Preparing for the 201 exam
Hi everyone,
I just came across this resource 3 days ago. It has been valuable. Thank you.
I am writing the exam tomorrow ( Oct. 28 ) and I have been re-studying for the better part of two weeks. I initially took an instructor-based course late last year and due to various circumstances I only got around to facing the exam now.
I have gone through quite a few practice exams and usually score in the 80-90% range for them. So I am semi-confident I would pass.
However, last night I came across the ExamCram book by Diane Barrett; Kalani K. Hausman; Martin Weiss (available electronically through the local library) and my score on its test is only in the 70-80% range which surprises me. When I re-read the questions I found the writing to be convoluted and some of the answers can be argued one way or the other. So, I wonder if anybody else has some experience with this book and if the type of questions they ask is in line with the actual Security+ exam.
Example question:
Which of the following criteria is not a common criterion to authenticate a valid access request?
A. Something you have
B. Where you logon
C. What you know
D. Something you do
E. Something you are
Their answer is B. Their explanation is that location is rule-based and does not provide authentication. And "Something you do" they gave an example of "written signature", which seem to be outside of the usual Security+ scope of Something you "have/are/know". I mostly agree with their provided answer "after" I have reach the key but at the time of the question it seems it could go one way or another.
Anyways, thanks in advance for any comments! Taht should help greatly for the final 24 hour push.:D
I just came across this resource 3 days ago. It has been valuable. Thank you.
I am writing the exam tomorrow ( Oct. 28 ) and I have been re-studying for the better part of two weeks. I initially took an instructor-based course late last year and due to various circumstances I only got around to facing the exam now.
I have gone through quite a few practice exams and usually score in the 80-90% range for them. So I am semi-confident I would pass.
However, last night I came across the ExamCram book by Diane Barrett; Kalani K. Hausman; Martin Weiss (available electronically through the local library) and my score on its test is only in the 70-80% range which surprises me. When I re-read the questions I found the writing to be convoluted and some of the answers can be argued one way or the other. So, I wonder if anybody else has some experience with this book and if the type of questions they ask is in line with the actual Security+ exam.
Example question:
Which of the following criteria is not a common criterion to authenticate a valid access request?
A. Something you have
B. Where you logon
C. What you know
D. Something you do
E. Something you are
Their answer is B. Their explanation is that location is rule-based and does not provide authentication. And "Something you do" they gave an example of "written signature", which seem to be outside of the usual Security+ scope of Something you "have/are/know". I mostly agree with their provided answer "after" I have reach the key but at the time of the question it seems it could go one way or another.
Anyways, thanks in advance for any comments! Taht should help greatly for the final 24 hour push.:D
Comments
Welcome to TE! I am scheduled to take the 201 a few weeks after you.
The question does allow for some interpretation. I agree with the answer B, but from a different perspective.
Authentication is typically verified by something you know (such as a password), something you have (such as a smart card) and something you are (using biometrics).
A less used method of authentication is where you are, such as is used for automatic callback. For example, Sally may be authorized to work from home and uses remote access technologies to dial into a remote access server. Her home phone number is known by the server. When she calls in and authenticates, the server hangs up and immediately calls her back.
If someone obtained Sally's credentials, when they use them to remote into the server, the server will instead hang up and call Sally.
However, handwriting analysis is considered a method of biometric analysis by some, and it could be argueed that is less used then the others.
All that said, many people that have seen the SY0-101 exam and the SY0-201 exam agree that the SY0-201 exam includes significantly less questions that are as ambiguous as this one. if you understand the concepts, you'll be able to eliminate incorrect answers for most questions rather quickly.
HTH,
Darril Gibson
Author: CompTIA Security+: Get Certified Get Ahead
www.sy0-201.com
Security+ Blog
Security Plus: Get Certified Get Ahead
Security+ Tip of day Tweets
twitter.com/DarrilGibson
CompTIA A+, Network+, Security+ Blogs
Daily Network+ and Security+ Test Taking Tips on Twitter
Reading the objectives and the notes again, I saw some mention of port numbers and a sprinkling of questions about the key/block size of various crypto algorithms. I remember some of those but wonder if I should spend the extra effort on it. From where I stand it seems like a disservice to ask about these minute details when there are more important conceptual questions to be asked on the exam.
Interestingly, many people have been saying they haven't seen much about ports recently. You might memorize 15 ports and see only a single question on ports.
