Tags: casp, CompTIA, Performance-Based Testing, Security+
It’s getting close to that time of year again, folks. The CompTIA Academy Educator Conference will be held on August 1-3 in beautiful Phoenix, Arizona. (Now, I’m just taking everyone else’s word on the beautiful part. This will be my first visit there! But the pictures I’ve seen are lovely.)
This three-day event is well worth your time if you are an educator at any level (high school, college, professional) and you instruct individuals who are seeking CompTIA certifications. As a peer-to-peer networking resource, it’s beyond compare. You also get to rub elbows with some great folks – ehem – ME! Also, you don’t have to be a CompTIA Academy educator to attend. However, the sessions are designed to benefit Academy Partners. If your organization is not an Academy Partner, visit this site to learn how (and why) to become one: http://partners.comptia.org/Academy-Partner.aspx.
With the recent release of a new Security+ exam and the new CASP and Network+ exams due to be released in the coming months, it’s a great idea to attend this conference just to stay on top of things. My presentation on Friday will cover the new Security+ exam, the CASP exam, some techniques for covering the new performance-based items in your classroom. I will also share some information about braindumps/piracy and why you should never use this type of content in your classroom. You can see the full schedule here: http://www2.comptia.org/events/events/academy-educator-conference/agenda.aspx
For all conference related information, including the agenda, registration information, exhibitor information, and hotel information, visit the CompTIA Academy Educator Conference page. If you register before July 31st, you pay $199 instead of $399 at the event. Believe me when I say that this will be the best $199 you will spend.
I would LOVE to see you there!
Tags: CompTIA, Security+
In my first post, I covered the overall changes from SY0-301 to SY0-401. I described how the exam is moving from “tell” to “show and tell,” with more emphasis on applying your knowledge to scenarios than simply answering fact-based questions.
In my second post, I went into detailed changes in the first three domains. This post will wrap up the topic-level changes that will affect those who previously studied for the SY0-301, as well as those who are approaching the Security+ exam for the first time. I’ll also cover the alphabet soup of new acronyms added to the list of “terms you should be familiar with.” Hang on to your hats!
Domain 4: Application, Data and Host Security Changes
Domain 4.1 is “Explain the importance of application security controls and techniques.” There are two new topics for this domain: NoSQL databases vs. SQL databases, and Server-side vs. Client-side validation.
In SY0-301, mobile devices were covered as a subdomain of Domain 4.2, “Carry out appropriate procedures to establish host security.” The 2014 test makes mobile devices the sole topic of Domain 4.2, which is now called “Summarize mobile security concepts and technologies.” This domain covers these topics, all of which are new to the Security+ exam (with the exception of GPS):
- Device security
- Full device encryption
- Remote wiping
- GPS (included in 4.2 in SY0-301)
- Application control
- Storage segmentation
- Asset tracking
- Inventory control
- Mobile device management
- Device access control
- Removable storage
- Disabling unused features
- Application security
- Key management
- Credential management
- Application whitelisting
- Transitive trust/authentication
- BYOD concerns
- Data ownership
- Support ownership
- Patch management
- Antivirus management
- Adherence to corporate policies
- User acceptance
- Architecture/infrastructure considerations
- Legal concerns
- Acceptable use policy
- On-board camera/video
The non-mobile device topics from the old Domain 4.2 are now in the new Domain 4.3, which states “Given a scenario, select the appropriate solution to establish host security.” There are a few new topics in this domain: OS hardening, white listing vs. black listing applications, trusted OS, host-based intrusion detection, and virtualization subtopics (including snapshots, patch compatibility, host availability/elasticity, security control testing, and sandboxing).
Domain 4.4 now states “Implement the appropriate controls to ensure data security” where this SY0-301 domain (which was 4.3) merely asked you to explain concepts in data security importance. The new topics in this domain are cloud storage, SAN, Handling Big Data, data in-transit/data at-rest/data in-use, permissions/ACL, and data policies (including wiping, disposing, retention, and storage).
