PPTP, and IPsec.
- IDS, make sure you watch the free video at www.cbtnuggets.com/techexams
- Since there were a hundred questions (somehow I expected 90) pretty much every exam objective listed at www.comptia.com was covered by the exam.
I used the following to prepare for/pass this exam:
- Experience. Although 'Security' was never part of my job titles, basic security is always part of a sys/network admin/designer's job. I.e. I've set up 509v3 certificates and S/MIME in a huge Exchange 5.5 environment, hence I didn't need to prepare for that. Preparing for this exam did change my point of view on security and gave me a healthy doses of paranoia.
- Other certs. Apart from MCSE in general and my cisco certs, the MS Exchange and MS Proxy exam covered a lot of these security 'basics' in detail.
- The Sybex Security+ Study Guide. I received a copy from Sybex over a year ago. One of these reasons I kept delaying the exam is that I had a real hard time finishing that book. Apart from several inaccuracies and repeated information, it never felt I knew enough about a topic from just reading that book. However, after taking the exam, it doesn't seem to be such a bad book at all. I wouldn't suggest it as the only source though...
- PrepLogic was so kind to provide me with a free copy of their Security+ practice exams. When I first started to use them, I thought some questions and explanations seemed weird and off-topic. But after I took those 300 questions twice, I realized I learned more than from reading the studyguide. And after passing the exam today I think they are actually pretty good and definitely worth the money.
- online practice exams from various sites
- reviewed my own TechNotes.
Nr. of question is 100, I had 120 minutes + 30 extra for being a non-native english, needed about an hour, passing score is 764, and in case someone cares, I passed with 852.
I hope this is somewhat useful to others. I've been working on more Sec+ TechNotes and practice exams for some time and will put some online soon.
Johan
I just got back from the test center where I took the Security+ exam. OMG, what a weird exam it was. It was my first CompTIA exam, so I was more nervous then usually. After the first 7 or 8 questions I felt I could relax cause the answers seemed so obvious. I think I spent as much time on question 9 as on the first 8 questions, just trying to figure out what the question said. I even picked up some new English words.
It seems they customized the exam for me though, I got very few questions on policies and other less-technical topics. Overall it was pretty straightforward, and did not get many questions about unexpected topics.
Some things in general:
- Know those well-known ports... Use our Security+ ports quiz to memorize them, you won't regret it.
- Know the difference between non-repudation, confidentiality, encryption, integrity, authentication, etc., etc.
- PKI infrastructure
- crypto algorithms, asymmetric, symmetric, hashing.
- basic networking
- VPNs, make sure you understand L2TP and PPTP, and IPsec.
- IDS, make sure you watch the free video at www.cbtnuggets.com/techexams
- Since there were a hundred questions (somehow I expected 90) pretty much every exam objective listed at www.comptia.com was covered by the exam.
I used the following to prepare for/pass this exam:
- Experience. Although 'Security' was never part of my job titles, basic security is always part of a sys/network admin/designer's job. I.e. I've set up 509v3 certificates and S/MIME in a huge Exchange 5.5 environment, hence I didn't need to prepare for that. Preparing for this exam did change my point of view on security and gave me a healthy doses of paranoia.
- Other certs. Apart from MCSE in general and my cisco certs, the MS Exchange and MS Proxy exam covered a lot of these security 'basics' in detail.
- The Sybex Security+ Study Guide. I received a copy from Sybex over a year ago. One of these reasons I kept delaying the exam is that I had a real hard time finishing that book. Apart from several inaccuracies and repeated information, it never felt I knew enough about a topic from just reading that book. However, after taking the exam, it doesn't seem to be such a bad book at all. I wouldn't suggest it as the only source though...
- PrepLogic was so kind to provide me with a free copy of their Security+ practice exams. When I first started to use them, I thought some questions and explanations seemed weird and off-topic. But after I took those 300 questions twice, I realized I learned more than from reading the studyguide. And after passing the exam today I think they are actually pretty good and definitely worth the money.
- online practice exams from various sites
- reviewed my own TechNotes.
Nr. of question is 100, I had 120 minutes + 30 extra for being a non-native english, needed about an hour, passing score is 764, and in case someone cares, I passed with 852.
I hope this is somewhat useful to others. I've been working on more Sec+ TechNotes and practice exams for some time and will put some online soon.
Johan
Comments
Cant wait for your complete Security+ tech notes.
The one you did for Network+ really got me through the exam!!!
Congrats again!!!!!! That is a great test, that I feel everyone should take....
Kenny
A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA
Vous gagne.
I agree this is a test everyone should take, or rather at least study for it/know the material. I'd bet a truck with beer that I can social engineer myself into every company I worked for. I think this cert does contribute to creating awareness but CompTIA could improve the exam a lot. I do realize it is difficult to create a CompTIA-level exam about security topics though, most topics just cannot be explained in just a couple of words.
The CEH is actually on my wish list for this year. Security has never been a primary role in my jobs, so I hope to get through the application process, cause I don't want to take the course. I heard some bad things about the official study guide, did you use anything in particular to prepare for the CEH? I played with some of the tools years ago, but I will have to learn a lot of new tricks to pass that exam.
I've read the CEH brochure where they claim many great job opportunities will be the result of being a CEH. I doubt that a lot though, or am I wrong?
CISSP seems to be a logical next step as well, but the exam is so darn expensive. I think I'll save that one for when I get that great CEH job as a penetration tester
I did like the test though....You will not pass this exam without messing around with a lot of the programs, that come in their study kit. (Same programs that can be found all over the net). You will have to know command line syntax with the different switches for several programs. You will need to know what the code looks like for several worms and viruses......lots about DNS and SQL...and so on...I was suprised at how in depth it went.....It will also scare you to find out how easy a lot of the stuff is to do.
Oh yeah...another part that I did not like was the 250.00 price tag and the 120 questions....
I hope this helps shed some light on the test....
A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA
FIM website of the year 2007
And thanks Kenny, for the info on the CEH exam, it certainly helps. It is probably a good thing they don't make it too easy, but although I don't plan on rushing just to take the exam, I hope don't have to wait that long. I'll send in my application soon and see what happens.
That will be about 360 USD on this side of the pond...
WOW! thats expensive......And if you get the approval voucher now...I think it is good for 2 years...
A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA
Excellent reporting.
I don't have a degree, and I've only worked in a single 'domain' as a physical security agent.
But, if you look at salary estimates for people that have that cert, it looks like it could pay off!
-- James Thurber