Failed :(

I just got done taking the exam and failed miserably. The first 7 questions were simulation questions. First of all, I was only expecting 2 or 3, not 7. Most of them were configuring routers, reading event/firewall logs, and specifying how to route traffic to specific machines or departments.

My first question is, do we get partial credit for answering some of these simulation questions correctly?
Second, where can we get practice simulations?

Find more posts tagged with

Comments

Cisco Inferno

What kind of configuration? Sounds almost out of the exam scope.
sorry to hear about your failure. What were your exam resources?

David_P

I used Comptia Security+ Get Certified by Darril Gibson and Professor Messer.

One of the questions was about identifying a failure in a network and which device failed to secure the network the most. You would click on a device, look at the logs and have to determine which device failed correctly. I'm assuming it's wanting to know which device failed closed to secure the data, but I don't know how to read the logs to determine which device did what. Another one asked how to set up a WAP given certain network devices, IP addresses, gateway, etc. Another one asked me to create and ACL. It gave me 3 ports to allow, however, there were 3 ports to configure and it gave me 4 fill in the blank spaces. There wasn't an option to select deny any any as the last fill in the blank.

I just don't know where to find resources to study for these kinds of questions. I'm really new to the networking world. Most of my experience is in the help desk working with hardware and software. I rarely touch anything on the network and I don't have any permissions to play with any settings on the network (for obvious reasons). I really need to pass this test so I can get onto the gov't network with elevated privileges.

David_P

I really would like to know if there is partial credit for getting part of a simulation question correct?

Khaos1911

Sorry to hear that.....Dude, I'm so bummed reading this. I just booked my sec + exam for Thursday 10 mins ago and I'm not ready for a bunch of networking questions. I planned to continue studying for my CCENT/CCNA after I completed this exam. (long sigh)

Darril

David_P wrote: »

My first question is, do we get partial credit for answering some of these simulation questions correctly?
Second, where can we get practice simulations?

Welcome to the forums David_P. Sorry to hear you dropped the exam.

When CompTIA first started adding these after the first of the year, they were only adding about 2-3 simulation questions. Lately, I'm hearing that people have received as many as 9 simulation questions and it's been throwing them off their game completely.

Do you get partial credit? Here's a cut and paste from a blog I wrote on the topic. "A common question people ask when taking these types of questions is if they get partial credit if they correctly perform part of the problem but not all of it. CompTIA isn’t saying, but I wouldn’t be surprised if they don’t award partial credit for these performance based questions."

Where can you get practice simulations? I'm unaware of anywhere that practice simulations are available for these. I have written several blogs about them that people have told me are useful. It's not appropriate for me to put links to my blogs on this site, but feel free to contact me directly and I can point you in the right direction.

On configuring routers, the biggest thing you need to understand is the components of a basic packet filter. You can filter traffic using IP addresses and networks (assigned to specific machines or departments), ports (used to identify protocols), and protocol identifiers. The good news is that you aren't expected to know vendor specific commands such as what you'd use to configure a Cisco router.

On reading event/firewall logs, this becomes a reading comprehension test. You need to click on each of the devices and scan through the logs that appear and then identify the error message(s) related to the issue mentioned in the question. Logs typically identify devices by IP addresses so you need to be able to connect mentally which device is assigned which IP address as you scan the logs.

On the WAP, you are expected to know how to configure some basic security settings such as the SSID, MAC address filtering, and WPA/WPA2 Personal or Enterprise modes.

Hope this helps.

rscrt

David_P wrote: »

Second, where can we get practice simulations?

When you take the self-paced e-learning course from CompTIA, there is a guided simulation after almost every chapter. Then, you can schedule a lab and connect to couple of computers remotely to practice.

However, from what I've read on this forum, not all the activities simulated on the exam are covered by the e-learning and vice versa.

David_P

Darril wrote: »

Welcome to the forums David_P. Sorry to hear you dropped the exam.

When CompTIA first started adding these after the first of the year, they were only adding about 2-3 simulation questions. Lately, I'm hearing that people have received as many as 9 simulation questions and it's been throwing them off their game completely.

Do you get partial credit? Here's a cut and paste from a blog I wrote on the topic. "A common question people ask when taking these types of questions is if they get partial credit if they correctly perform part of the problem but not all of it. CompTIA isn’t saying, but I wouldn’t be surprised if they don’t award partial credit for these performance based questions."

