There are a lot of great security certifications out there, but since its release in 1994, the CISSP (Certified Information Systems Security Professional) has become one of the best known and most highly regarded credentials. At Transcender, we’ve been dedicated to providing CISSP practice tests for over 13 years. Earlier in 2016 we also released our first test preparation for its sister certification, SSCP (Systems Security Certified Practitioner). Our hard work has paid off, because we’re now an authorized practice test provider for (ISC)²® certifications!
What does this mean to you? Nothing has changed about our award-winning products, but it does mean that (ISC)² has officially endorsed our practice tests for CISSP and SSCP.
- The SSCP practice exam is a 300-question exam that will develop your test-taking skills, identify any weak areas, and prepare you for the actual test.
- The premium SSCP study solution combines our trusted practice exam with self-paced eLearning, for a comprehensive learning experience.
- The CISSP practice exam has an exhaustive 924-item question bank that will test every aspect of your technical skills, plus a 892-item flash card array.
- The premium CISSP study solution includes the practice exam with 20 hours of online instruction through self-paced eLearning, which includes access to a live subject matter expert.
We’re also working together to develop a practice test for the up-and-coming CCSP (Certified Cloud Security Professional) certification for 2017. Be sure to follow our blog or subscribe to special updates and promotions on the Transcender web site to be notified of its release.
Transcender has been committed to closing the skills gap in the IT industry for the last 25 years and helping qualified candidates get the recognition they deserve. And now even (ISC)² recognizes our efforts. After your certification training, come over to us to help you prepare for exam day. Study with confidence, knowing that you have the most relevant and up-to-date study tool in the marketplace!
Tags: black hat, cfr, cfr-210, cyber, cybersec, cybersec first responder, cybersecurity, first responder, hacker, lo, Logical Operations, white hat
Who says there’s no news in December? In cybersecurity, it’s never a question of if, but a question of when a breach will occur. So rather than wait for the new year, we thought we’d get the jump on 2017 and together with Logical Operations, release the Cybersec First Responder (CFR-210) practice test today.
What exactly is the CFR certification all about? Well, CFR-210 showcases your ability to to quickly detect and respond to active cyber threats. It’s not just about detailed knowledge of the analysis techniques and tools, but how to identify and respond, in real time, to the broad array of security threats affecting organizations worldwide.
So, white hats, rejoice and black hats, you’re on notice. They’re some new sheriffs rolling into town with some serious skills — and they’re not afraid to use them!
Here’s the press release for your reading pleasure.
Tags: cyber security, GIAC, GSEC
As reported by Stanford Journalism, the demand for infosec jobs is likely to rise 53 percent through 2018. Earning a cybersecurity certification can help qualify you for those jobs. In response to the growing demand, Transcender has added a top infosec vendor to our security exam lineup: Global Information Assurance Certification (GIAC). GIAC is an OS-neutral organization that develops highly focused security certifications, including some of the hardest and most prestigious in the field.
The GSEC: GIAC Security Essentials exam is an ANSI/ISO/IEC 17024 accredited certification and lasts for four years before the candidate must re-certify. This is an intermediate-level exam that covers a wide range of topics, from the nuts and bolts of logging and network protocols to overall risk management and security practices. You can click here for a complete list of the topics you’ll see on the GSEC exam: https://www.giac.org/certification/security-essentials-gsec
Transcender’s SecurityCert: GIAC Security Essentials (GSEC) 2016 Practice Exam is meant for candidates who want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. To be successful, candidates need to understand information security to a practical level beyond simple terminology and concepts. Our practice test has 360 practice questions and 558 flashcards to help you prepare for the live exam, which has 180 questions and up to a 5 hour time limit.
The GSEC: GIAC exam is $1,249 (or $689 when taken with an associated SANS training course). Our practice exam formats range from $99 – $119, so we can offer you a cost-effective way to test your chops before sitting the live question bank. (If you’re new to Transcender, welcome! And be sure to review why you should read those long, boring explanations.)
