Tags: 70-410, free stuff, resource review, study checklist, study resources, study tips
Editor’s note: today’s guest post was written by IT instructor Scott Winger. Scott is a computing technologist at the University of Wisconsin in Madison and a technical editor for VMware Press. He also teaches continuing education classes in IT for Madison College.
You did the labs, looked at countless flash cards, and sat almost two dozen mock exams. You read: tons. You paid your hundred and fifty bucks. Now you’ve just clicked End Exam on the real deal, the Microsoft 70-410: Installing and Configuring Windows Server 2012 exam.
So, in the second or two that Microsoft takes to grade your work, there’s a moment of confidence and pride because you know you nailed it. And then the confirmation appears: “Congratulations! You’ve passed.”
The above was my experience.
But how will you achieve that End-Exam moment of confidence and pride?
What do you need to buy?
What are the steps?
This set of posts, “Passing the Microsoft 70-410 exam,” will help you answer those questions. I’ll provide closely focused examples from each of the official objective areas to help you know, how, where, when, and on what to focus your three required types of effort: lab work, research, and drilling.
What to Buy
The serious student who lacks reasonable access to a server will need to pay for labs, textbooks, or even training at some point. However, the good news is that there are many professional-level resources available for free.
For the price of a simple login, the Microsoft Virtual Academy allows you to customize a course of targeted videos and some basic self-assessment materials. The following link will deliver over 20 mini-courses for you to explore:
On the TechNet Video channel, you can access a series of screencasts and technologies geared for IT pros:
These overviews can be a great way to gain confidence in the material. However, for serious study and practice assessment, you’ll probably want to investigate the following resources, all of which I can recommend from personal use.
Craig Zacker wrote the Microsoft Official Academic Curriculum, Installing and Configuring Server 2012 R2. This course is available as both a textbook and a lab manual, and they are superbly constructed. And, not only did Craig team up with Microsoft’s Server 2012 team to write this book, but if you don’t have access to a machine with at least 12GB of RAM and an i5 class or better processor, you can buy a MOAC edition that comes with the Microsoft Official Academic Curriculum Labs Online space, which provides all the horsepower you’ll need for doing the labs.
(Note: the “Server 1” course I taught at my local Technical College came right out of Craig’s book. So check out the course catalog of your nearest Technical or Community College. You may be surprised how pertinent, affordable, and enriching these institutions can be.)
The next vital acquisition is one of the Server 2012 R2 tomes, which are designed to cover every role and feature and provide the valuable insights of their highly qualified authors. I used Mark Minasi’s Mastering Windows Server 2012 R2, and found it to be excellent.
When you’re ready to test your knowledge, Transcender.com’s 70-410 Exam Engine is not an option: it’s essential. The only question is when to buy it. (Read on for my recommendations for timing your purchase.) However, at this early stage, it’s worth joining the Transcender Club (a free login) so that you’ll be notified of any flash sales and possibly score yourself a discount.
Finally, of course, you’ll have to register and pay for the exam. Microsoft frequently rolls out a Second Shot program, which allows a free exam retake in case you don’t pass the first time. It’s worth checking their Special Offers page on a regular basis while you’re still in learning mode. And as of this writing, I see you can download a free e-book by Mitch Tulloch, Introducing Windows Server 2012 RTM Edition (PDF, Mobi, EPub).
That’s it. Buy the above things at the right times as described below, and work with them as they were designed to be used, and you can pass the difficult 70-410 with confidence.
What to Do (and when to do it)
To get started, buy Craig’s book and lab manual. And if you don’t have access to the computing power you’ll need, buy them with the online lab space. And buy one of the Server 2012 tomes.
Next, spend about a hundred hours reading Craig’s book cover to cover, doing the labs as you go. (If you didn’t purchase the edition with online labs, refer to the free Microsoft Virtual Academy and TechNet video training.) During this lab/research phase, you should supplement your reading with TechNet’s Server 2012 collection and by skimming the related sections in your tome.
There are also quite a few excellent resources on the web. Microsoft’s TechNet Library should live in your bookmarks bar. (See http://technet.microsoft.com/en-us/library/hh801901.aspx )
When you’ve finished the research/lab phase, it’ll be time to buy the Transcender 70-410 test engine and drill with the flash cards and the mock exams. Your goal in this phase is to score in the mid-80 percentages each day for the entire week leading up to your exam. Remember, to be eligible for Transcender’s Pass Guarantee, you’ll need to take your exam within six months of the purchase date. (Also remember that if you buy the Exam Voucher with your test engine, that cost is not covered by the guarantee.)
In my next post I’ll describe how you can create a personalized Server 2012 study guide while doing your labs, research, flash cards, and mock exams. I’ll also focus in on questions from each of the 70-410 objective areas.
If you’ve got comments, I’d like to hear them.
