Tags: resource review, SQL Server 2012, study resources, study tips
I am always trying to gain more knowledge that will advance my career. However, I’m finding that keeping up with the leading edge of technology can be a bit pricey. I don’t want to find myself looking for loose change in parking lots or scuba diving at night for quarters in the wishing fountain at the mall to pay for training and materials on SQL Server 2012. Thankfully, Microsoft offers a lot of FREE resources to help you learn SQL Server 2012.
I highly recommend the SQL Server 2012 virtual labs (http://www.microsoft.com/sqlserver/en/us/learning-center/virtual-labs.aspx). At the time of this post, there are 19 labs that are between 45 and 90 minutes each. They cover such topics as AlwaysOn Availability Groups and Upgrading to SQL Server 2012. Bang-for-the-buck-wise, this is the best way to gain experience with SQL Server 2012. With these virtual labs, you don’t have to invest money in SQL Server 2012 licenses or buy additional hardware to set up a multi-server configuration to prepare for certification; you just need a highspeed Internet connection and Internet Explorer. The labs consist of virtual machines running SQL Server 2012 with accompanying lab text in a sidebar. Not every feature of SQL Server 2012 is enabled in the VM, but there are enough features to play around with and get a feel for the controls.
The labs have step-by-step instructions. I actually recommend that you ignore them the first time around. The beauty of these VMs is that you do not have to perform the lab by the directions. You can use the lab to experiment with the software and test different features.
Free Books Online
The SQL Server 2012 Books Online resource contains everything that you wanted to know about SQL Server 2012 but were too clueless to ask. You can access it on the web at http://msdn.microsoft.com/en-us/library/ms130214.aspx. If you are in a firewall or proxy-restricted environment, you can download the information directly from http://www.microsoft.com/en-us/download/confirmation.aspx?id=347. The downloaded version is nice to have on your mobile device if you’re stuck in an airport with no Internet connection and the airline can’t locate the plane that is supposed to take you home…totally hypothetical situation of course.
Microsoft Books Online allows you to search on any topic. The search results are pulled from TechNet and other authoritative sources.
The information is FREE and is generally used by technical writers to put together materials for SQL Server.
Microsoft Prep Guides
These are the classic pre-certification resource: the objectives and sub-objectives that you must master to pass the test. For example, the prep guide for the 70-462 exam, Administering Microsoft SQL Server 2012 Databases, can be located at http://www.microsoft.com/learning/en/us/exam.aspx?id=70-462. Here’s a tip: you can change the last number in the URL to match, your specific Microsoft exam to find the prep guide for that exam.
The prep guide pages have four tabs: Overview, Skills Measured, Preparation Materials and Community. The Overview tab describes the audience profile for the exam and any certifications associated with the exam. The Skills Measured tab lists tasks that you must master to be successful on the exam. The tasks are broken down by objective and each objective’s weighting percentage for the exam. The Preparation Materials tab displays the officially Microsoft sanctioned training materials. By now you might be reading along and saying, “Gee, George, I already checked there, and it was a dead end!” I feel your pain. Generally, there is not a lot of preparation information listed for a relatively new exam, and what is listed usually isn’t free. So I encourage you to check out the Community tab which has links to newsgroups that can give you a better perspective on training and possible offer some reviews on just-released instructional materials, so I find them a better resource for new technologies.
The Skills Measured tab lists the tasks Microsoft recommends that you know for the exam. I would suggest that you don’t limit your knowledge or experience to the items on this list. In my recent experience with Microsoft exams, the Skills Measured tab contains about 95% of what you will be asked on the exam. The other 5% will be the kinds of questions you can only answer from experience (which is where the virtual labs come in handy). Remember, Microsoft is moving away from the standard fact-based multiple choice question types, and weighing their exams more heavily toward question types that emphasize hands-on knowledge — such as Build List and Reorder, Extended Matching, and Case Studies. This is why you need to have a lot of practical knowledge of SQL Server 2012 to pass the exam.
Despite what is listed, there probably is a Transcender practice test available or SOON TO BE AVAILABLE for most of these exams. Check the Transcender web site regularly over the next few months for the availability of the practice test.
Free e-book: Introducing Microsoft SQL Server 2012
You should definitely obtain the free e-book on Microsoft SQL Server 2012. This e-book is an overview of SQL Server 2012 and will introduce you to some new features in SQL Server 2012. You can download the e-book from the link for the 70-462 Microsoft Prep Guide, http://www.microsoft.com/learning/en/us/exam.aspx?id=70-462#tab2.
Again, this is where those virtual labs come in handy. I guarantee that the certification exam will expect you to be familiar with the functionality changes between previous versions of SQL Server and SQL Server 2012. Go through the e-book chapter by chapter, and use the virtual lab to poke around every new feature introduced in the book.
To successfully pass a Microsoft exam and not spend a dime on additional training is possible, and I have done it, but you have to dedicate some time to it. You should go through each task in the prep guide for the exam. Learn all you can by searching for the task in the books online, and then perform the task in the virtual labs. This will enable you to update your existing knowledge of administering older versions of SQL Server and translate those concepts into 2012.
It is not hard or expensive to learn SQL Server 2012, but it is time consuming. Block out some time in your schedule and use the free resources that are available to master the skills required to gain your SQL Server 2012 certification.
