Tags: casp, CompTIA, Performance-Based Testing, Security+
It’s getting close to that time of year again, folks. The CompTIA Academy Educator Conference will be held on August 1-3 in beautiful Phoenix, Arizona. (Now, I’m just taking everyone else’s word on the beautiful part. This will be my first visit there! But the pictures I’ve seen are lovely.)
This three-day event is well worth your time if you are an educator at any level (high school, college, professional) and you instruct individuals who are seeking CompTIA certifications. As a peer-to-peer networking resource, it’s beyond compare. You also get to rub elbows with some great folks – ehem – ME! Also, you don’t have to be a CompTIA Academy educator to attend. However, the sessions are designed to benefit Academy Partners. If your organization is not an Academy Partner, visit this site to learn how (and why) to become one: http://partners.comptia.org/Academy-Partner.aspx.
With the recent release of a new Security+ exam and the new CASP and Network+ exams due to be released in the coming months, it’s a great idea to attend this conference just to stay on top of things. My presentation on Friday will cover the new Security+ exam, the CASP exam, some techniques for covering the new performance-based items in your classroom. I will also share some information about braindumps/piracy and why you should never use this type of content in your classroom. You can see the full schedule here: http://www2.comptia.org/events/events/academy-educator-conference/agenda.aspx
For all conference related information, including the agenda, registration information, exhibitor information, and hotel information, visit the CompTIA Academy Educator Conference page. If you register before July 31st, you pay $199 instead of $399 at the event. Believe me when I say that this will be the best $199 you will spend.
I would LOVE to see you there!
Tags: CompTIA, Performance-Based Testing, Security+, study tips, sy0-401
In my previous post, I covered the overall changes from SY0-301 to SY0-401. I described how the exam is moving from “tell” to “show and tell,” with more emphasis on applying your knowledge to scenarios than simply answering fact-based questions.
In this post I’ll delve into the first three domains and draw out the topic-level changes that may affect your study plan, especially if approaching your three-year renewal in Security+.
(In my final post, I’ll cover domains 4 through 6 and the list of acronyms.)
Domain 1: Network Security Changes
Domain 1.1 now states “Implement security configuration parameters on network devices and other technologies,” where this SY0-301 domain only asked you to explain each security function and its purpose. In addition, all-in-one security appliances are now referred to as UTM security appliances. These are now listed as including URL filters, content inspection, and malware inspection.
Domain 1.2 now states “Given a scenario, use secure network administration principles” where this SY0-301 domain focused on applying and implementing these principles. This particular change means that all questions now written for this domain will include scenarios.
Domain 1.3 now states “Explain network design elements and components” where they SY0-301 domain was only about distinguishing and differentiating between these components. The Cloud computing topic within this domain now has four new subtopics: Private, Public, Hybrid, and Community.
Domain 1.4 now states “Given a scenario, implement common protocols and services” where this SY0-301 domain was only about implementing common protocols. This particular change means that all questions now written for this domain will include scenarios. New protocols added to this domain include: iSCSI, Fibre Channel, FCoE, FTP, SFTP, TFTP, TELNET, HTTP, and NetBIOS. (Most of these were listed in Domain 1.5 in SY0-301 and were moved to this domain.) Also, this domain now includes a listing of port numbers that you should definitely know: 21, 22, 25, 53, 80, 110, 139, 143, 443, and 3389.
Domain 1.5 now states “Given a scenario, troubleshoot security issues related to wireless networking” where this SY0-301 domain was actually domain 1.6, where it read “Implement wireless network in a secure manner.” Once again, this domain change means that all questions now written for this domain will include scenarios. In addition, there are four new topics for this domain:
All of the new topics added to this domain are:
- Application-aware devices (1.1)
- Unified threat management (1.2)
- Layered security / Defense in depth (1.3)
- OSI relevance (1.4)
- Captive portals (1.5)
- Antenna types (1.5)
- Site surveys (1.5)
- VPN (over open wireless) (1.5)
Domain 2: Compliance and Operational Security Changes
There were so many new topics added in this domain that I have chosen to list them in the domain description (to prevent slow death by bulleted list).
