Tags: cyber security, GIAC, GSEC
As reported by Stanford Journalism, the demand for infosec jobs is likely to rise 53 percent through 2018. Earning a cybersecurity certification can help qualify you for those jobs. In response to the growing demand, Transcender has added a top infosec vendor to our security exam lineup: Global Information Assurance Certification (GIAC). GIAC is an OS-neutral organization that develops highly focused security certifications, including some of the hardest and most prestigious in the field.
The GSEC: GIAC Security Essentials exam is an ANSI/ISO/IEC 17024 accredited certification and lasts for four years before the candidate must re-certify. This is an intermediate-level exam that covers a wide range of topics, from the nuts and bolts of logging and network protocols to overall risk management and security practices. You can click here for a complete list of the topics you’ll see on the GSEC exam: https://www.giac.org/certification/security-essentials-gsec
Transcender’s SecurityCert: GIAC Security Essentials (GSEC) 2016 Practice Exam is meant for candidates who want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. To be successful, candidates need to understand information security to a practical level beyond simple terminology and concepts. Our practice test has 360 practice questions and 558 flashcards to help you prepare for the live exam, which has 180 questions and up to a 5 hour time limit.
The GSEC: GIAC exam is $1,249 (or $689 when taken with an associated SANS training course). Our practice exam formats range from $99 – $119, so we can offer you a cost-effective way to test your chops before sitting the live question bank. (If you’re new to Transcender, welcome! And be sure to review why you should read those long, boring explanations.)
-The Transcender Team
Tags: professional development, webinar
Are you passionate about professional development? We are too! Troy McMillan has prepared an informative FREE webinar to discuss common barriers to professional development, and strategies for finding the right path.
This webinar is suitable for both managers and team members. Managers can find out how to best encourage their team to gain new skills by taking advantage of learning opportunities. Staff members can discover what a steady dose of skills improvement can do for their outlook and their career.
When: Wednesday, October 26th, 2016
Time: 11:00 AM EST / 10:00 CST / 9:00 MST / 8:00 PST
Presenter: Troy McMillan
To register, click this link: https://attendee.gotowebinar.com/register/4211778623661375236
(Transcender will not sell, share, or otherwise use your contact information.)
Tags: ccent, ccna, icndv3
Cisco has officially retired the old CCNA exams (100-101 and 200-101, or the combined 220-120), so the opportunity to take the ICNDv2 has come and gone. The new path to Cisco’s flagship certification is the ICNDv3 path. As of October 2016, you need to pass one of these combinations to earn the CCNA Routing and Switching certification:
- Exam 100-105: Interconnecting Cisco Networking Devices Part 1 (ICND1)
- Exam 200-105: Interconnecting Cisco Networking Devices Part 2 (ICND2)
- Exam 200-125: CCNA Interconnecting Cisco Networking Devices: Accelerated (CCNAX)
Passing the 100-105 exam alone will also earn you the Cisco Certified Entry Network Technician (CCENT) certification.
How much change should I expect for the ICND1?
For the first exam, Cisco has rearranged the material and condensed the objectives from seven to five. Here’s a comparison of the old and new objectives:
OLD: 100-101 ICND1 v2.0
1.0 Operation of IP Data Networks
2.0 LAN Switching Technologies
3.0 IP Addressing
4.0 IP Routing Technologies
5.0 IP Services
6.0 Network Device Security
NEW: 100-105 ICND1 v3.0
1.0 Network Fundamentals
2.0 LAN Switching Technologies
3.0 Routing Technologies
4.0 Infrastructure Services
5.0 Infrastructure Management
While at first glance it might appear that the CCENT removed troubleshooting questions entirely, the new exam simply integrates troubleshooting into each objective. For example, Objective 2.0: LAN Switching Technologies will have you troubleshoot interface and cable issues (collisions, errors, duplex, speed), while in Objective 1.0: Network Fundamentals, you’ll have to troubleshoot IPv4 and IPv6, as well as “apply troubleshooting methodologies to resolve problems:”
- 1.7.a Perform fault isolation and document
- 1.7.b Resolve or escalate
- 1.7.c Verify and monitor resolution
The changes in the objectives typically just mean reorganization of the old material, but there have been a few additions and deletions of topics for this exam, which I’ll explain.
Key Topics Removed from ICND1 or Moved to ICND2 Exam:
OSPF (single area) and other OSPF topics were moved into ICND2. Instead, RIP is used to introduce CCENT candidates to IP routing protocols.
Dual Stack was removed from ICND1, since there are many different IPv4 to IPv6 transition technologies being used.
Cisco Express Forwarding (CEF) has been removed.