Thanks in advance and good luck.
Tags: resource review, SQL Server 2012, study resources, study tips
I am always trying to gain more knowledge that will advance my career. However, I’m finding that keeping up with the leading edge of technology can be a bit pricey. I don’t want to find myself looking for loose change in parking lots or scuba diving at night for quarters in the wishing fountain at the mall to pay for training and materials on SQL Server 2012. Thankfully, Microsoft offers a lot of FREE resources to help you learn SQL Server 2012.
I highly recommend the SQL Server 2012 virtual labs (http://www.microsoft.com/sqlserver/en/us/learning-center/virtual-labs.aspx). At the time of this post, there are 19 labs that are between 45 and 90 minutes each. They cover such topics as AlwaysOn Availability Groups and Upgrading to SQL Server 2012. Bang-for-the-buck-wise, this is the best way to gain experience with SQL Server 2012. With these virtual labs, you don’t have to invest money in SQL Server 2012 licenses or buy additional hardware to set up a multi-server configuration to prepare for certification; you just need a highspeed Internet connection and Internet Explorer. The labs consist of virtual machines running SQL Server 2012 with accompanying lab text in a sidebar. Not every feature of SQL Server 2012 is enabled in the VM, but there are enough features to play around with and get a feel for the controls.
The labs have step-by-step instructions. I actually recommend that you ignore them the first time around. The beauty of these VMs is that you do not have to perform the lab by the directions. You can use the lab to experiment with the software and test different features.
Free Books Online
The SQL Server 2012 Books Online resource contains everything that you wanted to know about SQL Server 2012 but were too clueless to ask. You can access it on the web at http://msdn.microsoft.com/en-us/library/ms130214.aspx. If you are in a firewall or proxy-restricted environment, you can download the information directly from http://www.microsoft.com/en-us/download/confirmation.aspx?id=347. The downloaded version is nice to have on your mobile device if you’re stuck in an airport with no Internet connection and the airline can’t locate the plane that is supposed to take you home…totally hypothetical situation of course.
Microsoft Books Online allows you to search on any topic. The search results are pulled from TechNet and other authoritative sources.
The information is FREE and is generally used by technical writers to put together materials for SQL Server.
Microsoft Prep Guides
These are the classic pre-certification resource: the objectives and sub-objectives that you must master to pass the test. For example, the prep guide for the 70-462 exam, Administering Microsoft SQL Server 2012 Databases, can be located at http://www.microsoft.com/learning/en/us/exam.aspx?id=70-462. Here’s a tip: you can change the last number in the URL to match, your specific Microsoft exam to find the prep guide for that exam.
The prep guide pages have four tabs: Overview, Skills Measured, Preparation Materials and Community. The Overview tab describes the audience profile for the exam and any certifications associated with the exam. The Skills Measured tab lists tasks that you must master to be successful on the exam. The tasks are broken down by objective and each objective’s weighting percentage for the exam. The Preparation Materials tab displays the officially Microsoft sanctioned training materials. By now you might be reading along and saying, “Gee, George, I already checked there, and it was a dead end!” I feel your pain. Generally, there is not a lot of preparation information listed for a relatively new exam, and what is listed usually isn’t free. So I encourage you to check out the Community tab which has links to newsgroups that can give you a better perspective on training and possible offer some reviews on just-released instructional materials, so I find them a better resource for new technologies.
The Skills Measured tab lists the tasks Microsoft recommends that you know for the exam. I would suggest that you don’t limit your knowledge or experience to the items on this list. In my recent experience with Microsoft exams, the Skills Measured tab contains about 95% of what you will be asked on the exam. The other 5% will be the kinds of questions you can only answer from experience (which is where the virtual labs come in handy). Remember, Microsoft is moving away from the standard fact-based multiple choice question types, and weighing their exams more heavily toward question types that emphasize hands-on knowledge — such as Build List and Reorder, Extended Matching, and Case Studies. This is why you need to have a lot of practical knowledge of SQL Server 2012 to pass the exam.
Despite what is listed, there probably is a Transcender practice test available or SOON TO BE AVAILABLE for most of these exams. Check the Transcender web site regularly over the next few months for the availability of the practice test.
Free e-book: Introducing Microsoft SQL Server 2012
You should definitely obtain the free e-book on Microsoft SQL Server 2012. This e-book is an overview of SQL Server 2012 and will introduce you to some new features in SQL Server 2012. You can download the e-book from the link for the 70-462 Microsoft Prep Guide, http://www.microsoft.com/learning/en/us/exam.aspx?id=70-462#tab2.
Again, this is where those virtual labs come in handy. I guarantee that the certification exam will expect you to be familiar with the functionality changes between previous versions of SQL Server and SQL Server 2012. Go through the e-book chapter by chapter, and use the virtual lab to poke around every new feature introduced in the book.
