Sec+ in two days

psylowpsylow Member Posts: 23 ■□□□□□□□□□
I have been using the Darril Gibson SY01-301 book to study for the last few months. I took the exam at the end of the book and missed 26 questions, mainly over encryption. I studied all weekend and took it again and only missed 13. I have been taking the practice exams on the techexam site here and have done horrible. I have read a few say not to stress over encryption or port numbers but the techexam tests seem to favor a lot of port numbers. I am a very bad test taker cause I always second guess myself. So I will ask the same question to y'all again. What do you suggest I do? If someone has passed the exam in the last week or so do you have any suggestions. I try to follow the, "Know why the answer is right or wrong" but with all this crammed into the brain the answers get lost.

Thanks for the help.

Comments

  • DarrilDarril Member Posts: 1,588
    It's easy to get overwhelmed with too much material so I wouldn't suggest that you look for anything different at this time. Instead, I'd suggest you just spend some time reviewing the material that isn't as clear to you. For example, on the 13 questions that you missed, review the material from the chapter. Similarly, you might want to redo the pre-assessment test in the book if you haven't looked at in a while.

    On the ports, they are fair game and someone taking it today might have some port questions but someone taking it tomorrow might not have any.

    On cryptography, you can have as many as 11 questions since cryptography takes up 11% of the exam but half of these might be on digital signatures. This page lists some key things to review for cryptography: Get Certified Get Ahead | Security+ Cryptography - Encryption, Hashing, Digital Signatures

    Also, this group of blogs includes some recent topics that people have run across on the Security+ exam:
    Get Certified Get Ahead | Blogs on Security+ certification

    Good luck.
  • psylowpsylow Member Posts: 23 ■□□□□□□□□□
    Thank you very much.
  • psylowpsylow Member Posts: 23 ■□□□□□□□□□
    Concerning SSL, when its said asymmetric encryption is used to privately share the session key you are referring to sharing the public key right?
  • DarrilDarril Member Posts: 1,588
    Sorry but no.

    This link I gave for cryptography topics (http://blogs.getcertifiedgetahead.com/security-cryptography-topics-2/) includes some links to some videos on Encryption, HTTPS and SSL, and Digital Signatures which go into more depth but here are some basic points.
    • Asymmetric encryption uses two keys, a public key and a private key created as a matched pair, to encrypt and decrypt the same data.
    • Anything encrypted by a public key can only be decrypted by the matching private key.
    • Anything encrypted by a private key can only be decrypted by the matching public key.
    • Symmetric encryption uses a single key, commonly called a session key, to encrypt and decrypt the same data.
    Asymmetric encryption is used with HTTPS and SSL like this:
    • A client creates a session key which will be used for symmetric encryption. At this point, only the client knows the session key.
    • The client receives the server's certificate which includes the server's public key. This is matched to a private key held only by the server.
    • The client encrypts the session key with the server's public key.
    • The client sends the encrypted session to the server over the Internet. If anyone intercepts it, they are unable to decrypt it becasue only the server has the matching private key.
    • The server receives the encrypted session key and decrypts it with its private key. At this point the client and the server know the session key.
    • The remaining session is encrypted with the faster symmetric encryption using the session key.
    In short, asymmetric encryption is only used to share the session key in a very quick exchange. The session is encrypted with the symmetric session key.

    It's a slightly different topic, but another important topic with asymmetric encryption is Digital Signatures. They don't use symmetric encryption but instead only asymmetric encryption but the opposite keys encrypt and decrypt like this:
    • A creates an email and clicks a button to create a digital signature.
    • The email application creates a hash (a number) from the email.
    • The email application retrieves the user's private key and encrypts the hash with the user's private key. The user's private key is matched with a public key that is available in a certificate.
    • The email application attaches the encrypted hash (the digital signature) with the email and both the email and the digital signature are sent.
    • The recipient receives the email and the digital signature.
    • The recipient retrieves the sender's certificate (which includes the sender's public key).
    • The recipient decrypts the digital signature (the encrypted hash) with the sender's public key. If the hash can be decrypted, the recipient knows it must have been encrypted with the sender's private key. Because only the sender has the sender's private key, the sender must have sent it.
    Hope this helps.
  • psylowpsylow Member Posts: 23 ■□□□□□□□□□
    I don't quite understand how the very last statement fits in concerning digital sig's..

    creates a session key which will be used for symmetric encryption. At this point, only the client knows the session key.

    Also, does HTTPS allow for data encryption over the internet?
  • DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    HTTPS is encrypted, yes.

    Other than cryptography, how are you doing in your other sections? Although cryptography can be the hardest part on the exam, the managerial stuff really takes up most of the exam. Make sure you know the rest of the material solidly.