Domain 4.5 is another new domain, called “Compare and contrast alternative methods to mitigate security risks in static environments” (aka “Did someone hack your refrigerator?”). The topics are divided into Environments and Methods, with the following subtopics:
- Embedded (Printer, Smart TV, HVAC control)
- Android and iOS
- Game consoles
- In-vehicle computing systems
- Network segmentation
- Security layers
- Application firewalls
- Manual updates
- Firmware version control
- Control redundancy and diversity
Domain 5: Access Control and Identity Management Changes
Domain 5.1 now states “Compare and contrast the function and purpose of authentication services” where the SY0-301 domain was about explaining this information. There are only two new topics here: SAML and Secure LDAP.
Domain 5.2 now states “Given a scenario, select the appropriate authentication, authorization or access control,” where the SY0-301 domain asked you to simply explain these concepts. Many of the topics have changed their wording, but are essentially the same concept. The only new topics in this category are authentication (TOTP, HOTP, CHAP, PAP), federation, and transitive trust/authentication.
Domain 5.3 now states “Install and configure security controls when performing account management, based on best practices.” The new topics included in this domain are as follows:
- Account policy enforcement (credential management; Group policy; password history, reuse, and length; and generic account prohibition)
- User access reviews
- Continuous monitoring
Domain 6: Cryptography Changes
Domain 6.1 now states “Given a scenario, utilize general cryptography concepts” where the SY0-301 domain asked you to summarize these concepts, so this is another domain that will now involved scenario-based questions. This domain has four new topics: session keys, in-band vs. out-of-band key exchange, ephemeral key, and perfect forward secrecy.
Domain 6.2 now states “Given a scenario, use appropriate cryptographic methods,” where this SY0-301 domain did NOT mention scenarios. The new topics for this domain are Diffie-Hellman, DHE, ECDHE, cipher suites (specifically strong vs. weak ciphers), and key stretching (PBKDF2, Bcrypt).
Domain 6.3 now states “Given a scenario, use appropriate PKI, certificate management and associated components” and is the result of combining Domains 6.3 and 6.4 from SY0-301 and adding the scenario stipulation. This domain has added topic coverage for certificate authorities and digital certificates, including OCSP and CSR.
Alphabet Soup: Acronyms to Know and Love
The Security+ exam objectives also include a list of acronyms. While I don’t advocate trying to memorize the entire list, it’s good to skim it and read up on terms you’re not familiar with. You may know that concept in practice, but not by the specific name it’s called on the Security+ exam. Or it may be a concept so familiar that it never occurred to you to make an acronym of it (such as TOTP – Top of the Page ).
There are seventy new acronyms on the list (and only one removed – they no longer ask you to remember BOTS as Network Robots). I repeat, don’t panic: many of the new additions to the acronym list were already included as subtopics or topics on SY0-301. Also, the majority of these terms are familiar to anyone who does any kind of work in computers.
The completely new concepts are:
API – Application Programming Interface
ASP – Application Service Provider
BAC – Business Availability Center
BIA- Business Impact Analysis
BPA – Business Partners Agreement
BYOD – Bring Your Own Device
CAPTCHA- Completely Automated Public Turning Test to Tell Computers and Humans Apart
CIO– Chief Information Officer
COOP – Continuity of Operation Planning
CP – Contingency Planning (included as “IT contingency planning” in Domain 2.5 in SY0-301)
CSR – Control Status Register
CSU – Channel Service Unit
CTO- Chief Technology Officer
DHE – Data-Handling Electronics
DNAT – Destination Network Address Transaction
DSL – Digital Subscriber line
DSU – Data Service Unit
ECDHE – Elliptic Curve Diffie-Hellman Key Exchange
ESN- Electronic Serial Number
GPO – Group Policy Object
HOTP – HMAC based One Time Password
HTML – HyperText Markup Language
IRP – Incident Response Procedure
ISA – Interconnection Security Agreement
ISSO- Information Systems Security Officer
ITCP – IT Contingency Plan (included as “IT contingency planning” in Domain 2.5 in SY0-301)
