Preparing for the 201 exam

flav2000

Hi everyone,

I just came across this resource 3 days ago. It has been valuable. Thank you.

I am writing the exam tomorrow ( Oct. 28 ) and I have been re-studying for the better part of two weeks. I initially took an instructor-based course late last year and due to various circumstances I only got around to facing the exam now.

I have gone through quite a few practice exams and usually score in the 80-90% range for them. So I am semi-confident I would pass.

However, last night I came across the ExamCram book by Diane Barrett; Kalani K. Hausman; Martin Weiss (available electronically through the local library) and my score on its test is only in the 70-80% range which surprises me. When I re-read the questions I found the writing to be convoluted and some of the answers can be argued one way or the other. So, I wonder if anybody else has some experience with this book and if the type of questions they ask is in line with the actual Security+ exam.

Example question:
Which of the following criteria is not a common criterion to authenticate a valid access request?
A. Something you have
B. Where you logon
C. What you know
D. Something you do
E. Something you are

Their answer is B. Their explanation is that location is rule-based and does not provide authentication. And "Something you do" they gave an example of "written signature", which seem to be outside of the usual Security+ scope of Something you "have/are/know". I mostly agree with their provided answer "after" I have reach the key but at the time of the question it seems it could go one way or another.

Anyways, thanks in advance for any comments! Taht should help greatly for the final 24 hour push.:D

Find more posts tagged with

Comments

veritas_libertas

flav2000 wrote: »

Hi everyone,

I just came across this resource 3 days ago. It has been valuable. Thank you.

I am writing the exam tomorrow ( Oct. 28 ) and I have been re-studying for the better part of two weeks. I initially took an instructor-based course late last year and due to various circumstances I only got around to facing the exam now.

I have gone through quite a few practice exams and usually score in the 80-90% range for them. So I am semi-confident I would pass.

However, last night I came across the ExamCram book by Diane Barrett; Kalani K. Hausman; Martin Weiss (available electronically through the local library) and my score on its test is only in the 70-80% range which surprises me. When I re-read the questions I found the writing to be convoluted and some of the answers can be argued one way or the other. So, I wonder if anybody else has some experience with this book and if the type of questions they ask is in line with the actual Security+ exam.

Example question:
Which of the following criteria is not a common criterion to authenticate a valid access request?
A. Something you have
B. Where you logon
C. What you know
D. Something you do
E. Something you are

Their answer is B. Their explanation is that location is rule-based and does not provide authentication. And "Something you do" they gave an example of "written signature", which seem to be outside of the usual Security+ scope of Something you "have/are/know". I mostly agree with their provided answer "after" I have reach the key but at the time of the question it seems it could go one way or another.

Anyways, thanks in advance for any comments! Taht should help greatly for the final 24 hour push.:D

Welcome to TE! I am scheduled to take the 201 a few weeks after you.

Darril

Welcome and good luck on the exam.

The question does allow for some interpretation. I agree with the answer B, but from a different perspective.

Authentication is typically verified by something you know (such as a password), something you have (such as a smart card) and something you are (using biometrics).

A less used method of authentication is where you are, such as is used for automatic callback. For example, Sally may be authorized to work from home and uses remote access technologies to dial into a remote access server. Her home phone number is known by the server. When she calls in and authenticates, the server hangs up and immediately calls her back.

If someone obtained Sally's credentials, when they use them to remote into the server, the server will instead hang up and call Sally.

However, handwriting analysis is considered a method of biometric analysis by some, and it could be argueed that is less used then the others.

All that said, many people that have seen the SY0-101 exam and the SY0-201 exam agree that the SY0-201 exam includes significantly less questions that are as ambiguous as this one. if you understand the concepts, you'll be able to eliminate incorrect answers for most questions rather quickly.

HTH,

Darril Gibson
Author: CompTIA Security+: Get Certified Get Ahead
www.sy0-201.com

Security+ Blog
Security Plus: Get Certified Get Ahead

Security+ Tip of day Tweets
twitter.com/DarrilGibson

flav2000 wrote: »

Hi everyone,
Example question:
Which of the following criteria is not a common criterion to authenticate a valid access request?
A. Something you have
B. Where you logon
C. What you know
D. Something you do
E. Something you are

Their answer is B. Their explanation is that location is rule-based and does not provide authentication. And "Something you do" they gave an example of "written signature", which seem to be outside of the usual Security+ scope of Something you "have/are/know". I mostly agree with their provided answer "after" I have reach the key but at the time of the question it seems it could go one way or another.