-The Transcender Team
Tags: exam vouchers
Microsoft made a worldwide adjustment in the price of their MCP and certification exams for non-academic titles. The increased prices went into effect on July 18, 2106.
The pricing change does NOT affect pre-paid vouchers from Transcender or vouchers purchased from Pearson VUE, Courseware Marketplace, or through academic Volume Licensing. You can continue to use any vouchers you bought prior to the pricing upgrade without having to make up the additional cost.
Student discounts have not changed, but they will be calculated from the new exam price.
In most cases the price increase was around USD $15. To find a price for a specific exam, find your test on the Microsoft Certification Exam List or go directly to Pearson Vue and check the price for your region.
Tags: free stuff, mcsa, windows 10
Are you a Windows 8 MCSA? If you are, and you earned your MCSA: Windows 8 certification between February 15, 2015, and May 31, 2015, you can take Exam 70-697: Configuring Windows Devices for free. Doing so will earn you the MCSA: Windows 10 certification.
To take advantage of this offer, you MUST sign up using the link on the Microsoft site, and you MUST take (and pass) the exam no later than May 31, 2016.
Because you are limited to one free exam attempt, you may want to take advantage of Transcender’s full range of prep materials. We offer the Microsoft Practice Exam for 70-697 MSCert: Configuring Windows 10 Devices, an online Practice Lab with virutalized machines, and professional e-learning courses with 18.5 hours of instruction.
If you earned your MCSA: Windows 8 after the cutoff date, you can still register to take exam 70-697 and earn the MCSA: Windows 10 – which is still a solid move for your certification career.
Tags: IT salaries, survey says
Are you employed in IT or an IT-related field? Do you have an IT certification? If so, perhaps you’d like to be counted in the annual Certification Magazine IT Salary Survey.
The survey closes at the end of the year. Participants may opt to receive a free one-year digital subscription to Certification Magazine.
CompTIA Linux+, SUSE, and LPIC-1: Three certifications for the price of one – with a special deal on top!December 18, 2015 at 3:57 pm | Posted in Certification Paths, CompTIA, LPI, Vendor news | Leave a comment
Tags: linux+, LPIC, suse
When even Microsoft is getting into the Linux game, you must know that Linux certification is one of those hot certs that all the cool admins and devs are getting. What you may not know is that a Linux certification is, hands down, the best value we know of in the certification sphere. Thanks to a partnership between three major certifying bodies – CompTIA, Linux Professional Institute (LPI), and SUSE – you can now pass one series of exams to earn three industry certifications from all three vendors at the same time.
CompTIA and LPI first partnered on the joint certification project in 2010, at which time passing the Linux+ exams from CompTIA also earned you LPIC-1 credentials. The 2015 revision loops SUSE into the game, so you now have the ability to earn THREE separate vendor certifications in one exam sitting. (In case you’re confused, SUSE and LPI previously shared a joint certification program, as did LPI and CompTIA – but not all three together.)
So what exactly do I get, and what’s the catch?
You’ll need to pass the two 2015 Linux+ exams offered by CompTIA, LX0-103 and LX0-104. (The 2010 versions were named LX0-101 and LX0-102.) When you do so, you’ll be able to add these three certifications to your resume, LinkedIn account, and brag sheet:
- SUSE Certified Linux Administrator (CLA)
- LPI’s LPIC-1: Linux Server Professional Certification
- CompTIA’s Linux+
There’s no catch, but you do have to arrange your ducks into a particular row, and you must take the CompTIA exams in particular – you cannot earn the LPIC-1 from LPI and then apply to retroactively earn the Linux+ certification. Here are the exact steps listed on CompTIA’s website as of this writing:
Being who we are, we tested these steps ourselves before blogging about it. Here’s the cheat sheet:
- Configure your CompTIA account settings so that they know to forward the results to LPI. It’s a dropdown box under the Settings tab of your CompTIA cert account.
- Wait a bit. (I got my email from LPI in about 48 hours.)