To successfully pass a Microsoft exam and not spend a dime on additional training is possible, and I have done it, but you have to dedicate some time to it. You should go through each task in the prep guide for the exam. Learn all you can by searching for the task in the books online, and then perform the task in the virtual labs. This will enable you to update your existing knowledge of administering older versions of SQL Server and translate those concepts into 2012.
It is not hard or expensive to learn SQL Server 2012, but it is time consuming. Block out some time in your schedule and use the free resources that are available to master the skills required to gain your SQL Server 2012 certification.
Resource Review: CompTIA A+ Complete Review Guide Second Edition by Emmett Dulaney and Troy McMillanSeptember 21, 2012 at 4:27 pm | Posted in Certification Paths, CompTIA | Leave a comment
Tags: a+, resource review, study resources
The latest version of the A+ exams (220-801 and 220-802) are due out in October. Many of us…ok, maybe just me….anxiously await this latest release from CompTIA.
With this latest iteration, CompTIA has dropped the test naming structures we saw in the past (220-701 A+ Essentials and 220-702 A+ Practical Application) and is just going with a number naming convention (A+ 220-801 and A+ 220-802). But that is not all that has changed: CompTIA has announced that the new exams will include performance-based testing (PBT) items. Think of these items as answering a question by DOING instead of answering a question by selecting from options. I imagine these items will involve running commands, configuring dialog boxes, and matching concepts, but I truly don’t know what they are like. Although Transcender is a CompTIA partner, the details I have about these items are few and far between. I’ll see the questions on the same day that you will, when they go live.
Now back to our resource review. The latest A+ release has been choreographed with the content publishers in a much better manner than in the past. I have been very impressed with the way publishers have hustled to meet the training world’s needs when it comes to these exams. In the past, books and study guides were often released weeks or months after an exam was released. This meant that test candidates did not always jump on the bandwagon early in the certification lifecycle. Often candidates were waiting for a book to help them prepare for the exam, which meant that certification popularity was influenced by the publication of study materials.
With the 800-series A+, trainers and early adopters don’t have the same issues. By the time these exams are released to the public, there will be several references available to choose from. Today I’ll share my thoughts on Sybex’s CompTIA A+ Complete Review Guide, Second Edition, by Emmett Dulaney and Troy McMillan.
Review Guide versus Study Guide: What’s the Difference?
I want to point out that Sybex also released the CompTIA A+Complete Study Guide, Exams 220-801 and 220-802, 2nd Edition by Quentin Docter, Emmett Dulaney, and Toby Skandier this month. Where the Review Guide is 496 pages, the Study Guide rings in at 1100 pages and provides much more background knowledge to help bring the beginner up to speed. Review Guides are better suited for experienced techs wanting to catch up on the latest A+ changes, or those who need a refresher course. Where the Study Guide may be better for self-paced instruction, the Complete Review Guide is more test-prep oriented.
CompTIA A+ Complete Review Guide, Second Edition by Wiley / Sybex
First, I have to share the feature I love the most about this book – its structure. Have you ever downloaded an Objective List from CompTIA? While it makes sense on the exam, it usually does not correspond well to an independent book reference. Often you spend time flipping from chapter to chapter just to find all the information on a particular topic that may be applicable to one exam objective. With Sybex’s Complete Review Guide, the flipping is over. This book is arranged according to the exam objecitves. Each chapter corresponds with a unique exam objective from the Objective List, and each section within a chapter corresponds to a subobjective from the Objective List. This translates into easy, targeted studying. It also makes it easy to find information about the latest new topics (Virtualization!! Mobile Devices?!?) So if you know that your knowledge is deficient in a particular area (did I mention mobile devices?), then you can go right to that chapter and section to find what you need. (BTW, mobile devices are covered in Chapter 8, pages 363-377.)
Secondly, I love that they give you just the facts you need. This guide is very exam focused. For example, they don’t spend a lot of time explaining the history of computer hardware. If you are looking for a resource that gets straight to the point, then this guide is your choice. It guides you into a focused mode of study to help you learn the information needed to pass the exam.
Finally, the book has plenty of charts, graphics, and bullet points (charts, graphics, and bullets, oh my!) If you have read any of my resource reviews in the past, you know I am a big fan of these study aids. When you have knowledge that you just need to know for an exam, it is often easier to study if this information is in a chart or listed in bullet points. Pictures always help you to recognize hardware, ports, connectors, and the like, which is VERY important for an A+ technician.
In the interest of full disclosure, I should mention that I played a small part in the publication of this book. As you may have noticed, Troy McMillan, a fellow member of Transcender’s Content Development team, is one of the authors of this book. Through my connection with Troy, I was able to participate as a technical editor of this book. I can attest to the effort that these authors put into its development. Because there are so many facts that you must know, covering the A+ content in a concise manner can be quite daunting. But after sharing the process with Emmet and Troy, I can tell you that these guys have done a great job!