Where can you get practice simulations? I'm unaware of anywhere that practice simulations are available for these. I have written several blogs about them that people have told me are useful. It's not appropriate for me to put links to my blogs on this site, but feel free to contact me directly and I can point you in the right direction.

On configuring routers, the biggest thing you need to understand is the components of a basic packet filter. You can filter traffic using IP addresses and networks (assigned to specific machines or departments), ports (used to identify protocols), and protocol identifiers. The good news is that you aren't expected to know vendor specific commands such as what you'd use to configure a Cisco router.

On reading event/firewall logs, this becomes a reading comprehension test. You need to click on each of the devices and scan through the logs that appear and then identify the error message(s) related to the issue mentioned in the question. Logs typically identify devices by IP addresses so you need to be able to connect mentally which device is assigned which IP address as you scan the logs.

On the WAP, you are expected to know how to configure some basic security settings such as the SSID, MAC address filtering, and WPA/WPA2 Personal or Enterprise modes.

Hope this helps.

Yes Darril, that gives me some additional direction. I just think it's unfair for CompTIA to put this on their exams without allowing companies/authors to create some sample simulations to prepare you for what to expect. The reason I'm taking this test is to help me be able to work on security features within my company. I can't touch any of the equipment, so I don't have any hands on experience. So we are in a catch 22 situation. You need the training to use the equipment, but the training assumes you have hands on experience. It's been frustrating to say the least.

David_P

Follow up question about ACL's. On one of the performance based questions it asked me to allow or block 3 ports. There were 4 spots on the ACL list. If I remember correctly, it said that the firewall was already set up to implicit deny. I didn't see any selection that would allow me to "deny any any" which wouldn't make sense anyway since it's set up as implicit deny. Is there something I am missing/forgetting?

teancum144

The "Recommended experience" from CompTIA's website (Security certification, CompTIA Security+ certification) states the following:

CompTIA Network+ certification and two years of technical networking experience, with an emphasis on security.

The knowledge I gained from studying for the N+ certification has been invaluable. If you have time, I highly recommend the N+ certification. If you have that knowledge, the networking material covered by the Security+ exam is comparatively easier.

galoryber

I actually remember the simulation question you're referring to. I had felt the same way, that it almost seemed outside of the scope of the exam. The key to the question for me was remembering the different ways the devices could fail. If you remember in Darril's book, there is a section on failing open and failing closed. For me, they all failed but only one failed and then made a comment about blocking all traffic (or deny source ip *, or something to that extent) which suggested to me that it was a secure failure. You were clearly on the right track with it, and maybe just got overwhelmed with the logs, I remember feeling the same way. (I think they like to throw those at you first so you feel un-easy for the whole exam, haha)

And also, as stated above, the N+ is strongly recommended for the S+. That being said, it is going to assume you have some networking knowledge, and if you do not that is going to be your foundation / starting point. Darril's book alone is enough for the exam, he does a great job of it, but you can't secure something if you don't know what that something is yet.

Hopefully you go at it again! Sounds like you're close and just need a little bit of N+ coverage

David_P

galoryber...yes! I knew it was a failure, I just didn't know how to read the logs to figure it out. I know one had to fail close for the most security, but I didn't know how to go through all the logs to figure it out. I did pass my Network+ exam about 5 years ago, and I haven't had much opportunity to apply what I've learned. "If you don't use it, you loose it"

movingzachb

So do they let you take it again with no charge after two weeks? Or how does that work?

This is lame. CompTIA must pay for this evil that they have bestowed upon us. These configuration questions! I am going to take my test at the end of may and I just have the big DG book and this forum to study. I have been studying off and on for the passed 6 months. I am just reading the book now to make sure I know everything I can. I can't afford to fail it myself.

David_P

movingzachb wrote: »

So do they let you take it again with no charge after two weeks? Or how does that work?

This is lame. CompTIA must pay for this evil that they have bestowed upon us. These configuration questions! I am going to take my test at the end of may and I just have the big DG book and this forum to study. I have been studying off and on for the passed 6 months. I am just reading the book now to make sure I know everything I can. I can't afford to fail it myself.