Anyways, thanks in advance for any comments! Taht should help greatly for the final 24 hour push.:D

flav2000

Thanks Darril. Glad to hear that the 201 exam is better in terms of the vaguely worded questions. That was one of the reasons I waited for it although I attended the course at a bad time when they were just transiting from the 101 exam over to the 201.

Reading the objectives and the notes again, I saw some mention of port numbers and a sprinkling of questions about the key/block size of various crypto algorithms. I remember some of those but wonder if I should spend the extra effort on it. From where I stand it seems like a disservice to ask about these minute details when there are more important conceptual questions to be asked on the exam.

Darril

It depends on your perspective on what is a minute detail. And with 100 questions, you'll get some questions that do test your knowledge a little deeper.

Interestingly, many people have been saying they haven't seen much about ports recently. You might memorize 15 ports and see only a single question on ports.

With 15 percent of the exam on cryptography, you'll likely see something related to the strength of cryptography.

You never know what questions you'll get so you really need to master as much of the objectives as you can. Even if it's not on the exam, it will had to your foundation of knowledge and often help you later in your travels.

Good luck.

Darril Gibson
Author: CompTIA Security+: Get Certified Get Ahead
www.sy0-201.com

Security+ Blog
Security Plus: Get Certified Get Ahead

Security+ Tip of day Tweets
twitter.com/DarrilGibson

flav2000 wrote: »

Reading the objectives and the notes again, I saw some mention of port numbers and a sprinkling of questions about the key/block size of various crypto algorithms. I remember some of those but wonder if I should spend the extra effort on it. From where I stand it seems like a disservice to ask about these minute details when there are more important conceptual questions to be asked on the exam.

dynamik

Darril wrote: »

Even if it's not on the exam, it will had to your foundation of knowledge and often help you later in your travels.

Fo' shizzle. Your goal should be to learn the material; the piece of paper is just icing on the cake.

veritas_libertas

dynamik wrote: »

Fo' shizzle. Your goal should be to learn the material; the piece of paper is just icing on the cake.

In Comptia's case hard, and not so tasty icing (Read: Ugly)...

flav2000

I suppose I prefer to learn things that are important when I have to apply it. So on the crypto side I am do very well (at least what the practice tests tell me) but on the ports side I am trying to avoid polluting my head with not-so-useful info. I will try to throw some ports review I guess.

In some sense - it would be useful to know right away if for example an output of netstat highlights unusual port activity. On the other hand, knowledge about baseline activity, what kind of IDS one should use and where to deploy them would seem like much more important IMO.

As to the certificate itself, I actually don't need it @ my dayjob. I took it upon myself to take this to broaden my knowledge. I work for a security vendor and my primary job is to analyze and develop proactive and reaction detection for malware and spam. So mainly the knowledge of this course is to help me see the bigger picture. It may also come in handy if I ever want move my career into another direction.

dynamik

How are ports not useful information? That's Networking 101.

Load up a simple server and configure FTP, Telnet, SSH, VNC, HTTP(S), etc., and tinker with the firewall. Do some banner grabbing with Netcat. There are numerous ways to apply that material.

flav2000

I stand corrected. I guess my networking background is strong enough that I was expecting some of these to be common knowledge. (I did graduate work in the networks area).

I was also pampered with tools like tcpdump and Ethereal/Wireshark that would automatically interpret the port numbers to known protocol names so memorizing numbers are not a necessity. I was thinking that most tools would automatically interpret the protocols but netstat for example doesn't.

It's still very useful to know the common ones but With the huge list like the one provided IANA http://www.iana.org/assignments/port-numbers, most administrators would be hard pressed to keep assignments of the "known" ports all figured out ( 1024 ports x2, one for TCP and one for UDP ).

dynamik wrote: »

How are ports not useful information? That's Networking 101.

Load up a simple server and configure FTP, Telnet, SSH, VNC, HTTP(S), etc., and tinker with the firewall. Do some banner grabbing with Netcat. There are numerous ways to apply that material.

dynamik

Dude, you only need a few dozen of the popular ones, not 2048

Darril

On IDSs, where I currently work, the use of IDSs has increased quite a bit. We currently use both signature-based and anomaly-based NIDS and have a HIDS installed on every desktop.