Tags: a+, CompTIA, mobile devices, Study hints, study resources
Well, it’s been two weeks since I introduced you to the Mobile Devices domain in the new A+ 220-802 exam. In that post, I gave information on the first two objectives in the Mobile Devices domain. In this post, I want to finish by discussing the last three objectives from the domain:
3.3 Compare and contrast methods for securing mobile devices.
3.4 Compare and contrast hardware differences in regards to tablets and laptops.
3.5 Execute and configure mobile device synchronization.
For objective 3.3: Compare and contrast methods for securing mobile devices, the main focus is mobile device security. The main points that you should concern yourself with are as follows:
- Passcode locks – This is the most basic security measure. Passcode locks block unauthorized users from accessing any of the device’s functions. In Android phones, this is configured in the Settings Location & Security section. In iOS-based devices, it is configured in the Settings – General section.
- Locator applications – This security measure uses the GPS feature to locate a lost or stolen mobile device. For iPhones, you would enable the Find My iPhone feature. For Android devices, you can use a number of third-party security applications (such as Android Lost, AVG Antivirus, or Lookout) to remotely locate a phone.
- Remote wipes – This security measure ensures that all data on the mobile device can be erased if the mobile device is lost or stolen. For iPhones, there is an iCloud feature (available in iOS 5) that allows the Remote Wipe feature. Google Apps administrators can perform this function with Google Sync (in beta, as of this writing). Most third-party Android security apps will have the option to locate, lock, or remotely wipe the device.
- Remote backup applications – This functionality allows all data and applications to be backed up to ensure that the data could be restored if the mobile device is lost or stolen. For iPhones, backups are managed by the iTunes application. For Android devices, you will need to download an application that provides this functionality.
- Failed login attempts restrictions – This security feature will lock a device after the configured number of failed login attempts. For iPhones, the lock occurs by default after 6 failed attempts and erases the data after 10 failed attempts. For Android devices, this feature is not built in, so you will need to add an application to provide this functionality. Most mobile devices also let you wipe the device contents after the configured number of failed logins.
- Antivirus – Because mobile devices can be corrupted by malware, you should install an anti-malware application. Desktop antivirus vendors, like McAfee and AVG, also have products designed for mobile devices. Keep in mind that the product must be regularly updated to protect against the latest malware and virus threats.
- Patching/OS updates – Patching the operating system and applications is necessary for all mobile devices. Most mobile devices have a built-in function that will notify you periodically when updates are detected. Make sure your device is updated so that all the latest security patches are installed, because security patches are the most common type of update.
For objective 3.4: Compare and contrast hardware differences in regards to tablets and laptops, you need to understand the hardware that is used in a mobile device and how it typically compares to laptop hardware.
- You should keep in mind that most mobile devices do NOT have field-serviceable parts. Specialized tools are needed to replace any mobile device hardware, including the screen and internal parts. Repairs should only be carried out by technicians who are properly trained. If you have a device repaired by a technician that is not backed by the vendor, the warranty will be voided.
- Also, keep in mind that mobile devices typically cannot be upgraded. Therefore, you should purchase the device that provides the maximum level of hardware for your current and future needs.
- Most mobile devices are touch screen devices, which uses two technologies: touch flow or multitouch. With touch flow, finger movement (up, down, left, right) controls how the screen scrolls. With multitouch, the screen will recognize multiple touches, which means that more than one finger can work with the interface at the same time.
- Mobile devices typically use solid-state drives, which are lighter and less prone to crashes.
For objective 3.5: Execute and configure mobile device synchronization, you need to understand how to sync your mobile device. This includes understanding the type of data that will need to be synced, the software requirements to install the syncing application on your desktop computer or laptop, and the connection types that can be used with synchronization. Users will need to be able to sync contact information, applications, e-mail, pictures, music, and videos.
- Push synchronization is automatic and requires no user effort. Any change made will be synced to the other devices at regular intervals that you configure. (Remember that push synchronization can consume battery so use a longer schedule time if battery consumption is a concern.)
- Pull synchronization, on the other hand, requires the user to actually activate the synchronization, which then pulls new information from the other device.
- Synchronization can occur via a direct USB connection between devices, over a Bluetooth connection between the devices, and even over a 802.11 wireless network. Some specialized synchronization applications even allow you to use the Internet for synchronization.
While most mobile devices have a built-in sync feature, applications available through the marketplace usually do a much better job and include many more options. If you purchase a synchronization application, make sure that your mobile device meets the application’s requirements.
In closing, I hope these two Mobile Devices posts have helped to shed a bit of light on just where CompTIA is going with this topic. I have to say that I am glad to see this topic included as part of an IT technician’s job analysis. As mobile devices gain in popularity, technicians will definitely be expected to understand how to configure mobile devices in the real world.
I’ll be taking the 220-801 and 220-802 exams this week. I am really looking forward to seeing how the exams have changed, and assessing the new mobile device coverage and performance-type items.
Watch for my post in the coming weeks where I review Mike Meyer’s Eighth Edition of the CompTIA A+ Certification All-in-One Guide. I’ll also be posting some ideas about mobile phone emulators to help in labs and classrooms, and to help students self-study for the new mobile device topic coverage on the 220-802.
- Robin Abernathy
Tags: a+, mobile devices, Study hints, study resources
Last month, I posted an article about the virtualization topics in the new A+ exams. At that time, I indicated that I would be posting about the new mobile devices topics. I expected to get the two articles out within a few weeks of each other, but as it always seems to happen around here, other things took precedence….and a month later, I am finally sitting down to fulfill my promise.
