IT Certification Forums - Blogs is home for an active and helpful community with forums for CCNA, MCTS, Network+, Security+ and many other IT certifications en Sat, 21 Jul 2018 04:14:39 GMT vBulletin 60 IT Certification Forums - Blogs Pluralsight (ISC)2 Systems Security Certified Practitioner (SSCP) Course Mon, 25 Nov 2013 20:39:56 GMT Here at, members sometimes remark how difficult they find the _(ISC)2_ ( SSCP exam study for because there are... Here at, members sometimes remark how difficult they find the (ISC)2 SSCP exam study for because there are few study guides for it. Some members find the official SSCP study guide from the (ISC)2 difficult and tedious to read, and definitely not written at the entry-level of typical SSCP candidates. Some available guides are unrevised and outdated. However, the problem is usually not the lack of useful texts, but not knowing about SSCP study material in an audio/visual media format.

I was recently given an opportunity to teach a BSIT-level information security class based on the SSCP Common Body of Knowledge. The course used Darril Gibson’s SSCP Study Guide as the primary text, and supplemented with material from the OIG SSCP CBK book to provide more depth and detail. To prepare for teaching the course, I also viewed TrainSignal’s new SSCP training course and become quite familiar with its content and presentation.

TrainSignal is now Pluralsight

While I was writing this review, TrainSignal was acquired by Pluralsight, a major online provider of software developer training. TrainSignal’s entire IT training library has been migrated into the Pluralsight platform, which brings their total number of technical training titles to around 1000. Included in the product migration is the integration of TrainSignal’s courses into Pluralsight’s distribution model and user interface. I used TrainSignal’s interface to research this article, so I’ll skip those details and include them in a future review of Pluralsight’s user experience.

What is the SSCP?

The SSCP is the (ISC)2’s entry-level InfoSec exam and is marketed to people with only a year or so of InfoSec work experience, or to those who don’t otherwise qualify for the full CISSP certification. The SSCP is actually a mid-level InfoSec exam in that it contains both elementary and advanced InfoSec topics that do overlap with CompTIA’s entry-level Security+ certification and the (ISC)2’s own CISSP certification. The SSCP is also an excellent study choice when preparing for a much more advanced InfoSec certification exams.

I must be fair in giving my opinion of a reason why you might not want to pursue the SSCP certification. Although the information that the SSCP certification does cover is very thorough and useful for Information Security people, and indeed any technical professional who needs to be more InfoSec-minded, the $65/year you pay to maintain the SSCP certification may not be worth it to you if the SSCP certification itself isn’t much help in getting you an InfoSec job.

The major drawback of the SSCP is marketability and (lack of) recognition within the InfoSec community. The SSCP exam was released in the year 2000 and adopted by the US DOD Directive 8570.01 in 2005. However, as of November 2013, only 1587 people have become SSCP-certified. Compare this count to the more than 90,000 people that have become CISSP-certified since 1996, and the nearly 250,000 people that have acquired the entry-level CompTIA Security+ certification since 2002. This translates to a better likelihood of the CISSP and Security+ certifications being recognized and valued much more highly by employers than the SSCP.

So why am I being so down on the SSCP? Not really--I have the SSCP myself and, as I said, the information in the SSCP CBK is very useful and necessary for a career in Information Security. There’s no rule that says you must take the exam for any certification that you study for. Even if you decide the SSCP certification is not for you, consider strongly that educating yourself with SSCP exam preparation material may be what you need to take the next step in your Information Security career.

The Course Material

I reviewed about 90% of the Pluralsight’s SSCP course material, both online and using the downloadable MP3 files and slides in PDF format. As you would expect, it contains the full compliment of information described in the SSCP Common Body of Knowledge and in the SSCP Candidate Information Bulletin. I didn’t find any topics missing that I would expect to see on the SSCP exam.

Pluralsight’s SSCP course is narrated by no stranger to Microsoft certification community, Tony Northrup. Northrup has authored many books on Microsoft certifications and has taught Microsoft subject for over a decade. I must admit that I was interested when I saw he had done video instruction for a non-Microsoft Information Security cert, as I had never really heard his name bantered about by the InfoSec community (outside of the Microsoft security community, anyway).

Northrup has a friendly, relaxed speaking style that people who find InfoSec material unfamiliar and even anxiety-producing will take comfort in hearing. Northrup’s voice is very good at both the 1x and 1.5x speeds of the TrainSignal (and Pluralsight) media player. If you find his relaxed pacing and friendly conversational style to be to your liking, the 1x speed will be good for you. However, if you find yourself growing impatient with his storied and occasional silly humor, you will find that the 1.5x speed of his voice to causes Northrup to dispense information much more quickly while remaining quite intelligible. It’s quite a bonus to find an instructor whose voice is enjoyable at both 1x and 1.5x speeds.

I can’t lie and say the information in this course is perfect. There are occasional mis-speaks and assertions that caused me to grimace and furrow my brow. On some topics, Northrup drones on a little too long for me, such as on how to create strong passwords and basic wireless security. Rarely, I thought Northrop missed a mark completely, such as his discussion of OSI Layers 5 & 6. Northrup also presents an overkill of information on some topics that you may not see that much on your SSCP exam, such as cloud computing and data flow management. However, that is just bonus information you will eventually need both for some future IT certification exam and in your InfoSec career.

Use Pluralsight’s SSCP Course or Read a Study Guide or Both?

Realize that study guides and courses are only as strong or as weak as the authors and subject matter experts that write them. This is why a certification candidate needs a mix of study materials from different sources when studying for most certification exams. The exception are exams based on a single source of materials. (Hello GIAC.)

I found Nothrup’s and Pluralsight’s SSCP training course to be complete and detailed, an effective way to learn the SSCP CBK by presenting the material in an engaging way that stimulated me to study it. I don’t have to tell you the convenience of having the MP3 files on my smartphone to have with me in my car or in the gym, and the online course player on my computer. Now, with Pluralsight’s training course available, I just wish people would more seriously consider the SSCP certification and the (ISC)2 would do more to market it.
How Do I Verify That Someone Is Really Certified? Thu, 17 Oct 2013 19:34:35 GMT Here at TechExams.Net, we occasionally have someone ask the question, “How can you tell if someone really has the certifications they say they do?”... Here at TechExams.Net, we occasionally have someone ask the question, “How can you tell if someone really has the certifications they say they do?” Usually that question is followed by a member’s story of knowing people who are saying they have IT certifications that they really don’t. Maybe they had the certifications, but they have expired, or they never had the certification at all. So how do you check out someone’s claim of, “I have this certification!”

Well, you’re in luck. You are not the first person to need to verify and validate a certification. Any certifying organization seeking respect from the industry it is trying to serve should have a formal procedure for verifying the certification of any of its membership. Usually it only takes a trip to a Web page, a few pieces of public information, and a button click to do so.

One thing I noticed while compiling the information in this article is the difference in privacy policies of the certification vendors. Some vendors require that the certification holders explicitly release their certification information to the people requiring the verification of their certifications. Other certification vendors seem to regard information related to their certification holders as public information that can be requested anonymously by anyone on the Internet, and with possibly no notification being given to their certification holders that verification of their certifications was requested. I find this to be a splendid example of the reciprocally inverse relationship of security and usability.


There are two ways to verify that an individual holds Apple certifications. The cheap way is by using the Apple Certified Professionals Registry, which is a voluntary public listing of Apple “certificants.” Apple certificants enter their information into this listing using the Apple Certification Records System. Certificants can be located based on their first and last name, city, state, and country.

In the ACPR search, there really isn’t a way to verify if the name(s) in the listing are the same person you are verifying. There apparently isn’t a unique Apple Certificant ID, or at least no way to query on it. If you want to scope out Apple certificants, try searching on only a last name, or just a state and country.

Apple’s more professional certification verification alternative is the National Student Clearinghouse, a verification service for educational degrees, certifications, and enrollments.

The basic procedure is as follows:
  1. Open the Verification Services page.
  2. Select the “Professional Certificate (business or technical)” check box.
  3. Select “Apple” from the Sponsor drop down list.
  4. Enter the Certification name, Certification ID, and the first and last name of the certificant.
  5. Click the “Submit>” button.
  6. Enter your payment card information (yes, they want $7.50 to verify each Apple certification).
  7. (You can post a comment with the remaining details if you know them.)


To verify the name of the owner of a Cisco certification, use the Cisco Certificate Verification Tool page. You will need the 16-digit Certificate Verification Number printed on the Cisco certificate requiring validation. Note that the Certificate Verification Number (############AAAA) is not the same thing as the certification holder’s Cisco ID Number (CSCO########).

If you need to do more than just verify the name of a Cisco certification holder, the cert holder will need to use the Publish Credentials feature in the Cisco Certifications Tracking System page (formerly known as the Cisco Certification Validation page) to publish his or her Cisco credentials to the person requiring the verification. Using this page, a Cisco certification holder selects the specific certification(s) and email address they would like a verification report emailed to. The full procedure is listed here.