LAN – Local Area Network (was LANMAN, Local Area Network Manager, in SY0-301)
MaaS- Monitoring as a Service
MOU – Memorandum of Understanding
MPLS – Multi-Protocol Layer Switch
MTBF – Mean Time Between Failures (a topic in 2.7 in SY0-301)
MTTR – Mean Time to Recover (a topic in 2.7 in SY0-301)
MTTF – Mean Time to Failure (a topic in 2.7 in SY0-301)
NDA – Non-Disclosure Agreement
OCSP – Online Certificate Status Protocol
OLA – Open License Agreement
P2P – Peer to Peer
PAM – Pluggable Authentication Modules
PBKDF2 – Password Based Key Derivation Function 2
PCAP – Packet Capture
PIV – Personal Identity Verification
ROI – Return of Investment
RPO – Recovery Point Objective
SAML – Security Assertions Markup Language
SAN – Storage Area Network
SCADA – System Control and Data Acquisition
SCEP- Simple Certificate Enrollment Protocol
SEH – Structured Exception Handler
SIEM – Security Information and Event Management
SOAP – Simple Object Access Point
SQL – Structured Query Language
SSD – Solid State Drive
TOTP – Top of the Page
TSIG – Transaction Signature
UEFI – Unified Extensible Firmware Interface
UDP- User Datagram Protocol
URI- Uniform Resource Identifier
UTM- Unified Threat Management
VDI – Virtualization Desktop Infrastructure
WPS – WiFi Protected Setup
WTLS – Wireless TLS
XML – Extensible Markup Language
That’s all, folks!
We have released our SY0-401 practice test, a feat we are especially proud of because we are the first product to market. Please visit the product page for more information!
Well, that’s all I have to say for now. I am sure that you will be hearing from me soon! -Robin
Tags: CompTIA, Performance-Based Testing
Our very own Robin Abernathy will be talking all about performance-based testing, CEUs, and security certifications on Thursday, January 30th at 4pm ET in a webinar hosted by CompTIA. This event is the first of what will be a Professional Development series of webinars hosted by CompTIA and starring some of our favorite industry experts.
Register here to join in the fun! Note that although the description says ‘For Academy Partners,’ this webinar is open to anyone who creates a login ID.
To see the lineup of upcoming events, or to meet some of these experts in person at the next CompTIA Academy Educator Conference this August in Phoenix, AZ, visit: CompTIA Events
Tags: CompTIA, Performance-Based Testing
Our in-house CompTIA product developer, Robin Abernathy, was among the experts interviewed in a recent article published on CompTIA’s IT Careers Blog.
The article, How to Prepare for Performance-Based Questions, brought together a variety of tips and opinions from experts across various training and IT industries. Having all taken exams with performance-based test items, we can attest that they present a solid challenge to the test-taker and eliminate some of the rote memorization.
Robin also summarized a lot of excellent information in our previous blog posts:
Tags: a+, CompTIA, network+, PBT, Performance-Based Testing, Security+
With the release of CompTIA’s new A+ series, 220-801 and 220-802, many of you will finally get your first look at CompTIA’s performance-based questions. The performance-based questions were actually first released by CompTIA in their CompTIA Advanced Security Practitioner (CASP) exam, but the CASP has a more limited audience than CompTIA’s A+, Network+, and Security+ exams.
Several members of our Content Development team have seen the CASP, the new A+ and Network+ performance-based questions, and we all feel that CompTIA is headed in the right direction with these item types. While we can’t share any details ourselves, CompTIA has released information over the past few weeks that will hopefully answer some of your questions. Here are a few resources I would recommend:
- I found a lot of information in the blog post titled “What Is a Performance-Based Question?” I suggest you read the blog post and watch the accompanying video.
- CompTIA also published another blog entry, titled Rigor of New CompTIA A+ 800 Series Exams Reflects Change in Entry-Level IT Roles, explaining the rationale behind the changed format and objectives.
- Pearson IT Certification announced that it will have a FREE Webcast about the new A+ 800-series exams on December 13, 2012. For more information, go to http://promos.pearsonitcertification.com/acton/fs/blocks/showLandingPage/a/1811/p/p-0058/t/page/fm/19. This Webcast looks especially suited for instructors, as it covers what’s new, improved, and different!