Mobile devices have increasingly become part of our lives. Because of the popularity of these devices and our dependence on them, the CompTIA A+ certification now includes mobile device topics to ensure that A+ technicians are proficient in certain aspects of mobile device management. The new A+ 220-802 exam has an entire domain that is dedicated to mobile devices. Domain 3, the Mobile Device domain, makes up 9% of the exam. The objectives from Domain 3 are as follows:
3.1 Explain the basic features of mobile operating systems.
3.2 Establish basic network connectivity and configure email.
3.3 Compare and contrast methods for securing mobile devices.
3.4 Compare and contrast hardware differences in regards to tablets and laptops.
3.5 Execute and configure mobile device synchronization.
There’s a lot to chew on here, so let’s focus on the first two of these objectives. (I will discuss the other three in a coming post.) Please remember that I’m writing based on my experience with mobile devices and on what I’ve read in several reference books. As of this posting, I have not actually taken the new A+ exams. CompTIA released those exams this week, so I’ll hopefully have some time to take them before Part 2 of this blog post! But since I’ve been writing study material for the A+ exams since the 300-level A+, I am fairly confident that I won’t be too far off the mark.
For Obj 3.1: Explain the basic features of mobile operating systems, you will need to understand the features of the Android and iOS mobile operating systems.
- Android is an open-source operating system, while the Apple iOS is a vendor-specific OS.
- Developers for Android have access to the same APIs used by the operating system. Developers for Apple must use the software development kit (SDK) and must be registered as Apple developers.
- Android apps are purchased from the Google Android market (now called Google Play) or from other Android app sites, while Apple apps can only be purchased from the Apple App store.
- For screen orientation, mobile devices use an accelerometer and/or a gyroscope. While only one of these is required, many newer mobile devices use both because they work better together.
- Touch-screen mobile devices require screen calibration. The screen calibration tool will require you to touch the screen in different ways so that the mobile device can learn how you will touch the screen. If the device does not react in an expected manner when you touch the screen, it may need re-calibration.
- GPS information can be obtained from cell phone towers or from satellites. Keep in mind that keeping the GPS function enabled will cause the battery to be depleted much quicker. Android phones normally use satellites to obtain GPS data, while iPhones use a combination of satellites, cell phone towers, and WiFi towers to obtain GPS data.
- Geotracking allows a mobile device to periodically record location information and transmit this information to a centralized server. Consumers have recently raised privacy concerns overs this feature.
For Obj 3.2: Establish basic network connectivity and configure email, you will need to understand how to connect mobile devices to networks and how to configure email on mobile devices. For all of the following points, I would expect this to focus mainly on the two major smart phones (iPhone and Android), but wouldn’t be surprised if you are expected to know how to do this for the iPad and other tablets.
- Enable/disable the wireless and cellular data network.
- Understand Bluetooth configuration, including enabling/disabling Bluetooth, enabling device pairing, finding devices for pairing (including entering the PIN code), and testing Bluetooth connectivity.
- Configure email. You will need to know the URL of the incoming and outgoing email server, the port numbers used by these servers, and the encryption type (if applicable). You probably will also need to know your account details, including user name, password, and domain name. The process for setting up email will vary slightly based on the mobile device that you are configuring and the type of account. Some of the more popular mail services, such as Exchange and Gmail, are easier to set up because of configuration wizards.
To fully prepare for these objectives, it may be necessary to install a mobile phone emulator on your computer if you do not have access to a physical mobile phone. In many cases, there are free mobile phone emulators available so that you can learn how to perform many of the basic configuration steps. You may want to research the options that are available and install them in a lab environment, particularly if you are an instructor. These emulators can provide a valuable service to students who do not have experience with mobile devices.
Part 2 of this topic will be released in the coming days and will cover the other three Mobile Devices objectives in the 220-802 exam. I also plan to have a post in the coming months on mobile phone emulators, so feel free to send me any information on what you have found in this area.
Resource Review: CompTIA A+ Complete Review Guide Second Edition by Emmett Dulaney and Troy McMillanSeptember 21, 2012 at 4:27 pm | Posted in Certification Paths, CompTIA | Leave a comment
Tags: a+, resource review, study resources
The latest version of the A+ exams (220-801 and 220-802) are due out in October. Many of us…ok, maybe just me….anxiously await this latest release from CompTIA.
With this latest iteration, CompTIA has dropped the test naming structures we saw in the past (220-701 A+ Essentials and 220-702 A+ Practical Application) and is just going with a number naming convention (A+ 220-801 and A+ 220-802). But that is not all that has changed: CompTIA has announced that the new exams will include performance-based testing (PBT) items. Think of these items as answering a question by DOING instead of answering a question by selecting from options. I imagine these items will involve running commands, configuring dialog boxes, and matching concepts, but I truly don’t know what they are like. Although Transcender is a CompTIA partner, the details I have about these items are few and far between. I’ll see the questions on the same day that you will, when they go live.
Now back to our resource review. The latest A+ release has been choreographed with the content publishers in a much better manner than in the past. I have been very impressed with the way publishers have hustled to meet the training world’s needs when it comes to these exams. In the past, books and study guides were often released weeks or months after an exam was released. This meant that test candidates did not always jump on the bandwagon early in the certification lifecycle. Often candidates were waiting for a book to help them prepare for the exam, which meant that certification popularity was influenced by the publication of study materials.