If you are having problem using the Cisco Certification Tracking System, please visit Certification and Communities Online Support at Support Home Page.


Discovering how to verify a CompTIA can be a little daunting. It seems there are several verification and validation mechanisms available, but only two of them really do anything.

From the CompTIA Knowledge Base: “Candidates present proof of their CompTIA certification/s directly to the employer/educator/investigator by using the ‘Transcript’ feature, available through their record at the CompTIA candidate database.“

A CompTIA-certified member accesses the Transcript feature by logging in to his or her CompTIA account at CertMetrics and clicking the Transcript link in the main menu bar. From there, a transcript for any or all of the member’s CompTIA certs can be created, along with optional details and an expiration date for the transcript’s availability. Once created, a Transcript ID is shown that can be used by anyone to verify and validate your CompTIA certification status using the CompTIA View Transcript Web page. There is even a handy form for CompTIA certification holders to send their Transcript ID and verification link to any email address they wish.

Also from the CompTIA Knowledge Base: “Candidates can also submit verification by downloading a PDF of their certificate, which contains a verification code and url that could then be emailed to the employer/educator/investigator for verification purposes.”

CompTIA-certified members can get a copy of their certificates in PDF format by first logging in to their CompTIA account, clicking on the Certification link in the main menu bar, and then clicking on the Expand link. All of CompTIA member’s certs will be listed, complete with a link to download the certificates as PDF files. Each PDF contains a verification code that can be used at (redirects to to display the name of the CompTIA certification and cert holder, the date certified, and active status of the certification.

Check Point

I didn’t have any luck determining how to verify and validate Check Point certifications. If you know, please post a comment with the info and I’ll update this article.


Citrix requires that their certification holder send verification of their certification status to 3rd-parties themselves. Before you can do this, your Citrix account must be linked to your Citrix Certification Manager account. You do this using My Certification Manager:

  1. Log in to your Citrix Certification Manager account.
  2. Obtain your Candidate ID.
  3. Log in to your Citrix account
  4. Click on the My Certification Manager link.
  5. Click on the Launch Tool Now button.
  6. Enter your Candidate ID number from your Citrix Certification Manager account.
  7. Click the Submit button.

To send verification of your Citrix certification to a 3rd party, log in to the Citrix Certification Manager page. Select your Citrix certifications to be verified, enter the email address to send a verification email to, add a personal message, and tick the checkbox allowing Citrix to release your certification information to the email address that you specified.

For more information on checking the certification status of a candidate holding Citrix certifications: CTX131458 - How to Check Certification Status - Citrix Knowledge Center


To verify CWNP certification(s), you will need the certification holder’s CWNP ID (found on their certificate and CWNP card) and the email address they used to register on Plug this information into the CWNP Verification page and you will see a listing of the member’s CWNP certifications and their date of expiration.


Verifying an EC-Council certification (Certified Ethical Hacker - CEH, Certified Forensic Hacking Investigator - CHFI, etc.) requires sending a written letter to the EC-Council with the following information:

  • Certificant's full name
  • Certificant's e-mail address
  • Written verification from the certificant giving permission for the information to be released to the requestor

Email if you have any questions, such as the address you should mail the certification verification request to, and if the verification reply will be mailed or emailed back. The EC-Council’s Contact Us page indicates that they will not respond to email sent from a “free” email account (Hotmail, Yahoo, Gmail, etc.) and request that email correspondence be sent from a business email account. (They don’t make it easy, do they?)


Looking up the GIAC certification held by a certified individual is performed at the GIAC Certified Professionals Directory. Simply enter the name of person claiming to be GIAC-certified and you will see a listing of every person with the same name who holds, or has held, any GIAC certification.

In this surprisingly primitive GUI, there is no way to query certifications based on any other criteria, such as certification name, award date, or the “analyst number,” which is different for each GIAC certification a person holds. There is no way to determine if the name listed is the really same person you are querying for, or if multiple certification records under the same name are all for the same person.

Just for fun, enter “smith” or “nguyen” in the GIAC Certified Professionals Directory search and see what you get.


To verify the certification(s) held by a member of ISACA, the a "Verify a Certification" widget is available on the homepage at (it’s usually in the rightmost column and down a bit). You will need to input the member’s last name and certification type (CISA, CISM, CGEIT, CRISC) and number. If the information is recognized, you will see displayed the name of the cert holder and the certification status, the date certified and when the cert expires. There is also a "View Profile" button that, when clicked, displays the public profile and all ISACA certifications held by that individual. The content of the public profile is configured by the ISACA member.


To verify the certification(s) held by a member of the (ISC)2, you will need the member’s first and last name and (ISC)2 membership ID number (found on his/her certificate and (ISC)2 membership card). Input this information into the (ISC)2 Certification Verification page and displayed will be the member’s personal information, (ISC)2 certification(s), and the dates each certification was granted and will (or did) expire.

If you believe someone is misrepresenting their certification status with the (ISC)2, please review the information on the (ISC)2 Ethics Complaint Procedures page and act accordingly.


Juniper cert holders must request of Juniper Networks to send their certification information to 3rd-parties on their behalf. To allow Juniper to release your Juniper Networks certification information, use the Publish Credentials feature on the Juniper Networks Certification Program (JNCP) Cert Manager page. Select your Juniper credentials to be verified, enter the email address to send a verification email to, add a personal message, and tick the checkbox allowing Juniper to release your certification information to the email address that you specified.

For further information, or email at or


Microsoft certifications are validated using the MCP Transcript validation page. To view the certification transcript belonging to a Microsoft Certified Professional (MCP), you will need the MCP's Transcript ID and Access Code. This information is obtained by the MCP using the Microsoft Certification member site.

Every Microsoft-Certified Professional has a Microsoft Certification ID (MC ID), formerly known as a Microsoft Certified Professional ID (MCP ID). The MC ID is shown in emails from the Microsoft Certification Program and in the MCP’s profile information on the Microsoft Certification member site. Any member that is unable to access the member site should contact the Microsoft Regional Service Center for assistance.


As an Oracle certification holder, you will need to create a free Oracle Web account at Oracle University CertView and associate your Pearson Vue Oracle account with your CertView account using your Oracle Testing ID and email address as they appear in your Pearson VUE Profile.

To provide verification of your Oracle credentials, log in to your CertView account, under the Certification Status tab select the option to Publish Credentials to 3rd Parties, and select your credential(s) that need to be verified. You will then receive two emails: one contains a secure URL where you can view verification of the candidate's certification, and another providing the password to access this URL. You then send this information to the person needing to verify your Oracle certs. The verification URL is valid only for a limited time.


VMware has only very recently implemented a formal way to check the validity of VMware certifications, and to verify people who claim to be VMware-certified. Just like CompTIA and Cisco, VMware uses certification authentication code that is printed on every VMware certificate. Enter this code into the VMware Certification Authenticate page and you will be presented with the name and number of the certification, the name of the certified individual, the date certified, and the current certification status.

A VMware-certified individual can find his or her certification authentication code using the VMware certification portal to obtain a copy of their certificate(s) with their code from the myTranscript section of the VMware Certification page.

Do you know of any other IT certification verification procedures? Please post them in as a comment or PM jdmurray here at TechExams.Net. ]]>
TrainSignal IT Certification Materials Now Online! Mon, 27 May 2013 19:25:00 GMT _TrainSignal_ (, a premier IT certification study mateirals provider, has recently ditched the... TrainSignal, a premier IT certification study mateirals provider, has recently ditched the pay-for-only-the-CDs-you-want model of content delivery and is now entirely online with a pay-for-everything-as-you-go subscription model. Always being in the hunt for more IT certifications for myself, I decided to give TrainSignal’s new subscription format and training materials a try and let my fellow cert hounds know what I thought.

Yes, It's Now All Online!

Remember those TrainSignal CDs in the black, plastic cases? Well, save those for a museum because you won’t be seeing them again anytime soon. TrainSignal has moved all of its training materials to a subscription-based service in The Cloud (wherever that is), where it is accessible both online and offline (more on that later).

With the CD-based training, you had access only to the specific training titles that you bought and paid for. With TrainSignal’s online subscription model, you have access to TrainSignal’s entire catalog of IT certification training. Once I had all of the certification training titles on demand at my fingertips, I became a “kid in a candy store” and began to explore IT knowledge and learning that I never previously considered.

Training for Apple, Cisco, Citrix, CompTIA, ITIL, Microsoft, and VMware certifications is all there and available to be browsed and studied anytime you wish. Many of the most well-known IT certifications are covered too, including CompTIA A+, Linux+, and Security+, Cisco CCNA and CCNP, Microsoft MCSA and MCITP, and VMware VCP 4 and 5. You will also find training for lesser known certifications, such as Citrix and ITIL. TrainSignal’s training for Microsoft Office (Access, Excel, Outlook, PowerPoint, Visio, and Word) seems like an added bonus of useful information that I needed too.

Visit for the latest subscription pricing and you’ll find it’s cheaper per month than many of those back-breaking certification study guides and breakable plastic training courses you’ve been buying for years. There is also a referral program where subscribers earn credits for every friend who signs up for a 3-day free trial or becomes a subscriber.