- Look through the email. You should get instructions and a link to verify your credentials with SUSE.
- Sit back and celebrate the holidays like a Linux pro!
Is there a difference in the cost?
If you went straight to each vendor and took their exams without the three-in-one deal, you’d pay $376 for EITHER the two-exam CompTIA series (LX0-103 and LX0-104) or the LPIC-1 series (Exam 1 and Exam 2). If you only wanted the SUSE certification, it’s a relative bargain to take their standard test ($125 in the US). Please note that these are US prices, and don’t include any special voucher deals, discounts, sales, or student bundles.
So if your budget extends to the two-exam series, then it makes no financial sense to leave the three-certification package on the table.
Okay, sold! Where do I start?
First, an unscheduled commercial break. (We have bills to pay around here.) If you’re in the market for training material, Transcender is offering a special discount on Linux practice tests, eLearning, and practice labs.
From now until December 31, 2015, you can pick your deal (or mix and match). We’re offering $25 off all practice tests (excluding 30-day and CD/voucher bundle), including LX0-103. And we’re offering a special 20% off discount on our newly released LX0-104/LPI 400-102 practice test (excluding 30-day and CD/voucher bundle). As of today that discount also extends to our eLearning and practice lab products for Linux.
To activate your discount, click through the shiny red button (or use promo code PRODUCT20). The deal expires at 10 PM CST.
To add products to your page, choose either LPI or CompTIA / Linux+ from the main menu, then select the relevant product from the desired test.
We also offer eLearning packages for each exam, and a separate series of online practice labs that let you develop proficiency with hardware that you may not have available to practice with otherwise.
Whether or not you choose to take advantage of our study products, you should DEFINITELY take advantage of the three-in-one Linux certification partnership – a deal we’ve never seen replicated in the professional IT certification world.
We wish you best of luck with your Linux certifying!
Tags: certification retirement, desktop aten't dead, exam retirement, mcse
If you’ve been working toward your MCSE in Desktop Infrastructure, you will need to finish your exam cycle sooner rather than later. Microsoft has announced that the certification itself will be retired on January 31, 2016, along with two of its key exams.
The five exams in this certification sequence are:
- 70-415: Implementing a Desktop Infrastructure – retires January 31, 2016
- 70-416: Implementing Desktop Application Environments – retires January 31, 2016
- 70-412: Configuring Advanced Windows Server 2012 Services R2
- 70-411: Administering Windows Server 2012 R2
- 70-410: Installing and Configuring Windows Server 2012 R2
The other three exams in the path – 70-410, 70-411, and 70-412 – are also key exams for other MCSA and MCSE certifications. As of this writing, Microsoft has not announced a retirement date for those exams.
What happens when a certification retires? Even if an exam that is part of a certification you earned is retired, your certification is still valid. When an exam you passed is retired, the exam record remains on your transcript.
Tags: A world without linux, easter egg hunting, linux foundation
To raise awareness of the ubiquity of open-source processes in general, and Linux in particular, the Linux Foundation has kicked off a series of YouTube videos titled “A World Without Linux.” Coincidentally (or not!), the videos coincide with the 24th anniversary of the initial Linux kernel release.
Though the videos can appeal to a general (non-tech) public, they hide content geared toward the Linux pros.
Most of the episodes in the #WorldWithoutLinux video series include both subtle and overt Linux references, or Easter eggs. Those of us close to Linux should be able to spot them. If you can’t, how well do you really know Linux? Show us!
For details on how to find and report your Linux easter egg – and win your swag – visit the Linux.com blog.
To watch the first World Without Linux episode and subscribe to future updates, visit The Linux Foundation’s YouTube Channel.
Today I will cover the next two domains, Security Engineering and Communications and Network Security. First I’ll give you the entire overview of each domain with its Key Areas of Knowledge, tell you where each topic fell in the old Candidate Information Bulletin (CIB), and put new topics in red italics. Next, I’ll call out the completely new content from each sub-domain and give you a brief rundown of what it entails. (If you’d like, you can skip straight to the new stuff by clicking here.)