Did you notice CompTIA has increased the recommended hours of hands-on field experience to one year, up from the previously recommended six months? Those of us who have already taken the exam perceived a small but definite increase in difficulty. Again, with those performance-based items, you can either perform a task or you can’t. Hands-on experience is key. If the question simulates an action you do every day at work, then you’re probably going to find it a breeze. If it tests a concept you’ve only read about in books or studied in the abstract, it may take you a little longer to puzzle out the solution.
As I already mentioned, the new A+ and Network+ exams include performance-based questions. CompTIA will integrate performance-based questions into the Security+ exam in January.
So it looks like the move is permanent, folks! Embrace it! And know that what CompTIA has released is just the tip of the iceberg. Does anyone remember Microsoft’s 83-640 exam? I think that was a glimpse of where performance-based testing should really go.
Tags: casp, CompTIA, Performance-Based Testing
At the CompTIA Academy Educator Conference in Las Vegas, I made a presentation to help educators better understand the CompTIA Advanced Security Practitioner (CASP) exam. I received such awesome feedback that I decided to write a blog post based on the presentation. I will explain the CASP exam to you, where the exam fits in the certification world, and how you should prepare to take it or prepare your students to take it.
What the CASP Certification is
First, here are some key numbers for you. In CompTIA’s 8th Annual Information Security Trends study, 76% of those responding indicated that their IT staff probably or definitely need more vendor-neutral security training. 81% of those responding indicated that they would give more recognition and financial rewards to the IT staff members who complete a security certification. Based on the findings in the 8th Annual Information Security Trends and other studies, CompTIA decided that:
- An advanced-level security exam would be good to pursue.
- The exam should be performance-based.
- The exam should fit into other vendors’ certification(s) as an elective.
- The exam should concentrate on new technologies that demand a concentration in security aspects, such as IPv6, VoIP, and SaaS.
- Acceptance of the exam would depend on the U. S. government’s acceptance of the new certification and its applicability to Department of Defense Directive (DoDD) 8570. According to CompTIA’s IT and CyberSecurity white paper, “Those seeking compliance with IA Technical Level III and IA Management Level II of U.S. DoD Directive 8570.01-M. (CASP is proposed to the 8570 Directive for these workforce categories.)”
The result was the CASP, the first certification in the Master Series of certifications released by CompTIA. The CASP exam will certify that the successful candidate has the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments.
The CAS-001 exam is available at Pearson Vue testing centers, and is currently available in English only.
How the CASP exam is structured
The CASP exam is a single exam that consists of multiple-choice, scenario-based, and performance-based questions. For the performance-based items, the CASP candidate is given a scenario/problem and prompted to push a button to launch a simulated environment that is created via software.
The candidate has 150 minutes to complete 80 questions. Upon completion, the candidate is given a Pass/Fail score. No numerical score is given. The domain distribution for the CASP exam is as follows:
Enterprise Security – 40%
Risk Management, Policy/Procedure, and Legal – 24%
Research and Analysis – 14%
Integration of Computing, Communications, and Business Disciplines – 22%
Where the CASP fits among security certifications
CompTIA has created a great graphic (shown below) that shows the CASP certification sitting between CompTIA’s Security+ certification and (ISC)2’s CISSP certification.
The way that CASP requires you to put real-world applications into abstract concepts elevates it above the Security+. The CASP exam expects candidates to take the core security concepts introduced in the Security+ exam and apply them to work situations. For example:
- In Security+, you should know the ports used by the HTTP and HTTPS protocols.
- In CASP, you should know the same ports, but you will have to apply them in a router or firewall configuration. This will include opening and closing the appropriate ports via rules or ACLs and ensuring that the rules are in the correct order.
- In Security+, you should know when you would need to deploy a firewall.
- In CASP, you should know when to deploy a firewall, but you would also need to deploy it in the appropriate location and know where to deploy any other devices/servers located in the DMZ/perimeter network.