Training Videos? Yeah, I’ve Seen Some For Free On YouTube

Yes, there are a lot of technology training videos available for free at sites like YouTube and SecurityTube. You’ve no doubt noticed that the quality of free videos and the training they contain varies greatly, as does the reputation of the presenters. After spending some of your precious free time watching the free stuff, it can leave you wondering how accurate the information is and if the presenters really know what they are talking about.

The real quality of the TrainSignal’s training materials is the collection of knowledgeable and experienced instructors who deliver what they know in ways that capture the viewer's interest. If you have used TrainSignal products before you will recognize some of your favorite instructors, such as Ed Liberman, David Davis, and Scott D. Lowe. They are some of the most industry-recognized subject matter experts who write the TrainSignal course material and present the detailed information you need to know for your cert exams in an informative and entertaining way.

The TrainSignal training materials are organized by courses, with each course containing multiple lessons. When viewed in a Web browser, lessons are displayed in a Flash window and can be started, paused, and bookmarked for later reference. Most of the training is the format of the instructor's voice over animated slides with an occasional appearance by the instructor him/herself. To illustrate concepts, there are pictures, diagrams, and animations as needed. For the practical learning, there are demonstrations, such as using the command line, operating Web and applications GUIs, and how to handle hardware.

Note: TrainSignal does not make available written transcripts of their courses at this time.

While watching the TrainSignal training videos, I felt strongly that the information was quite good and what was needed to pass the specific certification exams. I also felt that I was receiving value-added information and practical experience from the instructor that I could take with me to work and use in an IT workplace.

After watching quite a few of TrainSignal’s training videos for this review, I found the level of detail of the training to be overwhelming at times. While learning about an unfamiliar concepts from a friendly, fast-talking instructor, I needed to frequently back up and rewatch the material, especially because I was (slowly) typing notes. This was especially true while watching the training demos. Changing the speed of the presentation is not (yet) possible in the online interface. However, repetition is the key to learning, so I just need to find the free time to rewind, watch, and learn.

The Dashboard is Hardly Slapdash

TrainSignal’s subscription Web site is built on the dashboard model for content management. On the’s Dashboard you will find quick access to course listings, certification practice exams, and your progress in each course. Almost feature you will need is accessible from a single Web page.

The Courses tab shows the complete TrainSignal catalog of training courses you may view. You search for courses by certification vendor or by keyword. New, popular, and updated courses are clearly labeled.

The Course Progress button shows all of the training courses you have started and your current level of progress This is also where you start playing your courses too. All of the courses you have started are listed as is your completion percentage. Also shown are the newest course releases, and the courses most popular with other TrainSignal subscribers.

The Certification Practice Exams tab provides an identical interface to search and select TrainSignal’s collection of certification practice exams. The Exam Progress tab shows all of the practice exams you have taken. You retry or resume the ones you have yet to finish from here too.

Bookmarks allow you to mark individual lessons to find them easily later to replay, download them to the offline player, and allow you to pick up from where you left off.

Overall the TrainSignal Dashboard is a very clean piece of virtual real estate that is as functional as it is obvious to use. A big organizational problem exam candidates face is in keeping track of where they are in their certification studies, what they have studies, and what they have remaining to cover. TrainSignal’s Dashboard organization now makes keeping track of your study progress a bit easier.

It sure would be great if TrainSignal had a certification project management feature that showed subscribers the significant topical areas they needed to study for a particular certification exam and allowed them to chart their study progress. Managing your study program for a certification exam could be as easy as logging into the TrainSignal Web site and checking what you had on schedule to study for that day. (Somebody should request that feature!)

No Internet? No Problem!

If you need to access certification training materials while disconnected from the Internet TrainSignal can help you there too. TrainSignal’s Offline Player allows you to view Silverlight-based TrainSignal content on Windows and Mac OS X systems anytime you like. The offline player is available for you to download as soon as your TrainSignal subscription is active.

The offline player is so simple that no Options or Settings panel is needed. Log in to the player using your TrainSignal Website credentials. From the Player window you can add to the download queue the courses you would like to view, download the course content, and start viewing lessons as soon as they have downloaded. (Yes, you will need to have Internet access initially to download the TrainSignal courses and the offline player itself, but it’s a fully Cloud-independent operation from then on.) Lesson downloading is automatic and can be paused/resumed/cancelled as needed.

Use the Add Content tab to select individual lessons, or an entire course, to add to the download queue. As a convenience, courses and lessons that you have bookmarked in the TrainSignal Web site show up there too. Multiple courses may be added up to a limit of 5GB of content, which appears to be the maximum size of the Silverlight application storage cache. Removing a lesson or course to free up space is as easy as clicking an X.

The offline player supports the usual media player features, such as volume/mute, pause/resume, full screen, time bar, 1x/1.5x playback speed, and full screen mode. You can also rewind 30 seconds by clicking a button, restart the lesson, and bump ahead to the next lesson. It would be nice to have a variable playback speed selection in the offline player, and to have the option to automatically jump to the next lesson without clicking a button.

When you do hook back up to cyberspace, your course progress is automatically uploaded and reflected on the Dashboard. You can also click the Sync Course Progress button to manually force a sync operation. This allows you to keep you place in your training as you move between the online and offline TrainSignal experience.

Now, if you are asking yourself, “What about offline training materials for Linux and Android and iOS?” For the moment, TrainSignal has a lower-tech solution for you. On the Dashboard each lesson allows the downloading a ZIP file containing the slides (PDF) and audio (MP3) of the lesson material. Listening to MP3’s while scrolling through a PDF may seem a bit low-tech compared to the Flash and Silverlight experience, but it is the same course materials (minus the video demos), and there are no license key or DRM hassles to deal with.

You Want Practice Exams Too?

Members of TechExams are always looking for more and more certification practice exams. Well, TrainSignal has ‘em. As of this writing, the Dashboard provides access to practice exams for CompTIA (including A+, Security+, Linux+, CASP), Microsoft (Windows 7, Server 2008, SQL Server), Cisco (ICND1 & 2, ROUTE, SWITCH), VMware (VCP-410 and -510), and ITIL Foundation v3 certifications.

These exams appear to be well-written and are more for teaching and testing the exam contents rather than being a simulation of the actual certification exams. There are typically three or four practice exams for each certification with each exam containing 40-100 questions. For example, there are three, 100-question practice exams for Security+, three 48-question exams for WIndows Server 2008 Enterprise Admin, and four, 40-question ITIL Foundations exams. One notable exception are three, 250-question exams for the CISSP certification. I’m guessing the practice exams preceded the release of the course materials.

Depending on the exam, there are four or more answer options for each exam item with single or multiple answer choices. Some exam items may contain an exhibit (think Cisco exams). The explanations provided with each exam item are very generous in detail and do explain why each answer option is correct or incorrect, so you will know why you got an exam item wrong, although you don’t have to agree with it.

Your exams are stored with your personal TrainSignal account and you can start, stop, and review your exam results, and retake any exam at any time. You can score your answers as you take the exam, or wait until the end of the exam to check how you did. There is no exam timer (clock) and no option to show your present score as you take an exam (a la GIAC exams).

The practice exams run in your Web browser, so you can walk away in the middle of an exam and come back hours or days later and your exam will still be there without the need to pause or save/resume the test engine. Very handy for those of us who are fond of suspending our computers.

One caveat I found is that there is no way to report a problem or issue with an exam item from within the exam itself. The ability for a user to give feedback while taking a practice would help to spot problems and improve the quality of the exams.

Request a Feature

TrainSignal’s site contains a Request a Feature microblog, allowing subscribers to suggest, compliment, and complain about the functionality of TrainSignal’s Web site, offline player, and training materials. Browse the Digg-like interface to check what features other subscribes have already requested. If you find a feature there you want too, vote for it; if the feature you want is not there, add it!

Currently, the top requests include virtual lab exercise capability, iPad and Android Web playback and offline player support. Those are some heavy-duty requests, but they aren’t all big ones either. Some people ask for the ability to speed up or slow down the online video play speed (*ahem*), a summary of the total time spent in each course, and printable certificates of course completion. You get the idea.

The Request a Feature feature appears to be so well used by customers, and well regarded by the TrainSignal staff, that I hesitated to write complaints about anything that is insubstantial or missing from the TrainSignal site or offline player. Any omissions or misgivings I feel may be added or improved by the time I post this article!

Request a Training Course Too!

Do you have an idea for a certification training course that TrainSignal doesn’t currently produce? Tell ‘em about it! TrainSignal’s Request a Training Course microblog allows subscribers to suggest courses for certifications that subscribers want to take, and also see what new courses other subscribers want too. Also using a simple, Digg-like interface, you can post comments or simply vote for what someone else has already suggested.

I made some comments and cast a few votes for certification training courses I thought TrainSignal would do well to produce. I was rather gratified a few weeks later when I received an automated email from TrainSignal stating that they had begun development of a training course for the Wireshark certification as I (and many others) had suggested. I also saw that a training course for the (ISC)2 SSCP certification is newly in the works too. I wouldn’t mind seeing the CEHv8 cert represented one day as well. (Based on a job opening I see posted by TrainSignal, I’m not to be disappointed!)

