Business Continuity, Risk Analysis, Threat analysis....

I witnessed a test that was riddled with this stuff and the questions had like 2 or 3 possible answers each! Does anyone have a good write up on this? All types of strange things came out of nowhere like Quantitative analysis sequencing and qualitative... I'm lost now, I thought this test was technical. I didn't see any of that in the objectives. I mean, I saw a tape rotation question get into detail and I was stumped. Does anyone have anything about POLICIES, AUP, ANALYSIS and all that other non-technical crap that we have to deal with on the test? I can't get anything informative on these subjects.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Ten9t6

I hope your talking about a practice exam.

http://www.comptia.org/certification/Security/Security_Objectives.pdf

check out domain 5

It talks about everything you have mentioned. Also, what book are you using? All of them should cover this information. I would also do google searches on the following words as they relate to risk assessment:

quantatitive
qualitative
asset
threat
vulnerability
safeguard
Exposure Factor (ef)
Single Loss Expectancy (SLE)
Annualized Rate of Occurrence (ARO)
Annualized Loss Expectancey (ALE)

As far as backups are concerned:

research which types reset the archive bit and which ones do not. Which ones will back up the fastest and which ones restore the fastest.

This should be enough to get you started...

RussS

Yes the test does have some of that in it. Also has some questions with several possible answers - If you are stumped, re-read the question and then try to answer using "ummm, what does Comptia want?".

BTW - the % for the objectives are totally up the spout.

odoggz

Ten9t6 wrote:

I hope your talking about a practice exam.

http://www.comptia.org/certification/Security/Security_Objectives.pdf

check out domain 5

It talks about everything you have mentioned. Also, what book are you using? All of them should cover this information. I would also do google searches on the following words as they relate to risk assessment:

quantatitive
qualitative
asset
threat
vulnerability
safeguard
Exposure Factor (ef)
Single Loss Expectancy (SLE)
Annualized Rate of Occurrence (ARO)
Annualized Loss Expectancey (ALE)

As far as backups are concerned:

research which types reset the archive bit and which ones do not. Which ones will back up the fastest and which ones restore the fastest.

This should be enough to get you started...

Actually, I DID take the test and was doing fine until about 12pm when my TEST "CUBICLE" area turned into a mob scene and the test administrator person disappeared and never came back. I had to get up, a few times, and tell people to shut up because I was taking a test! I couldn't continue due to noise, rudeness of people coming into the room/which doubled as a LAB but the test admin wasn't there to keep people out. The test is easy when it comes to technical stuff, and I'm sure I had most of the policies info down, but SYNGRESS' Security + book is TERRIBLE with that! All the policy information and Analysis' are like tiny summaries in that book. There is no solid info and when you look up terms like Quantitative/Qualitative/4Quandrant analysis or "Bell LaPadula/Lattice..." you will NOT find them in that book. The book can help with the TECHNICAL pieces of the test but you're up sh1t's creek for all the rest! Most of the stuff I'm asking about, I learned from THIS SITE!

Thank you for the Risk Assessment help. I will research that piece HEAVILY!

Oh, and by the way, COMPTIA sent people to the site I took the test at and said it was NOT A VALID TEST CENTER (cubicle inside of a lab), wondered how I managed to walk away with the site's contract that I was supposed to sign and give back to them (the test administrator was NOT present to tell people to shut up or there to let me stop the test), COMPTIA reviewed my score and said I could have easily passed if not for the environment (which I would have passed with 8 more points) and immediately gave me a voucher to retake the test.

Ten9t6

odoggz wrote:

Ten9t6 wrote:

I hope your talking about a practice exam.

http://www.comptia.org/certification/Security/Security_Objectives.pdf

The test is easy when it comes to technical stuff, and I'm sure I had most of the policies info down, but SYNGRESS' Security + book is TERRIBLE with that! All the policy information and Analysis' are like tiny summaries in that book. There is no solid info and when you look up terms like Quantitative/Qualitative/4Quandrant analysis or "Bell LaPadula/Lattice..." you will NOT find them in that book. The book can help with the TECHNICAL pieces of the test but you're up sh1t's creek for all the rest! Most of the stuff I'm asking about, I learned from THIS SITE!

Thank you for the Risk Assessment help. I will research that piece HEAVILY!

.

I used the syngress book..I didn't have any problems, but then again I was studying for my CISSP at the same time, which covers all of that.
on some of the stuff you listed:
Quantative: assigns a hard value (like money) to a risk
Qualitative: Does more of a role playing for each scenario.....a what if
Bell LaPadula: http://www.itsecurity.com/dictionary/bell.htm

I would also do some googling to find sites with free SSCP / CISSP online exams. The questions in the area that you are having problems with, will be more than covered. Hope this helps..

odoggz

Ten9t6 wrote:

odoggz wrote:

Ten9t6 wrote:

.

I used the syngress book..I didn't have any problems, but then again I was studying for my CISSP at the same time, which covers all of that.
on some of the stuff you listed:
Quantative: assigns a hard value (like money) to a risk
Qualitative: Does more of a role playing for each scenario.....a what if
Bell LaPadula: http://www.itsecurity.com/dictionary/bell.htm

I would also do some googling to find sites with free SSCP / CISSP online exams. The questions in the area that you are having problems with, will be more than covered. Hope this helps..

Ah man that was right on the money! THANK YOU! The CISSP track is much more detailed. Is that the next logical step after finishing this Security + test?

Ten9t6

That all depends on your experience level. If you have a 4 year college degree and 3 years experience in one or more of the 10 domains of security.....or no college degree and 4 years experience in one or more of the 10 domains of security...then it would be a great choice. If you have less than that I would check out the SSCP. I would say that difficulty wise, it is somewhere b/w the Security+ and the CISSP. If you already have a premier cert. (MCSA, MCSE, CCNP etc...) you can take the CIW Security Analyst certification. It is close to the Security+. It just all depends on your experience and what you want to do.