With the 800-series A+, trainers and early adopters don’t have the same issues. By the time these exams are released to the public, there will be several references available to choose from. Today I’ll share my thoughts on Sybex’s CompTIA A+ Complete Review Guide, Second Edition, by Emmett Dulaney and Troy McMillan.
Review Guide versus Study Guide: What’s the Difference?
I want to point out that Sybex also released the CompTIA A+Complete Study Guide, Exams 220-801 and 220-802, 2nd Edition by Quentin Docter, Emmett Dulaney, and Toby Skandier this month. Where the Review Guide is 496 pages, the Study Guide rings in at 1100 pages and provides much more background knowledge to help bring the beginner up to speed. Review Guides are better suited for experienced techs wanting to catch up on the latest A+ changes, or those who need a refresher course. Where the Study Guide may be better for self-paced instruction, the Complete Review Guide is more test-prep oriented.
CompTIA A+ Complete Review Guide, Second Edition by Wiley / Sybex
First, I have to share the feature I love the most about this book - its structure. Have you ever downloaded an Objective List from CompTIA? While it makes sense on the exam, it usually does not correspond well to an independent book reference. Often you spend time flipping from chapter to chapter just to find all the information on a particular topic that may be applicable to one exam objective. With Sybex’s Complete Review Guide, the flipping is over. This book is arranged according to the exam objecitves. Each chapter corresponds with a unique exam objective from the Objective List, and each section within a chapter corresponds to a subobjective from the Objective List. This translates into easy, targeted studying. It also makes it easy to find information about the latest new topics (Virtualization!! Mobile Devices?!?) So if you know that your knowledge is deficient in a particular area (did I mention mobile devices?), then you can go right to that chapter and section to find what you need. (BTW, mobile devices are covered in Chapter 8, pages 363-377.)
Secondly, I love that they give you just the facts you need. This guide is very exam focused. For example, they don’t spend a lot of time explaining the history of computer hardware. If you are looking for a resource that gets straight to the point, then this guide is your choice. It guides you into a focused mode of study to help you learn the information needed to pass the exam.
Finally, the book has plenty of charts, graphics, and bullet points (charts, graphics, and bullets, oh my!) If you have read any of my resource reviews in the past, you know I am a big fan of these study aids. When you have knowledge that you just need to know for an exam, it is often easier to study if this information is in a chart or listed in bullet points. Pictures always help you to recognize hardware, ports, connectors, and the like, which is VERY important for an A+ technician.
In the interest of full disclosure, I should mention that I played a small part in the publication of this book. As you may have noticed, Troy McMillan, a fellow member of Transcender’s Content Development team, is one of the authors of this book. Through my connection with Troy, I was able to participate as a technical editor of this book. I can attest to the effort that these authors put into its development. Because there are so many facts that you must know, covering the A+ content in a concise manner can be quite daunting. But after sharing the process with Emmet and Troy, I can tell you that these guys have done a great job!
Keep this book in mind when you decide to start preparing for the new A+ exam. It’s a great resource for getting up to speed! And watch in the coming days for my post regarding upcoming changes to the Network+ and Security+ exams.
Tags: casp, resource review, study resources
All of you have probably heard of CompTIA’s first Master series certification: the CompTIA Advanced Security Practitioner (CASP) certification. I took the exam some months back and am proud to say I passed it. If you want to know more about my experience, please read my previous post. In that article, I promised a review of the only CASP reference that is currently available, the CASP CompTIA Advanced Security Practitioner Study Guide by Michael Gregg and Billy Haines. Well, it’s a bit past the promised due date of April (where has the time gone?), but I finally have gotten a chance to complete my review.
I used this book as my primary reference when I was writing Transcender’s Cert-CAS-001 practice test. I found that the book was thorough and covered all of the topics on the exam. I particularly loved the Exam Essentials section at the end of each chapter. I would suggest that any test candidate read the Exam Essentials section for each chapter and think about how to test a particular point using a job task.
If you hadn’t already heard, the CASP exam includes performance-based items. These item types require that you perform certain tasks to fulfill the objectives given in the scenario. The very nature of these item types requires that you actually perform security-related tasks on a daily basis in your workflow; therefore, they are almost impossible to replicate in a book. The book’s method of addressing these item types is to include exercises for you to complete on your own. Each chapter includes several exercises to reinforce the topics presented in the chapter. These exercises, which are included in the Lab Manual (Appendix A in the book), will help you understand the tasks that security professionals must perform.
Performing the exercises requires a standard personal computer (not a server or desktop powerhouse) with the capacity to run VMware Player; some exercises require that you have a copy of a Windows desktop operating system, either as the native OS or running on a virtual machine. The labs direct you to download and install various readily available forensic tools, such as Nessus and Wireshark.
The Exam Essentials sections and the Exercises work together to provide a good all-around experience for the test candidate. But to ensure that you can pass the exam, I would recommend that you take all these one step further. For example, one of the Exam Essentials in Chapter 2 is:
Be able to describe advanced network design concepts. Advanced network design requires an understanding of remote access and firewall deployment and placement. Firewall placement designs include packet filtering, dual-homed gateway, screened host, and screened subnet.
Specific scenarios that address this Exam Essential may include: knowing when to deploy a firewall, knowing how to configure ACLs, and knowing where in a complex network a firewall is best deployed. So you should take some extra time to ensure that you understand network diagrams, and research best practices for device deployment.