The Hidden TrainSignal Blogs

Earlier in this article I said that almost all of the features you could want are available through the Dashboard. The one feature whose link is not in the Dashboard is TrainSignal’s own blogs. A very odd omission for such a nice resource indeed.

TrainSignal maintains a set of blogs that contains thousands of articles on IT certifications, training, tech tips and tutorials, IT career help, news, and free webinars. These blogs are authored by a wide variety knowledgeable and accredited technology gurus. For example, in the IT Certification blog you can find 75 video blog articles on Certified Ethical Hacking free for the viewing. There are also article with information on which IT certifications to pursue for your career (as if there’s not enough of that advice at www.TechExams.Net).

After you’ve finished reading through all of TrainSignal’s blogs (yeah, in about a year), then have a look at the nearly 600 videos on TrainSignal’s YouTube channel. You can always find out the latest news from TrainSignal by reading TrainSignal on Twitter.

In Summary

After researching and writing this review, TrainSignal jumped to the top of my recommended list for online, instructor-led training for the certification exams TrainSignal supports. I enjoy the video instruction, the certification practice exams, and watching new and update course material appear in the Dashboard every few weeks. Seeing what features and new training other subscribers are requesting is both interesting and entertaining. Oh, and did I mention TrainSignal’s really super and useful blogs? ;)

The major issue you will face as a potential TrainSignal subscriber is wanting to study for a certification exam that TrainSignal does not currently have training materials for. As an Information Security professional, I see the current lack of material for the CISSP, SSCP, and CEHv8 exams as the biggest omissions in TrainSignal’s catalog. As as software developer, the absence of any programming language certifications, such as Java and Microsoft .NET, is a would-be deal-breaker for me too. Because TrainSignal is constantly developing new training content, and is always open to suggestions from the IT certification community, I don’t expect these omissions to be present for very long.

Another reality to strongly consider is neither Android nor Apple iOS is currently supported for viewing TrainSignal’s Flash-based content. As the owner of an Android cell phone and tablet, I was really looking forward to spending long hours at coffee houses watching TrainSignal's videos and taking notes on my little green robot devices. I’ve tried using Flash-enabled Web browsers for Android, but the ones I’ve found provided a less than satisfactory experience with TrainSignal’s content. Once again, I get the impression that TrainSignal is hard at work on a solution, so I may be making some significant updates to this article come next year.Added ]]>
The Juniper JNCIA-Junos Exam Experience Sun, 31 Mar 2013 17:28:11 GMT The Juniper Network Certified Internet Associate JunOS (JNCIA-Junos) certification tests a candidate’s understanding of IP network routing technology... The Juniper Network Certified Internet Associate JunOS (JNCIA-Junos) certification tests a candidate’s understanding of IP network routing technology and Juniper JunOS configuration and troubleshooting skills. I had an opportunity to take the JNCIA-Junos exam on fairly short notice and with little hands-on experience at using JunOS devices. Not the most optimal conditions to be sure, but my attempt was offered free of charge, so I couldn’t pass up the opportunity to see what a Juniper exam was like.

JNCIA-Junos is the first of a series of 16 certifications used to test the knowledge of hardware and software products from Juniper Networks. Juniper’s certifications are divided into three tracks: Enterprise Routing and Switching, Service Provider Routing and Switching and Junos Security for designing secure networks. For each of these certification tracks the JNCIA-Junos certification is a prerequisite. The JNCIA-Junos certification is valid for two years.

Study Materials for the JNCIA-Junos Exam

Juniper Network certification exams are designed to test how well a student has learned the material in a Juniper training course. It is also possible to self-study for Juniper certs using only materials that Juniper makes freely available at, and many people do just that.

The Juniper Networks Fast Track program provides free study materials the JNCIA-Junos, JNCIS-ENT and JNCIS-SEC certifications. To study for the JNCIA-Junos certification, you will want to use the following:

  1. A 5-hour, Flash-based networking fundamentals course. I highly recommend this course for anyone needing an understanding of basic computer networking for any certification. If you already have a significant networking cert, such as the CCNA, you can skip this course.
  2. The JNCIA-Junos Study Guides Parts 1 & 2. Available as two PDF documents. The information in the 2012 edition of this guide is based on JunOS Release 12.1R1.9, which is more than enough information to pass the JN0-101 exam based on JunOS Release 11.1 commands and functionality.
  3. Because the JNCIA-Junos exam (JN0-101) is based on JunOS 11.1, you will want to thumb through the JunOS 11.1 documentation as an extra source of study material.
  4. The JunOS CLI Explorer is an online reference and glossary of JunOS 12.x commands and statements. This is a handy reference for a quick lookup of JunOS commands.
  5. The JN0-101 JNCIA-JunOS pre-assessment exam. Actually, if you are already proficient at using JunOS and Juniper equipment, you might try the pre-assessment exam first to determine in what areas of understanding you are the weakest and study those first. Otherwise, wait to take this pre-assessment exam a week before your exam to pick up what topics you still need to study.

To access these free study resources, it will be necessary to register for an account at the Juniper Learning Portal at This is where you will learn more about the Juniper Network Certification Program (JNCP) and find all of the latest information on all Juniper certifications and certification tracks. You will specifically want to visit the Juniper Networks Certified Associate – JunOS certification track and check out how to get 50% discounted vouchers for Juniper certification exams.

Studying for the JNCIS-Junos Exam

The bulk of your studying will be using the two study guide PDFs along with the exam objectives, and hopefully a non-production JunOS device or two with which to experiment. There is a lot of information to digest, and I highly recommend learning the details about commands and features expressed in the two PDFs. Use the JNCIA-Junos exam objectives to determine what information to really concentrate on. You will especially want to know command line commands for configuration, firewall functionality, and how to interpret command output. Don’t skimp on knowing basic networking, routing protocols, and subnetting either. The JNCIA-Junos exam is not the CCNA exam, but don’t take it too lightly either.

Registering for Juniper Certification Exams

Juniper exams are administered at Pearson Vue testing centers. Registering for a Juniper certification exam requires a Juniper account at the Pearson Vue web site. Even if you already have a Pearson Vue web site account from previously taking an exam by another certification vendor, you will still need to create a separate Juniper Pearson Vue account just for your Juniper certification history.

If you have a Juniper exam voucher, you will need to activate the voucher first and then apply it when you sign up for your exam date on the Pearson Vue web site. You will typically have 90 days to take the exam once you have activated the voucher per the instructions included with the voucher. I didn’t quite get this detail and had to rush to take my exam or my activated voucher would have expired.

What’s on the Exam?

The JNCIA-Junos exam (JN0-101) is a typical computer-based certification exam with 65 questions to be completed in under 90 minutes. Passing is 66% and the score is available immediately upon completing the exam. There is no prerequisite to take the JNCIA-Junos exam.

Each exam item has four answer options and is either single or multiple choice. Some questions have an exhibit that must be examined to answer the question correctly. You can move forward and back and flag questions. At the end of the exam you are given the opportunity to review all of the questions and change any of your answers before you end the exam.

So how did I do?

Well, the JNCIA-Junos was the very first non-beta IT certification exam that I have ever failed. I needed 66% to pass and received a score of 63%. My worst sections were (not surprisingly) user interface options and routing policy/firewall filters, and (surprisingly) routing fundamentals. I’m not really surprised that I failed, because I do have very little hands-on JunOS configuration experience, and I really didn’t take studying the exam very seriously. Actually, I’m rather relieved that I failed because, had I only just squeaked by with a pass, I would not feel worthy of the certification. It’s also an eye-opener to me that I’m not as close to being ready to take Cisco’s ICND2 exam as I might have thought.

Will I take the JNCIA-Junos exam again? Yes, I probably will circle back to it after I finish off some Cisco exams that I’ve had on my TODO list for years now. I’ve got my eye on the Juniper JNCIA-IDP certification too.

For further information

If you have any questions, visit the Juniper Networks’s Training, Certification, and Career Topics discussion forum, or email Juniper directly at Of course, there a lot of excellent Juniper discussions concerning many Juniper certifications in the Juniper Certifications discussion forum here at ]]>
<![CDATA[Review: CASP CompTIA Advanced Security Practitioner Certification Study Guide [Book]]]> Thu, 31 Jan 2013 03:53:50 GMT [TR] [TD="align: center"]Attachment 3322 (]]>
Click image for larger version

Name:	0071776206.jpg
Views:	4970
Size:	8.4 KB
ID:	3322 Authors : Wm. Arthur Conklin, Gregory White, Dwayne Williams
Format : Mixed media, soft cover, 704 pages
Release Date : September 2012
ISBN : 0071776206
ISBN 13 : 9780071776202
Language : English
Publisher : McGraw-Hill

I recently took a long look at the new McGraw-Hill book, CASP CompTIA Advanced Security Practitioner Certification Study Guide (Exam CAS-001). This book is a study guide for the new CompTIA Advanced Security Practitioner (CASP) certification. CASP is the first certification in CompTIA’s new Mastery Series, designed to test for a level of Information Technology understanding above the entry-level (redubbed Professional Series) certifications that CompTIA is known for. With many members here at TechExams.Net interested in Information Security certifications, I decided that a thorough review of this study guide could be of great help to our members in deciding the direction of their certification path and career. Moreover, what better way to review the effectiveness of this study guide than to use it to study for and take the CASP exam myself.

