Security+ -- What DIDN'T you know prior to studying/passing the exam?

As I'm reading my Security+ book, stuff like Bluejacking and Bluesnarfing scared the crap out of me...to the point where I actually checked my cell phone (which doesn't have Bluetooth on as I don't have it pared with a headset or my Bluetooth-less car) to see if Discovery Mode was on. It was off, but man made me wonder about everyone else at work and in life. But that was definitely stuff I didn't know.

Ports and such I hadn't really had to think about but the standard ones like for mail, FTP, http, etc I know.

I am amazed about the tools like Wireshark and Netstumbler that are named so that one can play around with them later, though I dunno if I want to do that at work. LMAO.

The risk analysis I haven't gotten to yet, but I plan on getting to that later in my guide (CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide by Darril Gibson).

I am curious about what new stuff you might have picked up just by studying for this exam. Even if it was stuff you would have picked up in A+ and/or Network+ exam. I'm thinking maybe it will help those who are studying out or a chance to tell a good story.

Find more posts tagged with

Comments

redline5th

erpadmin wrote: »

As I'm reading my Security+ book, stuff like Bluejacking and Bluesnarfing scared the crap out of me...to the point where I actually checked my cell phone (which doesn't have Bluetooth on as I don't have it pared with a headset or my Bluetooth-less car) to see if Discovery Mode was on. It was off, but man made me wonder about everyone else at work and in life. But that was definitely stuff I didn't know.

Ports and such I hadn't really had to think about but the standard ones like for mail, FTP, http, etc I know.

I am amazed about the tools like Wireshark and Netstumbler that are named so that one can play around with them later, though I dunno if I want to do that at work. LMAO.

The risk analysis I haven't gotten to yet, but I plan on getting to that later in my guide (CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide by Darril Gibson).

I am curious about what new stuff you might have picked up just by studying for this exam. Even if it was stuff you would have picked up in A+ and/or Network+ exam. I'm thinking maybe it will help those who are studying out or a chance to tell a good story.

What stumped me more than anything was the business terms... like service license agreement, the steps of risk and vulnerability assessment, etc.

NIDS, NIPS, HIDS, and HIPS was new to me. Plus I learned a lot more about firewalls that I didn't know before I studied for the test.

Ports and stuff I had down pat from the net+ minus a few additional ones.

veritas_libertas

redline5th wrote: »

NIDS, NIPS, HIDS, and HIPS was new to me. Plus I learned a lot more about firewalls that I didn't know before I studied for the test.

Ports and stuff I had down pat from the net+ minus a few additional ones.

That was my experience as well. The encryption types and how they worked were the most difficult for me to memorize and by now I have probably forgotten them.

earweed

Practically everything was new to me it seemed. I did a little labbing with a book called security administrator street smarts which helped me out a lot. I actually saw what it meant to harden an OS and saw some of the tools I was reading about.

Somnipotent

i really got a kick out of the PKI system and all the algorithms that were developed for encryption. crazy stuff. still trying to sort through it all. gonna give the book a once more over before i take the test (plus gonna wait until there's a discount on the voucher).

erpadmin

What does amaze me are the tools. Mind you I have used in my youth brute force tools on my school's email server and thought it was neat I could hack people's email. The word "ethical" was not in my vocabulary. I do legitimately use SAM crackers to get into a locked NT-based (NT, 2000, XP, etc.) workstation for a neighbor who locked himself out (Systernals, is still the best with it's locksmith tool on ERP Commander). But the amount of free tools available in one place to analyze your network, and such...that's amazing by just searching "network security tools" is unreal.

Also, in the case of IM, I knew that IMing was frowned upon, but I thought it was because management thought IM was a distraction. I didn't realize that there was NO encyrption on most of the IM software. (MSN, Yahoo, etc.). I think there is encryption on the "Enterprise-level", but I'll have to double check that. Still, that's pretty sick.

On the 6th chapter now. It's looking like I might be done by Sunday night. What I am liking is that I am getting less wrong on the chapters. (average 2-3 out of 20-25 questions). Once I'm done with the book, I will take the Transcenders and see what is up. But I am sure there will be more that I, personally, didn't know.