After taking the CASP exam, I will agree that it’s harder than the Security+, but I feel it is equally as difficult as the CISSP exam. The CISSP exam is difficult in the breadth of knowledge that a test candidate must possess, but in the end, it is still just a standard multiple-choice, knowledge-based exam. Including performance-based items in the CASP takes this exam to the next level, even surpassing the CISSP exam when it comes to difficulty (in my opinion).
So while I accept CompTIA’s graphic and its placement of the CASP in the security certification world, I also feel that time will be kind to the CASP exam as it becomes more widely understood and accepted in the industry.
How to Prepare for the CASP Certification
Practical experience is needed for this exam, including:
- Experience configuring ACLs/rule lists for router, firewalls, and so on.
- Experience deploying hardware in a network. Specifically, you’ll need to understand WHERE hardware is deployed in a given network diagram based on requirements.
- The ability to recognize when devices are under attack by viewing logs, including understanding what type of attack is occurring, the identity of the attacker, how to protect against the attack, and where to deploy the protection.
- The ability to verify file security from a given hash value.
You can view a few multiple-choice practice questions on the CompTIA web site here: http://certification.comptia.org/Training/testingcenters/samplequestions/CASP-Practice-Questions.aspx
We at Transcender have created a wonderful product in our Cert-CAS-001 practice test. Our practice test includes simulation items that will better prepare you for the performance-based items on the live exam. At the time of this post, no other practice test provider includes these types of items in their CASP product.
Also, Sybex has released a great study resource: the CASP CompTIA Advanced Security Practitioner Study Guide by Michael Gregg and Billy Haines, which I reviewed in a previous blog post. It is a great place to get started, even if you’re still accumulating those five years of hands-on technical security experience recommended as a prerequisite by CompTIA.
I hope this helps you to take the next step in your career and pursue the CASP certification. If you have any CASP-related questions, feel free to drop me a line!
Tags: exam tips, Performance-Based Testing, Study hints, test-taking tips
If you’ve taken a Microsoft test in the past, you’ve experienced the Single Answer Multiple Choice and Multiple Answer Multiple Choice questions. While this is a tried and true psychometric technique, a multiple choice question does not always fully test a candidate on his or her knowledge of the material. You may remember that a few years ago Microsoft launched performance-based testing (PBT) segments with their multiple choice questions. The 83-640 exam included a series of tasks that tested candidates’ abilities in a virtual environment. Although this exam and item type have since retired, most of us that had the chance to experience this item at a test center agreed it was the ultimate test of a candidate’s skill. And I, for one, very much doubt we’ve seen the end of the PBT item.
With a similar goal in mind, by which the certification exam truly separates the experienced IT professional from the pack, Microsoft has added several new item types to exams over the last few months. Well, I say new, but some of these item types are more like “vintage” and you just may have not seen them in a while. You can view the entire list here:
Active Screen – These questions are good at testing candidates’ knowledge because you see an actual screen. The downside is the candidate does not need to know where to go in the software to access the screen, the task is limited to the screen that’s provided.
Build List and Reorder – This is one you may recognize if you’ve taken Microsoft exams for as long as I have. This question type is used to test whether a candidate knows which steps are needed to perform a task and the order in which they should be performed.
Case Studies – Case studies allow a candidate to be tested based on different real-life business scenarios. Microsoft used case studies for the Windows 2000 Server and some Windows Server 2003 exams. If you do not have a high level of reading comprehension, you will find case studies to be time consuming. Several testing candidates who did not read rapidly enough struggled and ran out of time with this question type. Microsoft has addressed this issue by no longer timing each case study separately from the rest of the exam questions. While time management is still important, you get one clock for the whole exam, allowing you to spend a bit more time reading through the case study.
Create-a-tree – Similar to the Build List and Reorder question type, these questions test your knowledge on structures and organization. This question type first appeared in the NT 3.5 and NT 4.0 tests.
Drag and Drop – This is a basic matching question. This question type allows a candidate to be tested on multiple concepts. It also appears on exams from other vendors, such as CompTIA and Novell.
Hot Area – This question is similar to an Active Screen question. You have to click one or more places within a graphic to satisfy the question requirements.