A Complete Study Guide

The objectives of the CAS-001 exam (2011) are quite extensive and cover the areas of system and network security, analysis and troubleshooting, risk management, policies and procedures, and business and legal practices related to information security. The CASP Study Guide boasts 100% coverage of all CASP objectives, and it achieves that degree of coverage, albeit with varying depth and detail.

The book’s contents is organized exactly from the domains and subdomains covered by the CASP certification’s objectives. Readers familiar with the information covered by the CISSP, SSCP, and GSEC certifications will recognize many of this study guides topics, including cryptography, security controls, data networking, and privacy policies. There is also coverage of InfoSec topics found on specialized certification exams for forensics, penetration testing, and enterprise-class storage technologies. The reader will also find necessary information for objectives they may have never encounter on any certification exam, such as configuration management, application-layer protocol security, legal policies, and the technology lifecycle.

The guide’s content also contains references to InfoSec standards, such as SANS, OWASP, NIST Special Publications, and IETF RFCs. It is doubtless that the authors of the CASP certification also used these same references for the exam. I would also have liked this study guide’s authors to have includes a listing of all of the research sources they used for this book, but that is a rare thing to find in any modern book on Information Technology.

The information in this study guide is sometimes presented in the form of a best practice or advice for understanding or using information security within an enterprise-scale organization. These descriptions give the reader an idea of how the concepts and technologies of InfoSec can be applied. This is not to say that you will agree with everything advised in this book, but it shows the readers how the authors regard the proper design, implementation, and operation of information security within an enterprise.

One thing that surprised me was the book’s mentions of US laws and regulations concerning Information Technology, including HIPAA, GLB, and PCI. CASP is advertised as an international certification, so I assumed US-centric policies would not appear on the exam, or perhaps region-specific exam questions are inserted depending on where the computer-based CASP exam is administered. Even if this regulatory and governance information isn’t on the CASP exam, it is something every (US) InfoSec professional should know.

Within each chapter are numerous exam watch and Inside The Exam sidebars that provide useful tidbits of information useful to know for the CASP exam. At the end of each chapter is a chapter summary, a bullet list of the factual points of the chapter, a chapter quiz in the format of exam questions, and a lab exercise to help the reader think about real world scenarios.

The chapter quizzes are part of the “475+ practice exam question” mentioned on the book’s cover. These sections are an excellent way to study the factual points of each chapter. They are also a pre-assessment to discover which CASP objectives you already know well and which you need to study.

Also included as an aide to help you determine when you are ready to take the CASP exam is an Exam-readiness checklist that maps each CASP objective to the place it is described in the study guide. On this list you can note what your understanding is of the material in each objective and discover where you need further study.

What’s on the CD?

This book’s CD contains several extras that are moderately useful. Certification candidates love practice exams as a way to learn facts in bite-sized chunks, access where they are in their learning, and generally break the tedium of reading technical material. About 160 of the 475+ practice exam question mentioned on the cover of the study guide are found in the installable MasterExam quizzes and test engine on the CD. The quizzes may be taken in two modes: open book (no time limit, hints available) or closed book (limited time, no hints or references). Both modes allow changing answers and provide to the reader a study guide of incorrectly answered questions needed for additional study.

I found the MasterExam quizzes sufficiently challenging and valuable as both a pre- and post-assessment of my understanding of the CASP material. It is important to note that these quizzes are not accurate representations of the format and quality of the items on the actual CASP exam. These quizzes and are only for testing the candidate's understanding of the material presented in the MGH CASP Study Guide.

Also on the CD is a demonstration of the LearnKey video-based training via the McGraw-Hill OnlineExpert Web site. To access a wide variety of McGraw-Hill certification training videos with labs and practice exams, you will be required to create an OnlineExpert account. I was able to log in and try the pre-assessment exam and labs, which were minimal. Unfortunately, none of the Flash-based training video clips would download for me, but the videos are provided as files on the CD anyway. The Web site is basically a demo of the LearnKey OnlineExpert training, with the full product being available at additional cost.

In addition, the CD contains a free download of the electronic copy of the book in Secure PDF format. Your name, email address, the access code provided on the inside of the CD’s jacket, and a copy of Adobe Digital Editions is required to download and view and the PDF. (Be sure to read the download instructions fully, and select to authorize your computer without using a Vendor ID.) You may not copy or print the PDF text, but it is searchable, and you may highlight text and add annotations to the PDF as well.

Finally, the CD contains a bevy of offers and discounts on McGraw-Hill products to whet your certification-leaning brain.

It this study guide really all that good?

I reviewed the first edition, first printing of the MGH CASP Study Guide. I did notice a number of problems with both the facts and the editing that make this printing more than a bit rough around the edges. While someone new to InfoSec might not notice the occasional factual error or omission, a seasoned system or network administrator, or information security professional, will surely recognize these glitches.

There is some disagreement in terminology between different sections of the book, which can happen with multiple authors. There are also places where concepts are introduced, but not actually explained until much later in the book. One thing that really bothered me is occasionally a best practice is recommended, but the proper context for it is not given, making the practice sound like a standard rule. What may be good practice in one situation is not necessarily the best choice for another.

In the CASP objectives, there is a listing of acronyms that CompTIA recommends the exam candidate know. The book’s own glossary appears to cover all of these terms and more, but the book’s text does not. Knowing acronyms is really important for passing the CASP exam itself, so you should make the extra effort to learn them all.

The CASP objectives also provides a list of proposed hardware and software that the exam candidate is recommended to have personal, hands-on experience in using, such as Network Access Storage, Web Application Firewalls, CA (PKI) servers, virtualization products, and the Helix and BackTrack Linux distributions. The book describes this list, but does not cover many of these technologies, or described how to use them to study for the CASP exam. To be fair, such an effort would require another book in itself.

Finally, there is no specific practice material for the performance simulations or the drag-and-drop questions you will find on the CASP exam. The reader is given information related to these questions, but no suggestions on how to practice taking them. I don’t count this as a problem per se, but more of a suggestion for the publisher and authors as to what I would like to see added in a future edition. I expect many of these problems to be mentioned in the book’s errata and cleaned up both in later printings and the next edition of the CASP Study Guide.

It this study guide all that I need to pass the CASP exam?

I have already posted my review of the CASP exam and what I did to study for it. However, there are a few points that are worth restating here. If you have the time, read the study guide carefully, do the chapter tests and lab exercises, and honestly gauge your understanding of each CASP objective using the book’s exam-readiness checklist. I prefer to use a scale of 1-4 rather than the three-level scale given in the book. If the study guide contains insufficient material to bring your 1- and 2-ranked objectives up to a 4, seek additional study resources.

If you have only a little time before your CASP exam, skim the book and read each chapter summary and the two-minute drills, and try the chapter self-tests. After you’ve made it to the end of the book, do the first MasterExam on the CD as a self-assessment. This will also give you a quicker idea of which what CASP objectives you know well and which to study more.

Remember, the suggested prerequisite for taking the CASP exam is 5-10 year of professional IT work related to security, and I would add, “in an enterprise-scale environment.” If you have this level of experience, this study guide and some Web browsing may be all you need to pass the CASP exam. (It was certainly all that I needed to become CASP-certified.) However, if you fall short of this experience, you will likely need to pull in both additional study resources and some lab time learning how to troubleshoot and secure network resources.

In Summary…

Overall, I’m fairly impressed with the job the authors did in researching the CASP objectives and presenting information that a CASP certification candidate can use. CASP certainly falls into the a-mile-wide-and-and-a-few-inches-deep category of certifications, and that’s a tall order for any book to cover.

I really had to dig deep to find a few bad things to say about this study guide. I have the feeling that the most common complaint will be the book does not go into enough details in explaining some of the CASP objectives. Of course, people will also complain that the CASP exam itself does not do enough to challenge the exam candidate on the depth of the CASP objectives. (This opinion did cross my own mind once or twice.)

Instead of an ultimate compendium of all knowledge CASP, think of this study guide as a very detailed pre-assessment for you to use in determining your weaknesses of the knowledge of the CASP objectives. This study guide could be twice the page count and still hardly do justice to the breadth of knowledge of the CompTIA CASP certification. ]]>
The CompTIA CASP Exam Experience Tue, 15 Jan 2013 23:42:45 GMT I recently took the opportunity to not only review the McGraw-Hill book CASP CompTIA Advanced Security Practitioner Certification Study Guide (Exam... I recently took the opportunity to not only review the McGraw-Hill book CASP CompTIA Advanced Security Practitioner Certification Study Guide (Exam CAS-001), but also to take the CompTIA CASP exam for myself. There have been some rather controversial opinions about the CASP certification here in the CASP certification discussion forum at TechExams.Net. I really wanted to see for myself if CompTIA had produced a serious contender to the few, dominate general Information Security certifications available today, or had only managed to produce a “Security++” cert.

