Tags: a+, CompTIA
So a few months ago…after much arm twisting…I had the “opportunity” to host an A+ Webinar. (The term opportunity is in quotes because anyone who knows me knows that I get very nervous when speaking to a group, whether live or virtual, and I hate my recorded voice.) Well, the Webinar went off without a hitch…That is, unless you consider my very southern accent as a “hitch.”
The video of that Webinar is available now. So if you’ll pardon my southern accent, agree NOT to count the number of times I say UMMM, and ignore the long pauses, here’s your chance to learn more about the new 800-series A+ exams:
Hope you enjoy it!
Tags: a+, CompTIA, network+, PBT, Performance-Based Testing, Security+
With the release of CompTIA’s new A+ series, 220-801 and 220-802, many of you will finally get your first look at CompTIA’s performance-based questions. The performance-based questions were actually first released by CompTIA in their CompTIA Advanced Security Practitioner (CASP) exam, but the CASP has a more limited audience than CompTIA’s A+, Network+, and Security+ exams.
Several members of our Content Development team have seen the CASP, the new A+ and Network+ performance-based questions, and we all feel that CompTIA is headed in the right direction with these item types. While we can’t share any details ourselves, CompTIA has released information over the past few weeks that will hopefully answer some of your questions. Here are a few resources I would recommend:
- I found a lot of information in the blog post titled “What Is a Performance-Based Question?” I suggest you read the blog post and watch the accompanying video.
- CompTIA also published another blog entry, titled Rigor of New CompTIA A+ 800 Series Exams Reflects Change in Entry-Level IT Roles, explaining the rationale behind the changed format and objectives.
- Pearson IT Certification announced that it will have a FREE Webcast about the new A+ 800-series exams on December 13, 2012. For more information, go to
. This Webcast looks especially suited for instructors, as it covers what’s new, improved, and different!
Did you notice CompTIA has increased the recommended hours of hands-on field experience to one year, up from the previously recommended six months? Those of us who have already taken the exam perceived a small but definite increase in difficulty. Again, with those performance-based items, you can either perform a task or you can’t. Hands-on experience is key. If the question simulates an action you do every day at work, then you’re probably going to find it a breeze. If it tests a concept you’ve only read about in books or studied in the abstract, it may take you a little longer to puzzle out the solution.
As I already mentioned, the new A+ and Network+ exams include performance-based questions. CompTIA will integrate performance-based questions into the Security+ exam in January.
So it looks like the move is permanent, folks! Embrace it! And know that what CompTIA has released is just the tip of the iceberg. Does anyone remember Microsoft’s 83-640 exam? I think that was a glimpse of where performance-based testing should really go.
Tags: a+, CompTIA, mobile devices, Study hints, study resources
Well, it’s been two weeks since I introduced you to the Mobile Devices domain in the new A+ 220-802 exam. In that post, I gave information on the first two objectives in the Mobile Devices domain. In this post, I want to finish by discussing the last three objectives from the domain:
3.3 Compare and contrast methods for securing mobile devices.
3.4 Compare and contrast hardware differences in regards to tablets and laptops.
3.5 Execute and configure mobile device synchronization.
For objective 3.3: Compare and contrast methods for securing mobile devices, the main focus is mobile device security. The main points that you should concern yourself with are as follows:
- Passcode locks – This is the most basic security measure. Passcode locks block unauthorized users from accessing any of the device’s functions. In Android phones, this is configured in the Settings Location & Security section. In iOS-based devices, it is configured in the Settings – General section.
- Locator applications – This security measure uses the GPS feature to locate a lost or stolen mobile device. For iPhones, you would enable the Find My iPhone feature. For Android devices, you can use a number of third-party security applications (such as Android Lost, AVG Antivirus, or Lookout) to remotely locate a phone.
- Remote wipes – This security measure ensures that all data on the mobile device can be erased if the mobile device is lost or stolen. For iPhones, there is an iCloud feature (available in iOS 5) that allows the Remote Wipe feature. Google Apps administrators can perform this function with Google Sync (in beta, as of this writing). Most third-party Android security apps will have the option to locate, lock, or remotely wipe the device.
- Remote backup applications – This functionality allows all data and applications to be backed up to ensure that the data could be restored if the mobile device is lost or stolen. For iPhones, backups are managed by the iTunes application. For Android devices, you will need to download an application that provides this functionality.