Multiple choice – You have seen this question type zillions of times. I believe it was invented in 1,000,000 BC. This item type presents a scenario, a question, and a minimum of four answer options. A prompt within the item stem (or sometimes at the end of the question) will indicate the number of possible correct answers.
Repeated answer choices – These questions (which we called “extended matching” in our previous post, Multiple options beyond multiple choice) are presented in a series. Each question in the series has the exact same answer options. Each question is worded slightly differently, so the answer could be different for each question — or it could be the same correct answer across the questions in the series.
Simulations – These type of questions actually first appeared in Microsoft Vista exams. This question type does a good job of testing the candidate’s knowledge of navigating to the problem and choosing the correct answer. This type of question is better than an Active Screen or Hot Area because the candidate has to navigate the software or OS to find the screen or page that contains the correct choice, and is thus tested on his or her hands-on knowledge. If you do not know how to get to the right set of options, you will not be able to answer the question. The limitation to this type of question is that there may be more than one way to solve a problem. A simulation question may want you to fix a problem with a GUI tool, even though you could correctly solve the task with a PowerShell cmdlet or by running a command from the command prompt.
Short answer code – This type of question will force a candidate to actually type the correct answer into a text box or blank line. This type of question will test your knowledge of the correct code use, the proper order of the code and syntax of the code. We haven’t actually encountered this item type in the wild yet, but we’re keeping our eyes peeled.
Best answer – These type of questions appeared in the original NT 3.5 exams. It is a standard multiple choice question that may have one or more correct answers — you have to pick the BEST answer. People complained back in the day on the NT 3.5 exams as to what constitutes the BEST answer. I believe the debate will continue if Microsoft revives this item type on tests.
If you are planning to take a Microsoft exam in the near future, you may see several of the above question types – or none of them. If you have an issue with any of the types of questions on your Microsoft exam, please let Microsoft know in the comments section at the end of your exam. Also, if you liked a particular item type on an exam, please take a few seconds to let Microsoft know. And as always, we welcome any questions or comments you might have, and will do our best to reply or point you in the right direction.
Tags: casp, CompTIA, Performance-Based Testing
As many of you know, there is quite a bit of buzz over CompTIA’s Advanced Security Practitioner (CASP) exam. Last year, CompTIA launched the CASP exam as the next level in its security-related certification products. For years, IT professionals have looked to CompTIA to provide vendor-neutral certifications, the most popular of which are the A+, Network+, and Security+ certifications. But the CASP exam takes CompTIA’s offerings to the next level.
Last month, I finally had a chance to take the CASP exam. I knew going into the exam that I would see what CompTIA has called performance-based testing (PBT) items. Well, I wasn’t disappointed, as my first question on the exam was a PBT item. Overall, I thought these item types had the appropriate level of complexity and covered a wide-range of topics. So what did they look like? For the most part, they were drag-and-drop items that involved matching things up or placing items in the right location. There were others that required particular actions to be taken at a command prompt or at the server level. The only specifics I can share about these items, without violating the Non-Disclosure Agreement (NDA), is that PBT items take the WHAT from your usual multiple choice items and place the focus on the HOW or the WHERE.
For example, consider SubObjective 1.5 from the CASP Exam Guide: Distinguish among security controls for hosts. A bullet point in this SubObjective is Host hardening, which includes the Standard operating environment, Security/group policy implementation, Command shell restrictions, Warning banners, and Restricted interfaces. A possible PBT question that would fit into this SubObjective is a graphically presented task where you enable and configure the appropriate group policies for password length, password age, and password lockout.
In addition to the PBT items, the exam still includes the old stand-by multiple-choice questions. These, however, were a bit more expansive than the typical questions included in the A+, Network+, or Security+ exams. I often found myself reading and re-reading the options while trying to eliminate incorrect answers. I can remember thinking that this exam seemed much harder than the CISSP exam, not because of its length, but because of its depth. It takes those tidbits of security knowledge that all security professionals must know and expects you to APPLY them. For example, you not only need to know the different types of hacker attacks, you should know HOW to recognize the attacks which are occurring, WHAT tools to deploy to protect against those attacks, HOW to deploy them, and WHERE they should be deployed.