Keep this book in mind when you decide to start preparing for the new A+ exam. It’s a great resource for getting up to speed! And watch in the coming days for my post regarding upcoming changes to the Network+ and Security+ exams.
Tags: casp, resource review, study resources
All of you have probably heard of CompTIA’s first Master series certification: the CompTIA Advanced Security Practitioner (CASP) certification. I took the exam some months back and am proud to say I passed it. If you want to know more about my experience, please read my previous post. In that article, I promised a review of the only CASP reference that is currently available, the CASP CompTIA Advanced Security Practitioner Study Guide by Michael Gregg and Billy Haines. Well, it’s a bit past the promised due date of April (where has the time gone?), but I finally have gotten a chance to complete my review.
I used this book as my primary reference when I was writing Transcender’s Cert-CAS-001 practice test. I found that the book was thorough and covered all of the topics on the exam. I particularly loved the Exam Essentials section at the end of each chapter. I would suggest that any test candidate read the Exam Essentials section for each chapter and think about how to test a particular point using a job task.
If you hadn’t already heard, the CASP exam includes performance-based items. These item types require that you perform certain tasks to fulfill the objectives given in the scenario. The very nature of these item types requires that you actually perform security-related tasks on a daily basis in your workflow; therefore, they are almost impossible to replicate in a book. The book’s method of addressing these item types is to include exercises for you to complete on your own. Each chapter includes several exercises to reinforce the topics presented in the chapter. These exercises, which are included in the Lab Manual (Appendix A in the book), will help you understand the tasks that security professionals must perform.
Performing the exercises requires a standard personal computer (not a server or desktop powerhouse) with the capacity to run VMware Player; some exercises require that you have a copy of a Windows desktop operating system, either as the native OS or running on a virtual machine. The labs direct you to download and install various readily available forensic tools, such as Nessus and Wireshark.
The Exam Essentials sections and the Exercises work together to provide a good all-around experience for the test candidate. But to ensure that you can pass the exam, I would recommend that you take all these one step further. For example, one of the Exam Essentials in Chapter 2 is:
Be able to describe advanced network design concepts. Advanced network design requires an understanding of remote access and firewall deployment and placement. Firewall placement designs include packet filtering, dual-homed gateway, screened host, and screened subnet.
Specific scenarios that address this Exam Essential may include: knowing when to deploy a firewall, knowing how to configure ACLs, and knowing where in a complex network a firewall is best deployed. So you should take some extra time to ensure that you understand network diagrams, and research best practices for device deployment.
This book is an excellent reference to start you on your journey to becoming a CASP. If you pair this book with Transcender’s practice test, you will be well on your way to success. It’s worth noting that Transcender’s practice test actually includes 8 performance-based scenarios that will expose you to the type of items you will see on the live exam. This is the ONLY practice test on the market right now that includes these types of items for the CASP product. It is just one more way that we demonstrate why our products are considered leading-edge test prep materials and have been preferred by IT professionals for nearly 20 years.
Check back with us over the next few weeks as I hope to provide you with a bit more information on the CASP exam, including where this exam fits into the current certification pathways, and how to prepare for the CASP. Feel free to drop me a line with any CASP questions you may have.
Tags: CompTIA, network+, pearson, resource review, study resources
Pearson Education has released a book, the CompTIA Network+ N10-005 Authorized Cert Guide, which has been written specifically for the new version of CompTIA’s Network+ exam, N10-005. Luckily, I was able to obtain a copy of this book while I was developing our N10-005 practice test. I found the book helpful in providing details in some topics, particularly topics that were new to the N10-005 exam. I wanted to share with you what I felt were the strongest points about this book, as well as areas where I thought it fell a little short. But don’t stop reading yet – there was a lot that was good and worthwhile about this resource!
If you’ve read any of my resource review posts in the past, you will know that I am a fan of charts, tables, and bulleted lists. Most CompTIA exams include a lot of knowledge-based material that you must memorize: things like media types, media speed, maximum distances, and so on. Pearson’s books always include plenty of those charts, tables, and lists that prove to be very helpful in preparing for the exam. This book includes just the right mix of charts, tables, and bulleted lists. In addition, the book includes lots of graphics to help illustrate the topics covered, including media connector graphics, cable composition graphics, and so on. You should take the time to study all the charts, tables, bulleted lists, and graphics.
The book includes a DVD that contains a practice test, supplementary memory tables, and training videos. I feel the practice test isn’t on the level of the Transcender practice test. I’m not just saying that because I work here, but because the item explanations aren’t written to the depth that ours are. Pearson’s practice test also includes item types that are not covered in the live exam. So I worry that users would be inadequately prepared for the live exam.