- Failed login attempts restrictions – This security feature will lock a device after the configured number of failed login attempts. For iPhones, the lock occurs by default after 6 failed attempts and erases the data after 10 failed attempts. For Android devices, this feature is not built in, so you will need to add an application to provide this functionality. Most mobile devices also let you wipe the device contents after the configured number of failed logins.
- Antivirus – Because mobile devices can be corrupted by malware, you should install an anti-malware application. Desktop antivirus vendors, like McAfee and AVG, also have products designed for mobile devices. Keep in mind that the product must be regularly updated to protect against the latest malware and virus threats.
- Patching/OS updates – Patching the operating system and applications is necessary for all mobile devices. Most mobile devices have a built-in function that will notify you periodically when updates are detected. Make sure your device is updated so that all the latest security patches are installed, because security patches are the most common type of update.
For objective 3.4: Compare and contrast hardware differences in regards to tablets and laptops, you need to understand the hardware that is used in a mobile device and how it typically compares to laptop hardware.
- You should keep in mind that most mobile devices do NOT have field-serviceable parts. Specialized tools are needed to replace any mobile device hardware, including the screen and internal parts. Repairs should only be carried out by technicians who are properly trained. If you have a device repaired by a technician that is not backed by the vendor, the warranty will be voided.
- Also, keep in mind that mobile devices typically cannot be upgraded. Therefore, you should purchase the device that provides the maximum level of hardware for your current and future needs.
- Most mobile devices are touch screen devices, which uses two technologies: touch flow or multitouch. With touch flow, finger movement (up, down, left, right) controls how the screen scrolls. With multitouch, the screen will recognize multiple touches, which means that more than one finger can work with the interface at the same time.
- Mobile devices typically use solid-state drives, which are lighter and less prone to crashes.
For objective 3.5: Execute and configure mobile device synchronization, you need to understand how to sync your mobile device. This includes understanding the type of data that will need to be synced, the software requirements to install the syncing application on your desktop computer or laptop, and the connection types that can be used with synchronization. Users will need to be able to sync contact information, applications, e-mail, pictures, music, and videos.
- Push synchronization is automatic and requires no user effort. Any change made will be synced to the other devices at regular intervals that you configure. (Remember that push synchronization can consume battery so use a longer schedule time if battery consumption is a concern.)
- Pull synchronization, on the other hand, requires the user to actually activate the synchronization, which then pulls new information from the other device.
- Synchronization can occur via a direct USB connection between devices, over a Bluetooth connection between the devices, and even over a 802.11 wireless network. Some specialized synchronization applications even allow you to use the Internet for synchronization.
While most mobile devices have a built-in sync feature, applications available through the marketplace usually do a much better job and include many more options. If you purchase a synchronization application, make sure that your mobile device meets the application’s requirements.
In closing, I hope these two Mobile Devices posts have helped to shed a bit of light on just where CompTIA is going with this topic. I have to say that I am glad to see this topic included as part of an IT technician’s job analysis. As mobile devices gain in popularity, technicians will definitely be expected to understand how to configure mobile devices in the real world.
I’ll be taking the 220-801 and 220-802 exams this week. I am really looking forward to seeing how the exams have changed, and assessing the new mobile device coverage and performance-type items.
Watch for my post in the coming weeks where I review Mike Meyer’s Eighth Edition of the CompTIA A+ Certification All-in-One Guide. I’ll also be posting some ideas about mobile phone emulators to help in labs and classrooms, and to help students self-study for the new mobile device topic coverage on the 220-802.
- Robin Abernathy
Tags: a+, mobile devices, Study hints, study resources
Last month, I posted an article about the virtualization topics in the new A+ exams. At that time, I indicated that I would be posting about the new mobile devices topics. I expected to get the two articles out within a few weeks of each other, but as it always seems to happen around here, other things took precedence….and a month later, I am finally sitting down to fulfill my promise.