You can expect between 70-80 questions total, including the PBT questions. When I was done with the exam I was a little nervous, because truthfully, I felt it could have gone either way. I made an audible sigh of relief when I learned I had passed; to say that I was happy would be putting it mildly! I can’t give you my score, because CompTIA doesn’t give you one – this exam is just graded as PASS or FAIL. (But you know, maybe I didn’t really want to see that score anyway!)
So what can you do to prepare for the CASP? After you go over the exam objectives on the CompTIA Web site, I would start with CASP CompTIA Advanced Security Practitioner Study Guide by Michael Gregg and Billy Haines recently published by Sybex (an imprint of Wiley). Look for my comprehensive review of this guide in April. Next, take some time to research the day-to-day tasks of the security professional. I can assure you: if you don’t have any experience in security-related tasks, you should not take this exam until you have had some time to expose yourself to these tasks.
With that said, I can tell you that I am working diligently to create Transcender’s practice test for the CASP exam. And we will be including some interactive items that simulate what you will see in the live exam. My experience in taking this exam and working on our practice test so soon afterward can only help you, so keep an eye out for our announcement regarding our CASP practice test, which should come in May….and in the meantime, start prepping today!
Tags: MOS, Office 2010, test-taking tips
“A rolling stone gathers no moss.” — English proverb
Earlier this month, a couple of colleagues and I took the new Word and Excel 2010 core exams. Of the three of us, I was the only person who had never sat for an Office exam, but I’ve been a Microsoft Word user since installing Office for Windows 1.0 from a 5 1/4″ floppy, so I didn’t think I’d have any problems.
Although they were released on June 30, the Office 2010 Word and Excel exams were not available in our nearest and dearest testing centers. As it turns out the bleeding edge of MOS certification is located in rural Rome, Georgia, two hours outside of Atlanta, on the 25,000-acre campus of Berry College. The drive was long, but the scenery was gorgeous: farm fields, rolling hills, and periodic “See Rock City!” billboards.
Sidebar: My favorite sight was a group of teenagers on horseback riding up to a gas station to buy sodas.
Once we finally got to Rome, as several roads turned out not to lead there at all, our Certiport test proctor was wonderfully accommodating, and more than pleased to have three guinea pigs for the new exam series.
Before setting out, of course, we thoroughly reviewed the published exam objectives. They’re more detailed and explicit than the 2007 counterparts.
As objectives go, these are pretty unambiguous. Notice, however, that the objectives range in complexity; saving an open document as a template is much simpler than performing mail merge tasks. We also expected that the Ribbon would be key to the exam experience, so we made sure we knew what each button accomplished.
The fine print
The MOS exams are each 50 minutes long and ask a series of scenario-based questions. These first two Office 2010 exams are similar to their 2007 predecessors in that the exams are live-in-the-application, meaning you are using a full version of the software with the Help function disabled. Pop-ups are still active (for example, if you hover your mouse over the B button on the Home tab, a note will pop up saying “Make the selected text bold”).
While it seems you’re allowed to take any path to a result, there’s no crying in baseball and there’s no backtracking in MOS. Once you finish with a scenario, you have to move on to the next set of questions without the option of returning later. If you get mired inside of one scenarios and need to start over, there’s a handy “Reset” button. This resets only the active question, not the entire test.
We started with the test we thought would be more difficult for us: Excel 2010. Josh started pounding through it like a machine. George was sweating a little, but I could hear the steady click click clicks from his terminal. Meanwhile, Excel stomped me into the dirt. Now, I hate to lose and I hate to fail, but I have to admit this failure was a badly needed lesson for me.
I’m an adequate daily user of Excel 2007. I had reviewed the 2007-to-2010 feature changes, but gaps in knowledge aside, I can truthfully say the live exam killed me for one reason alone: I didn’t watch my time. While George and Josh clicked feverishly along, I pondered and guessed and spent long minutes hunting up and down the menus. End result: I didn’t even get to a third of the questions, while the guys both finished with minutes to spare. There were most likely more questions I could have answered, but just didn’t get to.