You have to pay each time to take the exam

EXPL01TUS

David, I bet we had all the same simulation questions...

A little background on me: I finished my BBA in Computer Information Systems with a focus on Cyber Security in December. I've been working as a security analyst for 2 months now, and I thought I'd take a shot at both the Net+ and Sec+. I spent the weekend reading Exam Cram and passed Net+, and I didn't study at all for Sec+ (I took the Darril Gibson 100 question assessment, and I decided I was ready).

I was really surprised at the simulation questions. It takes a few re-reads to really understand what they are asking. I think I had between 7 and 9 simulations.

The question with the firewall ACLs had 4 rules that needed to be applied. If I remember correctly, one of the rules required opening port 80 to ONLY the public network, which meant, after inspecting the IP ranges on the public network, you would have selected the only one with CIDR notation /29. The other rule was allowing traffic only between a specific src host IP and dst host IP.

The third network requirement required 2 rules, which is why there were 4 places to input firewall rules. A specific host needed to communicate with the two IP addresses in the admin network (I think it was called 'admin'). Since there was no CIDR notation in the drop-down list that encompassed both host's IP addresses, you needed to make the 2 rules separately for the one host to communicate with each of the 2 hosts in the admin network.

To be honest, these simulations really surprised me, and I'm excited about the semi-practical skill requirements. Hopefully CompTIA exams gain a little more respect once everyone catches wind that these exams are no longer simply defining various industry terms.

Don't get down on yourself, though... I was sweatin' bullets going through one simulation after another ("Another one?!... Another one?!... Another one?!)".

You'll get it next time!

shanestyle

I had the same 7 questions, I assume. I had exactly 7 simulation questions and 70 MC. It was different from the original plan to study for 100 MC questions. That being said partial credit was defiantly awarded because I don't think I got many of them completely correct.

Also I think partial credit is awarded on some MC questions because there are several correct answers and I believe they reward people for knowing at least part of the question. I got an 838/900 and came out of the test thinking that it was going to be close or even not passing it

Darril

Welcome to the forums EXPL01TUS and great first post.

Congrats on passing the Network+ and Security+ recently, especially with so little study. It sounds like you really gained a lot of practical knowledge from your BBA in CIS. Your experience does reiterate the value of networking knowledge in the Security+ exam though.

@shanestyle. Congrats on your pass. 838 is a great score.

@David_P. Let me echo EXPL01TUS' comment - "You'll get it next time!" Posting here and asking questions is a great way to figure out what you need to do and what you need to study to master this. Good luck.

David_P

EXPL01TUS wrote: »

The question with the firewall ACLs had 4 rules that needed to be applied. If I remember correctly, one of the rules required opening port 80 to ONLY the public network, which meant, after inspecting the IP ranges on the public network, you would have selected the only one with CIDR notation /29. The other rule was allowing traffic only between a specific src host IP and dst host IP.

In all my studying for Security+ I don't recall anything about CIDR notations. I have very little knowledge in this area. Again, noob here. Thank you for the explanation, but it still doesn't make sense to me. I'm guessing you just have to know that /29 only allows traffic to a public network?

EXPL01TUS

David_P wrote: »

In all my studying for Security+ I don't recall anything about CIDR notations. I have very little knowledge in this area. Again, noob here. Thank you for the explanation, but it still doesn't make sense to me. I'm guessing you just have to know that /29 only allows traffic to a public network?

Unfortunately, it's not that simple. The CIDR notation (aka slash notation) indicates the number of bits being borrowed to represent the subnet mask. It's a concept of subnetting and supernetting.

The question didn't require actually subnetting, fortunately. Understanding the concept would have allowed for process of elimination.

The question said that the computer could ONLY communicate with the hosts shown in the other network. All of the other options had /32 (which essentially means 'this specific IP,' and not a range). The other option was ANY, which would allow them to talk, but would also allow communication to others, which would violate the requirement of the rule.

The only remaining choice that could have encompassed a range of hosts (not /32) but not ANY host, was the IP address listed with /29.

There are many resources online to learn about *netting and slash notation, but it's not absolutely critical to know for passing this exam. It IS, however, critical for the real world.

I found this with a quick search: Networking 101: Understanding Subnets and CIDR

David_P

Thank you Ryan and to all of you with your help. I really appreciate it.

