There are a lot of great security certifications out there, but since its release in 1994, the CISSP (Certified Information Systems Security Professional) has become one of the best known and most highly regarded credentials. At Transcender, we’ve been dedicated to providing CISSP practice tests for over 13 years. Earlier in 2016 we also released our first test preparation for its sister certification, SSCP (Systems Security Certified Practitioner). Our hard work has paid off, because we’re now an authorized practice test provider for (ISC)²® certifications!
What does this mean to you? Nothing has changed about our award-winning products, but it does mean that (ISC)² has officially endorsed our practice tests for CISSP and SSCP.
- The SSCP practice exam is a 300-question exam that will develop your test-taking skills, identify any weak areas, and prepare you for the actual test.
- The premium SSCP study solution combines our trusted practice exam with self-paced eLearning, for a comprehensive learning experience.
- The CISSP practice exam has an exhaustive 924-item question bank that will test every aspect of your technical skills, plus a 892-item flash card array.
- The premium CISSP study solution includes the practice exam with 20 hours of online instruction through self-paced eLearning, which includes access to a live subject matter expert.
We’re also working together to develop a practice test for the up-and-coming CCSP (Certified Cloud Security Professional) certification for 2017. Be sure to follow our blog or subscribe to special updates and promotions on the Transcender web site to be notified of its release.
Transcender has been committed to closing the skills gap in the IT industry for the last 25 years and helping qualified candidates get the recognition they deserve. And now even (ISC)² recognizes our efforts. After your certification training, come over to us to help you prepare for exam day. Study with confidence, knowing that you have the most relevant and up-to-date study tool in the marketplace!
What do you think when you hear “social media hack?” The top of everyone’s nightmare list is having an attacker take control of your Facebook account and impersonate you online, expose private information, or steal your data – or your money. This kind of hack gets the most news, and it’s potentially the most dangerous attack. The results can range from simple pranking or trolling to blackmail, identity theft, account lockout, and financial loss.
But how easily can you recognize other types of social media hacks – the ones that try to steal corporate data, spread malicious websites or code, or even influence the course of an election?
What makes these attacks uniquely “social media” based is that they rely on these huge user bases of relatively unsophisticated users – like grandma and your boss’s boss – and they take advantage of how few checks and balances there are when it comes to creating a user profile.
Join Transcender’s training expert George Monsalvatge for a 45-minute webinar that will help you (and your users) identify these increasingly sophisticated and distributed attacks aimed at social media networks. The webinar is FREE and relatively painless to join – just click the helpful link below:
|Social Media Hack Attacks:
Staying Safe While Surfing
|This webinar discusses several types of social media attacks and discusses best practices in order to prevent social media attacks.|
|8/3/2016 at 12:00 pm EST / 11:00 am CST|
Welcome back to my series of posts on the new A+ exam. Did you think I was NEVER going to finish this blog series? Me too! But I have been really snowed in working on some new products that I think will really please our customers. One of those is a practice test for (ISC)2’s SSCP exam. And there are a few more exciting security titles are coming soon! Watch our website for more information.
The old A+ 220-801 and 220-802 exams are still available, but they will retire on June 30, 2016 in the United States. CompTIA released a new version of the A+ certification by rolling out the 220-901 and 220-902 exams on December 15, 2015.
- In my first post, I went over the timeline and what to expect from the exam changes as a whole.
- In my second post, I went into detail regarding the first two objectives for 220-901, Hardware and Networking.
- In my third post, I went into detail regarding the last two objectives for 220-901, Mobile Devices and Hardware & Network Troubleshooting.
- In my fourth post, I covered the first two objectives for 220-902, Windows Operating Systems and Other Operating Systems and Technologies.
In this post, I will cover the rest of 220-902, a total of three objectives: Security, Software Troubleshooting, and Operational Procedures. I’ll give you the entire overview of each objective, list each subobjective, tell you where each topic fell in the old A+ 800-series (if applicable), and put all changes or additions in RED ITALICS.