Domain 2.1 now states “Explain the importance of risk-related concepts” instead of just defining the concepts, as in SY0-301. The topics that have been added to this domain are: False negatives, SLE, ARO, MTTR, MTTF, MTBF, Vulnerabilities, Threat vectors, Probability / threat likelihood, Recovery time objective, and recovery point objective.
Domain 2.2 is a new objective: “Summarize the security implications of integrating systems and data with third parties.” The topics included in this domain are as follows:
- On-boarding/off-boarding business partners
- Social media networks and/or applications
- Interoperability agreements
- Privacy considerations
- Risk awareness
- Unauthorized data sharing
- Data ownership
- Data backups
- Follow security policy and procedures
- Review agreement requirements to verify compliance and performance standards
Domain 2.3 now states “Given a scenario, implement appropriate risk mitigation strategies” instead of just carrying out these strategies as in SY0-301. One new topic was added to this domain: Enforce technology controls, including Data Loss Prevention (DLP).
Domain 2.4 is technically a new domain, but it was actually listed as a topic under Domain 2.4 in SY0-301. It states “Given a scenario, implement basic forensic procedures.” This is another domain that will include only scenario-based questions. Only one new topic is listed here: Big data analysis.
Domain 2.5 now states “Summarize common incident response procedures” where this SY0-301 domain was about executing the appropriate incident response procedures. All but one of this topics in this domain are new:
- Incident identification
- Escalation and notification
- Mitigation steps
- Lessons learned
- Recovery/reconstitution procedures
- First responder
- Incident isolation
- Device removal
- Data breach
Domain 2.6 is the same as Domain 2.4 in SY0-301. Topics that were added to this domain include: Role-based training, Information classification levels (High, Medium, Low, Confidential, Private, and Public), and Follow up and gather training metrics to validate compliance and security posture.
Domain 2.7 states “Compare and contrast physical security and environmental controls” and pulls some topics from SY0-301 Domain 2.6 Explain the impact and proper use of environmental controls. New topics to this domain include the following:
- Physical security
- Hardware locks
- Video Surveillance
- Proximity readers
- Access list
- Proper lighting
- Protected distribution (cabling)
- Motion detection
- Control types
Domain 2.8 is completely new and states “Summarize risk management best practices.” However, most of the topics in it are repeated from SY0-301 Domains 2.5 and 2.7. The NEW topics in this domain are as follows:
- Risk assessment
- IT contingency planning
- High availability
- Tabletop exercises
Domain 2.9 is completely new, and states “Given a scenario, select the appropriate control to meet the goals of security.” This domain, like many others, will only include scenario-based questions. The topics covered in this domain are as follows:
- Access controls
- Digital signatures
- Fault tolerance
- Escape plans
- Escape routes
- Testing controls
Domain 3: Threats and Vulnerabilities Changes
Domain 3.1 now states “Explain types of malware” where this SY0-301 domain asked you to analyze and differentiate malware. The new topics here are ransomware, polymorphic malware, and armored viruses.
Domain 3.2 now states “Summarize various types of attacks” where this SY0-301 domain was about analyzing and differentiating the attacks. Three new attack types were added to this domain: Password attacks (Brute force, Dictionary attacks, Hybrid, Birthday attacks, and Rainbow tables), typo squatting/URL hijacking, and watering hole attacks.
Domain 3.3 now states “Summarize social engineering attacks and the associated effectiveness with each attack” where this SY0-301 domain was about analyzing and differentiating these attacks. One new topic, Principles (reasons for effectiveness), was added with several subtopics: Authority, Intimidation, Consensus/Social proof, Scarcity, Urgency, Familiarity/liking, and Trust.