Key Topics Added:
- High level knowledge of the impact and interactions of infrastructure components in an Enterprise network, specifically:
- Access Points
- Wireless Controllers
- Awareness of the Collapsed Core architecture compared to traditional three-tier architectures. This option collapses the Distribution and Core into a single tier, with the Access as the second tier.
- Configuring and verifying IPv6 Stateless Address Auto Configuration (SLAAC).
- Coverage of anycast IPv6 addressing.
- Knowledge of Link Layer Discovery Protocol (LLDP). An L2 discovery protocol is used in addition to Cisco Discovery Protocol.
- Knowledge of RIPv2 for IPv4 as the primary focus for understanding of how routing protocols work.
- DNS and DHCP related connectivity issues.
- Syslog message logging for device monitoring.
- Skills and knowledge of device management related to backup and restoring device configurations, IOS feature licensing, and configuring time zones.
How much change should I expect for the ICND2?
While the number of objective domains has remained 5 in the update of the 200-101 (ICND2) to the 200-105 exam , those domain topics have changed and also the content. The comparison of the domain changes are as follows:
OLD 200-101 ICND2 v2.0:
1.0 LAN Switching Technologies
2.0 IP Routing Technologies
3.0 IP Services
5.0 WAN Technologies
NEW 200-105 ICND2 v3.0:
1.0 LAN Switching Technologies
2.0 Routing Technologies
3.0 WAN Technologies
4.0 Infrastructure Services
5.0 Infrastructure Maintenance
Topics have been both moved and deleted.
Key Topics Removed from ICND2:
Frame-Relay and Serial WAN technologies are no longer covered.
VRRP and GLBP have been removed from First Hop Redundancy Protocols. Only HSRP remains, since it is most commonly deployed.
Key Topics Added to ICND2:
- Knowledge of dual-homed vs single-homed Intelligent WAN topology options.
- Basic knowledge of external BGP (eBGP) used to connect Enterprise branches.
- Expanded VPN topics to include DMVPN, Site-to-Site VPN, and Client VPN technologies commonly used by Enterprises.
- Understanding of how Cloud resources are being used in Enterprise network architectures, including:
- How cloud services will affect traffic paths and flows
- Common virtualized services and how these coexist with a legacy infrastructure
- Basics of virtual network infrastructure (Network Function Virtualization)
- Awareness of Programmable Network (SDN) architectures including:
- Separation of the control plane and data plane
- How a controller functions and communicates northbound to network applications and southbound to the R&S infrastructure using APIs.
- How to use the Path Trace application for ACLs which is a key new network application enabled by the Application Policy Infrastructure Controller – Enterprise Module (APIC-EM). This tool automates the troubleshooting and resolution of complex ACL deployments.
- Understanding of QoS concepts related to marking, shaping, and policing mechanisms used to manage congestion of various types of traffic. The need for QoS and how it is used for prioritizing voice, video and data traffic. Plus an understanding of the automation
How much change should I expect for the combined exam?
The 200-125 exam, like its predecessor the 200-120, covers all topics from the 100-105 and 200-105. The content is organized in the following domains:
1.0 Network Fundamentals
2.0 LAN Switching Technologies
3.0 Routing Technologies
4.0 WAN Technologies
5.0 Infrastructure Services
6.0 Infrastructure Security
7.0 Infrastructure Management
Everything that has been written about the prior two exams applies to the 200-120.
What if I passed some of the old exams, but need the new certification – or to recertify?
Cisco has developed a handy tool, called the Associate-Level Certifications Exam Logic Tool, that lets you plug in your exact combination of exams to predict which ones you’ll require: http://www.cisco.com/web/learning/tools/ccna_tool/index.html
CCNA Routing and Switching is a three-year certification. When three years have passed, you must recertify. This page has the information you need to help you plan your recertification path.
And, finally, here are the links to the CCENT and CCNA Transcender practice exams. Keep your eyes peeled for special holiday exam pricing, and be sure to sign up for our mailing list if you aren’t receiving deal notifications!
Until next time,
Tags: exam vouchers
Microsoft made a worldwide adjustment in the price of their MCP and certification exams for non-academic titles. The increased prices went into effect on July 18, 2106.
The pricing change does NOT affect pre-paid vouchers from Transcender or vouchers purchased from Pearson VUE, Courseware Marketplace, or through academic Volume Licensing. You can continue to use any vouchers you bought prior to the pricing upgrade without having to make up the additional cost.
Student discounts have not changed, but they will be calculated from the new exam price.
In most cases the price increase was around USD $15. To find a price for a specific exam, find your test on the Microsoft Certification Exam List or go directly to Pearson Vue and check the price for your region.
