Tags: a+, CompTIA
So a few months ago…after much arm twisting…I had the “opportunity” to host an A+ Webinar. (The term opportunity is in quotes because anyone who knows me knows that I get very nervous when speaking to a group, whether live or virtual, and I hate my recorded voice.) Well, the Webinar went off without a hitch…That is, unless you consider my very southern accent as a “hitch.”
The video of that Webinar is available now. So if you’ll pardon my southern accent, agree NOT to count the number of times I say UMMM, and ignore the long pauses, here’s your chance to learn more about the new 800-series A+ exams:
Hope you enjoy it!
Tags: CompTIA, Performance-Based Testing
Our in-house CompTIA product developer, Robin Abernathy, was among the experts interviewed in a recent article published on CompTIA’s IT Careers Blog.
The article, How to Prepare for Performance-Based Questions, brought together a variety of tips and opinions from experts across various training and IT industries. Having all taken exams with performance-based test items, we can attest that they present a solid challenge to the test-taker and eliminate some of the rote memorization.
Robin also summarized a lot of excellent information in our previous blog posts:
Tags: casp, CompTIA, DoD
CompTIA recently announced that the CompTIA Advanced Security Practitioner (CASP) certification has been accredited by the United States Department of Defense (DoD) Information Assurance Workforce Improvement Program 8570.01-M.
The CASP certification is intended for IT professionals with at least 10 years of experience, of which 5 years should be hands-on security work. Like other D0D-accepted certifications from CompTIA (A+, Security+, and Network+), it must be renewed every three years or maintained through CompTIA’s Continuing Education program.
Transcender’s CASP practice exam includes 160 practice test questions and 238 flash cards, including several interactive items that help prepare the customers for the live exam experience.
Tags: a+, CompTIA, network+, PBT, Performance-Based Testing, Security+
With the release of CompTIA’s new A+ series, 220-801 and 220-802, many of you will finally get your first look at CompTIA’s performance-based questions. The performance-based questions were actually first released by CompTIA in their CompTIA Advanced Security Practitioner (CASP) exam, but the CASP has a more limited audience than CompTIA’s A+, Network+, and Security+ exams.
Several members of our Content Development team have seen the CASP, the new A+ and Network+ performance-based questions, and we all feel that CompTIA is headed in the right direction with these item types. While we can’t share any details ourselves, CompTIA has released information over the past few weeks that will hopefully answer some of your questions. Here are a few resources I would recommend:
- I found a lot of information in the blog post titled “What Is a Performance-Based Question?” I suggest you read the blog post and watch the accompanying video.
- CompTIA also published another blog entry, titled Rigor of New CompTIA A+ 800 Series Exams Reflects Change in Entry-Level IT Roles, explaining the rationale behind the changed format and objectives.
- Pearson IT Certification announced that it will have a FREE Webcast about the new A+ 800-series exams on December 13, 2012. For more information, go to http://promos.pearsonitcertification.com/acton/fs/blocks/showLandingPage/a/1811/p/p-0058/t/page/fm/19. This Webcast looks especially suited for instructors, as it covers what’s new, improved, and different!
Did you notice CompTIA has increased the recommended hours of hands-on field experience to one year, up from the previously recommended six months? Those of us who have already taken the exam perceived a small but definite increase in difficulty. Again, with those performance-based items, you can either perform a task or you can’t. Hands-on experience is key. If the question simulates an action you do every day at work, then you’re probably going to find it a breeze. If it tests a concept you’ve only read about in books or studied in the abstract, it may take you a little longer to puzzle out the solution.
As I already mentioned, the new A+ and Network+ exams include performance-based questions. CompTIA will integrate performance-based questions into the Security+ exam in January.
So it looks like the move is permanent, folks! Embrace it! And know that what CompTIA has released is just the tip of the iceberg. Does anyone remember Microsoft’s 83-640 exam? I think that was a glimpse of where performance-based testing should really go.