DavidHoffmanJr

David_P - Sorry to hear about you didn't pass it this round. But, keep at it! I had the same trouble initially trying ot pass this. I got Mike Meyers book (had a hard time with his material_. I bought Darril Gibson's book and immediately I could start to get a better handle on the material. I was initially STUNNED that right up front I got hit with so many questions in Chapter 1! But, as I started to read, I was alert to the questions I remembered reading. Gibson is really good at at presenting material (in my humble opinion). I saw on his website that he has audio and the 'remember this' really stuck out. So here's what I did. I took his book, and made myself some index cards (to the answers) on one side of the card, and then the questions on the other. I then used a cheap micro cassette recorder I found at a flea market for $10 bucks and recorded the questions (in my own voice), and then the answers (again, in my own voice).

While driving, or riding the bus/train, I'd listen to the tape (in my own voice). I'd also carry the cards with me too and read them. For about two months, I carried the cards, tapes, and Gibsons book with me nearly everywhere. I also would try to duplicate lessons in his book.

I passed on my first attempt. If you try to do this too, it might help you like it helped me.

David_P

I have my test scheduled again tomorrow morning. I've been cramming like a madman! Thanks for everyone's help and advice!! Hopefully by this time tomorrow my post will be "passed!"

Darril

Good luck. We'll be looking for your post celebrating your success.

Khaos1911

I passed yesterday with an 814. I had many simulation and drag and drop questions. By the time I got to the regular questions, there were only 70 to answer. I felt like I had more than enough time. Make sure you know if a port is TCP/UDP, that will help with the "firewall" simulation questions. Specifically "FTP," and "TFTP," and also know your port numbers.

Darril

Congrats on the pass. Good luck with your next adventure.

David_P

Passed! 831/900. So relieved! Thanks to everyone in this forum for your help.

Darril

Congrats! That's great news.

Good luck with your next adventure.

sushijeff

WOW I just spent 194.00 to take a test that the MEAUSRE-UP product was supposed to prepare me for and FAILED!! I took the CompTIA A+ 220-802 exam and they had questions that were nothing like the ones on the MEASURE-UP study tests! The MEASURE-UP practice test questions are like elementary and the CompTIA A+ 220-802 exam questions are like college. I was told by numerous people at Canyon State Institute that if I was scoring over 90% on the MEASURE UP practice test that I am ready for the Certification Exam............ I am beyond disappointed!

scaredoftests

buy darin gibson's book and online study. It helped me when I failed the first time. Got an 880 the second time.

volfkhat

I have some random tips on this test. Use at your own discretion.

1) The SY0-401 is a ClusterF#ck, in my opinion.
Many questions were VAGUELY worded, and many felt like they belonged on the Net+. Even if you have passed the A+ /Net+... You may Need to CHANGE your approach.

2) Are you aware of the "2nd Chance Program" for these exams?
Save 50% on the CompTIA Security+ Deluxe Bundle

3) Did you get any Performance Questions on RAID? If not, get prepared:
http://www.techexams.net/forums/security/111519-raid-security.html

4) Some people have said this is useful for one of the Performance Qs:
https://www.youtube.com/watch?v=P8OvpmUgdtA&index=4&list=PLO2DDwYR8wZA8LZttE2OKtv7PxkL5gOVE

5) I think everyone that has passed the SY0-401 feels CrapTIA gives partial credit on the Performance. So don't fret.
ALSO, a wise man once Adviced that you COMPLETELY SKIP the the Performance Questions at the start.
Go straight to the multiple choice-questions. Hammer through those. THEN, use the rest of your time on the Performance.

6) READ a BOOK.
A Lot of peeps recommend "Comptia Security+ Get Certified" by D Gibson. Also, David Prowse is recommended equally. Also, purchase ProfessorMessor's $10 Course Notes (and study his lectures).

7) Lastly, Remember: the SY0-401 is FLAWED, in my opinion.

Good Luck

Jake23

I just took this cert and I failed also. Was anyone able to figure what to do for the Logs sim that one totally stumped me and I was quickly overwhelmed mostly because I've talked about Log files but never worked with them. It'd be great if someone could help me with that and maybe help me find some free options (short on money at the moment) to figure out this cert I have to retake it by Friday any help would be fantastic.