This book is an excellent reference to start you on your journey to becoming a CASP. If you pair this book with Transcender’s practice test, you will be well on your way to success. It’s worth noting that Transcender’s practice test actually includes 8 performance-based scenarios that will expose you to the type of items you will see on the live exam. This is the ONLY practice test on the market right now that includes these types of items for the CASP product. It is just one more way that we demonstrate why our products are considered leading-edge test prep materials and have been preferred by IT professionals for nearly 20 years.
Check back with us over the next few weeks as I hope to provide you with a bit more information on the CASP exam, including where this exam fits into the current certification pathways, and how to prepare for the CASP. Feel free to drop me a line with any CASP questions you may have.
Tags: a+, casp, cloud, HIT, jean andrews, joy dark, michael gregg, mike meyers, mike murray, mobile, study resources
I was fortunate to be able to attend the CompTIA Academy Educator Conference over this past weekend. CompTIA promised that we would learn about the new A+ exams, the CompTIA Advanced Security Practitioner (CASP) exam, and the Healthcare IT Technician (HIT) exam. This promise was fulfilled with presentations from Mike Meyers, Jean Andrews, Joy Dark, and yours truly. Following is a quick recap on each of these topics, with more detailed posts to follow in the next week or two.
Virtualization in A+
Mike Meyers gave a presentation on virtualization. He covered the different virtualization products, including several free options as well as the major vendor products. He explained the installation and configuration processes for the various technologies. Educators reading this post should keep in mind that virtualization is a newly introduced topic to be included in the upcoming release of A+. In the A+ 220-802 exam, objective 1.9 states the following:
Explain the basics of client-side virtualization.
Purpose of virtual machines
Keep your eye out for my upcoming post about virtualization content in the new A+ exams.
Mobile technology in A+
Author Jean Andrews, best known for her CompTIA study guides and PC repair guides, also spent some time discussing the upcoming A+ exam changes. Her presentation included a great demonstration of mobile phone emulators that can be installed in a classroom environment. If you’re wondering why this is important, let me remind you that in the A+ 220-802 exam, objective 3 is dedicated to mobile devices (9% of the overall exam coverage). Look for my upcoming posts regarding mobile devices, including one on installing the mobile phone emulators and one on a new technician toolkit for mobile devices.
New certification: the HIT
I had the pleasure of meeting Joy Dark. Joy has recently released a book, which she co-wrote alongside author (and mom) Jean Andrews, all about the CompTIA Healthcare IT Technician (HIT) exam. Any A+ technician who is considering working in a healthcare environment should consider obtaining this certification. While A+ and Network+ knowledge is vital, a technician working in a healthcare industry must also understand healthcare terminology, regulations, and processes. This certification melds the world of IT with the needs of administering healthcare and healthcare records. I would highly recommend that educators take a serious look at this certification. CompTIA is expecting great things for it in the coming year.
Security+ and the CASP
In my presentation, I tried to explain to educators three main points about the CASP exam: What the CASP certification is, where the CASP certification fits in our industry, and how to prepare for the CASP certification. Look for an upcoming post that gives the details of this presentation. I will also be posting about the primary reference I used for this exam (see the “study guides and resources” header below for a quick link).
The event also included two great security presentations: one from Mike Murray of Mad Security on training the security professional and one from Michael Gregg, the author of the CASP book mentioned in the previous paragraph, on the role of certification in security. Again, look for an upcoming post regarding security training solutions.
Study guides & resources
Joy Dark and Jean Andrews wrote the book that maps directly to the HIT exam objectives: The CompTIA Healthcare IT Technician HIT-001 Authorized Cert Guide (Cert Guides), published by Pearson. This book is released and shipping.
Mike’s newest edition of the A+ study guide is the CompTIA A+ Certification All-in-One Exam Guide, 8th Edition (Exams 220-801 & 220-802) from McGraw-Hill Osborne Media, which is currently available for pre-order by clicking here.
As I prepared my CASP presentation, I referred extensively to the CASP CompTIA Advanced Security Practitioner Study Guide: Exam CAS-001 (Comptia Study Guide), published by Sybex. This book is released and shipping.
As you can see, the event gave me a plethora of information that I feel I MUST pass on to you. So expect to be bombarded with posts from me over the coming weeks.
I am already looking forward to next year’s CompTIA Academy Educator Conference. You should start making plans to be there!
Tags: CompTIA, network+, pearson, resource review, study resources
Pearson Education has released a book, the CompTIA Network+ N10-005 Authorized Cert Guide, which has been written specifically for the new version of CompTIA’s Network+ exam, N10-005. Luckily, I was able to obtain a copy of this book while I was developing our N10-005 practice test. I found the book helpful in providing details in some topics, particularly topics that were new to the N10-005 exam. I wanted to share with you what I felt were the strongest points about this book, as well as areas where I thought it fell a little short. But don’t stop reading yet – there was a lot that was good and worthwhile about this resource!
If you’ve read any of my resource review posts in the past, you will know that I am a fan of charts, tables, and bulleted lists. Most CompTIA exams include a lot of knowledge-based material that you must memorize: things like media types, media speed, maximum distances, and so on. Pearson’s books always include plenty of those charts, tables, and lists that prove to be very helpful in preparing for the exam. This book includes just the right mix of charts, tables, and bulleted lists. In addition, the book includes lots of graphics to help illustrate the topics covered, including media connector graphics, cable composition graphics, and so on. You should take the time to study all the charts, tables, bulleted lists, and graphics.