Another InfoSec Cert from CompTIA?

If you ask most anyone on TechExams.Net where you should start in getting a foothold in the world of Information Security, the answer you will most likely receive is to first look at the CompTIA Security+ certification. Security+ is probably the most widely-recognized foundational certification for InfoSec knowledge in the US IT industry. Studying the objectives of Security+ will give you an idea of what field(s) of InfoSec you might like to choose as a career and also show you that InfoSec is not what you though it was. When trying to get an InfoSec job, it usually doesn’t hurt to have Security+.

So what cert should you get after the Security+ cert? This can be tough question to answer.
There aren’t many general purpose, mid-level InfoSec certifications to choose from. When you rule out the specialized InfoSec certs, like the CCNA/CCNP Security, OSCP, C|EH, EnCE, most GIAC certs, and the more “professional” InfoSec certs, including the CISSP, CISA, and CISM, the only ones left to choose from for general InfoSec are typically the (ISC)2 SSCP and GIAC GSEC. CompTIA likely realize there was room for another cert in this mid-level niche and created CASP.

What’s so new and “Advanced” about CASP?

CASP was released in December 2011 as the first cert in CompTIA’s new Mastery Series of certifications. CompTIA is known for providing a wide variety of exams to certify entry-level knowledge related to specialties within the Information Technology industry using exams with a fairly simple format. CompTIA’s Mastery certifications are designed to test a candidate’s understands of multiple, related disciplines through the demonstration of advanced skills to perform detailed and complex tasks. The InfoSec skills tested by passing the CASP exam certify that a candidate is “advanced” in the InfoSec profession.

The CASP material covers enterprise-class systems and networks, their design, how they are implemented, and the problems that IT people working in large organizations face. For exam candidates who may be from the softer, paper-shuffling side of InfoSec, the CASP objectives listing includes a list of hardware and software that can be used in a lab setting to become more familiar with the “harder,” technology side of InfoSec. CASP is vendors-neutral, so you won’t see details about specific technologies, such as routers from Cisco and operating systems from Microsoft.

CASP is also advertised as global or international certification, meaning that it is suitable for InfoSec certification candidates worldwide. I take to mean that that CASP does not go in to specifics about USA or EU computer or information privacy laws. However, every InfoSec professional should be quite learned on what these types of legislations and regulations are designed to require and protect, which might come in handy even on an international certification exam.

What? CASP is not a lifetime cert?

Something that has really crinkled the noses of many IT certification aficionados is CompTIA’s shift away from lifetime certifications and towards certifications that both expire and require the collection of Continuing Education Units (CEUs) to maintain certification renewal. CASP holders are required to be enrolled in the CompTIA Continuing Education (CE) Program and earn 75 Continuing Education Units (CEUs) per 3-year CE cycle. What qualifies as a CEU is detailed in the CompTIA Continuing Education Program Activity Chart (PDF).

This change in CompTIA’s certification renewal policy is because of CompTIA’s need to comply with the ISO/IEC 17024 standardization for Personnel (human) Certification Accreditations. This standard is increasingly recognized by organizations, such as the US Department of Defense, as an indication of a quality certification program. It is therefore likely you may see CASP listed on DoD Directive 8570.01 one day. As a CompTIA lifetime cert hold myself, I think certification renewal is a very good thing, as I can see how my unrenewed A+ cert from 2003 now only represents a piece of ancient tech history.

What’s needed to try CASP?

There are no mandatory prerequisites to take the CASP exam. You can sign up and take it tomorrow if you like. However, CompTIA recommends that anyone attempting the CASP exam have at least 10 years of experience in IT administration, including at least 5 years of hands-on technical security experience. This means that CASP is designed to test what a candidate has learned from on-the-job experience and not only from what you’ve learned by reading books and watching training videos.

CASP builds on the objectives of the Security+ certification. Where Security+ tests for InfoSec knowledge used in the operation of a work environment, CASP also tests for knowledge of the use of security in the planning, design, and implementation of enterprise-class networks used by large business organization. Already having the Security+ certification--or at least the equivalent knowledge--prior to taking the CASP exam is extra insurance for a pass.

Signing up for the CASP Exam

CompTIA exams are taken at Pearson Vue testing centers. You register and pay for exams online and select your testing center using your own Pearson Vue account. If you haven’t been to a Pearson Vue testing center lately, you might be surprised by the detailed security procedures now required. I won’t bother going into details, but don’t think you will be taking jackets, hats, gloves, electronics, or electro-mechanical devices into the testing area. Also make sure you are shorn and shaven so you’ll take a decent picture that looks something like you.

How Did I Study For the CASP Exam?

I really didn’t have a lot of time from when I decided to review the CASP Study Guide until my exam date. I needed to know what CASP objectives I already knew well and which I needed to study. The McGraw-Hill CASP Study Guide provides full coverage of all CASP objectives, albeit in varying amounts of detail, and does include practice exam material.

I initially used the MGH CASP book as an assessment to determine which CASP objectives I needed to learn, to brush up on, and which I could safely skip studying. The book’s chapter summaries and quizzes and practice exams really helped out with this assessment. If there were any objectives I needed more detailed information than what the book provided, I certainly found it on the Web.

Two other things that will help with passing the CASP exam are: 1) already having general InfoSec certifications (such as the Security+, SSCP, CISSP, GSEC) or the equivalent knowledge and, 2) enterprise-level IT experience, where you have actively worked with many aspects of the business policies, procedures, and technologies typically found in very large organizations. I can’t emphasize enough how these will help you with CASP.

Oh—there are a lot of acronyms listed in the CASP objectives. I would suggest knowing them all and then some.

What’s on the CASP Exam?

I can say that CASP is definitely more than just a beefed-up Security+ exam. Although Security+ holders can expect to see a few familiar exam features, also expect to do a lot more reading, analytical deconstruction, and problem-solving than you would on the Security+ exam.

Each CASP exam will have up to 80 questions and the candidate is given 150 minutes to complete the exam. The up to part wasn’t clear to me until I saw that my own exam contained only 61 questions. I assume CASP exams will vary in their total number of questions because of the variable weighted complexity of the sims randomly selected for each exam. This means that having fewer questions on your exam does not make it an easier exam. It also implies that partial credit is awarded for only giving a partially correct answer to some of the more complex questions. (This is just me guessing, BTW.)

The CASP exam questions are worded well and are fairly straight-forward. (Cert exams with poorly-worded questions and bad grammar are detested by the cert-taking community.) Answer selections are single or multiple choice and with fairly plausible distractors. You will probably find nothing unusual or unfamiliar about the form and functions of the drag-and-drop questions.

Scenario-based questions test an exam candidate’s understanding of policy, planning, design, implementation, operations, and risk management. Some CASP questions require the demonstration of an understanding of concepts and relationships using drag-and-drop to build ordered lists. Simulations are given for the candidate to demonstrate problem solving and remediation skills related to enterprise organizations. Although the sims are part of the performance-based aspect of the CASP exam, the “performance” is in performing complex tasks correctly, and not necessarily in using the least amount of time (at least not that I could tell).

Personally, I really enjoyed the simulations. They seemed simplistic to me at first, but you could easily guess wrong if you were not thorough in your analysis of the situation graphically presented to you. Expect both graphical point-and-click and command line skills to be utilized. Based on my exam, I think exam candidates who have not been actively involved in systems and network operations might feel very out of place in the CASP sims.

And yes, you can go back to previous questions and change your answers. You are also given a chance to mark/review/change your answers before exiting the exam. There were several exam questions that I wish I could have reported my thoughts/complaints about. However, unlike several of its certification-vending competitors, CompTIA does not give the ability to provide feedback on its exam questions.

So How Did I Do?

Well, I passed the CASP exam. I took my time working through it and finished in about 95 minutes. I was a little taken aback when I saw on my exam printout that I “incorrectly answered one or more questions” in twelve of the CASP objective areas. CASP must have close to 200 objective areas; I have no idea how many of them were on my exam.

Unlike the other CompTIA exams, there is no numeric or percentage scoring assigned on the CASP exam. Only a PASS or FAIL indication is given to the exam candidate at the completion of the exam. The psychometric evaluation of the candidate’s answers may makes giving a numerical score irrelevant, but using the “a pass is a pass” technique is possibly to level the field of CASP-certified individuals, and not create a stratum of candidates who are more CASP-certified than others.


For me personally, my CASP exam was too short and it likely did not cover all of the CASP certification’s objective areas. I, along with many other certification consumers, prefer to be actually tested on what we’ve been studying for the weeks and months prior to taking a certification exam. This is not to say that the CASP exam isn’t a challenge, but it could be a lot more.

I can see how many people who work in small IT shops may dislike the CASP exam, and simply disbelieve that a requirement to demonstrate a mastery of many of the objectives is necessary to be a true information security professional. People may well reflect on the CompTIA’s use of the terms advanced and mastery and end up think that CASP is neither.