With 15 percent of the exam on cryptography, you'll likely see something related to the strength of cryptography.
You never know what questions you'll get so you really need to master as much of the objectives as you can. Even if it's not on the exam, it will had to your foundation of knowledge and often help you later in your travels.
Good luck.
Darril Gibson
Author: CompTIA Security+: Get Certified Get Ahead
www.sy0-201.com
Security+ Blog
Security Plus: Get Certified Get Ahead
Security+ Tip of day Tweets
twitter.com/DarrilGibson
CompTIA A+, Network+, Security+ Blogs
Daily Network+ and Security+ Test Taking Tips on Twitter
Fo' shizzle. Your goal should be to learn the material; the piece of paper is just icing on the cake.
In Comptia's case hard, and not so tasty icing (Read: Ugly)...
In some sense - it would be useful to know right away if for example an output of netstat highlights unusual port activity. On the other hand, knowledge about baseline activity, what kind of IDS one should use and where to deploy them would seem like much more important IMO.
As to the certificate itself, I actually don't need it @ my dayjob. I took it upon myself to take this to broaden my knowledge. I work for a security vendor and my primary job is to analyze and develop proactive and reaction detection for malware and spam. So mainly the knowledge of this course is to help me see the bigger picture. It may also come in handy if I ever want move my career into another direction.
Load up a simple server and configure FTP, Telnet, SSH, VNC, HTTP(S), etc., and tinker with the firewall. Do some banner grabbing with Netcat. There are numerous ways to apply that material.
I was also pampered with tools like tcpdump and Ethereal/Wireshark that would automatically interpret the port numbers to known protocol names so memorizing numbers are not a necessity. I was thinking that most tools would automatically interpret the protocols but netstat for example doesn't.
It's still very useful to know the common ones but With the huge list like the one provided IANA http://www.iana.org/assignments/port-numbers, most administrators would be hard pressed to keep assignments of the "known" ports all figured out ( 1024 ports x2, one for TCP and one for UDP ).
Additionally, I've talked to some trainers that train vendor specific IDS classes, and they've said that the popularity of the IDS classes has skyrocketed. All of this reflects the increased security within organizations.
I wrote this blog a while ago that includes details on the different types of IDSs,m including pros and cons, and where they are deployed:
Security Plus: Get Certified Get Ahead: Intrusion Detection Systems (HIDS and NIDS)
Darril Gibson
Author: CompTIA Security+: Get Certified Get Ahead
www.sy0-201.com
Security+ Blog
Security Plus: Get Certified Get Ahead
Security+ Tip of day Tweets
twitter.com/DarrilGibson
CompTIA A+, Network+, Security+ Blogs
Daily Network+ and Security+ Test Taking Tips on Twitter
Don't you mean 1024? That would be the common ports, 0-1023.
List of TCP and UDP port numbers - Wikipedia, the free encyclopedia
Working for a security vendor, I am the first to say that the sophistication of some of the latest malware does make response slower. So IDS based on anomaly detection would be a great complimentary tool to use. Many of the top anti-virus vendors are now adding host-based IDS to their products (They call it HIPS, HIDS, etc.)
Gotcha, that makes sense.
The person at the test center has the "I don't care" attitude and just gave me a "ticket ID" to go phone Prometric. No apologies, no explanation given.
Prometric's call center person was nice but unfortunately couldn't find any place nearby to reschedule me today or tomorrow but fortunately there is an exam center open on Sat.
I was so pumped and ready for the exam... now I have to wait (and re-study...)
That said, I got out the door with a score of 857! So after all that excitement my first cert exam went away without much fanfare.
I did see one or two questions on ports (since everyone wonders about those) and overall I feel the exam was easier than some of the exam preps I have gone through.
In terms of study books, I would say that the Sybex books have wording and questions that feels more at home with the real exam compared to say the Exam Cram one (Those are the only two books I have some experience with). I wish I have a chance to gone through Darril's book too (I am sure that would help) but I found this site 2 days before the exam so that was a little late.
Darril Gibson
Author: CompTIA Security+: Get Certified Get Ahead
www.sy0-201.com
Security+ Blog
Security Plus: Get Certified Get Ahead
Security+ Tip of day Tweets
twitter.com/DarrilGibson
CompTIA A+, Network+, Security+ Blogs
Daily Network+ and Security+ Test Taking Tips on Twitter