I will not call out any deleted topics, although CompTIA has removed some topics. This is because I am not really sure if those topics were actually removed from the exam, or if they are just so insignificant that they aren’t called out in the objective listing, but are still floating around in some test questions. Remember that CompTIA’s objective listing contains a disclaimer that says,
“The lists of examples provided in bulleted format below each objective are not exhaustive lists. Other examples of technologies, processes or tasks pertaining to each objective may also be included on the exam although not listed or covered in this objectives document.”
For this reason, I didn’t want to focus on what was removed. My exam experience has shown that the bullet lists are not exhaustive. Spending time focusing on what was removed may give you a false sense of security by making you think you don’t need to study those topics. So I am just ignoring any topic removals.
First, a note about “Bloom’s Levels”
You’ll see me refer to topics changing their Bloom’s level. In the instructional design world, Bloom’s taxonomy is used to describe the depth or complexity of a learning outcome, just as the OSI model describes the level at which a network component operates. Level 1 is basic memorization (what is a router?), where level 6 is complete mastery of a concept (designing a network from scratch).
If I mention here that a Bloom’s level has changed, it generally means that CompTIA is asking for something more complex than memorization. While these changes shouldn’t scare you, there is a bit more “rubber meeting the road” to the higher Bloom’s levels. For example, instead of recognizing various LCD technologies from a list, you may be asked to evaluate which LCD is the best choice for a given scenario. Instead of answering a question about how CIDR notation behaves in the abstract, you may be asked to configure a subnet mask.
220-902 Objective 3: Security
A+ 220-802 covered Security in its own domain. It included prevention methods, security threats, securing a workstation, data destruction/disposal, and wired/wireless network security. The biggest change in this objective is the new topics that are covered (obviously because new security threats have emerged) and the inclusion of Windows OS security settings and securing mobile devices.
What’s changed? In A+ 220-902, Security now includes OS security settings. No big surprise: Windows is widely used, and securing it should be the top priority of anyone using it daily. This objective also includes mobile device security, which should also not be a surprise with the popularity of these devices increasing, particularly in enterprises.
3.1 Identify common security threats and vulnerabilities. – From Objective 3, subobjective 2 in the old 220-802. The wording changed to “Identity” from “Compare and contrast,” which affected the Bloom’s level by moving up to the application level. New topics were added:
- Malware – Revised to include spyware, viruses, worms, trojans, and rootkits under a single bullet with ransomware being a new entry.
- Spear Phishing – added
- Spoofing – added
- Zero day attack – added
- Zombie/botnet – added
- Brute forcing – added
- Dictionary attacks – added
- Non-compliant systems – added
- Violations of security best practices – added
- Tailgating – added
- Man-in-the-middle – added
3.2 Compare and contrast common prevention methods. – From Objective 3, subobjective 1 in 220-802. The wording changed to “Compare and contrast” from “Apply and use,” which affected the Bloom’s level by moving down the comprehension level. These new topics were added:
- Physical security
- Mantrap – changed from Tailgating in the 220-802 to more accurately reflect the actual preventive control
- Cable locks – added to the Physical security section
- ID badges – changed from Badges in the 220-802 to more accurately reflect the preventive control
- Smart card – added to the Physical security section
- Tokens – changed from RSA tokens in the 220-802 to more accurately reflect the preventive control
- Entry control roster – added to the Physical security section
- Digital security
- Antivirus/Antimalware – added Antimalware to the Digital security section
- Multifactor authentication – added to the Digital security section
- VPN – added to the Digital security section
- DLP – added Data loss prevention (DLP) to the Digital security section
- Disabling ports – added to the Digital security section
- Access control lists – added to the Digital security section
- Smart card – added to the Digital security section
- Email filtering – added to the Digital security section
- Trusted/untrusted software sources – added to the Digital security section
- User education/AUP – Acceptable Use Policy (AUP) added
Tags: certification, Certification Paths, what we're working on
Our partners at Global Knowledge recently sat down with several members of the Transcender practice test development team — specifically George, Aima, and Josh — and picked our brains about “how their practice exams are developed and how they have evolved to keep up with changes coming from Microsoft. In the end, we learned that there are major challenges in writing practice exams that accurately reflect and teach students important exam concepts, Microsoft is moving towards more open standards, and customer feedback is crucial to developing and evolving Transcender practice exams.”