In going through the content, I was glad to see that Pearson’s book did cover most of the new topics that are now included in the Network+. However, this subject matter was not always easy to find. The topical Index located in the back of the book wasn’t as comprehensive as I had hoped for. A lot of times, when I am preparing for a new exam version, I spend time looking for study materials on the new topics. Usually, I just look for that topic in the Index of the latest reference book. In this book, however, it took some effort to find those new topics using the Index. To Pearson’s credit, they quickly got back in my good graces when I noticed that the book comes with free 45-day online access to the electronic form of the book. After creating my online account, I was able to search for some of those terms that I couldn’t find through the Index. So my advice is: Use that online version to search for those topics you are unsure of, but keep in mind the 45-day limit. (Hey, Pearson Education: What’s up with that? I may not take the exam in 45 days. If you aren’t going to give me unlimited access to it, can you at least include a PDF version of the book’s content on the DVD that comes with the printed copy?)
While the book does a fairly decent job of covering the topics from CompTIA’s Exam Guide for N10-005, I should warn you about the depth of that coverage. To Pearson’s defense, this book was written and released BEFORE the Network+ exam was actually released. As a CompTIA Partner, Pearson does NOT get early access to the test. I know this for a fact because Transcender is also a CompTIA Partner. Without seeing the live exam content, there are no guarantees that coverage is to the depth that is needed. So keep in mind that you may see topics on the live exam that are not covered adequately in this book.
In summary, I think this is a decent reference for studying for the Network+ exam. It would provide a great beginning to the study process. But in my opinion, some topics are not covered as well as others, so other references may need to be incorporated into your study plan. (Shameless plug: Did I already mention that Transcender’s Cert-N10-005 practice test has just been released?)
I would love to hear from our readers with any questions/comments you may have!
Tags: CISSP, resource review, Security+, study resources, study tips
Well, 2011 is more than halfway done, and my world has revolved around all things CompTIA. Between Windows 7 updates for the A+ exams and a new Security+ exam, I have had little time to focus on anything else. But the CISSP certification has been on my mind, mainly because I was already working on security topics for the Security+. So immediately after completing our new Security+ (SY0-301) practice test development, I began updating our CISSP practice test. This update will focus on expanding the explanations for our items, writing new items on new content, and editing existing references to cover the All-In-One CISSP Exam Guide, Fifth Edition.
The latest news is that an update to the CISSP exam is scheduled for January 1, 2012. A quick visit to the ISC2 website, https://www.isc2.org/cib/Default.aspx, and you can download the newest Candidate Information Bulletin (CIB) for the CISSP. The CIB is a document that lists the knowledge areas that are covered in the exam. The CIB also contains candidate-focused information on the exam format, exam guidelines, and so on.
After downloading and reviewing the CIB, I realized our students (you) would probably appreciate an explanation of the changes that I noted. So what follows is a brief description of the changes. Please keep in mind that I am strictly analyzing the content of the CIB. I do not in any way have any inside knowledge about the new CISSP version that is coming in January aside from what is listed in the CIB. For each Knowledge area, I will be highlighting any changes in red. Changes include any new data or any data that is moved from one Knowledge Area, or subobjective, to another.
As always, the 2012 update to CISSP covers 10 main Knowledge Areas (changes are in bold, red font):
- Access Control
- Telecommunications and Network Security
- Information Security Governance and Risk Management
- Software Development Security (formerly Application Development Security)
- Security Architecture and Design
- Security Operations (formerly Operations Security)
- Business Continuity and Disaster Recovery Planning,
- Legal, Regulations, Investigations, and Compliance
- Physical (Environmental) Security
I will analyze the first five Knowledge Areas in this post. In the coming weeks, I will analyze the second five Knowledge Areas.