Domain 3: Security Engineering – Framework and Key Areas of Knowledge
The majority of the new Domain 3 merges topics from the old Domain 5 (Cryptography), Domain 6 (Security Architecture and Design), and Domain 10 (Physical Security).
Domain 3 Key Areas of Knowledge:
- Implement and manage engineering processes using secure design principles. – New
- Understand the fundamental concepts of security models (e.g., confidentiality, integrity, multi-level models) – From Domain 6, subheading a in the old version.
- Select controls and countermeasures based upon systems security evaluation models – From Domain 6, subheading b and f in the old version.
- Understand security capabilities of information systems (e.g. memory protection, virtualization, trusted platform module, interfaces, fault tolerance) – From Domain 6, subheading c in the old version.
- Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
- Client-based (e.g., applets, local caches) – From Domain 6, subheading e in the old version.
- Server-based (e.g., data flow control) – From Domain 6, subheading 3 in he told version.
- Database security (e.g., inference, aggregation, data mining, data analytics, warehousing) – From Domain 6, subheading e in the old version.
- Large-scale parallel data systems – New
- Distributed system (e.g., cloud computing, grid computing, peer to peer) – From Domain 6, subheading e in the old version.
- Cryptographic systems – New
- Industrial control system (e.g., SCADA) – New
- Assess and mitigate vulnerabilities in web-based systems (e.g., XML, OWASP) – From Domain 6, subheading 3 in old version.
- Assess and mitigate vulnerabilities in mobile systems – New
- Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g., network-enabled devices, Internet of things (IoT)) – New
- Apply crytography
- Cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol governance) – From Domain 5, subheading b a in the old version.
- Cryptographic types (e.g., symmetric, asymmetric, elliptic curves) – From Domain 5, subheading c in the old version.
- Public Key Infrastructure (PKI) – From Domain 5, subheading j in the old version.
- Key management practices – From Domain 5, subheading d in the old version.
- Digital signatures – From Domain 5, subheading e in the old version.
- Digital rights management – New
- Non-repudiation – From Domain 5, subheading f in the old version.
- Integrity (hashing and salting) – From Domain 5, subheading c in the old version.
- Methods of cryptoanalytic attacks (e.g., brute force, cipher-text only, known plaintext) – From Domain 5, subheading g in the old version.
- Apply secure principles to site and facility design – From Domain 10, subheading a in the old version.
- Design and implement physical security.
- Wiring closets – New
- Server rooms – From Domain 10, subheading d in the old version.
- Media storage facilities – New
- Evidence storage – New
- Restricted and work area security (e.g., operations centers) – From Domain 10, subheading d in old version.
- Data center security – From Domain 10, subheading d in old version.
- Utilities and HVAC considerations – From Domain 10, subheading d in old version.
- Water issues (e.g., leakage, flooding) – From Domain 10, subheading d in old version.
- Fire prevention, detection, and supression – From Domain 10, subheading d in the old version.
Next, here’s a shortlist of the entirely new topics in Domain 3.
Knowledge Area A, Implement and manage engineering processes using secure design principles, is a new knowledge area. It covers the secure design principles that need to be understood to pass the exam, including ISO/IEC and NIST standards.
From Knowledge Area E. Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements:
- Large-scale parallel data systems – This is a new topic. This topic will focus on the vulnerabilities of large-scale parallel data systems.
- Cryptographic systems – This is a new topic. This topic will focus on the vulnerabilities of crytographic systems.
- Industrial control system (e.g., SCADA) – This is a new topic. This topic will focus on the vulnerabilities of industrial control systems.
Knowledge Area G, Assess and mitigate vulnerabilities in mobile systems, is also a new knowledge area. It covers the vulnerabilities of mobile systems.
Knowledge Area H, Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g., network-enabled devices, Internet of things (IoT)), is also a new knowledge area. This covers the vulnerabilities of embedded devices and cyber-physical systems.