You can read the entire article here on the Global Knowledge blog: The Evolution of Microsoft Certification Practice Exams.
Tags: .NET, ADO.NET, Charlie Sheen, data, eBay, Netflix, OData, plumbing, WCF
Slogging through .NET 4 certification path, I am happy to find Microsoft adopt even more open standards. As open standards become more popular, the ideal of developing application logic and ignoring the plumbing details seems likes more of a possible reality. Well, a programmer can dream, right?
Okay, so again, what is OData? It’s a simple HTTP mechanism for accessing data. For example, let’s say that I have an application and want to retrieve all titles provided by Netflix that contain the notorious actor Charlie Sheen. Using OData, you can just type in the following URL:
If you are using IE, then you need to turn off feed reading view to see the results. Go to Internet Options and under the Content tab, click the Settings button in the Feeds and Web Slices section. Turn off reading view by unchecking the Turn on feed reading view checkbox.
Go ahead, try it. (Yeah, I forgot he was in Platoon, too.) What this query does is access the People set, filter it to a single actor and include the related Titles set. The $filter and $expand are keywords that limit entries and include related entries, respectively.
Let’s say that you like to listen to music while at work and want to retrieve all awesome live concerts available for instant streaming. Then, you would type a URL similar to this one:
In this case, we choose the Titles set from the Genre “Must-See Concerts.” Notice the $select keyword is used to limit the entry properties to only the name and synopsis.
Okay, enough hand-holding. Try it out for yourself. Netflix has some more examples and eBay even has its own OData implementation. So there’s the plumbing; I’ll let you move on to creating the applications!
We finally made it! We’re in New Orleans, enjoying the 100% humidity and I start to wonder if I will ever feel cold again. (This from the girl who never ventures from home without her sweater.) I can see the convention center from my hotel room, but that doesn’t mean that I actually enjoy the walk. And to have this Alabama girl complain about heat, you know it’s bad.
But so far, I have thoroughly enjoyed rediscovering this city. My family and I came here within a year after Hurricane Katrina hit, and the changes that have occurred are dramatic. This city is absolutely beautiful! Yesterday, we ate at the Grand Isle. I couldn’t get enough of the onion rings! Last night, we went to Mulate’s to savor some local flavor. I would recommend both to all my fellow TechEd attendees.
To kick off TechEd 2010, I took in the Keynote session. Just before the session, a zydeco band entertained the audience. The performers were great and threw in some old crowd favorites. They happened to mention that they don’t usually do Monday mornings because Monday mornings are for recovering from the weekend. So, thanks guys!
The Keynote session was all about cloud computing, something that I have been hearing more and more about (even though some of it is a little out of my world). But as I started to understand it, I thought about its impact to the IT certification industry. A quick Internet search showed me that there are several cloud certifications out there from vendors such as Red Hat, 3Tera, and others. And I suspect that Microsoft will be entering that arena soon….remember: you heard it here first, folks.
So what about interest in cloud certification? Are there any of our readers out there who would find value in this and perhaps pursue certification? We just want to know!
Tuesday is a busy day for me. And with the Women in Technology luncheon, I just won’t have any time to spend in our booth. But look for me elsewhere: just find the lady falling in an uncoordinated fashion.
Did you see me today?! Took a spill going from one session to another and felt like a complete idiot. Now I have a lovely bruise/scrape on my knee. I can be such a moron sometimes!