Passed 301

I used just web based study guides, free online tests and my experience. Studied for about 8 hours total.
Blue snarfing, Blue Jacking, and whaling were unexpected.

I already have my CISSP but wanted to take a stab at sec+, it was pretty stright forward with a few oddities.

Know the different symmetric and asymmetric types

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Blackout

Congrats

Michael2

ruebenedign wrote: »

I used just web based study guides, free online tests and my experience. Studied for about 8 hours total.

Wow! You certainly didn't study very long for it. I guess you already learned most of the material from your CISSP studies.

erpadmin

It's like graduating college with an undergraduate degree, but going back to 8th grade to graduate because you skipped it to get into high school.

In any event, congrats, I guess....

Michael2

erpadmin wrote: »

It's like graduating college with an undergraduate degree, but going back to 8th grade to graduate because you skipped it to get into high school.

What is it that you're trying to say with this? Do you mean that people with college degrees shouldn't bother with this certification?

whatthehell

Congratz on the pass!

erpadmin

Michael2 wrote: »

What is it that you're trying to say with this? Do you mean that people with college degrees shouldn't bother with this certification?

Ummm....that's not what I was saying at all.

The CISSP is the most advanced cert when it comes to Information Security. Security+ is considered an entry level cert when it comes to Information Security.

If I had a CISSP, I wouldn't need to take Security+, but I wasn't knocking the OP for it either. It just personally seemed odd to me to do it after having a CISSP, is all.

Darril

ruebenedign wrote: »

Know the different symmetric and asymmetric types

Congratulations. Good advice on knowing the different symmetric and asymmetric types.

I found some of the symmetric and asymmetric questions simple and straight forward and others had remarkable depth. For example, I remember something like:

"What key is used for encryption of a digital signature?" or "What key is used for decryption of a digital signature?"

These questions are straight forward but not necessarily simple. You need to understand how the digital signature is created. For clarity, the process is:

• The email is hashed.
• The hash is encrypted with the sender's private key (creating the digital signature) and sent.
• The recipient decrypts the hash with the sender's public key.

"What key is used for encryption of a digital signature?" The sender's private key.

"What key is used for decryption of a digital signature?" The sender's public key.

I remember that same knowledge tested in the SSCP, CISSP, and CASP exams, though the questions and perspectives were different. (I think I found my blog article for this weekend:)).

Darril Gibson
Security+ blog

Devilry

Congrats on your pass! Whats next?

ruebenedign

Darril is dead on with his comments, these will get you if you don't pay attention to what he is saying.

I've been in the security and IT field for a long time, no particular reason for taking it besides being curious. It also aligns with some of the federal requirements (as does CISSP at a higher level).

There were some material that was covered in the CISSP exam, I took mine back in 2003 so things may have changed somewhat since then. But the basics about ports, BCP, DR, Patch management, physical security concepts, SSH, SFTP, FTPS, Encryption were the same. I don't remember in the CISSP where I was quized specifically about the Software Development Lifecycle and how to interject security into it. Could've been there, I just don't remember.

No particular plans yet for a next test, I may head down the Microsoft path since my MCSE was back in Windows 2000 and is outdated.

Darril

ruebenedign wrote: »

Darril is dead on with his comments, these will get you if you don't pay attention to what he is saying.

I made some time to write the blog on digital signatures. As a summary, here are some key points that will help you answer many of the digital signature questions.

A digital signature provides:

Authentication
Non-repudiation
Integrity

When using asymmetric cryptography, there are a few basics to remember:

Asymmetric keys are in matched pairs of a public key and a private key
Anything encrypted with a public key can only be decrypted with the matching private key
Anything encrypted with a private key can only be decrypted with the matching public key
Private keys are always kept private and never shared
Public keys are freely shared by embedding them in a certificate

Here are the steps to create the digital signature:

The email is hashed.
The sender’s private key is retrieved.
The hash of the email is encrypted with the sender’s private key.
The original email is sent with the digital signature.

Here are the steps to validate the digital signature:

The recipient retrieves the sender’s public key.
The recipient decrypts the encrypted hash with the sender’s public key.
The received message is hashed.
The hashes are compared.

Darril Gibson
Security+ blog

Dakinggamer87

Congrats on pass!!

techie2012

Congrats on the pass!! I need to take Sec+ for WGU. I have Greg Whites Security+ book that I will be reading from.