The book includes a DVD that contains a practice test, supplementary memory tables, and training videos. I feel the practice test isn’t on the level of the Transcender practice test. I’m not just saying that because I work here, but because the item explanations aren’t written to the depth that ours are. Pearson’s practice test also includes item types that are not covered in the live exam. So I worry that users would be inadequately prepared for the live exam.
In going through the content, I was glad to see that Pearson’s book did cover most of the new topics that are now included in the Network+. However, this subject matter was not always easy to find. The topical Index located in the back of the book wasn’t as comprehensive as I had hoped for. A lot of times, when I am preparing for a new exam version, I spend time looking for study materials on the new topics. Usually, I just look for that topic in the Index of the latest reference book. In this book, however, it took some effort to find those new topics using the Index. To Pearson’s credit, they quickly got back in my good graces when I noticed that the book comes with free 45-day online access to the electronic form of the book. After creating my online account, I was able to search for some of those terms that I couldn’t find through the Index. So my advice is: Use that online version to search for those topics you are unsure of, but keep in mind the 45-day limit. (Hey, Pearson Education: What’s up with that? I may not take the exam in 45 days. If you aren’t going to give me unlimited access to it, can you at least include a PDF version of the book’s content on the DVD that comes with the printed copy?)
While the book does a fairly decent job of covering the topics from CompTIA’s Exam Guide for N10-005, I should warn you about the depth of that coverage. To Pearson’s defense, this book was written and released BEFORE the Network+ exam was actually released. As a CompTIA Partner, Pearson does NOT get early access to the test. I know this for a fact because Transcender is also a CompTIA Partner. Without seeing the live exam content, there are no guarantees that coverage is to the depth that is needed. So keep in mind that you may see topics on the live exam that are not covered adequately in this book.
In summary, I think this is a decent reference for studying for the Network+ exam. It would provide a great beginning to the study process. But in my opinion, some topics are not covered as well as others, so other references may need to be incorporated into your study plan. (Shameless plug: Did I already mention that Transcender’s Cert-N10-005 practice test has just been released?)
I would love to hear from our readers with any questions/comments you may have!
Tags: CISSP, resource review, Security+, study resources, study tips
Well, 2011 is more than halfway done, and my world has revolved around all things CompTIA. Between Windows 7 updates for the A+ exams and a new Security+ exam, I have had little time to focus on anything else. But the CISSP certification has been on my mind, mainly because I was already working on security topics for the Security+. So immediately after completing our new Security+ (SY0-301) practice test development, I began updating our CISSP practice test. This update will focus on expanding the explanations for our items, writing new items on new content, and editing existing references to cover the All-In-One CISSP Exam Guide, Fifth Edition.
The latest news is that an update to the CISSP exam is scheduled for January 1, 2012. A quick visit to the ISC2 website, https://www.isc2.org/cib/Default.aspx, and you can download the newest Candidate Information Bulletin (CIB) for the CISSP. The CIB is a document that lists the knowledge areas that are covered in the exam. The CIB also contains candidate-focused information on the exam format, exam guidelines, and so on.
After downloading and reviewing the CIB, I realized our students (you) would probably appreciate an explanation of the changes that I noted. So what follows is a brief description of the changes. Please keep in mind that I am strictly analyzing the content of the CIB. I do not in any way have any inside knowledge about the new CISSP version that is coming in January aside from what is listed in the CIB. For each Knowledge area, I will be highlighting any changes in red. Changes include any new data or any data that is moved from one Knowledge Area, or subobjective, to another.
As always, the 2012 update to CISSP covers 10 main Knowledge Areas (changes are in bold, red font):
- Access Control
- Telecommunications and Network Security
- Information Security Governance and Risk Management
- Software Development Security (formerly Application Development Security)
- Security Architecture and Design
- Security Operations (formerly Operations Security)
- Business Continuity and Disaster Recovery Planning,
- Legal, Regulations, Investigations, and Compliance
- Physical (Environmental) Security
I will analyze the first five Knowledge Areas in this post. In the coming weeks, I will analyze the second five Knowledge Areas.