Additionally, I've talked to some trainers that train vendor specific IDS classes, and they've said that the popularity of the IDS classes has skyrocketed. All of this reflects the increased security within organizations.

I wrote this blog a while ago that includes details on the different types of IDSs,m including pros and cons, and where they are deployed:
Security Plus: Get Certified Get Ahead: Intrusion Detection Systems (HIDS and NIDS)

Darril Gibson
Author: CompTIA Security+: Get Certified Get Ahead
www.sy0-201.com

Security+ Blog
Security Plus: Get Certified Get Ahead

Security+ Tip of day Tweets
twitter.com/DarrilGibson

flav2000 wrote: »

On the other hand, knowledge about baseline activity, what kind of IDS one should use and where to deploy them would seem like much more important IMO.
QUOTE]

veritas_libertas

dynamik wrote: »

Dude, you only need a few dozen of the popular ones, not 2048

Don't you mean 1024? That would be the common ports, 0-1023.

List of TCP and UDP port numbers - Wikipedia, the free encyclopedia

flav2000

I was the one who said 2048. Technically, not all services operate on both UDP and TCP. Some operates on both, some one or the other. Hence, if you want to know every bit it'll be 2048.

veritas_libertas wrote: »

Don't you mean 1024? That would be the common ports, 0-1023.

List of TCP and UDP port numbers - Wikipedia, the free encyclopedia

flav2000

I think IDS is one of the next/current frontier in security. The other hot features are data leakage protection, IDS, and compliance/patch management.

Working for a security vendor, I am the first to say that the sophistication of some of the latest malware does make response slower. So IDS based on anomaly detection would be a great complimentary tool to use. Many of the top anti-virus vendors are now adding host-based IDS to their products (They call it HIPS, HIDS, etc.)

Darril wrote: »

On IDSs, where I currently work, the use of IDSs has increased quite a bit. We currently use both signature-based and anomaly-based NIDS and have a HIDS installed on every desktop.

Additionally, I've talked to some trainers that train vendor specific IDS classes, and they've said that the popularity of the IDS classes has skyrocketed. All of this reflects the increased security within organizations.

I wrote this blog a while ago that includes details on the different types of IDSs,m including pros and cons, and where they are deployed:
Security Plus: Get Certified Get Ahead: Intrusion Detection Systems (HIDS and NIDS)

Darril Gibson
Author: CompTIA Security+: Get Certified Get Ahead
www.sy0-201.com

Security+ Blog
Security Plus: Get Certified Get Ahead

Security+ Tip of day Tweets
twitter.com/DarrilGibson

flav2000 wrote: »

On the other hand, knowledge about baseline activity, what kind of IDS one should use and where to deploy them would seem like much more important IMO.
QUOTE]

veritas_libertas

flav2000 wrote: »

I was the one who said 2048. Technically, not all services operate on both UDP and TCP. Some operates on both, some one or the other. Hence, if you want to know every bit it'll be 2048.

Gotcha, that makes sense.

flav2000

Went to the exam center today and for whatever reason (either due to network problems or some stupid scheduling issue) I cannot take the exam.

The person at the test center has the "I don't care" attitude and just gave me a "ticket ID" to go phone Prometric. No apologies, no explanation given.

Prometric's call center person was nice but unfortunately couldn't find any place nearby to reschedule me today or tomorrow but fortunately there is an exam center open on Sat.

I was so pumped and ready for the exam... now I have to wait (and re-study...)

flav2000

After being turned back at my allotted exam time and lacking sleep because of various other commitments, I went to the rescheduled time at a new exam center today dead tired and not wanting to write.

That said, I got out the door with a score of 857! So after all that excitement my first cert exam went away without much fanfare.

I did see one or two questions on ports (since everyone wonders about those) and overall I feel the exam was easier than some of the exam preps I have gone through.

In terms of study books, I would say that the Sybex books have wording and questions that feels more at home with the real exam compared to say the Exam Cram one (Those are the only two books I have some experience with). I wish I have a chance to gone through Darril's book too (I am sure that would help) but I found this site 2 days before the exam so that was a little late.

Darril

Congratulations! 857 is a great score.

Darril Gibson
Author: CompTIA Security+: Get Certified Get Ahead
www.sy0-201.com

Security+ Blog
Security Plus: Get Certified Get Ahead

Security+ Tip of day Tweets
twitter.com/DarrilGibson