Mobile devices have increasingly become part of our lives. Because of the popularity of these devices and our dependence on them, the CompTIA A+ certification now includes mobile device topics to ensure that A+ technicians are proficient in certain aspects of mobile device management. The new A+ 220-802 exam has an entire domain that is dedicated to mobile devices. Domain 3, the Mobile Device domain, makes up 9% of the exam. The objectives from Domain 3 are as follows:
3.1 Explain the basic features of mobile operating systems.
3.2 Establish basic network connectivity and configure email.
3.3 Compare and contrast methods for securing mobile devices.
3.4 Compare and contrast hardware differences in regards to tablets and laptops.
3.5 Execute and configure mobile device synchronization.
There’s a lot to chew on here, so let’s focus on the first two of these objectives. (I will discuss the other three in a coming post.) Please remember that I’m writing based on my experience with mobile devices and on what I’ve read in several reference books. As of this posting, I have not actually taken the new A+ exams. CompTIA released those exams this week, so I’ll hopefully have some time to take them before Part 2 of this blog post! But since I’ve been writing study material for the A+ exams since the 300-level A+, I am fairly confident that I won’t be too far off the mark.
For Obj 3.1: Explain the basic features of mobile operating systems, you will need to understand the features of the Android and iOS mobile operating systems.
- Android is an open-source operating system, while the Apple iOS is a vendor-specific OS.
- Developers for Android have access to the same APIs used by the operating system. Developers for Apple must use the software development kit (SDK) and must be registered as Apple developers.
- Android apps are purchased from the Google Android market (now called Google Play) or from other Android app sites, while Apple apps can only be purchased from the Apple App store.
- For screen orientation, mobile devices use an accelerometer and/or a gyroscope. While only one of these is required, many newer mobile devices use both because they work better together.
- Touch-screen mobile devices require screen calibration. The screen calibration tool will require you to touch the screen in different ways so that the mobile device can learn how you will touch the screen. If the device does not react in an expected manner when you touch the screen, it may need re-calibration.
- GPS information can be obtained from cell phone towers or from satellites. Keep in mind that keeping the GPS function enabled will cause the battery to be depleted much quicker. Android phones normally use satellites to obtain GPS data, while iPhones use a combination of satellites, cell phone towers, and WiFi towers to obtain GPS data.
- Geotracking allows a mobile device to periodically record location information and transmit this information to a centralized server. Consumers have recently raised privacy concerns overs this feature.
For Obj 3.2: Establish basic network connectivity and configure email, you will need to understand how to connect mobile devices to networks and how to configure email on mobile devices. For all of the following points, I would expect this to focus mainly on the two major smart phones (iPhone and Android), but wouldn’t be surprised if you are expected to know how to do this for the iPad and other tablets.
- Enable/disable the wireless and cellular data network.
- Understand Bluetooth configuration, including enabling/disabling Bluetooth, enabling device pairing, finding devices for pairing (including entering the PIN code), and testing Bluetooth connectivity.
- Configure email. You will need to know the URL of the incoming and outgoing email server, the port numbers used by these servers, and the encryption type (if applicable). You probably will also need to know your account details, including user name, password, and domain name. The process for setting up email will vary slightly based on the mobile device that you are configuring and the type of account. Some of the more popular mail services, such as Exchange and Gmail, are easier to set up because of configuration wizards.
To fully prepare for these objectives, it may be necessary to install a mobile phone emulator on your computer if you do not have access to a physical mobile phone. In many cases, there are free mobile phone emulators available so that you can learn how to perform many of the basic configuration steps. You may want to research the options that are available and install them in a lab environment, particularly if you are an instructor. These emulators can provide a valuable service to students who do not have experience with mobile devices.
Part 2 of this topic will be released in the coming days and will cover the other three Mobile Devices objectives in the 220-802 exam. I also plan to have a post in the coming months on mobile phone emulators, so feel free to send me any information on what you have found in this area.
Tags: casp, CompTIA, network+, Performance-Based Testing, Security+
As many of you may know, CompTIA introduced performance-based questions on the CompTIA Advanced Security Practitioner (CASP) certification exam. These questions have really added to the difficulty of the exam. The new A+ series (220-801 and 220-802), to be released in October 2012, will also include this item type. We were told that CompTIA was looking into expanding some of their other certifications to include this item type, but we weren’t told when the changes would occur other than “fourth quarter of 2012.”
Finally, CompTIA has released some concrete details about upcoming changes to the Network+ and Security+ certification exams. And the news? Both of these certifications will be adding performance-based questions in as soon as one month!
Network+ candidates: How the product changes affect you
For Network+, the last day to take this exam WITHOUT performance-based items is November 3, 2012. Starting on November 4, 2012, all Pearson VUE-delivered Network+ exams will include this item type.