Domain 3.4 now states “Explain types of wireless attacks” where this SY0-301 domain was about analyzing and differentiating the attacks. Four new topics have been added to this domain: Near field communication, Replay attacks, WEP/WPA attacks, and WPS attacks.
Domain 3.5 now states “Explain types of application attacks” where this SY0-301 domain was about analyzing and differentiating the attacks. Four new topics have been added to this domain: Integer overflow, LSO (Locally Shared Objects), Flash Cookies, and Arbitrary code execution / remote code execution.
Domain 3.6 now states “Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.” The major change to this domain is that is uses the word scenario, which implies that all questions on this topic will now be scenarios. There are no new topics in this domain.
Domain 3.7 now states “Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities” where this Sy0-301 domain was about implementing these tools. Once again, scenarios are specifically mentioned as being the question type for this domain. Two new tools are listed in this domain: Passive vs. active tools and Banner grabbing.
Domain 3.8 now states “Explain the proper use of penetration testing versus vulnerability scanning.” Three vulnerability scanning topics have been added to this domain: Intrusive vs. non-intrusive, Credentialed vs. non-credentialed, and False positive.
Stay tuned next week, when I’ll finish out my summary of changes in Domains 4, 5, and 6!
Until next time!
Tags: CompTIA, Performance-Based Testing, Security+, study tips
Has it been three years already? It seems like just last week I was talking about SY0-301, and now here I am trying to catch my breath after pushing the 2014 Security+ exam, SY0-401, over the finish line and into our practice test lineup. (But really, I am just glad to finally get to write about something other than project management.) As usual, the new Security+ exam will include many of the same topics as the previous version. In this post I’ll focus on the overall differences between SY0-301 and SY0-401. In the next two posts (get excited!) I’ll take a closer look at changes within the examination blueprint, which can be downloaded here from CompTIA. (Note: the download requires you to provide personal information.)
Topics and weightings
At first glance, it may seem that very little has changed. The six domains are the same apart from some shifts in weighting (the percentage of the test devoted to that topic):
1.0 Network Security 20% (21% in SY0-301) 2.0 Compliance and Operational Security 18% (no change) 3.0 Threats and Vulnerabilities 20% (21% in SY0-301) 4.0 Application, Data and Host Security 15% (16% in SY0-301) 5.0 Access Control and Identity Management 15% (13% in SY0-301) 6.0 Cryptography 12% (11% in SY0-301)
As you can see from these numbers, this new distribution will probably only mean one or two questions more for Domains 5 and 6. But it’s more important to note that within each domain, there are many topic-level changes that will affect your study plan. Within these domains CompTIA has added several new topics which were not tested in 301. These new topics include application-aware devices, unified threat management, defense-in-depth, OS hardening, white-listing versus black-listing, and many others that I’ll cover in the next two posts. There are three new sub-domains distributed among Domains 2 and 4. These new sub-domains add topic coverage on mobile security, mitigating security risks in a static environment, and implementing basic forensic procedures. That last sub-domain leads neatly into my next topic: you can expect increased difficulty and more applied concept questions on the new Security+ exam, in comparison to the older style of asking straight knowledge-based questions.
Stop, Drop, & Scenario!
While many of the sub-domains cover the same list of topics, CompTIA has changed many of the keywords from “understand” and “explain” to “implement” and “troubleshoot.” Several also show the addition of one important phrase: “given a scenario.” Because this phrasing was added to so many domains, I feel I should take a little time to explain the distinction. As many of you know, the Security+ exam has been considered a mostly knowledge-based exam that includes mostly knowledge-based questions. Scenario questions are the next logical step up from knowledge-based questions. They expect you to take those tidbits of knowledge that you have memorized, remember them, and then apply them in the scenario to come up with the correct answer. Let me give you an example. First, look at a sample knowledge-based question from our practice test:
Which of the following is a default port used by FTP? a. 20 b. 53 c. 80 d. 443
Now look at another example, which turns this same question into a scenario:
Your company has recently implemented a new firewall. Users start complaining that they are unable to access resources on your company’s FTP server. What should you do? a. Open ports 20 and 21 on the new firewall. b. Open port 53 on the new firewall. c. Open port 80 on the new firewall. d. Open port 443 on the FTP server.