In the Access Control Knowledge Area, there are now four subobjectives instead of three. Subobjective 4 is completely new. Here are the new subobjectives for the Access Control Knowledge Area (changes are in red and boldface font):
|subobj 1||Control access by applying the following concepts/methodologies/techniques: policies, types of controls (preventative, detective, corrective, etc.), techniques (e.g., non-discretionary, discretionary, and mandatory), identification and authentication, decentralized/distributed access control techniques, authorization mechanisms, and logging and monitoring.|
|subobj 2||Understand access control attacks: threat modeling, asset valuation, vulnerability analysis, access aggregation|
|subobj 3||Assess effectiveness of access controls: user entitlement, access review and audit|
|subobj 4||Identity and access provisioning lifecycle (e.g., provisioning, review, revocation)|
In the Telecommunications and Network Security Knowledge area, there are now four subobjectives instead of three. The first subobjective for this Knowledge area, Establish secure data communications, is actually included as part of subobjective 3. Here are the new subobjectives for the Telecommunications and Network Security Knowledge area (changes are in red and boldface font):
|subobj 1||Understand secure network architecture and design (e.g., IP and non-IP protocols, segmentation): OSI and TCP/IP models, IP networking, implications of multi-layer protocols|
|subobj 2||Securing network components: hardware (e.g., modems switches, routers, wireless access points), transmission media (e.g., wired, wireless, fiber), network access control devices (e.g., firewalls, proxies), end-point security|
|subobj 3||Establish secure communication channels (e.g., VPN, TLS/SSL, VLAN): voice (e.g., POTS, PBX, VoIP), multimedia collaboration (e;g;, remote meeting technology, instant messaging), remote access (e.g., screen scraper, virtual application/desktop, telecommuting), data communications|
|subobj 4||Understand network attacks (e.g., DDoS, spoofing)|
In the Information Security Governance and Risk Management Knowledge area, there are now 10 subobjectives instead of 14. The Support certification and accreditation subobjective was completely deleted. The Develop and implement information security strategies and Assess the completeness and effectiveness of the security program subobjectives are now part of the Manage the security function subobjective. Finally the professional ethics subobjective has been moved to the Legal, Regulations, Investigations, and Compliance Knowledge area. While subobjective 5 and 6 may at first appear new, but they are actually just existing subobjectives that has been reworded. Here are the new subobjectives for the Information Security Governance and Risk Management Knowledge area (changes are in red and boldface font):
|subobj 1||Understand and align security function to goals, mission, and objectives of the organization.|
|subobj 2||Understand and apply security governance: organizational processes(e.g., acquisitions, divestitures, governance committee), security roles and responsibilities, legislative and regulatory compliance, privacy requirements compliance, control frameworks, due care, and due diligence.|
|subobj 3||Understand and apply concepts of confidentiality, integrity, and availability.|
|subobj 4||Develop and implement security policy: security policies, standards/baselines, procedures, guidelines, and documentation.|
|subobj 5||Manage the information life cycle (e.g., classification, categorization, and ownership)|
|subobj 6||Manage third-party governance (e.g., on-site assessment, document exchange and review, process/policy review)|
|subobj 7||Understand and apply risk management concepts: identify threats and vulnerabilities, risk assessment/analysis (qualitative, quantitative, hybrid) , risk assignment/acceptance, countermeasure selection, tangible and intangible asset valuation|
|subobj 8||Manage personnel security: employment candidate screening (e.g., reference checks, education verification), employment agreements and policies, employee termination processes, and vendor, consultant, and contractor controls.|
|subobj 9||Develop and manage security education, training, and awareness.|
|subobj 10||Manage the security function: budget, metrics, resources, develop and implement information security strategies, assess the completeness and effectiveness of the security program|
In the Software Development Security Knowledge area, the same subobjectives are listed. But within each subobjective, there are some minor changes. For subobjective 1, risk analysis was removed. For subobjective 3, the listing of the tools to assess the effectiveness of software security are no longer listed. Here are the new subobjectives for the Software Development Security Knowledge area (changes are in red):
|subobj 1||Understand and apply security in the system life cycle: Development Life Cycle, Maturity models, Operation and maintenance, and Change management.|
|subobj 2||Understand the environment and security controls: security of the software environment, security issues of programming languages, security issues in source code (e.g, buffer overflow, escalation of privilege, backdoor), and configuration management.|
|subobj 3||Assess the effectiveness of software security|
In the Cryptography Knowledge area, a new subobjective has been added and two subobjectives have been minimally revised. Here are the new subobjectives for the Cryptography Knowledge area (changes are in red):
|subobj 1||Understand the application and use of cryptography: data at rest (e.g, hard drive) and data in transit (e.g., “on the wire”).|
|subobj 2||Understand the cryptographic life cycle (e.g., cryptographic limitations, algorithms/protocol governance)|
|subobj 3||Understand encryption concepts: foundational concepts, symmetric cryptography, asymmetric cryptography, hybrid cryptography, message digests, and hashing.|
|subobj 4||Understand key management process: creation/distribution, storage/destruction, recovery, and key escrow.|
|subobj 5||Understand digital signatures.|
|suboj 6||Understand non-repudiation.|
|subobj 7||Understand methods of cryptanalytic attacks: chosen plain-text, social engineering for key discovery, brute force (e.g., rainbow tables, specialized/scalable architecture), cipher-text only, known plaintext, frequency analysis, chosen cipher-text, and implementation attacks.|
|subobj 8||Use cryptography to maintain network security.|
|subobj 9||Use crypgraphy to maintain application security.|
|subobj 10||Understand Public Key Infrastructure (PKI).|
|subobj 11||Understand certificate-related issues.|
|subobj 12||Understand information hiding alternatives (e.g., steganography, watermarking).|
Watch in the coming weeks for the second half of this post that covers the other Knowledge areas. During that post, I will explain how these changes may affect your studying habits and what it all means for our Transcender practice test.
Tags: CISSP, resource review, Security+, study resources
As I near the end of development for our Security+ SY0-301 practice test, I’m pretty excited about the changes to CompTIA’s Security+ exam. While you can always count on the Security+ exam to cover authentication, cryptography, and access control, there are a few new attacks and technologies to concern yourself with. So while the old version of Security+ does have some overlap with the new version, there is enough new content to excite this content developer!
I am really glad that cloud computing is finally addressed, even if only in its most basic aspects. Virtualization coverage was expanded a bit from the SY0-201 exam. But as the list of terms grew – evil twin, pharming, phishing, vishing, whaling, bluesnarfing – I started wishing for a comprehensive resource. Then I stumbled upon one while completing some research.