Tags: a+, CompTIA, mobile devices, Study hints, study resources
Well, it’s been two weeks since I introduced you to the Mobile Devices domain in the new A+ 220-802 exam. In that post, I gave information on the first two objectives in the Mobile Devices domain. In this post, I want to finish by discussing the last three objectives from the domain:
3.3 Compare and contrast methods for securing mobile devices.
3.4 Compare and contrast hardware differences in regards to tablets and laptops.
3.5 Execute and configure mobile device synchronization.
For objective 3.3: Compare and contrast methods for securing mobile devices, the main focus is mobile device security. The main points that you should concern yourself with are as follows:
- Passcode locks – This is the most basic security measure. Passcode locks block unauthorized users from accessing any of the device’s functions. In Android phones, this is configured in the Settings Location & Security section. In iOS-based devices, it is configured in the Settings – General section.
- Locator applications – This security measure uses the GPS feature to locate a lost or stolen mobile device. For iPhones, you would enable the Find My iPhone feature. For Android devices, you can use a number of third-party security applications (such as Android Lost, AVG Antivirus, or Lookout) to remotely locate a phone.
- Remote wipes – This security measure ensures that all data on the mobile device can be erased if the mobile device is lost or stolen. For iPhones, there is an iCloud feature (available in iOS 5) that allows the Remote Wipe feature. Google Apps administrators can perform this function with Google Sync (in beta, as of this writing). Most third-party Android security apps will have the option to locate, lock, or remotely wipe the device.
- Remote backup applications – This functionality allows all data and applications to be backed up to ensure that the data could be restored if the mobile device is lost or stolen. For iPhones, backups are managed by the iTunes application. For Android devices, you will need to download an application that provides this functionality.
- Failed login attempts restrictions – This security feature will lock a device after the configured number of failed login attempts. For iPhones, the lock occurs by default after 6 failed attempts and erases the data after 10 failed attempts. For Android devices, this feature is not built in, so you will need to add an application to provide this functionality. Most mobile devices also let you wipe the device contents after the configured number of failed logins.
- Antivirus – Because mobile devices can be corrupted by malware, you should install an anti-malware application. Desktop antivirus vendors, like McAfee and AVG, also have products designed for mobile devices. Keep in mind that the product must be regularly updated to protect against the latest malware and virus threats.
- Patching/OS updates – Patching the operating system and applications is necessary for all mobile devices. Most mobile devices have a built-in function that will notify you periodically when updates are detected. Make sure your device is updated so that all the latest security patches are installed, because security patches are the most common type of update.
For objective 3.4: Compare and contrast hardware differences in regards to tablets and laptops, you need to understand the hardware that is used in a mobile device and how it typically compares to laptop hardware.
- You should keep in mind that most mobile devices do NOT have field-serviceable parts. Specialized tools are needed to replace any mobile device hardware, including the screen and internal parts. Repairs should only be carried out by technicians who are properly trained. If you have a device repaired by a technician that is not backed by the vendor, the warranty will be voided.
- Also, keep in mind that mobile devices typically cannot be upgraded. Therefore, you should purchase the device that provides the maximum level of hardware for your current and future needs.
- Most mobile devices are touch screen devices, which uses two technologies: touch flow or multitouch. With touch flow, finger movement (up, down, left, right) controls how the screen scrolls. With multitouch, the screen will recognize multiple touches, which means that more than one finger can work with the interface at the same time.
- Mobile devices typically use solid-state drives, which are lighter and less prone to crashes.
For objective 3.5: Execute and configure mobile device synchronization, you need to understand how to sync your mobile device. This includes understanding the type of data that will need to be synced, the software requirements to install the syncing application on your desktop computer or laptop, and the connection types that can be used with synchronization. Users will need to be able to sync contact information, applications, e-mail, pictures, music, and videos.
- Push synchronization is automatic and requires no user effort. Any change made will be synced to the other devices at regular intervals that you configure. (Remember that push synchronization can consume battery so use a longer schedule time if battery consumption is a concern.)
- Pull synchronization, on the other hand, requires the user to actually activate the synchronization, which then pulls new information from the other device.
- Synchronization can occur via a direct USB connection between devices, over a Bluetooth connection between the devices, and even over a 802.11 wireless network. Some specialized synchronization applications even allow you to use the Internet for synchronization.
While most mobile devices have a built-in sync feature, applications available through the marketplace usually do a much better job and include many more options. If you purchase a synchronization application, make sure that your mobile device meets the application’s requirements.
In closing, I hope these two Mobile Devices posts have helped to shed a bit of light on just where CompTIA is going with this topic. I have to say that I am glad to see this topic included as part of an IT technician’s job analysis. As mobile devices gain in popularity, technicians will definitely be expected to understand how to configure mobile devices in the real world.
