Put Yourself to the Test

The following series of questions and observations is designed to help you figure out how much work you must do to pursue Security+ certification and what kinds of resources you might consult on your quest. Be absolutely honest in your answers, or you will end up wasting money on an exam you are not yet ready to take (and because the Security+ exam will cost you somewhere between $175 and $225, this isn't chump change). There are no right or wrong answers, only steps along the path to certification. Only you can decide where you really belong in the broad spectrum of aspiring candidates.

Two things should be clear from the outset, however:

  • Even a modest background in computer science is helpful.

  • Hands-on experience with networking and security products and technologies is a key ingredient to certification success.

Educational Background

  1. Have you ever taken any computer- related classes? [Yes or No]

    If Yes, proceed to question 2; if No, proceed to question 4.

  2. Have you taken any classes on computer operating systems? [Yes or No]

    If Yes, you will probably be able to handle various architecture and system component discussions that come up throughout the Security+ materials. If you are rusty, brush up on basic operating system concepts, especially virtual memory, buffer overflows, access controls, and general computer security topics.

    If No, consider some basic reading in this area. We strongly recommend a good general operating systems book, such as Operating System Concepts, 6th Edition , by Abraham Silberschatz, Peter Baer Galvin, and Greg Gagne (John Wiley & Sons, 2001, ISBN 0-471-41743-2). If this title doesn't appeal to you, check out reviews for other, similar titles at your favorite online bookstore.

  3. Have you taken any networking concepts or technologies classes? [Yes or No]

    If Yes, you will probably be able to handle the numerous mentions of networking terminology, concepts, and technologies that appear on the Security+ exam. If you are rusty, brush up on basic networking concepts and terminology, especially networking media, transmission types, the OSI Reference Model, basic networking technologies, and TCP/IP.

    If No, you might want to read one or two books in this topic area. The two best general books that we know of are Computer Networks, 4th Edition , by Andrew S. Tanenbaum (Prentice-Hall, 2002, ISBN 0-13-066102-3) and Computer Networks and Internets, 2nd Edition , by Douglas E. Comer and Ralph E. Droms (Prentice-Hall, 2001, ISBN 0-130-91449-5). When it comes to TCP/IP, consider also Richard Steven's magnificent book TCP/IP Illustrated, Volume 1: The Protocols (Addison-Wesley, 1994, ISBN 0-201-63346-9) or Guide to TCP/IP by Laura Chappell and series editor Ed Tittel (Course Technology, 2002, ISBN 0-619-03530-7).

    Skip to question 5.

  4. Have you done any reading on operating systems or networks? [Yes or No]

    If Yes, review the requirements stated in the first paragraphs after questions 2 and 3. If you meet those requirements, move on to question 5. If No, consult the recommended reading for both topics. A strong networking background will help you prepare for the Security+ exam in too many important ways to recount them all.

  5. Have you taken any security concepts or information security classes? [Yes or No]

    If Yes, you will probably be able to handle the primary focus on information security terminology, concepts, and technologies that drive the Security+ exam. If you are rusty, brush up on basic security concepts and terminology, especially the topics mentioned explicitly in the Security+ exam objectives (read them online at www.comptia.org/certification/Security/objectives.asp). If you are not sure you are completely up on these topics, pick and read one of the general information security references mentioned in the following paragraph.

    If No, you might want to read one or two books in this topic area. The two best general information security books that we know of are Network Security: Private Communication in a Public World, 2nd Edition , by Charlie Kaufmann, Radia Perlman, and Mike Speciner (Prentice Hall PTR, 2002, ISBN 0-130-46019-2) and Computer Security , by Dieter Gollmann (John Wiley & Sons, 1999, ISBN 0-471-97844-2). In fact, this is such a huge area for background reading that series editor Ed Tittel has compiled a comprehensive, two-part bibliography called "The Computer Security Bookshelf" for InformIT.com that provides lots of additional pointers. To access these articles, visit www.informit.com and search on "Tittel Security Bookshelf" (do not include the quotation marks in your search string). This should provide direct pointers to both items.

  6. Have you done any reading on general security concepts or information security? [Yes or No]

    If Yes, review the requirements stated in the first paragraphs after question 5. If you meet those requirements, move on to the next section.

    If No, consult the recommended reading for those topics. A strong information security background is essential when preparing for the Security+ exam.

Hands-on Experience

An important key to success on the Security+ exam lies in obtaining hands-on experience, especially with Windows 2000 Server and Professional, and/or with some relatively recent version of Linux or Unix in both server and workstation configurations. There is simply no substitute for time spent installing, configuring, and using the various Microsoft and/or Linux or Unix services, protocols, and configuration settings about which you will be asked repeatedly on the Security+ exam. That said, such coverage stresses concepts and principles much more than exact installation or configuration details; it is a vendor-neutral exam, after all.

  1. Have you installed, configured, and worked with:

    • Windows 2000 Server? [Yes or No]

      If Yes, make sure you understand basic concepts as covered in Microsoft MCP Exam 70-215. You should also study the TCP/IP interfaces, utilities, and services for Microsoft MCP Exam 70-216, plus implement the security features for Microsoft Exam 70-220. Microsoft MCP Exam 70-214 can also shed light on the Microsoft slant on information security, which will help you prepare for the Security+ exam as well.

      graphics/tip_icon.gif

      You can download objectives, practice exams, and other data about Microsoft exams from the Training and Certification page at www.microsoft.com/train_cert/. Use the "Find an Exam" link to obtain specific exam info . We provided a pointer to the Security+ exam objectives earlier in this chapter.