What do you think when you hear “social media hack?” The top of everyone’s nightmare list is having an attacker take control of your Facebook account and impersonate you online, expose private information, or steal your data – or your money. This kind of hack gets the most news, and it’s potentially the most dangerous attack. The results can range from simple pranking or trolling to blackmail, identity theft, account lockout, and financial loss.
But how easily can you recognize other types of social media hacks – the ones that try to steal corporate data, spread malicious websites or code, or even influence the course of an election?
What makes these attacks uniquely “social media” based is that they rely on these huge user bases of relatively unsophisticated users – like grandma and your boss’s boss – and they take advantage of how few checks and balances there are when it comes to creating a user profile.
Join Transcender’s training expert George Monsalvatge for a 45-minute webinar that will help you (and your users) identify these increasingly sophisticated and distributed attacks aimed at social media networks. The webinar is FREE and relatively painless to join – just click the helpful link below:
|Social Media Hack Attacks:
Staying Safe While Surfing
|This webinar discusses several types of social media attacks and discusses best practices in order to prevent social media attacks.|
|8/3/2016 at 12:00 pm EST / 11:00 am CST|
Tags: free stuff, mcsa, SQL server 2016, windows server 2016
Microsoft recently announced an incentive for IT pros working toward their MCSA in Windows Server 2012 or their MCSA in SQL Server 2012/2014: finish your certification by June 30, 2016, and earn a free voucher for the 2016 upgrade exam.
Upgrade path for Windows Server 2016
The MCSA in Windows Server 2012 requires three exams:
- 70-410: Installing and Configuring Windows Server 2012
- 70-411: Administering Windows Server 2012
- 70-412: Configuring Advanced Windows Server 2012 Services
If you have all three under your belt by June 30, you’ll qualify for a free voucher to sit exam 70-743: Upgrading Your Skills to MCSA: Windows Server 2016. No exam details are available at this time.
Upgrade path for SQL Server 2016
The MCSA: SQL Server 2012/2014 also requires three exams:
- 70-461: Querying Microsoft SQL Server 2012/2014
- 70-462: Administering Microsoft SQL Server 2012/2014
- 70-463: Implementing a Data Warehouse with Microsoft SQL Server 2012/2014
Interestingly, although only one upgrade exam number is shown for SQL Server 2016 (70-762), it looks like there are actually three separate upgrade options:
- Earn an MCSA: SQL Server 2016 (Database Development) by taking 70-762: Developing SQL Databases
- Earn an MCSA: SQL Server 2016 (Database Administration) by taking 70-762: Provisioning SQL Databases
- Earn an MCSA: SQL Server 2016 (Business Intelligence Dev) by taking 70-762: Developing SQL Data Models
Again, Microsoft hasn’t released any exam objectives or details at the time of this post.
Do I have time to study?
Absolutely. Transcender has a full range of practice tests, e-learning, and virtual labs for each track, including a 30-day online access version of the practice tests:
What if I already have an MCSA in 2012 / 2014?
The wording was “between now [June 2] and June 30, 2016,” so this offer is probably limited to people who haven’t yet passed all the required tests. You can see Microsoft’s original post at the Born To Learn blog, and ask whether the offer extends to those who already have their certification in hand. However, as a certified professional, you should already be receiving emails from Microsoft each time a free beta exam is released (like the recent offer for the 70-698), so if you don’t qualify for this deal, odds are that a similar one will come your way.
~ The Transcender Team
Welcome back to my series of posts on the new A+ exam. Did you think I was NEVER going to finish this blog series? Me too! But I have been really snowed in working on some new products that I think will really please our customers. One of those is a practice test for (ISC)2’s SSCP exam. And there are a few more exciting security titles are coming soon! Watch our website for more information.
The old A+ 220-801 and 220-802 exams are still available, but they will retire on June 30, 2016 in the United States. CompTIA released a new version of the A+ certification by rolling out the 220-901 and 220-902 exams on December 15, 2015.
- In my first post, I went over the timeline and what to expect from the exam changes as a whole.
- In my second post, I went into detail regarding the first two objectives for 220-901, Hardware and Networking.
- In my third post, I went into detail regarding the last two objectives for 220-901, Mobile Devices and Hardware & Network Troubleshooting.
- In my fourth post, I covered the first two objectives for 220-902, Windows Operating Systems and Other Operating Systems and Technologies.
In this post, I will cover the rest of 220-902, a total of three objectives: Security, Software Troubleshooting, and Operational Procedures. I’ll give you the entire overview of each objective, list each subobjective, tell you where each topic fell in the old A+ 800-series (if applicable), and put all changes or additions in RED ITALICS.