I’ll be taking the 220-801 and 220-802 exams this week. I am really looking forward to seeing how the exams have changed, and assessing the new mobile device coverage and performance-type items.
Watch for my post in the coming weeks where I review Mike Meyer’s Eighth Edition of the CompTIA A+ Certification All-in-One Guide. I’ll also be posting some ideas about mobile phone emulators to help in labs and classrooms, and to help students self-study for the new mobile device topic coverage on the 220-802.
- Robin Abernathy
Tags: casp, CompTIA, network+, Performance-Based Testing, Security+
As many of you may know, CompTIA introduced performance-based questions on the CompTIA Advanced Security Practitioner (CASP) certification exam. These questions have really added to the difficulty of the exam. The new A+ series (220-801 and 220-802), to be released in October 2012, will also include this item type. We were told that CompTIA was looking into expanding some of their other certifications to include this item type, but we weren’t told when the changes would occur other than “fourth quarter of 2012.”
Finally, CompTIA has released some concrete details about upcoming changes to the Network+ and Security+ certification exams. And the news? Both of these certifications will be adding performance-based questions in as soon as one month!
Network+ candidates: How the product changes affect you
For Network+, the last day to take this exam WITHOUT performance-based items is November 3, 2012. Starting on November 4, 2012, all Pearson VUE-delivered Network+ exams will include this item type.
CompTIA is encouraging individuals who are already studying for Network+ to take the current exam before the performance–based questions become incorporated. As part of this initiative, CompTIA will allow you to purchase a Network+ exam voucher by November 3 and save 15%. Purchase a Network+ Exam Voucher Now if you plan on taking the exam by November 3rd. Once you buy the voucher, you’ll have between ten and twelve months from the date of purchase to redeem it for a test. After November 3, these exam vouchers revert to full price.
Security+ candidates: How the product changes affect you
For Security+, the last day to take the exam WITHOUT performance-based items is December 31, 2012. Starting on January 5, 2013, all Pearson VUE-delivered Security+ exams will include this item type.
As with Network+, CompTIA is encouraging individuals already studying for Security+ to take the current exam before performance–based question become incorporated. Purchase a Security+ exam voucher by December 31, 2012 and save 15%. Purchase Security+ Exam Voucher Now if you plan on taking the exam by December 31st. The voucher is valid for ten to twelve months from the date of purchase. On January 1, 2013, these exam vouchers revert to full price.
In addition, CompTIA has created a great video all about the CompTIA testing experience that includes information about the PBT item type. The item type discussion section starts at around the 5-minute mark, but I would suggest watching the whole video, because it contains some great information.
Transcender customers: how the product changes affect you
As far as the Transcender products go, we will definitely be adding performance-based items to our current practice tests. But keep in mind that we do NOT get an advance viewing of these items — so we cannot see what these items entail until November 3rd for Network+ and January 5th for Security+. Once we see how CompTIA handles the performance-based aspect, we will put together a plan for revising our practice products so that they’ll best prepare you for the actual exam. We anticipate that we’ll be adding our own performance-based items approximately 6-8 weeks after the CompTIA exams release.
Any Transcender customers who have an active practice test license at the time we release the product update will be able to update their purchase to the new version at NO additional cost. (What a great value add!)
Feel free to contact us with any questions you may have, and happy testing!
Tags: casp, CompTIA, Performance-Based Testing
At the CompTIA Academy Educator Conference in Las Vegas, I made a presentation to help educators better understand the CompTIA Advanced Security Practitioner (CASP) exam. I received such awesome feedback that I decided to write a blog post based on the presentation. I will explain the CASP exam to you, where the exam fits in the certification world, and how you should prepare to take it or prepare your students to take it.
What the CASP Certification is
First, here are some key numbers for you. In CompTIA’s 8th Annual Information Security Trends study, 76% of those responding indicated that their IT staff probably or definitely need more vendor-neutral security training. 81% of those responding indicated that they would give more recognition and financial rewards to the IT staff members who complete a security certification. Based on the findings in the 8th Annual Information Security Trends and other studies, CompTIA decided that:
- An advanced-level security exam would be good to pursue.
- The exam should be performance-based.