From Knowledge Area I. Apply crytography:
- Digital rights management – This is a new topic. It focuses on using cryptography to provide digital rights management (DRM), including digital watermarking and other access control methods.
From Knowledge Area K. Design and implement physical security:
- Wiring closets – This is a new topic. It discusses the physical security of wiring closets.
- Media storage facilities – This is a new topic. It discusses the physical security of media storage facilities.
- Evidence storage – This is a new topic. It discusses how to properly store evidence.
Domain 4: Communication and Network Security – Framework and Key Areas of Knowledge
The majority of Domain 4 consists of content formerly included in the old Domain 2 (Telecommunications and Network Security).
As before, I’ll start by introducing the new content in the context of its domain, then give you a granular breakdown (which you can skip to by clicking here).
- Apply secure design principles to network architecture (e.g., IP & non-IP protocols, segmentation)
- OSI and TCP/IP models – From Domain 2, subheading a in the old version.
- IP networking – From Domain 2, subheading a in the old version.
- Implications of multilayer protocols (e.g., DNP3) – From Domain 2, subheading a in the old version.
- Converged protocols (e.g., FCoE, MPLS, VoIP, iSCSI) – New
- Software-defined networks – New
- Wireless networks – New
- Cryptography used to maintain communication security – From Domain 5, subheading h in the old version.
- Secure network components.
- Operation of hardware (e.g., modems, switches, routers, wireless access points, mobile devices) – From Domain 2, subheading b in the old version.
- Tranmission media (e.g., wired, wireless, fiber) – From Domain 2, subheading b in the old version.
- Network access control devices (e.g., firewall, proxies) – From Domain 2, subheading b in the old version.
- Endpoint security – From Domain 2, subheading b in the old version.
- Content-distribution networks – New
- Physical devices – New
- Design and establish secure communication channels.
- Voice – From Domain 2, subheading c in the old version.
- Multimedia collaboration (e.g., remote meeting technology, instant messaging) – From Domain 2, subheading c in the old version.
- Remote access (e.g., VPN, screen scraper, virtual application/desktop, telecommuting) – From Domain 2, subheading c in the old version.
- Data communications (e.g., VLAN, TLS/SSL) – From Domain 2, subheading c in the old version.
- Virtualized networks (e.g., SDN, virtual SAN, guest operating systems, port isolation) – New
- Prevent or mitigate network attacks – From Domain 2, subheading d in the old version.
Here’s a closer look at the new topics in Domain 4.
From Knowledge Area A, Apply secure design principles to network architecture (e.g., IP & non-IP protocols, segmentation):
- Converged protocols (e.g., FCoE, MPLS, VoIP, iSCSI) – This is a new topic. It discusses secure design principles for converged protocols.
- Software-defined networks – This is a new topic. It covers secure design principles for software-defined networks at the infrastructure, control, and application layers.
- Wireless networks – This is a new topic. It covers secure design principles for wireless networks.
From Knowledge Area B, Secure network components
- Content-distribution networks – This is a new topic. It discusses secure network components for content-distribution networks.
- Physical devices – This is a new topic. It discusses issues of security for the physical devices used for content-distribution networks.
From Knowledge Area C, Design and establish secure communication channels
- Virtualized networks (e.g., SDN, virtual SAN, guest operating systems, port isolation) – This is a new topic. It covers the secure communication channels for virtualized networks.
In the coming weeks, I will be posting the other 2 parts of this series. (Hyperlinks will be added as the posts are written.)
- Part 1 covered general information about the new CISSP.
- Part 2 covered new domain 1 and 2.
- Part 3 (this post) covers new domain 3 and 4.
- Part 4 will cover new domain 5 and 6.
- Part 5 will cover new domain 7 and 8.
The next two posts will come over the next few weeks.
It is our hope that this information will help you prepare for this exam! Remember, our practice test covers all the topics and also the different item types that you will see on the live exam.
Wishing you certification success!