Passed 301

ruebenedignruebenedign Registered Users Posts: 2 ■□□□□□□□□□
I used just web based study guides, free online tests and my experience. Studied for about 8 hours total.
Blue snarfing, Blue Jacking, and whaling were unexpected.

I already have my CISSP but wanted to take a stab at sec+, it was pretty stright forward with a few oddities.

Know the different symmetric and asymmetric types

Comments

  • BlackoutBlackout Member Posts: 512 ■■■■□□□□□□
    Congrats icon_thumright.gif
    Current Certification Path: CCNA, CCNP Security, CCDA, CCIE Security

    "Practice doesn't make perfect. Perfect practice makes perfect"

    Vincent Thomas "Vince" Lombardi
  • Michael2Michael2 Member Posts: 305 ■■■□□□□□□□
    I used just web based study guides, free online tests and my experience. Studied for about 8 hours total.

    Wow! You certainly didn't study very long for it. I guess you already learned most of the material from your CISSP studies.
  • erpadminerpadmin Member Posts: 4,165 ■■■■■■■■■■
    It's like graduating college with an undergraduate degree, but going back to 8th grade to graduate because you skipped it to get into high school. :)

    In any event, congrats, I guess....
  • Michael2Michael2 Member Posts: 305 ■■■□□□□□□□
    erpadmin wrote: »
    It's like graduating college with an undergraduate degree, but going back to 8th grade to graduate because you skipped it to get into high school. :)

    What is it that you're trying to say with this? Do you mean that people with college degrees shouldn't bother with this certification?
  • whatthehellwhatthehell Member Posts: 920
    Congratz on the pass!
    2017 Goals:
    [ ] Security + [ ] 74-409 [ ] CEH
    Future Goals:
    TBD
  • erpadminerpadmin Member Posts: 4,165 ■■■■■■■■■■
    Michael2 wrote: »
    What is it that you're trying to say with this? Do you mean that people with college degrees shouldn't bother with this certification?


    Ummm....that's not what I was saying at all.

    The CISSP is the most advanced cert when it comes to Information Security. Security+ is considered an entry level cert when it comes to Information Security.

    If I had a CISSP, I wouldn't need to take Security+, but I wasn't knocking the OP for it either. It just personally seemed odd to me to do it after having a CISSP, is all.
  • DarrilDarril Member Posts: 1,588
    Know the different symmetric and asymmetric types
    Congratulations. Good advice on knowing the different symmetric and asymmetric types.

    I found some of the symmetric and asymmetric questions simple and straight forward and others had remarkable depth. For example, I remember something like:

    "What key is used for encryption of a digital signature?" or "What key is used for decryption of a digital signature?"

    These questions are straight forward but not necessarily simple. You need to understand how the digital signature is created. For clarity, the process is:

    • The email is hashed.
    • The hash is encrypted with the sender's private key (creating the digital signature) and sent.
    • The recipient decrypts the hash with the sender's public key.

    "What key is used for encryption of a digital signature?" The sender's private key.

    "What key is used for decryption of a digital signature?" The sender's public key.

    I remember that same knowledge tested in the SSCP, CISSP, and CASP exams, though the questions and perspectives were different. (I think I found my blog article for this weekend:)).

    Darril Gibson
    Security+ blog
  • DevilryDevilry Member Posts: 668
    Congrats on your pass! Whats next?
  • ruebenedignruebenedign Registered Users Posts: 2 ■□□□□□□□□□
    Darril is dead on with his comments, these will get you if you don't pay attention to what he is saying.

    I've been in the security and IT field for a long time, no particular reason for taking it besides being curious. It also aligns with some of the federal requirements (as does CISSP at a higher level).

    There were some material that was covered in the CISSP exam, I took mine back in 2003 so things may have changed somewhat since then. But the basics about ports, BCP, DR, Patch management, physical security concepts, SSH, SFTP, FTPS, Encryption were the same. I don't remember in the CISSP where I was quized specifically about the Software Development Lifecycle and how to interject security into it. Could've been there, I just don't remember.


    No particular plans yet for a next test, I may head down the Microsoft path since my MCSE was back in Windows 2000 and is outdated.
  • DarrilDarril Member Posts: 1,588
    Darril is dead on with his comments, these will get you if you don't pay attention to what he is saying.
    I made some time to write the blog on digital signatures. As a summary, here are some key points that will help you answer many of the digital signature questions.

    A digital signature provides:
    • Authentication
    • Non-repudiation
    • Integrity
    When using asymmetric cryptography, there are a few basics to remember:
    • Asymmetric keys are in matched pairs of a public key and a private key
    • Anything encrypted with a public key can only be decrypted with the matching private key
    • Anything encrypted with a private key can only be decrypted with the matching public key
    • Private keys are always kept private and never shared
    • Public keys are freely shared by embedding them in a certificate
    Here are the steps to create the digital signature:
    1. The email is hashed.
    2. The sender’s private key is retrieved.
    3. The hash of the email is encrypted with the sender’s private key.
    4. The original email is sent with the digital signature.
    Here are the steps to validate the digital signature:
    1. The recipient retrieves the sender’s public key.
    2. The recipient decrypts the encrypted hash with the sender’s public key.
    3. The received message is hashed.
    4. The hashes are compared.
    Darril Gibson
    Security+ blog
  • Dakinggamer87Dakinggamer87 Member Posts: 4,016 ■■■■■■■■□□
    Congrats on pass!! icon_thumright.gif
    *Associate's of Applied Sciences degree in Information Technology-Network Systems Administration
    *Bachelor's of Science: Information Technology - Security, Master's of Science: Information Technology - Management
    Matthew 6:33 - "Seek the Kingdom of God above all else, and live righteously, and he will give you everything you need."

    Certs/Business Licenses In Progress: AWS Solutions Architect, Series 6, Series 63
  • techie2012techie2012 Member Posts: 150
    Congrats on the pass!! I need to take Sec+ for WGU. I have Greg Whites Security+ book that I will be reading from.
    (CCNP: Switch) Passed!
    (CCNP: Route) Goal: 11/15/12 Progress: 75%
    (CCNP: TShoot) Goal: 12/15/12 Progress: ​50%
    (Perl Scripting) Ongoing :study:
Sign In or Register to comment.