I will not call out any deleted topics, although CompTIA has removed some topics. This is because I am not really sure if those topics were actually removed from the exam, or if they are just so insignificant that they aren’t called out in the objective listing, but are still floating around in some test questions. Remember that CompTIA’s objective listing contains a disclaimer that says,
“The lists of examples provided in bulleted format below each objective are not exhaustive lists. Other examples of technologies, processes or tasks pertaining to each objective may also be included on the exam although not listed or covered in this objectives document.”
For this reason, I didn’t want to focus on what was removed. My exam experience has shown that the bullet lists are not exhaustive. Spending time focusing on what was removed may give you a false sense of security by making you think you don’t need to study those topics. So I am just ignoring any topic removals.
First, a note about “Bloom’s Levels”
You’ll see me refer to topics changing their Bloom’s level. In the instructional design world, Bloom’s taxonomy is used to describe the depth or complexity of a learning outcome, just as the OSI model describes the level at which a network component operates. Level 1 is basic memorization (what is a router?), where level 6 is complete mastery of a concept (designing a network from scratch).
If I mention here that a Bloom’s level has changed, it generally means that CompTIA is asking for something more complex than memorization. While these changes shouldn’t scare you, there is a bit more “rubber meeting the road” to the higher Bloom’s levels. For example, instead of recognizing various LCD technologies from a list, you may be asked to evaluate which LCD is the best choice for a given scenario. Instead of answering a question about how CIDR notation behaves in the abstract, you may be asked to configure a subnet mask.
220-902 Objective 3: Security
A+ 220-802 covered Security in its own domain. It included prevention methods, security threats, securing a workstation, data destruction/disposal, and wired/wireless network security. The biggest change in this objective is the new topics that are covered (obviously because new security threats have emerged) and the inclusion of Windows OS security settings and securing mobile devices.
What’s changed? In A+ 220-902, Security now includes OS security settings. No big surprise: Windows is widely used, and securing it should be the top priority of anyone using it daily. This objective also includes mobile device security, which should also not be a surprise with the popularity of these devices increasing, particularly in enterprises.
3.1 Identify common security threats and vulnerabilities. – From Objective 3, subobjective 2 in the old 220-802. The wording changed to “Identity” from “Compare and contrast,” which affected the Bloom’s level by moving up to the application level. New topics were added:
- Malware – Revised to include spyware, viruses, worms, trojans, and rootkits under a single bullet with ransomware being a new entry.
- Spear Phishing – added
- Spoofing – added
- Zero day attack – added
- Zombie/botnet – added
- Brute forcing – added
- Dictionary attacks – added
- Non-compliant systems – added
- Violations of security best practices – added
- Tailgating – added
- Man-in-the-middle – added
3.2 Compare and contrast common prevention methods. – From Objective 3, subobjective 1 in 220-802. The wording changed to “Compare and contrast” from “Apply and use,” which affected the Bloom’s level by moving down the comprehension level. These new topics were added:
- Physical security
- Mantrap – changed from Tailgating in the 220-802 to more accurately reflect the actual preventive control
- Cable locks – added to the Physical security section
- ID badges – changed from Badges in the 220-802 to more accurately reflect the preventive control
- Smart card – added to the Physical security section
- Tokens – changed from RSA tokens in the 220-802 to more accurately reflect the preventive control
- Entry control roster – added to the Physical security section
- Digital security
- Antivirus/Antimalware – added Antimalware to the Digital security section
- Multifactor authentication – added to the Digital security section
- VPN – added to the Digital security section
- DLP – added Data loss prevention (DLP) to the Digital security section
- Disabling ports – added to the Digital security section
- Access control lists – added to the Digital security section
- Smart card – added to the Digital security section
- Email filtering – added to the Digital security section
- Trusted/untrusted software sources – added to the Digital security section
- User education/AUP – Acceptable Use Policy (AUP) added
Have you been studying for the A+ at a leisurely pace, figuring there’s plenty of time to knock it out? Did you pass the 220-801, only to wait for the right time to take the 220-802? If so, time is no longer on your side. The 800 version of CompTIA’s flagship certification exam will retire in just under two months. This is relevant because you cannot mix and match exam versions. If you passed the 220-801 or 220-802 exam, you must pass the other 800-series exam to obtain your A+, or else take both 900-series exams.
You will need to complete the English-language 800 series exams by June 30, 2016 to see the old test objectives. After that time, all test takers will have to sit for the 220-901 and 220-902 instead.