      If you haven't worked with Windows 2000 Server, TCP/IP, and the Internet Security and Accelerator (ISA) Server, you should obtain one or two machines and a copy of Windows 2000 Server. Then, learn the operating system. Do the same for TCP/IP and any other software components on which you will also be tested .

    • Some version of Linux or Unix configured as a server? [Yes or No]

      If Yes, be sure you understand basic concepts behind Linux or Unix installation, configuration, operation, and maintenance. You also should study the TCP/IP interfaces, utilities, and related services as well as specific security utilities and related configuration tools to make sure you can put Security+ concepts and terms into an operational context.

      In fact, we recommend that you obtain two computers, each with a network interface, and set up a two-node network on which to practice. With decent Windows 2000- and Unix/Linux-capable computers selling for under $500 these days, this shouldn't be too great a financial hardship. You may have to scrounge to come up with the necessary software, but if you scour the Microsoft Web site, you can usually find low-cost options to obtain evaluation copies of most of the software you will need. Linux is open source, which means you can get it for free (if you don't mind building your own installations without software assistance) or for under $100 (if you'd prefer to get a self-installing version of the software).

    • Windows 2000 Professional? [Yes or No]

      If Yes, make sure you understand the concepts covered in Microsoft MCP Exam 70-210.

      If No, you will want to obtain a copy of Windows 2000 Professional and learn how to install, configure, and maintain it. You should also review the objectives for Microsoft MCP Exam 70-210 and pay attention to topics and coverage that overlap with the Security+ exam objectives.

      graphics/tip_icon.gif

      For any and all Microsoft topics, the company's Resource Kits for the topics involved are a great information resource. You can purchase soft cover Resource Kits from Microsoft Press (search at mspress.microsoft.com/), but they also appear on TechNet (www.microsoft.com/technet).


      If No, you will want to obtain a copy of Windows 2000 Professional and learn how to install, configure, and maintain it. You can use MCSE Windows 2000 Professional Exam Cram to guide your activities and studies, or work straight from Microsoft's test objectives if you prefer.

    • Some version of Linux or Unix configured as a workstation or desktop machine? [Yes or No]

      If Yes, make sure you understand the concepts involved in installing, configuring, and managing Linux or Unix desktop machines. Here again, you will need to pay special attention to installing, configuring, and maintaining a Linux or Unix desktop as well as to client-side security settings, tools, and utilities.

Testing Your Exam-Readiness

Whether you attend a formal class on a specific topic to get ready for an exam or use written materials to study on your own, some preparation for the Security+ certification exam is essential. At $175 to $225 a try (the lower price applies if you or your employer belong to CompTIA; otherwise , you'll pay the higher price), pass or fail, you want to do everything you can to pass on your first try. That is where studying comes in.

We have included two practice exams in this book, so if you don't score that well on the first test, you can study more and then tackle the second test. If you still don't hit a score of at least 90% after these tests, you will want to investigate the practice test resources we mention here (feel free to use your favorite search engine to look for more; this list is by no means exhaustive):

  • MeasureUp www.measureup.com

  • Transcender www.transcender.com

  • PrepLogic www.preplogic.com

  • Self Test Software www.selftestsoftware.com

For any given subject, consider taking a class if you have tackled self-study materials, taken the test, and failed anyway. The opportunity to interact with an instructor and fellow students can make all the difference in the world, if you can afford that privilege. For information about Security+ classes, use your favorite search engine with a string such as "Security+ class" or "Security+ training." Even if you can't afford to spend much at all, you should still invest in some low-cost practice exams from commercial vendors .

graphics/tip_icon.gif

CompTIA also maintains a list of pointers to Security+ training venues on its Web site. Visit www.comptia.org/certification/Security/get_training.asp for more details.


  1. Have you taken a Security+ practice exam? [Yes or No]

    If Yes, and you scored 90% or better, you are probably ready to tackle the real thing. If your score isn't above that threshold, keep at it until you break that barrier .

    If No, obtain all the free and low-budget practice tests you can find (check pointers at www.examcram.com and www.cramsession.com, or scope out offerings from the for-a-fee practice test vendors listed earlier in this chapter) and get to work. Keep at it until you can break the passing threshold comfortably.

graphics/tip_icon.gif

When it comes to assessing your test readiness, there is no better way than to take a good-quality practice exam and pass with a score of 85% or better. When we are preparing ourselves , we shoot for better than 90%, just to leave room for the "weirdness factor" that sometimes depresses exam scores when taking the real thing. (The passing score on Security+ is 85% or higher; that is why we recommend shooting for 90%, to leave some margin for the impact of stress when taking the real thing.)




Security+ Exam Cram 2 (Exam SYO-101)
Security+ Certification Exam Cram 2 (Exam Cram SYO-101)
ISBN: 0789729105
EAN: 2147483647
Year: 2005
Pages: 162

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net