SY0-201 - Virtualization?
I've seen a few posts here mentioning that Virtualization questions caught testers off guard. I hate it when you study from 4-5 sources & test questions come up that you've never even heard of. I've read several books & am following up with study notes from this site & Transcender (planning on taking my test in a few weeks). I have found very little in my study material that talks about Virtualization. Does anyone have a site link with more detailed virtualization study notes that might come up on the exam?
Comments
I would like some info on this also.
I dont know if this will be much help but the only mention of virtualisation in the 2008 objectives (downloadable from CompTIA site) is the following:
"1.6 Explain the purpose and application of virtualization technology"
As it's mentioned as a minor objective early on, I dont think you need to know too much, just the benefits of using virtual servers, particularly from security point of view. For example, at my work I know that the Ms Virtual PC based virtual servers that host VMs I use for connecting to customer sites has it's access controlled by Active Directory permissions. So if you dont have permissions to access the virtual server in AD you cant use any of the VMs hosted on it. This practice of segmentation protects your own servers and assures the safety of those you connect to from the VMs so maybe this is the angle the questions take.
This may help too, free custom copy of Virtualization for Dummies to download here :
Virtualization for Dummies
UPDATE: Just found this link that may also help:
Virtualisation for Security
ie. If my browser is fully virtualized and becomes compromised...it doesn't take out the whole system, it only effects the browser (this technique is known as sandboxing by the way).
SE Notebook
I don't know about anyone else, but I couldn't get the Virtualization for Dummies to download!
I filled out everything it asked of me :~
If you need info on virtualization, let me know, PM me or something. I work on several production servers running in a VMware Infrastructure environment.
Note, just virtualizing a server will not necessarily make it secure. If it's a virtual production server on the actual production network (passing production network connectivity through the host to the virtual machine) , it's just as susceptible to attack as any physical server.
From what I've seen so far in my studies for Sec+, I have seen a question similar to this: Lets say you have a new application that requires network connectivity and you want to test it in a network environment. The answer would be to load a virtual client PC (like XP) and a virtual server PC onto a standalone host PC off the production network. Within your virtual environment, the virtual client machine and virtual server machine will have an internal network between them that is away from your production network. That way those two virtual boxes exchange data over a completely isolated network.
IT Pros that thumb their nose at certs don't really belong in the biz in my opinion.
Yes, certs sometimes are invalidated by schmucks out there that have all the certs in the world yet can't actually be relied on to do real work or are just in it for a paycheck.
However, it's been my experience that I learn some additional things when studying for certs. For instance, there have been several situations where my uncertified co-workers are doing things in an ineffective way because it is the way they are used to or it is just the old way of doing it. After studying for certs, I can find easier ways to do things.
The day you stop learning in this business and become stuck in your ways is the day you become obsolete. In my opinion, certs are just one of the ways you keep learning because they are usually updated when the common technology is updated.
If I had a choice of hiring a person with 25 years experience and his last cert was NT4 and someone with 10 years experience whos last cert was on Windows 2003, i'd pick the 2003 guy, because it's possible the person who isn't willing to update his cert isn't going to learn the new features in an OS that are going to benefit the company or security.
I've been studying for the Security+ exam now for a couple of weeks and I'm learning quite a bit from this as well. I agree, sometimes you get stuck doing one task and literally can't do much "on the job" training and have to fall back on what you've studied. Just being in the business helps tremendously. I got lucky when I fell into my current job. Just never stop learning......
Next Up: Security+, 291?
Enrolled in Masters program: CS 2011 expected completion
I took the Sec+ (I failed) and was also caught off guard by the virtualization questions on the exam and have been looking for more information as well on this topic as well as general Sec+ study material. I was just using the Sybex by Emmett Dulaney before, but after failing don't think that's enough so I am now also reading the Sec+ All-in-One Exam Guide.
Thanks, everyone for sharing your experiences.
So if a person can pass a test but chooses not to take that, that's a DQ in your opinion?
I know plenty of people who are quite competent at certain tasks but they just don't care to fork out money to prove it.