Unlike the 2007 objectives for Excel, the 2010 exam Objectives focus much more on graphics than on formulas and functions. So take a tip from my hard-learned lesson – don’t sweat the small stuff, mind the clock, focus on the task at hand, and manipulate the data in the way the tasks require, and you should be able to click, click, click with time to spare.
After a brief break, we moved on to Word 2010. I expected to get 100% (I was seriously miffed that I scored just under 90%). Again, this was a test where you had to know exactly which menu or mouse-click hid your required task and go straight to it if you expected to finish on time. Given my broader knowledge of Word, I was able to blast through nine-tenths of the questions I saw and then grant myself a bit of leeway one of the harder scenarios, testing different options until I had as close to a correct answer as I could manage. But I had learned my lesson from Excel, and kept my eye on the ticking clock as I went through the test.
One of us left the test center with two sparkly new certifications (overachiever!), while the rest of us (yours truly included) proudly walked away with one certification each.
Look for one more blog post in the Office 2010 series where I go over the targeted study advice we wish we’d followed before taking the exams.
Tags: what we're working on
So while August will be all about staying indoors & enjoying the air conditioned office while working on finalizing products for SharePoint, .NET, and Microsoft Office, July was all about new releases. In case you missed any, here’s what just hit our virtual shelves:
- Project+ (Cert-PK0-003) 2009 Objectives
- Cert-70-686 PRO – Windows 7, Enterprise Desktop Administrator
- Cert-70-663 PRO – Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010
- Cert-1Z0-146 – DBCert: Oracle Database 11g Advanced PL/SQL
Assuming we don’t melt from the sweltering summer sun, we’ve got big plans for August!
A few members of our team got their first look at the Microsoft Office 2010 Word and Excel exams (and PASSED). Considering that our closest certified test center offering these exams is almost 2 hours away – and a huge thank you! to our new friends at Berry College – it’s quite the accomplishment to claim multiple Office 2010-certified developers on the team. They ROCK. With that said, I know some of you have been patiently waiting for Office 2010 practice test products, but I don’t have details on release dates to share just yet. We’re committed to delivering the Microsoft Office live-in-the-app experience (great!), so the development process for these products is a bit different (read: longer; not so great), but we hope to have something on the shelves before end of year.
What I can share details about is that we’ve made significant progress in a few other areas that you guys have been busy asking us about – CCNP, Visual Studio 2010, and SharePoint 2010. We’re just a few days away from the release of the Cert-642-902 (ROUTE) practice test for the new CCNP track. This product and with the SWITCH product were given top priority over the last 3 weeks, which means Troy and Ann are rarely allowed out of their chairs if there’s a practice test item/answer/tutorial waiting for their edits or approval. But the torture is only temporary and it means we expect to release the ROUTE product by August 13th, and the 642-913 practice test by September 2nd.
Joshua is glad to finally have a project plan for the new Visual Studio 2010 with .NET 4.0 practice test products, or at least a plan that hasn’t changed in the last 7 days! I admit, we had a couple of rounds of musical chairs with his list of priorities, but I think we finally settled on a release order and schedule that makes the most sense based on what you guys showed us you needed when studying for .NET 3.0 and 3.5. We absolutely take customer feedback into account when we order our development priorities. So we aim to release the 70-511 practice test this month, after which Joshua will move on to the 70-515 and then the 70-513. The goal is to release as many of the TS certification practice products by the end of the year as we can (while keeping as much of Joshua’s sanity intact as we can).
For CompTIA certification details, I’ll point you to Robin’s Linux+ post here. The LX0-101 practice test product is in QA and within days of release, while Robin is already about 1/3 of the way through writing items for the LX0-102. Look for a new vendor track (LPI) to be added to our Web site when the new Linux+ products release. We want to make sure everyone looking for Linux+ certification study materials understands the new partnership between CompTIA and LPI, so we’ll provide the practice tests under BOTH CompTIA and LPI vendor track names in hopes of easing the search. But if, like me, you have moments of complete confusion over the abundance of certification changes this year, feel free to check out Robin’s blog posts, or shoot us an email with your questions!