CompTIA is encouraging individuals who are already studying for Network+ to take the current exam before the performance–based questions become incorporated. As part of this initiative, CompTIA will allow you to purchase a Network+ exam voucher by November 3 and save 15%. Purchase a Network+ Exam Voucher Now if you plan on taking the exam by November 3rd. Once you buy the voucher, you’ll have between ten and twelve months from the date of purchase to redeem it for a test. After November 3, these exam vouchers revert to full price.
Security+ candidates: How the product changes affect you
For Security+, the last day to take the exam WITHOUT performance-based items is December 31, 2012. Starting on January 5, 2013, all Pearson VUE-delivered Security+ exams will include this item type.
As with Network+, CompTIA is encouraging individuals already studying for Security+ to take the current exam before performance–based question become incorporated. Purchase a Security+ exam voucher by December 31, 2012 and save 15%. Purchase Security+ Exam Voucher Now if you plan on taking the exam by December 31st. The voucher is valid for ten to twelve months from the date of purchase. On January 1, 2013, these exam vouchers revert to full price.
In addition, CompTIA has created a great video all about the CompTIA testing experience that includes information about the PBT item type. The item type discussion section starts at around the 5-minute mark, but I would suggest watching the whole video, because it contains some great information.
Transcender customers: how the product changes affect you
As far as the Transcender products go, we will definitely be adding performance-based items to our current practice tests. But keep in mind that we do NOT get an advance viewing of these items — so we cannot see what these items entail until November 3rd for Network+ and January 5th for Security+. Once we see how CompTIA handles the performance-based aspect, we will put together a plan for revising our practice products so that they’ll best prepare you for the actual exam. We anticipate that we’ll be adding our own performance-based items approximately 6-8 weeks after the CompTIA exams release.
Any Transcender customers who have an active practice test license at the time we release the product update will be able to update their purchase to the new version at NO additional cost. (What a great value add!)
Feel free to contact us with any questions you may have, and happy testing!
Resource Review: CompTIA A+ Complete Review Guide Second Edition by Emmett Dulaney and Troy McMillanSeptember 21, 2012 at 4:27 pm | Posted in Certification Paths, CompTIA | Leave a comment
Tags: a+, resource review, study resources
The latest version of the A+ exams (220-801 and 220-802) are due out in October. Many of us…ok, maybe just me….anxiously await this latest release from CompTIA.
With this latest iteration, CompTIA has dropped the test naming structures we saw in the past (220-701 A+ Essentials and 220-702 A+ Practical Application) and is just going with a number naming convention (A+ 220-801 and A+ 220-802). But that is not all that has changed: CompTIA has announced that the new exams will include performance-based testing (PBT) items. Think of these items as answering a question by DOING instead of answering a question by selecting from options. I imagine these items will involve running commands, configuring dialog boxes, and matching concepts, but I truly don’t know what they are like. Although Transcender is a CompTIA partner, the details I have about these items are few and far between. I’ll see the questions on the same day that you will, when they go live.
Now back to our resource review. The latest A+ release has been choreographed with the content publishers in a much better manner than in the past. I have been very impressed with the way publishers have hustled to meet the training world’s needs when it comes to these exams. In the past, books and study guides were often released weeks or months after an exam was released. This meant that test candidates did not always jump on the bandwagon early in the certification lifecycle. Often candidates were waiting for a book to help them prepare for the exam, which meant that certification popularity was influenced by the publication of study materials.
With the 800-series A+, trainers and early adopters don’t have the same issues. By the time these exams are released to the public, there will be several references available to choose from. Today I’ll share my thoughts on Sybex’s CompTIA A+ Complete Review Guide, Second Edition, by Emmett Dulaney and Troy McMillan.
Review Guide versus Study Guide: What’s the Difference?
I want to point out that Sybex also released the CompTIA A+Complete Study Guide, Exams 220-801 and 220-802, 2nd Edition by Quentin Docter, Emmett Dulaney, and Toby Skandier this month. Where the Review Guide is 496 pages, the Study Guide rings in at 1100 pages and provides much more background knowledge to help bring the beginner up to speed. Review Guides are better suited for experienced techs wanting to catch up on the latest A+ changes, or those who need a refresher course. Where the Study Guide may be better for self-paced instruction, the Complete Review Guide is more test-prep oriented.