As you can see from my examples, you still need the same basic knowledge to answer both of these questions. So REALLY, answering these two questions is the same level of difficulty, but by adding the scenario you are ensuring that the student understands how the knowledge applies in a real-world situation. Instead of remembering which port belongs with FTP, the student also has to identify the location where the ports should be configured. I could also increase the difficulty of the scenario question by including more invalid options. We have released our SY0-401 practice test, a feat we are especially proud of because we are the first product to market. Please visit the product page for more information!
The next post will dive into the topic-level changes in Network Security (Domain 1), Compliance and Operational Security (Domain 2), and Threats and Vulnerabilities (Domain 3).
I’ll cover the other three domains in the final post in this series.
Until next time! –Robin
Tags: CompTIA, Performance-Based Testing
Our very own Robin Abernathy will be talking all about performance-based testing, CEUs, and security certifications on Thursday, January 30th at 4pm ET in a webinar hosted by CompTIA. This event is the first of what will be a Professional Development series of webinars hosted by CompTIA and starring some of our favorite industry experts.
Register here to join in the fun! Note that although the description says ‘For Academy Partners,’ this webinar is open to anyone who creates a login ID.
To see the lineup of upcoming events, or to meet some of these experts in person at the next CompTIA Academy Educator Conference this August in Phoenix, AZ, visit: CompTIA Events
Tags: CompTIA, Performance-Based Testing
Our in-house CompTIA product developer, Robin Abernathy, was among the experts interviewed in a recent article published on CompTIA’s IT Careers Blog.
The article, How to Prepare for Performance-Based Questions, brought together a variety of tips and opinions from experts across various training and IT industries. Having all taken exams with performance-based test items, we can attest that they present a solid challenge to the test-taker and eliminate some of the rote memorization.
Robin also summarized a lot of excellent information in our previous blog posts:
Tags: a+, CompTIA, network+, PBT, Performance-Based Testing, Security+
With the release of CompTIA’s new A+ series, 220-801 and 220-802, many of you will finally get your first look at CompTIA’s performance-based questions. The performance-based questions were actually first released by CompTIA in their CompTIA Advanced Security Practitioner (CASP) exam, but the CASP has a more limited audience than CompTIA’s A+, Network+, and Security+ exams.
Several members of our Content Development team have seen the CASP, the new A+ and Network+ performance-based questions, and we all feel that CompTIA is headed in the right direction with these item types. While we can’t share any details ourselves, CompTIA has released information over the past few weeks that will hopefully answer some of your questions. Here are a few resources I would recommend:
- I found a lot of information in the blog post titled “What Is a Performance-Based Question?” I suggest you read the blog post and watch the accompanying video.
- CompTIA also published another blog entry, titled Rigor of New CompTIA A+ 800 Series Exams Reflects Change in Entry-Level IT Roles, explaining the rationale behind the changed format and objectives.
- Pearson IT Certification announced that it will have a FREE Webcast about the new A+ 800-series exams on December 13, 2012. For more information, go to http://promos.pearsonitcertification.com/acton/fs/blocks/showLandingPage/a/1811/p/p-0058/t/page/fm/19. This Webcast looks especially suited for instructors, as it covers what’s new, improved, and different!
Did you notice CompTIA has increased the recommended hours of hands-on field experience to one year, up from the previously recommended six months? Those of us who have already taken the exam perceived a small but definite increase in difficulty. Again, with those performance-based items, you can either perform a task or you can’t. Hands-on experience is key. If the question simulates an action you do every day at work, then you’re probably going to find it a breeze. If it tests a concept you’ve only read about in books or studied in the abstract, it may take you a little longer to puzzle out the solution.
As I already mentioned, the new A+ and Network+ exams include performance-based questions. CompTIA will integrate performance-based questions into the Security+ exam in January.