In the Access Control Knowledge Area, there are now four subobjectives instead of three. Subobjective 4 is completely new. Here are the new subobjectives for the Access Control Knowledge Area (changes are in red and boldface font):
|subobj 1||Control access by applying the following concepts/methodologies/techniques: policies, types of controls (preventative, detective, corrective, etc.), techniques (e.g., non-discretionary, discretionary, and mandatory), identification and authentication, decentralized/distributed access control techniques, authorization mechanisms, and logging and monitoring.|
|subobj 2||Understand access control attacks: threat modeling, asset valuation, vulnerability analysis, access aggregation|
|subobj 3||Assess effectiveness of access controls: user entitlement, access review and audit|
|subobj 4||Identity and access provisioning lifecycle (e.g., provisioning, review, revocation)|
In the Telecommunications and Network Security Knowledge area, there are now four subobjectives instead of three. The first subobjective for this Knowledge area, Establish secure data communications, is actually included as part of subobjective 3. Here are the new subobjectives for the Telecommunications and Network Security Knowledge area (changes are in red and boldface font):
|subobj 1||Understand secure network architecture and design (e.g., IP and non-IP protocols, segmentation): OSI and TCP/IP models, IP networking, implications of multi-layer protocols|
|subobj 2||Securing network components: hardware (e.g., modems switches, routers, wireless access points), transmission media (e.g., wired, wireless, fiber), network access control devices (e.g., firewalls, proxies), end-point security|
|subobj 3||Establish secure communication channels (e.g., VPN, TLS/SSL, VLAN): voice (e.g., POTS, PBX, VoIP), multimedia collaboration (e;g;, remote meeting technology, instant messaging), remote access (e.g., screen scraper, virtual application/desktop, telecommuting), data communications|
|subobj 4||Understand network attacks (e.g., DDoS, spoofing)|
In the Information Security Governance and Risk Management Knowledge area, there are now 10 subobjectives instead of 14. The Support certification and accreditation subobjective was completely deleted. The Develop and implement information security strategies and Assess the completeness and effectiveness of the security program subobjectives are now part of the Manage the security function subobjective. Finally the professional ethics subobjective has been moved to the Legal, Regulations, Investigations, and Compliance Knowledge area. While subobjective 5 and 6 may at first appear new, but they are actually just existing subobjectives that has been reworded. Here are the new subobjectives for the Information Security Governance and Risk Management Knowledge area (changes are in red and boldface font):
|subobj 1||Understand and align security function to goals, mission, and objectives of the organization.|
|subobj 2||Understand and apply security governance: organizational processes(e.g., acquisitions, divestitures, governance committee), security roles and responsibilities, legislative and regulatory compliance, privacy requirements compliance, control frameworks, due care, and due diligence.|
|subobj 3||Understand and apply concepts of confidentiality, integrity, and availability.|
|subobj 4||Develop and implement security policy: security policies, standards/baselines, procedures, guidelines, and documentation.|
|subobj 5||Manage the information life cycle (e.g., classification, categorization, and ownership)|
|subobj 6||Manage third-party governance (e.g., on-site assessment, document exchange and review, process/policy review)|
|subobj 7||Understand and apply risk management concepts: identify threats and vulnerabilities, risk assessment/analysis (qualitative, quantitative, hybrid) , risk assignment/acceptance, countermeasure selection, tangible and intangible asset valuation|
|subobj 8||Manage personnel security: employment candidate screening (e.g., reference checks, education verification), employment agreements and policies, employee termination processes, and vendor, consultant, and contractor controls.|
|subobj 9||Develop and manage security education, training, and awareness.|
|subobj 10||Manage the security function: budget, metrics, resources, develop and implement information security strategies, assess the completeness and effectiveness of the security program|
In the Software Development Security Knowledge area, the same subobjectives are listed. But within each subobjective, there are some minor changes. For subobjective 1, risk analysis was removed. For subobjective 3, the listing of the tools to assess the effectiveness of software security are no longer listed. Here are the new subobjectives for the Software Development Security Knowledge area (changes are in red):
|subobj 1||Understand and apply security in the system life cycle: Development Life Cycle, Maturity models, Operation and maintenance, and Change management.|
|subobj 2||Understand the environment and security controls: security of the software environment, security issues of programming languages, security issues in source code (e.g, buffer overflow, escalation of privilege, backdoor), and configuration management.|
|subobj 3||Assess the effectiveness of software security|
In the Cryptography Knowledge area, a new subobjective has been added and two subobjectives have been minimally revised. Here are the new subobjectives for the Cryptography Knowledge area (changes are in red):
|subobj 1||Understand the application and use of cryptography: data at rest (e.g, hard drive) and data in transit (e.g., “on the wire”).|
|subobj 2||Understand the cryptographic life cycle (e.g., cryptographic limitations, algorithms/protocol governance)|
|subobj 3||Understand encryption concepts: foundational concepts, symmetric cryptography, asymmetric cryptography, hybrid cryptography, message digests, and hashing.|
|subobj 4||Understand key management process: creation/distribution, storage/destruction, recovery, and key escrow.|
|subobj 5||Understand digital signatures.|
|suboj 6||Understand non-repudiation.|
|subobj 7||Understand methods of cryptanalytic attacks: chosen plain-text, social engineering for key discovery, brute force (e.g., rainbow tables, specialized/scalable architecture), cipher-text only, known plaintext, frequency analysis, chosen cipher-text, and implementation attacks.|
|subobj 8||Use cryptography to maintain network security.|
|subobj 9||Use crypgraphy to maintain application security.|
|subobj 10||Understand Public Key Infrastructure (PKI).|
|subobj 11||Understand certificate-related issues.|
|subobj 12||Understand information hiding alternatives (e.g., steganography, watermarking).|
Watch in the coming weeks for the second half of this post that covers the other Knowledge areas. During that post, I will explain how these changes may affect your studying habits and what it all means for our Transcender practice test.