CompTIA A+ Complete Review Guide, Second Edition by Wiley / Sybex
First, I have to share the feature I love the most about this book - its structure. Have you ever downloaded an Objective List from CompTIA? While it makes sense on the exam, it usually does not correspond well to an independent book reference. Often you spend time flipping from chapter to chapter just to find all the information on a particular topic that may be applicable to one exam objective. With Sybex’s Complete Review Guide, the flipping is over. This book is arranged according to the exam objecitves. Each chapter corresponds with a unique exam objective from the Objective List, and each section within a chapter corresponds to a subobjective from the Objective List. This translates into easy, targeted studying. It also makes it easy to find information about the latest new topics (Virtualization!! Mobile Devices?!?) So if you know that your knowledge is deficient in a particular area (did I mention mobile devices?), then you can go right to that chapter and section to find what you need. (BTW, mobile devices are covered in Chapter 8, pages 363-377.)
Secondly, I love that they give you just the facts you need. This guide is very exam focused. For example, they don’t spend a lot of time explaining the history of computer hardware. If you are looking for a resource that gets straight to the point, then this guide is your choice. It guides you into a focused mode of study to help you learn the information needed to pass the exam.
Finally, the book has plenty of charts, graphics, and bullet points (charts, graphics, and bullets, oh my!) If you have read any of my resource reviews in the past, you know I am a big fan of these study aids. When you have knowledge that you just need to know for an exam, it is often easier to study if this information is in a chart or listed in bullet points. Pictures always help you to recognize hardware, ports, connectors, and the like, which is VERY important for an A+ technician.
In the interest of full disclosure, I should mention that I played a small part in the publication of this book. As you may have noticed, Troy McMillan, a fellow member of Transcender’s Content Development team, is one of the authors of this book. Through my connection with Troy, I was able to participate as a technical editor of this book. I can attest to the effort that these authors put into its development. Because there are so many facts that you must know, covering the A+ content in a concise manner can be quite daunting. But after sharing the process with Emmet and Troy, I can tell you that these guys have done a great job!
Keep this book in mind when you decide to start preparing for the new A+ exam. It’s a great resource for getting up to speed! And watch in the coming days for my post regarding upcoming changes to the Network+ and Security+ exams.
Tags: a+, study tips
If you’ve been keeping up with CompTIA news, you know that the new A+ series (220-801 and 220-802) will be available in October 2012. Based on the Exam Objectives released by CompTIA and my past knowledge as a Subject Matter Expert, I’ve already started developing Transcender’s practice tests for the new A+ series.
As part of the new exam series, CompTIA has included some objectives that specifically cover virtualization. I wanted to take some time here to explain the level of knowledge on this topic recommended to pass the exams. I also wanted to cover using virtualization in a classroom environment for A+ technician training.
In the two new A+ exams, there are four areas that cover virtualization in some way: three bullet points in 220-801 and one entire subobjective in 220-802. The points that cover virtualization are as follows:
- Objective 1.1 Configure and apply BIOS settings.
- BIOS configurations
- Virtualization support
- BIOS configurations
- Objective 1.6 Differentiate among various CPU types and features and select the appropriate cooling method.
- Virtualization support
- Objective 1.9 Evaluate and select appropriate components for a custom configuration, to meet customer specifications or needs.
- Virtualization workstation - Maximum RAM and CPU cores
For 220-801 Objectives 1.1 and 1.6, the main thing to understand is that certain vendor BIOS versions and CPUs have actually been created to provide additional hardware support for virtualization. In its infancy, virtualization worked entirely through software. But with recent advances, vendors have created BIOS versions and CPUs that support hardware-based virtualization. Is it necessary to have a BIOS or CPU that provides this level of specialization? No. You can still run software-based virtualization. But like special gaming graphics cards help gaming computers perform better, having a BIOS and CPU that provides hardware-based virtualization support will make your virtual environment much more efficient. Intel or AMD Virtualization Technology uses the hardware more efficiently and is controlled by the BIOS. But it is disabled by default in the BIOS.
For 220-801 Objective 1.9, the main thing to understand is that you need a fast processor (or multiple processors) and lots of RAM. RAM is the one component in a computer that limits the number of virtual machines that you can run simultaneously. The RAM and CPU are the two primary considerations when designing a computer that will host virtual machines.
- Objective 1.9 Explain the basics of client-side virtualization.