Our CompTIA specialist, Robin Abernathy, has covered the updates to the A+ exam in a series of blog posts. Part 1 explains how the exam topic breakdown differs in 901/902 compared with 801/802 and suggests that test-takers adopt a different study approach. Part 2, Part 3, Part 4, and (forthcoming) Part 5 drill down into the nitty-gritty differences between the two knowledge banks.
If you don’t feel like clicking over right now, suffice it to say that Robin (and most test-takers) felt that the 801/802 topics had enough overlap that the test taker could (and probably should) schedule both exams to fall as close as possible to each other – even within the same day – and knock out their A+ certification in one fell swoop. Both tests covered aspects of the same technologies, so studying for one meant studying for the other by default.
By contrast, there is almost NO overlap between the topics tested on 220-901 and 220-902, which means that you’ll want to study and sit for each exam separately.
The 901/902 drops some outdated topics (no more questions on CRTs or Windows XP) and modernizes device coverage – instead of laptops, “mobile device” questions also cover tablets and phones. It also moves the OS focus beyond Windows to acknowledge the presence of both Linux and Mac OS X in the workplace. The 901/902 is also more hands-on than in previous generations – some may say it’s harder; others may call it more realistic. For example, instead of being asked to define a given command’s function, you could be given a scenario and asked to choose the best command to troubleshoot this device. Instead of simply identifying what a setting does, you will likely be asked to choose the correct setting for a given set of conditions.
There is still plenty of time to buy your 800-series A+ practice exams, and to help you study, Transcender has put them on sale.
on the 30-Day Online Access practice exams to test your knowledge for the 220-801 and 220-802 certifications.
Pass Guarantee not valid for last minute study aid promotions.
Tags: Angler, aol, bbc, bitcoins, ceh, certified ethical hacker, cnn, cryptolocker, EC-Council, hacking, hospital, new york times, nfl, ransomware
It was predicted late last year that 2016 would the year for ransomware. Thus far, the prediction is proving right; only four months in to 2016, the Locky ransomware has managed to spread itself over 114 countries (displaying its demands in dazzling array of 24 languages). The Hollywood Presbyterian Medical Center paid $17,000 in bitcoins after having their computer systems seized in February 2016, while hospitals in Kentucky and Maryland report similar attacks.
In case you’ve been in that doomsday bunker a bit too long, ransomware is malicious software that blocks access to your own data, usually by encryption that targets a local computer. Data stays locked away until you pay a tidy sum of money to the hacker (or, more commonly, to the hacking organization). The malware usually contains a ticking bomb that will format the entire hard drive if you don’t pay by a deadline (or post the data for everyone to see, just as extra motivation). The data kidnappers may call themselves hackers or vigilantes, or even pretend to be a federal agency, but their demand is always the same: pay us for your data — or else!
Worse, with automated viruses like Crytpolocker, Crytowall and TeslaCrypt, hackers don’t have to go through the extra effort of targeting big fish like CEOs of Fortune 500 companies. Any end user could be bilked for hundreds of dollars. And, through the economies of scale, hackers rake in millions per campaign. While current year damages won’t be tallied for a while, the FBI estimates the CrytoWall variant pulled in over $18 million from 2014 to 2015 alone.
End users are not the only targets; nor are Windows users. Major sites like the New York Times, BBC, AOL and NFL had their advertising networks compromised by malvertising, where a malicious ad hijacked user’s browsers and redirected them to install a crypto-virus via the Angler toolkit (another argument for using adblockers?). And the once near-invincible Mac OS has been revealed as the target of the KeRangers malware – the first ransomware Mac users have ever had to contend with.
In this climate, is it any surprise then that a prominent security certification vendor like EC-Council was a recent target? Read more for the details.
Tags: free stuff, mcsa, windows 10
Are you a Windows 8 MCSA? If you are, and you earned your MCSA: Windows 8 certification between February 15, 2015, and May 31, 2015, you can take Exam 70-697: Configuring Windows Devices for free. Doing so will earn you the MCSA: Windows 10 certification.
To take advantage of this offer, you MUST sign up using the link on the Microsoft site, and you MUST take (and pass) the exam no later than May 31, 2016.
Because you are limited to one free exam attempt, you may want to take advantage of Transcender’s full range of prep materials. We offer the Microsoft Practice Exam for 70-697 MSCert: Configuring Windows 10 Devices, an online Practice Lab with virutalized machines, and professional e-learning courses with 18.5 hours of instruction.
If you earned your MCSA: Windows 8 after the cutoff date, you can still register to take exam 70-697 and earn the MCSA: Windows 10 – which is still a solid move for your certification career.