So it looks like the move is permanent, folks! Embrace it! And know that what CompTIA has released is just the tip of the iceberg. Does anyone remember Microsoft’s 83-640 exam? I think that was a glimpse of where performance-based testing should really go.
Tags: casp, CompTIA, network+, Performance-Based Testing, Security+
As many of you may know, CompTIA introduced performance-based questions on the CompTIA Advanced Security Practitioner (CASP) certification exam. These questions have really added to the difficulty of the exam. The new A+ series (220-801 and 220-802), to be released in October 2012, will also include this item type. We were told that CompTIA was looking into expanding some of their other certifications to include this item type, but we weren’t told when the changes would occur other than “fourth quarter of 2012.”
Finally, CompTIA has released some concrete details about upcoming changes to the Network+ and Security+ certification exams. And the news? Both of these certifications will be adding performance-based questions in as soon as one month!
Network+ candidates: How the product changes affect you
For Network+, the last day to take this exam WITHOUT performance-based items is November 3, 2012. Starting on November 4, 2012, all Pearson VUE-delivered Network+ exams will include this item type.
CompTIA is encouraging individuals who are already studying for Network+ to take the current exam before the performance–based questions become incorporated. As part of this initiative, CompTIA will allow you to purchase a Network+ exam voucher by November 3 and save 15%. Purchase a Network+ Exam Voucher Now if you plan on taking the exam by November 3rd. Once you buy the voucher, you’ll have between ten and twelve months from the date of purchase to redeem it for a test. After November 3, these exam vouchers revert to full price.
Security+ candidates: How the product changes affect you
For Security+, the last day to take the exam WITHOUT performance-based items is December 31, 2012. Starting on January 5, 2013, all Pearson VUE-delivered Security+ exams will include this item type.
As with Network+, CompTIA is encouraging individuals already studying for Security+ to take the current exam before performance–based question become incorporated. Purchase a Security+ exam voucher by December 31, 2012 and save 15%. Purchase Security+ Exam Voucher Now if you plan on taking the exam by December 31st. The voucher is valid for ten to twelve months from the date of purchase. On January 1, 2013, these exam vouchers revert to full price.
In addition, CompTIA has created a great video all about the CompTIA testing experience that includes information about the PBT item type. The item type discussion section starts at around the 5-minute mark, but I would suggest watching the whole video, because it contains some great information.
Transcender customers: how the product changes affect you
As far as the Transcender products go, we will definitely be adding performance-based items to our current practice tests. But keep in mind that we do NOT get an advance viewing of these items — so we cannot see what these items entail until November 3rd for Network+ and January 5th for Security+. Once we see how CompTIA handles the performance-based aspect, we will put together a plan for revising our practice products so that they’ll best prepare you for the actual exam. We anticipate that we’ll be adding our own performance-based items approximately 6-8 weeks after the CompTIA exams release.
Any Transcender customers who have an active practice test license at the time we release the product update will be able to update their purchase to the new version at NO additional cost. (What a great value add!)
Feel free to contact us with any questions you may have, and happy testing!
Tags: casp, CompTIA, Performance-Based Testing
At the CompTIA Academy Educator Conference in Las Vegas, I made a presentation to help educators better understand the CompTIA Advanced Security Practitioner (CASP) exam. I received such awesome feedback that I decided to write a blog post based on the presentation. I will explain the CASP exam to you, where the exam fits in the certification world, and how you should prepare to take it or prepare your students to take it.
What the CASP Certification is
First, here are some key numbers for you. In CompTIA’s 8th Annual Information Security Trends study, 76% of those responding indicated that their IT staff probably or definitely need more vendor-neutral security training. 81% of those responding indicated that they would give more recognition and financial rewards to the IT staff members who complete a security certification. Based on the findings in the 8th Annual Information Security Trends and other studies, CompTIA decided that:
- An advanced-level security exam would be good to pursue.