- The exam should fit into other vendors’ certification(s) as an elective.
- The exam should concentrate on new technologies that demand a concentration in security aspects, such as IPv6, VoIP, and SaaS.
- Acceptance of the exam would depend on the U. S. government’s acceptance of the new certification and its applicability to Department of Defense Directive (DoDD) 8570. According to CompTIA’s IT and CyberSecurity white paper, “Those seeking compliance with IA Technical Level III and IA Management Level II of U.S. DoD Directive 8570.01-M. (CASP is proposed to the 8570 Directive for these workforce categories.)”
The result was the CASP, the first certification in the Master Series of certifications released by CompTIA. The CASP exam will certify that the successful candidate has the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments.
The CAS-001 exam is available at Pearson Vue testing centers, and is currently available in English only.
How the CASP exam is structured
The CASP exam is a single exam that consists of multiple-choice, scenario-based, and performance-based questions. For the performance-based items, the CASP candidate is given a scenario/problem and prompted to push a button to launch a simulated environment that is created via software.
The candidate has 150 minutes to complete 80 questions. Upon completion, the candidate is given a Pass/Fail score. No numerical score is given. The domain distribution for the CASP exam is as follows:
Enterprise Security – 40%
Risk Management, Policy/Procedure, and Legal – 24%
Research and Analysis – 14%
Integration of Computing, Communications, and Business Disciplines – 22%
Where the CASP fits among security certifications
CompTIA has created a great graphic (shown below) that shows the CASP certification sitting between CompTIA’s Security+ certification and (ISC)2′s CISSP certification.
The way that CASP requires you to put real-world applications into abstract concepts elevates it above the Security+. The CASP exam expects candidates to take the core security concepts introduced in the Security+ exam and apply them to work situations. For example:
- In Security+, you should know the ports used by the HTTP and HTTPS protocols.
- In CASP, you should know the same ports, but you will have to apply them in a router or firewall configuration. This will include opening and closing the appropriate ports via rules or ACLs and ensuring that the rules are in the correct order.
- In Security+, you should know when you would need to deploy a firewall.
- In CASP, you should know when to deploy a firewall, but you would also need to deploy it in the appropriate location and know where to deploy any other devices/servers located in the DMZ/perimeter network.
After taking the CASP exam, I will agree that it’s harder than the Security+, but I feel it is equally as difficult as the CISSP exam. The CISSP exam is difficult in the breadth of knowledge that a test candidate must possess, but in the end, it is still just a standard multiple-choice, knowledge-based exam. Including performance-based items in the CASP takes this exam to the next level, even surpassing the CISSP exam when it comes to difficulty (in my opinion).
So while I accept CompTIA’s graphic and its placement of the CASP in the security certification world, I also feel that time will be kind to the CASP exam as it becomes more widely understood and accepted in the industry.
How to Prepare for the CASP Certification
Practical experience is needed for this exam, including:
- Experience configuring ACLs/rule lists for router, firewalls, and so on.
- Experience deploying hardware in a network. Specifically, you’ll need to understand WHERE hardware is deployed in a given network diagram based on requirements.
- The ability to recognize when devices are under attack by viewing logs, including understanding what type of attack is occurring, the identity of the attacker, how to protect against the attack, and where to deploy the protection.
- The ability to verify file security from a given hash value.
You can view a few multiple-choice practice questions on the CompTIA web site here: http://certification.comptia.org/Training/testingcenters/samplequestions/CASP-Practice-Questions.aspx
We at Transcender have created a wonderful product in our Cert-CAS-001 practice test. Our practice test includes simulation items that will better prepare you for the performance-based items on the live exam. At the time of this post, no other practice test provider includes these types of items in their CASP product.
Also, Sybex has released a great study resource: the CASP CompTIA Advanced Security Practitioner Study Guide by Michael Gregg and Billy Haines, which I reviewed in a previous blog post. It is a great place to get started, even if you’re still accumulating those five years of hands-on technical security experience recommended as a prerequisite by CompTIA.
I hope this helps you to take the next step in your career and pursue the CASP certification. If you have any CASP-related questions, feel free to drop me a line!