    I passed my Sec+ about 2 weeks ago. Although you may take other exams and not do so well, trust me when I say if you understand the material in that single book well enough you will have enough to pass the exam. I didn't do so well on any other practice exam but I was scoring 90s on the tests in the Darril Gibson and I passed my sec+ with a very decent score.

    Make charts of all the technical information. Make one of all the attacks. Another of the diff hashing/encryption protocols. Another of authentication protocols. Whatever you want. Simply creating the chart will hammer some of the material into your brain. And it makes it very easy/simply to review -whether you wanna look at it various times throughout today, a couple times before you go to sleep tonight, or even a few mins before the exam itself tomorrow. Also try to be able to tell when public keys are used and when private keys are used.

    The most important technical information you could look over tho is attacks. Make sure you can identify all of them as well as methods to prevent them from happening. Other than that knowing what an RBAC is, a smart card vs token, IEEE 802.1X, Management control is, that SELinux is security enabled and uses the MAC model, WPA vs WEP, etc is (arguably) more important that the cryptography. Since cryptography only 11% of the exam, if you are solid on EVERYTHING else but rocky on cryptography, you'll pass anyway.
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
  • DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    I don't know how easy it is to understand my post lol. Kinda just woke up. But if you need clarifying, lemme know.
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
  • djlombadjlomba Member Posts: 59 ■■□□□□□□□□
    it helped me. Did you take the practice test in Darril's book more than once? I took it just once and figured if I take it again I would just be remembering the answers.
  • DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    I took the assessment test before reading, and then right after reading. I THEN took the practice test.

    For the assessment test I noted the areas I improved on as well as the areas I got wrong BOTH pre and post read. Then when I took the Practice test for the 1st time: I believe I scored a very high 80. At that point I just went through my notes, condensed everything down to a few short pages, and reviewed the condensed notes.

    I didn't feel ready by the time my test came up. I figured I had enough knowledge to barely pass (like a 760) but thought I was too rocky on a bunch of areas. However, I calmed myself down and wrote "YOU GOT THIS! LET"S GOO!!!" on the top of my erase board as soon as I sat down (lol). Ended up with like an 845.
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
  • djlombadjlomba Member Posts: 59 ■■□□□□□□□□
    nice! i like that! i take the test wednesday. I took Darril's test for the first time last night and scored 89. I am going to take the assessment test tonight. All your help is appreciated.
  • psylowpsylow Member Posts: 23 ■□□□□□□□□□
    When I first took the exam at the end of the book I missed 26 questions, 6 over just encryption. Studied it nearly nonstop for an entire day, retook the test the next morning and only missed 12 questions. So I decided to take some of the exams here and out of 50 questions I miss anywhere from 20-30... So I took the practice exam at the front of the book and missed 19. Now I am rereading the chapters on the questions I missed, taking the exams at the end of the chapters and only missing like 2 or 3. I will take the exam at the end of the book tonight or in the morning before the test and review the answers. Not sure what more I can do. Thanks for all the support.
  • DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    Psylow - instead of retaking exams I think you should just study your weak points. Afterwards go over all the chapter reviews in the book, then make charts/notes for easy memorization.

    Retaking the same test you've done multiple times already probably wouldn't be the best use of your time, and might not add much to your knowledge base. By now, you're probably memorizing the questions and the answers to them.

    Good Luck on your exam tomorrow.
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
  • psylowpsylow Member Posts: 23 ■□□□□□□□□□
    Yes I made a note card for every "remember this" and am reviewing that in addition to the end of chapter reviews. Again, thanks for all the support. I hope to have a good report tomorrow.
  • DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    Eff that. You WILL have a great report tomorrow. =]

    Review your heart out tonight and tomorrow before your exam. But make sure you DO get ample sleep and eat/drink enough before the actual test. And use the bathroom before you begin haha.

    I'll be waiting to hear the good news tomorrow.
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
  • DarrilDarril Member Posts: 1,588
    The last bullet was a left over statement that didn't belong. I edited it out.

    >Does HTTPS allow for data encryption over the Internet?

    Absolutely. Data in an HTTPS session (the content of the HTML page) is encrypted with the session key.
  • psylowpsylow Member Posts: 23 ■□□□□□□□□□
    I ask because of a question I got wrong in the book. I don't remember the page but I will look later. Dealt with encrypted traffic on the internet. There was a correct answer, which I didn't pick, and another answers that was the same as the correct answer just with HTTPS added and it was wrong.
  • DarrilDarril Member Posts: 1,588
    I see that you passed despite some anxiety beforehand. Congratulations!
Sign In or Register to comment.