- The exam should be performance-based.
- The exam should fit into other vendors’ certification(s) as an elective.
- The exam should concentrate on new technologies that demand a concentration in security aspects, such as IPv6, VoIP, and SaaS.
- Acceptance of the exam would depend on the U. S. government’s acceptance of the new certification and its applicability to Department of Defense Directive (DoDD) 8570. According to CompTIA’s IT and CyberSecurity white paper, “Those seeking compliance with IA Technical Level III and IA Management Level II of U.S. DoD Directive 8570.01-M. (CASP is proposed to the 8570 Directive for these workforce categories.)”
The result was the CASP, the first certification in the Master Series of certifications released by CompTIA. The CASP exam will certify that the successful candidate has the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments.
The CAS-001 exam is available at Pearson Vue testing centers, and is currently available in English only.
How the CASP exam is structured
The CASP exam is a single exam that consists of multiple-choice, scenario-based, and performance-based questions. For the performance-based items, the CASP candidate is given a scenario/problem and prompted to push a button to launch a simulated environment that is created via software.
The candidate has 150 minutes to complete 80 questions. Upon completion, the candidate is given a Pass/Fail score. No numerical score is given. The domain distribution for the CASP exam is as follows:
Enterprise Security – 40%
Risk Management, Policy/Procedure, and Legal – 24%
Research and Analysis – 14%
Integration of Computing, Communications, and Business Disciplines – 22%
Where the CASP fits among security certifications
CompTIA has created a great graphic (shown below) that shows the CASP certification sitting between CompTIA’s Security+ certification and (ISC)2’s CISSP certification.
The way that CASP requires you to put real-world applications into abstract concepts elevates it above the Security+. The CASP exam expects candidates to take the core security concepts introduced in the Security+ exam and apply them to work situations. For example:
- In Security+, you should know the ports used by the HTTP and HTTPS protocols.
- In CASP, you should know the same ports, but you will have to apply them in a router or firewall configuration. This will include opening and closing the appropriate ports via rules or ACLs and ensuring that the rules are in the correct order.
- In Security+, you should know when you would need to deploy a firewall.
- In CASP, you should know when to deploy a firewall, but you would also need to deploy it in the appropriate location and know where to deploy any other devices/servers located in the DMZ/perimeter network.
After taking the CASP exam, I will agree that it’s harder than the Security+, but I feel it is equally as difficult as the CISSP exam. The CISSP exam is difficult in the breadth of knowledge that a test candidate must possess, but in the end, it is still just a standard multiple-choice, knowledge-based exam. Including performance-based items in the CASP takes this exam to the next level, even surpassing the CISSP exam when it comes to difficulty (in my opinion).
So while I accept CompTIA’s graphic and its placement of the CASP in the security certification world, I also feel that time will be kind to the CASP exam as it becomes more widely understood and accepted in the industry.
How to Prepare for the CASP Certification
Practical experience is needed for this exam, including:
- Experience configuring ACLs/rule lists for router, firewalls, and so on.
- Experience deploying hardware in a network. Specifically, you’ll need to understand WHERE hardware is deployed in a given network diagram based on requirements.
- The ability to recognize when devices are under attack by viewing logs, including understanding what type of attack is occurring, the identity of the attacker, how to protect against the attack, and where to deploy the protection.
- The ability to verify file security from a given hash value.
You can view a few multiple-choice practice questions on the CompTIA web site here: http://certification.comptia.org/Training/testingcenters/samplequestions/CASP-Practice-Questions.aspx
We at Transcender have created a wonderful product in our Cert-CAS-001 practice test. Our practice test includes simulation items that will better prepare you for the performance-based items on the live exam. At the time of this post, no other practice test provider includes these types of items in their CASP product.
Also, Sybex has released a great study resource: the CASP CompTIA Advanced Security Practitioner Study Guide by Michael Gregg and Billy Haines, which I reviewed in a previous blog post. It is a great place to get started, even if you’re still accumulating those five years of hands-on technical security experience recommended as a prerequisite by CompTIA.