Tags: cloud certification, cloud essentials, CompTIA
Way back in 2010, I started looking into all things cloud when I attended TechEd 2010 in New Orleans. Back then, I was trying to use my crystal ball to predict just what the cloud meant to us in the certification world. Fast forward to 2012, and we are starting to see the beginnings of the cloud certification offerings, as well as cloud-centric content added to existing certifications.
CompTIA announced its new Cloud Essentials specialty certification on December 13, 2011:
“As use of the cloud expands, the demand for IT workers with cloud computing knowledge grows as well,” Terry Erdle, executive vice president, skills certification, CompTIA, said. “CompTIA Cloud Essentials is designed to bolster the cloud computing credentials of the IT workforce.”
According to the CompTIA Cloud Essentials page, a test candidate will see 50 questions and have 60 minutes to complete the exam. Here is the objective breakdown for the Cloud Essentials exam:
- 1.0 Characteristics of Cloud Services From a Business Perspective - 15%
- 2.0 Cloud Computing and Business Value – 20%
- 3.0 Technical Perspective/Cloud Types – 20%
- 4.0 Steps to Successful Adoption of Cloud Computing - 15%
- 5.0 Impact and Changes of Cloud Computing on IT Service Management - 15%
- 6.0 Risks and Consequences of Cloud Computing - 15%
While there are no books currently on the market for this certification, there are general books available on cloud computing. McGraw-Hill will release CompTIA Cloud Essentials Certification Study Guide (Exam CL0-001) in November 2012, and I anticipate other study guides will follow.
While this is the only cloud-specific test currently in the CompTIA arena, many of their other, more popular offerings, including the Security+ and CompTIA Advanced Security Practitioner (CASP) exams, now require low-level understanding of cloud computing types and terminologies.
But don’t expect Cloud Essentials to be the last you will hear about the cloud from CompTIA. Word has it that there is more to come from CompTIA in cloud computing and mobile computing as these two areas become more vital in the global marketplace.
Are any of you considering this certification? If so, are you worried about the lack of resources available that are specifically written to this certification?
Drop us a line here at Transcender, and tell us what you think. We would love to hear from you!
Until next time….
Tags: casp, CompTIA, Performance-Based Testing
As many of you know, there is quite a bit of buzz over CompTIA’s Advanced Security Practitioner (CASP) exam. Last year, CompTIA launched the CASP exam as the next level in its security-related certification products. For years, IT professionals have looked to CompTIA to provide vendor-neutral certifications, the most popular of which are the A+, Network+, and Security+ certifications. But the CASP exam takes CompTIA’s offerings to the next level.
Last month, I finally had a chance to take the CASP exam. I knew going into the exam that I would see what CompTIA has called performance-based testing (PBT) items. Well, I wasn’t disappointed, as my first question on the exam was a PBT item. Overall, I thought these item types had the appropriate level of complexity and covered a wide-range of topics. So what did they look like? For the most part, they were drag-and-drop items that involved matching things up or placing items in the right location. There were others that required particular actions to be taken at a command prompt or at the server level. The only specifics I can share about these items, without violating the Non-Disclosure Agreement (NDA), is that PBT items take the WHAT from your usual multiple choice items and place the focus on the HOW or the WHERE.
For example, consider SubObjective 1.5 from the CASP Exam Guide: Distinguish among security controls for hosts. A bullet point in this SubObjective is Host hardening, which includes the Standard operating environment, Security/group policy implementation, Command shell restrictions, Warning banners, and Restricted interfaces. A possible PBT question that would fit into this SubObjective is a graphically presented task where you enable and configure the appropriate group policies for password length, password age, and password lockout.
In addition to the PBT items, the exam still includes the old stand-by multiple-choice questions. These, however, were a bit more expansive than the typical questions included in the A+, Network+, or Security+ exams. I often found myself reading and re-reading the options while trying to eliminate incorrect answers. I can remember thinking that this exam seemed much harder than the CISSP exam, not because of its length, but because of its depth. It takes those tidbits of security knowledge that all security professionals must know and expects you to APPLY them. For example, you not only need to know the different types of hacker attacks, you should know HOW to recognize the attacks which are occurring, WHAT tools to deploy to protect against those attacks, HOW to deploy them, and WHERE they should be deployed.