- Purpose of virtual machines
- Resource requirements
- Emulator requirements
- Security requirements
- Network requirements
For 220-802 Objective 1.9, there are multiple points that you must understand. Virtual machines are not physical computers, even though they will look like separate physical servers to any remote users. Virtualization allows administrators to install multiple operating systems on a single physical computer. Each separate virtual machine can then provide separate services. But the virtual machines are only capable of operating at the performance limits of the physical server, and the virtual machines must share the resources of the physical server. So if the physical server only has 4 GB of memory, the performance of each virtual server is limited to part of that 4 GB of memory.
The security of each virtual machine must be considered as well. Simply securing the physical server is not enough. Each virtual machine will need the appropriate security, anti-virus, and anti-malware software configured. Each virtual machine will also need its own network configuration if remote users will need to access the virtual machines via the network.
Finally, test-takers should understand that virtual machine managers are applications that run on top of a host operating system, while hypervisors are virtualization software that do NOT need a host operating system. Virtual machines managers include VMWare Workstation, Virtual PC, MAC OS X Parallels, and Linux KVM. Hypervisors include ESX and HyperV.
In closing, I want to encourage you to actually install some of the virtualization products that are available. Learning about the basics of virtualization is important. But setting up a few virtual machines can actually make the world of virtualization come alive. There are many options out there, some of which are free (our favorite!). My suggestion is to take a look at the following:
- Windows Virtual PC - www.microsoft.com/windows/virtual-pc/ FREE
- Oracle VM Virtual Box -
- VMWare Workstation –
30-day trial for FREE
Using any one of these tools would be particularly helpful in a classroom. You can configure multiple virtual machines for your students and allow them to “break” them. Simply make sure that you have a backup of the VHD file under another name, and you can restore the VM using a flash drive.
Watch for my upcoming post where I explain the Mobile Devices objective in 220-802. Until then, happy testing!
Tags: casp, CompTIA, Performance-Based Testing
At the CompTIA Academy Educator Conference in Las Vegas, I made a presentation to help educators better understand the CompTIA Advanced Security Practitioner (CASP) exam. I received such awesome feedback that I decided to write a blog post based on the presentation. I will explain the CASP exam to you, where the exam fits in the certification world, and how you should prepare to take it or prepare your students to take it.
What the CASP Certification is
First, here are some key numbers for you. In CompTIA’s 8th Annual Information Security Trends study, 76% of those responding indicated that their IT staff probably or definitely need more vendor-neutral security training. 81% of those responding indicated that they would give more recognition and financial rewards to the IT staff members who complete a security certification. Based on the findings in the 8th Annual Information Security Trends and other studies, CompTIA decided that:
- An advanced-level security exam would be good to pursue.
- The exam should be performance-based.
- The exam should fit into other vendors’ certification(s) as an elective.
- The exam should concentrate on new technologies that demand a concentration in security aspects, such as IPv6, VoIP, and SaaS.
- Acceptance of the exam would depend on the U. S. government’s acceptance of the new certification and its applicability to Department of Defense Directive (DoDD) 8570. According to CompTIA’s IT and CyberSecurity white paper, “Those seeking compliance with IA Technical Level III and IA Management Level II of U.S. DoD Directive 8570.01-M. (CASP is proposed to the 8570 Directive for these workforce categories.)”
The result was the CASP, the first certification in the Master Series of certifications released by CompTIA. The CASP exam will certify that the successful candidate has the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments.
The CAS-001 exam is available at Pearson Vue testing centers, and is currently available in English only.
How the CASP exam is structured
The CASP exam is a single exam that consists of multiple-choice, scenario-based, and performance-based questions. For the performance-based items, the CASP candidate is given a scenario/problem and prompted to push a button to launch a simulated environment that is created via software.
The candidate has 150 minutes to complete 80 questions. Upon completion, the candidate is given a Pass/Fail score. No numerical score is given. The domain distribution for the CASP exam is as follows:
Enterprise Security – 40%
Risk Management, Policy/Procedure, and Legal – 24%
Research and Analysis – 14%
Integration of Computing, Communications, and Business Disciplines – 22%
Where the CASP fits among security certifications
CompTIA has created a great graphic (shown below) that shows the CASP certification sitting between CompTIA’s Security+ certification and (ISC)2′s CISSP certification.
The way that CASP requires you to put real-world applications into abstract concepts elevates it above the Security+. The CASP exam expects candidates to take the core security concepts introduced in the Security+ exam and apply them to work situations. For example:
- In Security+, you should know the ports used by the HTTP and HTTPS protocols.