What’s the future of the CompTIA CASP Certification?

The current $329US price tag of the CASP exam leaves me believing that this certification is targeted at businesses looking to train their employees on CompTIA courseware and not individuals looking to consolidate their skills on their resume. Unless a certification is widely recognized and valued by the IT-skill-seeking organizations, people looking to change or further their careers will usually not spend this kind of money.

In an attempt to determine if the CASP cert is currently worth its cost, I performed searches on several major job boards for job postings with “CASP” and “CompTIA Advanced Security Practitioner.” I came up with no results. I discovered that “CASP” was not a recognized keyword by any job sites I tried, although the names of many other CompTIA certifications were recognized. I eventually found a few job postings that did reference CASP by doing a string search rather than a keyword search, but the results were seemingly too small to justify the cost of the CASP certification. I’m hopeful this will change in the future.

Considering that the CASP cert has been released for over a year now the lack of IT job posting mentioning it is truly surprising. If employers are to be given a chance to find value in a certification, they need to understand why this certification will help train their workforce to solve business problems. Only then will employers put CASP in their job postings, otherwise prospective exam candidates will not find any value in pursing the CASP certification.

For More CASP Information

If you require more information on CASP, please refer to the CompTIA CASP page or email CompTIA directly. There is also CompTIA’s interesting marketing glossy PDF on certifying your cyber-security workforce. And then there always engaging the IT-certification-consuming community directly in the CompTIA CASP discussion forum here at TechExams.Net. ]]>
The GIAC GSEC Exam Experience Tue, 11 Sep 2012 02:53:21 GMT This is part three of a series of three articles on the SANS SEC401 training course and the GIAC GSEC certification exam posted at
This is part three of a series of three articles on the SANS SEC401 training course and the GIAC GSEC certification exam posted at Parts one and two are The SANS Security Essentials SEC401 Experience and My Study Plan for the GIAC GSEC Exam.

If you have ever taken a Prometric or Pearson VUE computer-based exam then you know pretty much what you are in for with the GSEC exam. However, the GIAC experience has a few differences from other IT certification exams that you should be aware of.

Signing Up for the GIAC GSEC Exam

The GIAC GSEC is a 5-hour, 180-question computer-based exam administered at a Pearson VUE Testing Center. You will choose your testing center when you sign up for the exam through your account on (Military testing centers have the word "Military" or "DoD" in their name.) With over 3500 testing center globally, you should be able to find a Pearson VUE Testing Center within a practical distance from yourself.

I scheduled my exam at the testing center of a local community college near to where I both work and live. I always schedule my certification exams for early Saturday mornings when there is no line of exam candidates waiting to check in, or competition for spaces in the student parking lots. An early exam time also leaves me the rest of the day to squander on finishing these blogs articles, playing Minecraft, and eating Chipotle.

Vetting and Verifying and Validating (Oh My!)

If you haven't taken a Pearson Vue exam in a while--which was my case--you may be surprised and impressed by the increased security. You start with a printed form on a clipboard with all of the DO's and DON'T's of the testing center and the exam provider that you must check off and sign. It's nothing unreasonable and pretty much the rules you would expect in a secure testing environment.

The only DON'T that caught my eye was the agreement not to write anything on the dry erase note board given to you for taking notes during the exam before you actually start the exam. One of the long-standing, IT certification test-taking tactics has been to "dump" things you were holding in your brain for the exam (formulas and equations, calculation matrices, tables and listings, etc.) on to this note board before you click the button to start your exam. Apparently, this action is now specifically disallowed, so a forewarning to you all.

You also need two forms of personal ID, one of which must be government-issued with picture, and both must have your signature. A driver's license is standard; I used my city library card for the other. This is verified against your on-screen signature you sign on a pad with a stylus. Your picture is then taken with a webcam. In my case, this resulted in an image that looked worse than either the picture on my drivers license or my library card. Certainly I could remind no one anymore of Silent Bob.

You must next surrender the bulk of your personal possessions to a (small) secure locker for the duration of your stay at the testing center. (I needed two because of my SANS bag and hat.) I would really suggest leaving backpacks and overcoats in your car.

What you cannot take into the exam room with you includes the following:

  • Anything possibly electronic (cell phones, watches, cameras, computers, calculators, USB devices, car keys, The Internet, etc.)
  • Extraneous clothing (coats, jackets, head coverings, bags, purses, wallets, portable floatation devices, etc.)
  • Food, water, children, and small animals (helper monkeys and seeing-eye ferrets are possibly OK, but ask to be sure)

You are also not allowed to take in pens, pencils or other writing implements, yet you are given an erasable note board and a dry erase marker, so go figure. (I guess you might have a camera-and-voice-recorder spy pen?)

What you should be taking into the exam room includes:

  • All six SANS SEC401 training books with sticky note bookmarks attached
  • Your printed SEC401 lecture notes that you took in class
  • Your printed SEC401 books index that you made with extreme attention to detail
  • A printed copy of the SANS TCP/IP/tcpdump cheat sheet (recommended by Dr. Cole too)
  • Printed copies of other information that you think may be useful in the exam
  • A copy of the Network Security Bible by Dr. Eric Cole, et al., complete with its own professionally-created index (your secret weapon!)
  • Your lucky SANS upside down IP & TCP headers t-shirt (I looked at it more than once!)
  • Yellow sticky notes (keep reading...)

Now, you might be thinking, "Do I really need to take all of that stuff? Well, the GSEC exam is designed with the idea that the exam candidate will have all of this information at their fingertips during the exam. You are also allowed to take with you as much paper into the exam as you want (within reason, of course). So unless you think you know the GSEC material so well that all of that paper would just slow down your brain, I highly recommend lugging all the dead trees into the exam room and give your brain's ego a rest (*hint hint*).

You can find out more details about the testing center requirements from the SANS and Pearson VUE Web sites, and from the emails you will start receiving from about a week before your scheduled exam date.

Into the Abyss...

As you enter the exam room and are lead to the very small table that harbors your testing computer, you might find yourself thinking, "Wait, there no room for all my books and papers!" Yes, there is a possibility that the generous amount of desk space you gave yourself for shuffling your books and indices back and forth while taking your practice exams will not exist in the testing center.

Fortunately for me, the cubical in my testing center were of adequate size for SANS books and paper shuffling. From taking the practice exams, I knew that I had to make a pile of book on either side of the keyboard and keep my index directly in front of me. All my other papers, Network Security Bible, and dry erase note board were to either side of the monitor. The ergonomics of it actually worked quite well.

My only real concern was the noise level. The room was deathly quiet; most of the time I was the only occupant making any noise, flipping my books and index pages. Despite my concern, it turned out not to be a problem. Part of the testing center security is having a proctor physically patrol the testing room every 15 minutes or so. The occasional sound of doors opening and closing, and people with questions and computer problems, more than masked the thuds and scratchings evoked by me taking my exam.

It's All About Cerebral Endurance

Five hours is a lot of time to spend taking an exam. However, you won't be in there nearly that long if you learn the material and prepare well. But heck, you need only a 73.9% to pass the GSEC. You might even consider speed-clicking your way out of the exam in under an hour. Of course, you would need to spend the rest of your life telling people, "Hey, a pass is a pass!" to explain your low passing score. (Start by telling that to the person who paid for your SANS training and GIAC exam.)

The GIAC exams are very similar to the other computer-based certification exams that you've already taken, so use the same test-taking strategy you've used before for solving CBT exam items:

  1. Read the question and attempt to determine the correct answer before looking at the answer options (this may not be possible for some exam items).
  2. Read each answer options and explain to yourself why this option is correct or incorrect.
  3. If two answers both seem to be correct, re-read the question and determine which of the two answers best fits the question.
  4. If still stumped, use your index to look up information found in the question or answer options and read what the SANS training material says about it.
  5. If you index does not list a term that you need, look in your notes and print outs, the Network Security Bible, or on your lucky SANS t-shirt. (Ah, now you wished that you had bought them.)
  6. Still nothing? Either start blindly flipping through the books hoping to see something, or skip the question and try to answer it at the end of the exam. (You can only do for five exam items, so try not to not to end up at this step too many times.)

Geez, That's Annoying...

The time remaining in your exam is displayed prominently at the top of the screen. If this bothers you, cover it up using one or two of your yellow sticky notes. Also on screen, your exam score is shown and updated every 15 questions. Cover that up with a sticky note if it freaks you out. If you need a calculator for any arithmetic operations, one is provided also on-screen, and may be covered up if you find it unnerving as well.

Five Hours Without a Trip to the Bathroom?

At the top of the screen are buttons that give you the chance to skip the current exam item, or to flag it to make a comment about it at the end of the exam. Items that you skip will be shown to you again at the end of the exam for you to answer and, as I said in the previous article, you can only do this for five exam items. If you want to take a break, hit the "Take a Break!" button to stop the exam clock for 15 minutes. However, you will need to answer all the questions that you skipped first. (Can't have people running out to look up exam item answers on the Internet using their 4G LTE cell phone, can we?)