Tags: CISSP, resource review, Security+, study resources
As I near the end of development for our Security+ SY0-301 practice test, I’m pretty excited about the changes to CompTIA’s Security+ exam. While you can always count on the Security+ exam to cover authentication, cryptography, and access control, there are a few new attacks and technologies to concern yourself with. So while the old version of Security+ does have some overlap with the new version, there is enough new content to excite this content developer!
I am really glad that cloud computing is finally addressed, even if only in its most basic aspects. Virtualization coverage was expanded a bit from the SY0-201 exam. But as the list of terms grew — evil twin, pharming, phishing, vishing, whaling, bluesnarfing — I started wishing for a comprehensive resource. Then I stumbled upon one while completing some research.
Sybex has released the CompTIA Security+ Study Guide by Emmett Dulaney (ISBN 978-1-118-01473-8). I found this resource to be very comprehensive when addressing the topics covered in CompTIA’s Exam Guide. The book includes 15 chapters and is arranged in a logical format (thank you Emmett, for thinking of your left-brained friends!). At the beginning of each chapter, you’ll find a list of the subobjectives from the Exam Guide that are included in that chapter. This is very useful, particularly if you realize that you don’t understand a certain topic (like, maybe, cloud computing?). Also, at the beginning of the book is a tear-out list of the CompTIA Exam Guide, in order, with chapter headings. Graphics, tables, and tips are included throughout the book in just the right amount. It is a wonderful resource for those preparing for the latest version of Security+, SY0-301.
Remember, the Security+ exam is focused on ensuring your understanding of basic IT security. In the past, I often encouraged students who are considering obtaining the CISSP certification to take the Security+ first. This is still my recommendation. In fact, the objectives in this latest version of Security+ completely overlap the CISSP knowledge areas, including some that it had ignored in the past. While CISSP tests areas that Security+ does not, all of the Security+ areas are included in the CISSP objectives, particularly control types (technical, management, and operational), risk calculation, quantitative versus qualitative risk, and methods of dealing with risk (avoidance, transference, acceptance, and so on) .
In August, I’ll be attending CompTIA Breakaway 2011 in Washington, DC. Look for me there, and let me know what you think about our products, your latest certification, or any good reference material you may stumble upon while studying – I could always use more reading material!
Tags: a+, resource review
Pearson Education has published a new edition of their Exam Cram book for the A+ certification. I recently received a complimentary copy for review. Once I took the time to delve into its contents, I was pleasantly surprised.
Here are just a few of the highlights that I love:
1) Lots of graphics – Nothing is more useful to an A+ technician than a picture or a screen shot. Every chapter is loaded with valuable graphics that will prepare you for the exams. Don’t ignore those graphics! If it shows a picture of a computer port, be sure that you study it until you can discern it from other ports. If it is a screen shot, make sure you know how to get to the screen and what all of the options within the screen do.
2) Great tables – To me, tables are easy to study, memorize, and later recall during the test. David Prowse did a great job assembling some tables with very useful information. You cannot go very far in this book without encountering a table. I would suggest taking some extra time to study the tables just before test time.
3) Windows 7 content – While this content is some of the newest content for the A+ exam, I was happy to at least see an attempt at coverage in this book. Late last year, CompTIA announced a refresh of the A+ content to include Windows 7. Right now, my only experience with Windows 7 content for the A+ exams is based on what is listed in the revised Exam Guide, which doesn’t really give us a lot of details. David Prowse addresses the Windows 7 content that is specifically listed in the Exam Guide. I am concerned that some Windows 7 topics are missing, but because I haven’t actually seen the Windows 7 content, I don’t know how deep CompTIA is going into Windows 7. From my experience, not EVERY topic on the test is listed in the Exam Guide. I will say that this book does cover those Windows 7 topics that are specifically listed in the Exam Guide.
4) IPv6 – While the section on IPv6 is only a couple of pages long, it does provide you the basic information that you will need for the A+ exams. Topics like address length, number of available addresses, and address types are covered concisely in a manner that is easy to understand.
Overall, I am glad to see a new edition of the Exam Cram for A+ being released, especially with the new topics that have been added in response to CompTIA’s announced changes. I feel this would be a good resource to help you prepare for the A+ exams.
Tags: ccna, resource review, study resources, study tips
Often, in the process of addressing customer issues with the CCNA exams, I’ll have customers ask me, “What is the best way to study for the CCNA exam?” When I was a full-time trainer I also heard that question many times. It takes me back to when I was certification newbie (when dinosaurs roamed the earth) and I tackled this beast called the CCNA. I took myself from absolute Cisco knucklehead to certified Cisco knucklehead. I’d like to share some of the things I learned the hard way, some of my own best advice, and some really sound advice I have gathered from others.