- In CASP, you should know the same ports, but you will have to apply them in a router or firewall configuration. This will include opening and closing the appropriate ports via rules or ACLs and ensuring that the rules are in the correct order.
- In Security+, you should know when you would need to deploy a firewall.
- In CASP, you should know when to deploy a firewall, but you would also need to deploy it in the appropriate location and know where to deploy any other devices/servers located in the DMZ/perimeter network.
After taking the CASP exam, I will agree that it’s harder than the Security+, but I feel it is equally as difficult as the CISSP exam. The CISSP exam is difficult in the breadth of knowledge that a test candidate must possess, but in the end, it is still just a standard multiple-choice, knowledge-based exam. Including performance-based items in the CASP takes this exam to the next level, even surpassing the CISSP exam when it comes to difficulty (in my opinion).
So while I accept CompTIA’s graphic and its placement of the CASP in the security certification world, I also feel that time will be kind to the CASP exam as it becomes more widely understood and accepted in the industry.
How to Prepare for the CASP Certification
Practical experience is needed for this exam, including:
- Experience configuring ACLs/rule lists for router, firewalls, and so on.
- Experience deploying hardware in a network. Specifically, you’ll need to understand WHERE hardware is deployed in a given network diagram based on requirements.
- The ability to recognize when devices are under attack by viewing logs, including understanding what type of attack is occurring, the identity of the attacker, how to protect against the attack, and where to deploy the protection.
- The ability to verify file security from a given hash value.
You can view a few multiple-choice practice questions on the CompTIA web site here:
We at Transcender have created a wonderful product in our Cert-CAS-001 practice test. Our practice test includes simulation items that will better prepare you for the performance-based items on the live exam. At the time of this post, no other practice test provider includes these types of items in their CASP product.
Also, Sybex has released a great study resource: the CASP CompTIA Advanced Security Practitioner Study Guide by Michael Gregg and Billy Haines, which I reviewed in a previous blog post. It is a great place to get started, even if you’re still accumulating those five years of hands-on technical security experience recommended as a prerequisite by CompTIA.
I hope this helps you to take the next step in your career and pursue the CASP certification. If you have any CASP-related questions, feel free to drop me a line!
Tags: casp, resource review, study resources
All of you have probably heard of CompTIA’s first Master series certification: the CompTIA Advanced Security Practitioner (CASP) certification. I took the exam some months back and am proud to say I passed it. If you want to know more about my experience, please read my previous post. In that article, I promised a review of the only CASP reference that is currently available, the CASP CompTIA Advanced Security Practitioner Study Guide by Michael Gregg and Billy Haines. Well, it’s a bit past the promised due date of April (where has the time gone?), but I finally have gotten a chance to complete my review.
I used this book as my primary reference when I was writing Transcender’s Cert-CAS-001 practice test. I found that the book was thorough and covered all of the topics on the exam. I particularly loved the Exam Essentials section at the end of each chapter. I would suggest that any test candidate read the Exam Essentials section for each chapter and think about how to test a particular point using a job task.
If you hadn’t already heard, the CASP exam includes performance-based items. These item types require that you perform certain tasks to fulfill the objectives given in the scenario. The very nature of these item types requires that you actually perform security-related tasks on a daily basis in your workflow; therefore, they are almost impossible to replicate in a book. The book’s method of addressing these item types is to include exercises for you to complete on your own. Each chapter includes several exercises to reinforce the topics presented in the chapter. These exercises, which are included in the Lab Manual (Appendix A in the book), will help you understand the tasks that security professionals must perform.
Performing the exercises requires a standard personal computer (not a server or desktop powerhouse) with the capacity to run VMware Player; some exercises require that you have a copy of a Windows desktop operating system, either as the native OS or running on a virtual machine. The labs direct you to download and install various readily available forensic tools, such as Nessus and Wireshark.
The Exam Essentials sections and the Exercises work together to provide a good all-around experience for the test candidate. But to ensure that you can pass the exam, I would recommend that you take all these one step further. For example, one of the Exam Essentials in Chapter 2 is:
Be able to describe advanced network design concepts. Advanced network design requires an understanding of remote access and firewall deployment and placement. Firewall placement designs include packet filtering, dual-homed gateway, screened host, and screened subnet.
Specific scenarios that address this Exam Essential may include: knowing when to deploy a firewall, knowing how to configure ACLs, and knowing where in a complex network a firewall is best deployed. So you should take some extra time to ensure that you understand network diagrams, and research best practices for device deployment.