I hope this helps you to take the next step in your career and pursue the CASP certification. If you have any CASP-related questions, feel free to drop me a line!
Tags: exam tips, Performance-Based Testing, Study hints, test-taking tips
If you’ve taken a Microsoft test in the past, you’ve experienced the Single Answer Multiple Choice and Multiple Answer Multiple Choice questions. While this is a tried and true psychometric technique, a multiple choice question does not always fully test a candidate on his or her knowledge of the material. You may remember that a few years ago Microsoft launched performance-based testing (PBT) segments with their multiple choice questions. The 83-640 exam included a series of tasks that tested candidates’ abilities in a virtual environment. Although this exam and item type have since retired, most of us that had the chance to experience this item at a test center agreed it was the ultimate test of a candidate’s skill. And I, for one, very much doubt we’ve seen the end of the PBT item.
With a similar goal in mind, by which the certification exam truly separates the experienced IT professional from the pack, Microsoft has added several new item types to exams over the last few months. Well, I say new, but some of these item types are more like “vintage” and you just may have not seen them in a while. You can view the entire list here:
Active Screen – These questions are good at testing candidates’ knowledge because you see an actual screen. The downside is the candidate does not need to know where to go in the software to access the screen, the task is limited to the screen that’s provided.
Build List and Reorder – This is one you may recognize if you’ve taken Microsoft exams for as long as I have. This question type is used to test whether a candidate knows which steps are needed to perform a task and the order in which they should be performed.
Case Studies – Case studies allow a candidate to be tested based on different real-life business scenarios. Microsoft used case studies for the Windows 2000 Server and some Windows Server 2003 exams. If you do not have a high level of reading comprehension, you will find case studies to be time consuming. Several testing candidates who did not read rapidly enough struggled and ran out of time with this question type. Microsoft has addressed this issue by no longer timing each case study separately from the rest of the exam questions. While time management is still important, you get one clock for the whole exam, allowing you to spend a bit more time reading through the case study.
Create-a-tree – Similar to the Build List and Reorder question type, these questions test your knowledge on structures and organization. This question type first appeared in the NT 3.5 and NT 4.0 tests.
Drag and Drop – This is a basic matching question. This question type allows a candidate to be tested on multiple concepts. It also appears on exams from other vendors, such as CompTIA and Novell.
Hot Area – This question is similar to an Active Screen question. You have to click one or more places within a graphic to satisfy the question requirements.
Multiple choice – You have seen this question type zillions of times. I believe it was invented in 1,000,000 BC. This item type presents a scenario, a question, and a minimum of four answer options. A prompt within the item stem (or sometimes at the end of the question) will indicate the number of possible correct answers.
Repeated answer choices – These questions (which we called “extended matching” in our previous post, Multiple options beyond multiple choice) are presented in a series. Each question in the series has the exact same answer options. Each question is worded slightly differently, so the answer could be different for each question — or it could be the same correct answer across the questions in the series.
Simulations – These type of questions actually first appeared in Microsoft Vista exams. This question type does a good job of testing the candidate’s knowledge of navigating to the problem and choosing the correct answer. This type of question is better than an Active Screen or Hot Area because the candidate has to navigate the software or OS to find the screen or page that contains the correct choice, and is thus tested on his or her hands-on knowledge. If you do not know how to get to the right set of options, you will not be able to answer the question. The limitation to this type of question is that there may be more than one way to solve a problem. A simulation question may want you to fix a problem with a GUI tool, even though you could correctly solve the task with a PowerShell cmdlet or by running a command from the command prompt.
Short answer code – This type of question will force a candidate to actually type the correct answer into a text box or blank line. This type of question will test your knowledge of the correct code use, the proper order of the code and syntax of the code. We haven’t actually encountered this item type in the wild yet, but we’re keeping our eyes peeled.