First: Know what you’re getting into.
The exam can be digested in two different ways:
- Single exam, the 640-802
- Two exams, the 640-816 and 640-822
If you are a newbie to Cisco, I highly recommend the two-exam attack. It will cost more ($250.00 for both 640-816 and 640-822 at $125.00 each, versus $150.00 for 640-802) but the material is broken into two parts and much easier to digest. I would only advise an experienced Cisco technician who is uncertified to take the 640-802.
The material is not rocket science, but you do need some kind of IT background before you start this. I would suggest getting something like CompTIA’s Network + certification under my belt first. That exam covers networking, IP addressing, subnetting, and the OSI model. These topics are about half the battle for the CCNA, so if you have that background covered, you’re ahead of the game.
Second: Mr. Natural says, Use the right tool for the job.
Collect the right resources. You don’t want to be wasting time with books and study materials that cause you to
- Not learn the right stuff, or
- Learn a bunch of stuff you don’t need for the exam (or in real life).
I have two suggestions for books. The first is an easier read than the Cisco Press book and I think if you are new that’s what you need.
CCNA: Cisco Certified Network Associate Study Guide: Exam 640-802, 6th Edition by Todd Lammle. (Mr. Lammle didn’t pay me for this endorsement, and I don’t get a kickback on his book sales.) It’s available in paperback from Sybex and clocks in at 1008 pages.
Pros: This book covers all the material for both exams, and is easy to read and understand.
Cons: I do have one complaint with this book. The quizzes and assessments that come with the book are NOT HARD ENOUGH. There’s nothing worse than feeling prepared for an exam and finding out the hard way that you aren’t.
So, after you read this book and can answer all the questions and assessments you need to move up one level to the Cisco Press books. These books are not as easy to read, but after going through Todd’s book you should be ready for it. There are two books, one for each exam, and the book information is shown below:
When you read these books, pay special attention to the quizzes and assessments. Make sure that you can answer them all and, more importantly, understand the answers.
Third: Get your hands dirty!
Get some hands-on! This used to be the hard part. Back when I was studying, I went on Bbay and spent about $1500.00 to buy some old routers and switches (the ones they told me to buy in the Cisco book) so I could do the labs in the book. Then I set them up and practiced and practiced. There are other options now. Allow me to blow our horn, please. We have a new product that would have really saved me some money: The KaplanIT Cisco CCNA simulator (see the blog entitled Finally! A product to help me practice for the Cisco CCNA without buying routers and switches!). With this product that installs on your PC you can practice anything in the books. EVEN BETTER, it comes with a PDF that holds a set of exercises that test the exact skills you need for the exam. But as they say in the 12-step ads, “If you don’t get help from us, get help somewhere.” In other words, get some routers and switches or another simulator before tackling the exams. You will definitely be required to perform some configurations and do some troubleshooting on routers and switches on the exam, so be ready!
Fourth: Don’t make rookie mistakes.
Be organized. Create a study plan that has time limits and target finish date (and I don’t mean “when I get to it” – I mean specific days and weeks).
This study plan must have a target test date. Even if you don’t make the target, you’ll do better than if you don’t have one. There should be daily, weekly and monthly goals describing where you want to be. You should be constantly monitoring your progress so you know when you are behind.
Know your study style. Some people need to be somewhere totally quiet to study. Others (like me) can study in a rock concert. If you need quiet, go to a library or something. Also pick the time of day that is best for you. I do better in the morning when I’m all jacked up on coffee. Do what works for you, not me.
While self study can work for some, if you need it, take a class. Nothing beats having a real human being to ask when something doesn’t make sense. There are both technical colleges and Cisco academies that teach this will real equipment. If you are a “learn by doing” type of person this may be the best for you.
Cisco Academy information is here.
Fifth: Get a good practice test!
The purpose of an exam-focused practice test, rather than a general knowledge-based test, is that it focuses your learning on the topics most likely to appear on the exam. If the practice test is done well, it will also present the questions to you in the same way they will be presented on the exam. I cannot emphasize how important that is! Half of the battle is knowing how Cisco is going test you on a concept. The practice test should also contain detailed explanations that describe why the incorrect answers are incorrect and in what situations those answers would be correct.
Under NO circumstances should your practice exam contain the same questions you will see on the exam (brain dumps, cheat sheets). Not only are these in violation of the Geek honor code, but they can get you booted from the IT world if you get caught. And after all, if you use those and don’t actually learn the material, how satisfying can that be? (Not to mention you’ll probably get fired on your first job for not knowing what you’re doing.)
Can I make a crass and self-promoting suggestion? Get Transcender tests. It covers all the bases. And while you’re at it, get the CCNA simulator as well. Arm yourself with books, practice test and simulator, and go forth and conquer your certification!