This book is an excellent reference to start you on your journey to becoming a CASP. If you pair this book with Transcender’s practice test, you will be well on your way to success. It’s worth noting that Transcender’s practice test actually includes 8 performance-based scenarios that will expose you to the type of items you will see on the live exam. This is the ONLY practice test on the market right now that includes these types of items for the CASP product. It is just one more way that we demonstrate why our products are considered leading-edge test prep materials and have been preferred by IT professionals for nearly 20 years.
Check back with us over the next few weeks as I hope to provide you with a bit more information on the CASP exam, including where this exam fits into the current certification pathways, and how to prepare for the CASP. Feel free to drop me a line with any CASP questions you may have.
Tags: a+, casp, cloud, HIT, jean andrews, joy dark, michael gregg, mike meyers, mike murray, mobile, study resources
I was fortunate to be able to attend the CompTIA Academy Educator Conference over this past weekend. CompTIA promised that we would learn about the new A+ exams, the CompTIA Advanced Security Practitioner (CASP) exam, and the Healthcare IT Technician (HIT) exam. This promise was fulfilled with presentations from Mike Meyers, Jean Andrews, Joy Dark, and yours truly. Following is a quick recap on each of these topics, with more detailed posts to follow in the next week or two.
Virtualization in A+
Mike Meyers gave a presentation on virtualization. He covered the different virtualization products, including several free options as well as the major vendor products. He explained the installation and configuration processes for the various technologies. Educators reading this post should keep in mind that virtualization is a newly introduced topic to be included in the upcoming release of A+. In the A+ 220-802 exam, objective 1.9 states the following:
Explain the basics of client-side virtualization.
Purpose of virtual machines
Keep your eye out for my upcoming post about virtualization content in the new A+ exams.
Mobile technology in A+
Author Jean Andrews, best known for her CompTIA study guides and PC repair guides, also spent some time discussing the upcoming A+ exam changes. Her presentation included a great demonstration of mobile phone emulators that can be installed in a classroom environment. If you’re wondering why this is important, let me remind you that in the A+ 220-802 exam, objective 3 is dedicated to mobile devices (9% of the overall exam coverage). Look for my upcoming posts regarding mobile devices, including one on installing the mobile phone emulators and one on a new technician toolkit for mobile devices.
New certification: the HIT
I had the pleasure of meeting Joy Dark. Joy has recently released a book, which she co-wrote alongside author (and mom) Jean Andrews, all about the CompTIA Healthcare IT Technician (HIT) exam. Any A+ technician who is considering working in a healthcare environment should consider obtaining this certification. While A+ and Network+ knowledge is vital, a technician working in a healthcare industry must also understand healthcare terminology, regulations, and processes. This certification melds the world of IT with the needs of administering healthcare and healthcare records. I would highly recommend that educators take a serious look at this certification. CompTIA is expecting great things for it in the coming year.
Security+ and the CASP
In my presentation, I tried to explain to educators three main points about the CASP exam: What the CASP certification is, where the CASP certification fits in our industry, and how to prepare for the CASP certification. Look for an upcoming post that gives the details of this presentation. I will also be posting about the primary reference I used for this exam (see the “study guides and resources” header below for a quick link).
The event also included two great security presentations: one from Mike Murray of Mad Security on training the security professional and one from Michael Gregg, the author of the CASP book mentioned in the previous paragraph, on the role of certification in security. Again, look for an upcoming post regarding security training solutions.
Study guides & resources
Joy Dark and Jean Andrews wrote the book that maps directly to the HIT exam objectives: The CompTIA Healthcare IT Technician HIT-001 Authorized Cert Guide (Cert Guides), published by Pearson. This book is released and shipping.
Mike’s newest edition of the A+ study guide is the CompTIA A+ Certification All-in-One Exam Guide, 8th Edition (Exams 220-801 & 220-802) from McGraw-Hill Osborne Media, which is currently available for pre-order by clicking here.
As I prepared my CASP presentation, I referred extensively to the CASP CompTIA Advanced Security Practitioner Study Guide: Exam CAS-001 (Comptia Study Guide), published by Sybex. This book is released and shipping.
As you can see, the event gave me a plethora of information that I feel I MUST pass on to you. So expect to be bombarded with posts from me over the coming weeks.
I am already looking forward to next year’s CompTIA Academy Educator Conference. You should start making plans to be there!