Best answer – These type of questions appeared in the original NT 3.5 exams. It is a standard multiple choice question that may have one or more correct answers — you have to pick the BEST answer. People complained back in the day on the NT 3.5 exams as to what constitutes the BEST answer. I believe the debate will continue if Microsoft revives this item type on tests.
If you are planning to take a Microsoft exam in the near future, you may see several of the above question types – or none of them. If you have an issue with any of the types of questions on your Microsoft exam, please let Microsoft know in the comments section at the end of your exam. Also, if you liked a particular item type on an exam, please take a few seconds to let Microsoft know. And as always, we welcome any questions or comments you might have, and will do our best to reply or point you in the right direction.
Tags: casp, CompTIA, Performance-Based Testing
As many of you know, there is quite a bit of buzz over CompTIA’s Advanced Security Practitioner (CASP) exam. Last year, CompTIA launched the CASP exam as the next level in its security-related certification products. For years, IT professionals have looked to CompTIA to provide vendor-neutral certifications, the most popular of which are the A+, Network+, and Security+ certifications. But the CASP exam takes CompTIA’s offerings to the next level.
Last month, I finally had a chance to take the CASP exam. I knew going into the exam that I would see what CompTIA has called performance-based testing (PBT) items. Well, I wasn’t disappointed, as my first question on the exam was a PBT item. Overall, I thought these item types had the appropriate level of complexity and covered a wide-range of topics. So what did they look like? For the most part, they were drag-and-drop items that involved matching things up or placing items in the right location. There were others that required particular actions to be taken at a command prompt or at the server level. The only specifics I can share about these items, without violating the Non-Disclosure Agreement (NDA), is that PBT items take the WHAT from your usual multiple choice items and place the focus on the HOW or the WHERE.
For example, consider SubObjective 1.5 from the CASP Exam Guide: Distinguish among security controls for hosts. A bullet point in this SubObjective is Host hardening, which includes the Standard operating environment, Security/group policy implementation, Command shell restrictions, Warning banners, and Restricted interfaces. A possible PBT question that would fit into this SubObjective is a graphically presented task where you enable and configure the appropriate group policies for password length, password age, and password lockout.
In addition to the PBT items, the exam still includes the old stand-by multiple-choice questions. These, however, were a bit more expansive than the typical questions included in the A+, Network+, or Security+ exams. I often found myself reading and re-reading the options while trying to eliminate incorrect answers. I can remember thinking that this exam seemed much harder than the CISSP exam, not because of its length, but because of its depth. It takes those tidbits of security knowledge that all security professionals must know and expects you to APPLY them. For example, you not only need to know the different types of hacker attacks, you should know HOW to recognize the attacks which are occurring, WHAT tools to deploy to protect against those attacks, HOW to deploy them, and WHERE they should be deployed.
You can expect between 70-80 questions total, including the PBT questions. When I was done with the exam I was a little nervous, because truthfully, I felt it could have gone either way. I made an audible sigh of relief when I learned I had passed; to say that I was happy would be putting it mildly! I can’t give you my score, because CompTIA doesn’t give you one – this exam is just graded as PASS or FAIL. (But you know, maybe I didn’t really want to see that score anyway!)
So what can you do to prepare for the CASP? After you go over the exam objectives on the CompTIA Web site, I would start with CASP CompTIA Advanced Security Practitioner Study Guide by Michael Gregg and Billy Haines recently published by Sybex (an imprint of Wiley). Look for my comprehensive review of this guide in April. Next, take some time to research the day-to-day tasks of the security professional. I can assure you: if you don’t have any experience in security-related tasks, you should not take this exam until you have had some time to expose yourself to these tasks.
With that said, I can tell you that I am working diligently to create Transcender’s practice test for the CASP exam. And we will be including some interactive items that simulate what you will see in the live exam. My experience in taking this exam and working on our practice test so soon afterward can only help you, so keep an eye out for our announcement regarding our CASP practice test, which should come in May….and in the meantime, start prepping today!