Sybex has released the CompTIA Security+ Study Guide by Emmett Dulaney (ISBN 978-1-118-01473-8). I found this resource to be very comprehensive when addressing the topics covered in CompTIA’s Exam Guide. The book includes 15 chapters and is arranged in a logical format (thank you Emmett, for thinking of your left-brained friends!). At the beginning of each chapter, you’ll find a list of the subobjectives from the Exam Guide that are included in that chapter. This is very useful, particularly if you realize that you don’t understand a certain topic (like, maybe, cloud computing?). Also, at the beginning of the book is a tear-out list of the CompTIA Exam Guide, in order, with chapter headings. Graphics, tables, and tips are included throughout the book in just the right amount. It is a wonderful resource for those preparing for the latest version of Security+, SY0-301.
Remember, the Security+ exam is focused on ensuring your understanding of basic IT security. In the past, I often encouraged students who are considering obtaining the CISSP certification to take the Security+ first. This is still my recommendation. In fact, the objectives in this latest version of Security+ completely overlap the CISSP knowledge areas, including some that it had ignored in the past. While CISSP tests areas that Security+ does not, all of the Security+ areas are included in the CISSP objectives, particularly control types (technical, management, and operational), risk calculation, quantitative versus qualitative risk, and methods of dealing with risk (avoidance, transference, acceptance, and so on) .
In August, I’ll be attending CompTIA Breakaway 2011 in Washington, DC. Look for me there, and let me know what you think about our products, your latest certification, or any good reference material you may stumble upon while studying – I could always use more reading material!
Tags: #windows7, 70-680, 70-685, 70-686, free stuff, study resources, Windows 7
Eric Clapton had a song on his Money & Cigarettes album many years ago called “Everybody oughta make a change.” Microsoft recently made some changes by releasing the new Windows 7 operating system and some corresponding new exams:
- 70-680 TS: Windows 7, Configuring
- 70-685 Pro: Windows 7, Enterprise Desktop Support Technician
- 70-686 Pro: Windows 7, Enterprise Desktop Administrator
The 70-685 and the 70-686 exams just recently ended their beta period. I expect these exams will be released in a couple of weeks, while 70-680 is already available.
I had the opportunity to take all three of the beta exams.
- The 70-680 test covers a wide cross-section of topics: migrating your computer to Windows 7 and other deployment issues, configuring applications and Internet Explorer, understanding IPv4 and IPv6, configuring network settings, configuring BranchCache, configuring Mobile Computing, understanding backup and recovery options, and monitoring Windows 7.
- Look for much more in-depth coverage of deploying Windows 7 on the 70-686 exam, from migration to clean installations and the attendant hardware requirements. The 70-686 exam objectives cover deploying images, deploying application packages, designing client configurations, and overall troubleshooting.
- The 70-685 exam covers troubleshooting desktop application issues, networking issues, security issues, supporting mobile clients and maintaining Windows 7 clients. This test was pretty straightforward, in my experience. You had to be very familiar with the new GPO policy settings that affect Windows 7 and Windows Server 2008 R2.
Since I troubleshoot more than I deploy Windows 7, I found the 70-685 beta exam to be easier than the 70-686 exam. The 70-686 exam was the hardest one of the three, in my humble opinion. You really need a lot of experience deploying images and experience with the System Center suite of products.
Unfortunately, when I was prepping for these exams, there were not a lot of resources available. However, more resources on Windows 7 are being released every day.
Deploying Windows 7 free e-book – download the Deploying Windows® 7 Essential Guidance from the Windows 7 Resource Kit and TechNet Magazine for free via download (thanks, Born To Learn). This is a great resource for prepping for the 70-686 exam when it is eventually released.
Free Windows 7 book chapters PDF – Safari Books Online is offering a combo pack of several chapters from four new Windows 7 texts – download it at http://www.safaribooksonline.com/technet/windows7/?cid=200910-my-technetnewsletter-win7.
Transcender’s 70-680 practice exam (written by yours truly) has 160 multiple-choice and interactive test items, plus 226 flash card items. Check it out here: http://www.transcender.com/product.aspx?product_id=Cert-70-680
Global Knowledge released a series of free whitepapers and blog posts on Windows 7. Here are a few to start you off:
- Windows 7 Review Guide
- How hard can it be? Upgrading Window Vista Home Premium to Windows 7 Ultimate (I)
- How hard can it be? Upgrading Window Vista Home Premium to Windows 7 Ultimate — part 2
- 6 Things Every IT Department Should Know about Windows 7
Here are Free Windows 7 Training Videos — 5 introductory training videos on Windows 7.
If anyone has a favorite Windows 7 study resource, let me know and I’ll add it to this list.
Here’s a rundown on the certifications for Windows 7. If you pass the 70-680 exam, you can achieve the following:
- MCTS: Windows 7, Configuration
If you pass both the 70-680 exam and 70-685 exam, you can achieve the following:
- Microsoft Certified IT Professional (MCITP): Enterprise Desktop Support Technician 7
If you pass both the 70-680 exam and 70-686 exam, you can achieve the following:
- Microsoft Certified IT Professional: Windows 7, Enterprise Desktop Administrator
A lot of people say that a lot of companies are not adopting Windows Server 2008 as fast as Microsoft thought they were going to. This is probably true. The economy has not been good over the last two years. However, there is strong evidence that Windows 7 will be widely adopted in a short period of time. New desktops, laptops, and netbook computers will have it installed (and I haven’t heard a rumor of a downgrade license option). The U.S. government has the 8570.1 directive to require certification for all government personnel involved in Information Assurance. There will be a high demand for Windows 7 skills. You should take Eric Clapton’s lead and make a change. Get certified in Windows 7 before everyone else does.