You can expect between 70-80 questions total, including the PBT questions. When I was done with the exam I was a little nervous, because truthfully, I felt it could have gone either way. I made an audible sigh of relief when I learned I had passed; to say that I was happy would be putting it mildly! I can’t give you my score, because CompTIA doesn’t give you one – this exam is just graded as PASS or FAIL. (But you know, maybe I didn’t really want to see that score anyway!)
So what can you do to prepare for the CASP? After you go over the exam objectives on the CompTIA Web site, I would start with CASP CompTIA Advanced Security Practitioner Study Guide by Michael Gregg and Billy Haines recently published by Sybex (an imprint of Wiley). Look for my comprehensive review of this guide in April. Next, take some time to research the day-to-day tasks of the security professional. I can assure you: if you don’t have any experience in security-related tasks, you should not take this exam until you have had some time to expose yourself to these tasks.
With that said, I can tell you that I am working diligently to create Transcender’s practice test for the CASP exam. And we will be including some interactive items that simulate what you will see in the live exam. My experience in taking this exam and working on our practice test so soon afterward can only help you, so keep an eye out for our announcement regarding our CASP practice test, which should come in May….and in the meantime, start prepping today!
Tags: CompTIA, network+, pearson, resource review, study resources
Pearson Education has released a book, the CompTIA Network+ N10-005 Authorized Cert Guide, which has been written specifically for the new version of CompTIA’s Network+ exam, N10-005. Luckily, I was able to obtain a copy of this book while I was developing our N10-005 practice test. I found the book helpful in providing details in some topics, particularly topics that were new to the N10-005 exam. I wanted to share with you what I felt were the strongest points about this book, as well as areas where I thought it fell a little short. But don’t stop reading yet – there was a lot that was good and worthwhile about this resource!
If you’ve read any of my resource review posts in the past, you will know that I am a fan of charts, tables, and bulleted lists. Most CompTIA exams include a lot of knowledge-based material that you must memorize: things like media types, media speed, maximum distances, and so on. Pearson’s books always include plenty of those charts, tables, and lists that prove to be very helpful in preparing for the exam. This book includes just the right mix of charts, tables, and bulleted lists. In addition, the book includes lots of graphics to help illustrate the topics covered, including media connector graphics, cable composition graphics, and so on. You should take the time to study all the charts, tables, bulleted lists, and graphics.
The book includes a DVD that contains a practice test, supplementary memory tables, and training videos. I feel the practice test isn’t on the level of the Transcender practice test. I’m not just saying that because I work here, but because the item explanations aren’t written to the depth that ours are. Pearson’s practice test also includes item types that are not covered in the live exam. So I worry that users would be inadequately prepared for the live exam.
In going through the content, I was glad to see that Pearson’s book did cover most of the new topics that are now included in the Network+. However, this subject matter was not always easy to find. The topical Index located in the back of the book wasn’t as comprehensive as I had hoped for. A lot of times, when I am preparing for a new exam version, I spend time looking for study materials on the new topics. Usually, I just look for that topic in the Index of the latest reference book. In this book, however, it took some effort to find those new topics using the Index. To Pearson’s credit, they quickly got back in my good graces when I noticed that the book comes with free 45-day online access to the electronic form of the book. After creating my online account, I was able to search for some of those terms that I couldn’t find through the Index. So my advice is: Use that online version to search for those topics you are unsure of, but keep in mind the 45-day limit. (Hey, Pearson Education: What’s up with that? I may not take the exam in 45 days. If you aren’t going to give me unlimited access to it, can you at least include a PDF version of the book’s content on the DVD that comes with the printed copy?)
While the book does a fairly decent job of covering the topics from CompTIA’s Exam Guide for N10-005, I should warn you about the depth of that coverage. To Pearson’s defense, this book was written and released BEFORE the Network+ exam was actually released. As a CompTIA Partner, Pearson does NOT get early access to the test. I know this for a fact because Transcender is also a CompTIA Partner. Without seeing the live exam content, there are no guarantees that coverage is to the depth that is needed. So keep in mind that you may see topics on the live exam that are not covered adequately in this book.
In summary, I think this is a decent reference for studying for the Network+ exam. It would provide a great beginning to the study process. But in my opinion, some topics are not covered as well as others, so other references may need to be incorporated into your study plan. (Shameless plug: Did I already mention that Transcender’s Cert-N10-005 practice test has just been released?)
I would love to hear from our readers with any questions/comments you may have!