One other interesting fun-fact is that items displayed for comments will only have their questions shown and not their answer options. I assume this mitigates against the memorization of exam items for post-exam brain dumping. So make sure you take notes on your dry erase board about any items you wish to comment. You may comment on up to ten exam items. Write some especially clever exam item comments and you may one day get an email reply from someone at GIAC. (Hi Jeff! ;) )

Crushed It!

I finished the GSEC exam just before the 4-hour mark and had three skipped questions to go. After having a second look that them, I decided the answers were fairly obvious and did not waste too much time on them. I then completed the exam and was informed that I passed with a score of 93.89% in a time of 04:04:34, which was astonishingly close to to results of my second practice exam. I was shooting for 95%, but would settle for any score in the nineties, so I did acquire my target objective.

After the scoring, I was given the chance to remark on the exam items I had flagged to comment. I had a few remarks ("So where was THAT topic in the SANS SEC401 books?"), but not much really to complain about. Regardless, I do feel as though I contributed a miniscule modicum of improvement to the quality of the GSEC exam. It's nice to have the ability to provide direct input into something I've invested so much time in.

Also at the finish of the GSEC exam is the familiar exam summary with the zero-to-five-stars rating of each topic. I got three or five stars on every topic except for honeypots--where I got zero stars! Well, I guess I can live that one down. I would have bet that Active Directory and Windows permission would have been my Achilles heels. Apparently I can tell a GPO from a SACL.

Post-Exam Administration

Another stage of your GSEC certification journey begins just before you step outside of the testing center, squint in the sunlight, and try to remember where you parked your car. Forewarned is forearmed for avoiding this confusion.

Be aware that there is no post-exam printout of your exam results at the testing center. Your score is displayed on the computer screen and GIAC sends you all of your information and instructions via email immediately after you complete your exam. Neither myself nor the testing center people knew this, and we wasted about 20 minutes attempting to coax a printout from the testing center's system, and filing an incident report with Pearson VUE. To their credit, Pearson VUE did send me an email saying that my exam results was available online at

Sans Frame?

One interesting post-exam decision I was asked to make is whether or not to receive my GIAC paper certificate pre-mounted in a wooden frame. This question is asked at the conclusion of the exam, in email, and again when filling out the certificate request form online. The frame is free, but does require a shipping and handling charge to the tune of $19 for US/Canada and $34 for international delivery. I shook off my eBay S&H deja vue and decided to go with the bare paper, which is completely free. I may have chosen otherwise had I been able to see what the certificate looks like in the frame. My GSEC certificate arrived one week after I submitted the form, and it looks very nice in a $6 Big Lots picture frame.

GIAC Advisory Board

If you pass any GIAC exam with a score of 90% or better you can expect to receive an email from GIAC asking if you would like to join the GIAC Advisory Board. The Advisory Board is made up of GIAC-certified professionals who meet to discuss formal issues directly related to GIAC and SANS business, such as training and certification. Meetings are held on a group of mailing lists averaging about 30 messages per week, and is distributed to about 2000 GIAC members. Because some of the material presented involves content regarding future direction of exams and other proprietary information, members are required sign a Non-Disclosure Agreement. More on this once I'm active on the board.

And a Final Thank You To My Employer

I would never personally assume the expense to indulge myself in SANS training and GIAC certification. The target market for SANS courses and GIAC certification are businesses and not individuals, and their cost reflects what the market will bear. For organizations, the ROI for having SANS-trained people is tremendous. I am grateful my employer--both the human and administrative parts--recognizes the value of SANS training for its employees.

Have any questions for the SANS-trained, GIAC-certificed people at TechExams.Net? Please post them to the SANS GIAC discussion forum at TechExams.Net. ]]>
My Study Plan for the GIAC GSEC Exam Tue, 11 Sep 2012 02:53:08 GMT This is part two of a series of three articles on the SANS SEC401 training course and the GIAC GSEC certification exam. Parts one and three are The...
This is part two of a series of three articles on the SANS SEC401 training course and the GIAC GSEC certification exam. Parts one and three are The SANS Security Essentials SEC401 Experience and The GIAC GSEC Exam Experience.

Doing the self-study part of an IT certification can involve a daunting set of decisions and tasks. Where do you start? What materials should you use? How should you be organized? How, when, and for how long should you study? And how do you know when you are ready to take the exam? I really have no idea what you should do for yourself; everybody has differences that makes it impossible for me to devise a single set of recommendations for everyone. Instead, I offer here what I did to prepare for the GSEC exam.

The first step in studying for the GSEC exam is to attend SANS Security Essentials 401 training. If you have read part one of this series, you know that I highly recommend attending a SANS SEC401 class taught by the creator of the course, Dr. Eric Cole. He is very entertaining, authored the SEC401 course material, and certainly knows what's on the exam.

If you can't make it to one of Dr. Cole's classes, the other instructors teaching SEC401 are very good too. In fact, the audio recordings of SEC401 that you will be listening to feature Dr. Cole's lectures, so having a different in-class instructor with a different perspective will probably broaden your exposure to the SEC401 material.

Take copious notes while you focus your brain on the lectures. The lectures both reenforce the material in the books and adds to it. I'm not saying there is information on the exam that you can only get from the lectures, but the spoken information makes a different impression than the written information. Taking notes on a laptop not only will come in very handy to remember and reenforce what you have learned, but also make your notes searchable. You will find your notes complement the recorded lectures too.

If you are taking the vLive or OnDemand SANS SEC401 class, the advice is the same: take notes on the live or recorded lectures. The OnDemand material also features "Test Your Knowledge" quizzes on many of the modules. Make sure you have both listened to the lecture and read the book for each module before taking the quiz or you won't fully know the material you are being quizzed on.

Reading the SANS SEC401 books is very, very important. This seems silly to say, but after attending the training, taking detailed notes, and listening to the lecture recording over and over, you might decide not to fully read the books. This would be a mistake. Go over the books, marking the pertinent facts with a highlighter, and takes notes that include the book and page number for each fact you record. This not only aides you learning the information, but will help you with your most monumental study task: building the SANS SEC401 index.

An Index? I Really Need To Make an Index?

The GIAC GSEC exam is an open book exam. There is so much information in this exam that you will definitely need your SEC401 books with you in the exam room. However, you will notice that your books have neither a table of contents nor an index. This makes them very difficult to use for quickly looking up facts--such as those that might be useful for answering GSEC exam items. You therefore have no choice but to build your own indices from scratch. If you have never before created indexed for a book--let alone for six books--you are in for one, mind-numbing treat.

For my index, I made a single MS Word table with one column each for index term, book number, and page number(s). Each table row contain one indexed term. Using this format, the first few entries of your index might look something like this:

Term Book Pages
/etc/services 6 51,53
3DES 4 50
802.11 4 157-158
AAA 2 103-104
Account Lockout 5 160
Access Control 1 225
Access Control 2 99-109
Access Control 5 234-236

Be extremely detailed in your indexing. Include the names of programs and executable, RFC and NIST publications, acronyms, and well-known operating system files. Do not use a large page range to cover a single general topic, such as shown in the Access Control entry in the above index table example. Instead, break up the pages into smaller, indexed entries by topic. This will enable you to more quickly locate the detailed information you need during the exam.

Do not exclude concepts from your index that you think you know well. There may be some bit of trivia that you don't know or don't remember that makes the difference in your answers. Consider that you will be looking up topics you know just to double-check what you know. If you have a disagreement with facts presented in the SEC401 books, the exam will follow the books and not what you believe. Therefore, use your index to verify you have your facts from the SEC401 books and not from what somebody wrote in the Wikipedia or a blog article.

Bookmarks can be very helpful for finding significant sections in the books, such as the diagrams for IP, TCP, and UDP headers, incident handling stages, the command line options for tcpdump, and the glossary and acronyms listings in book 1. Make sure you bookmark the topics in your lecture notes and study notes too. The small size yellow sticky notes make excellent bookmarks. (You though I was talking about Web browsers, didn't you?)

Finally, make sure you include the page numbers on your index hard copy. This will come in handy for reordering the pages if you mix them up during the exam. Oh--be sure to sort the table each time before you print it. Saves paper and frustrations that way.

Take special care in making your index. The last thing you want is to find yourself in the exam flipping blindly through your books hoping to glance at information you need to answer a question. During the exam, you will feel satisfaction each time you use your index to confirm the correct answer to an exam item, and this will make you glad that you spent the time you did on your index.

If I have a really good index, will I still need to study?

You might have the thought to use your index--or somebody else's index--to simply look up the answer to most every item you see on your the GSEC exam. You can try doing this using one of your GSEC practice exam to see what kind of score you get. You may find that there isn't enough exam time given to look up every possible answer in the books. You would literally need to look up each answer option and make a decision based on materials contain on perhaps dozens of pages. Building an index is an excellent way to help you study the GSEC materials, which is why your would take SANS SEC401 in the first place, so take advantage of the learning experience.

Study for How Long?

There is no simple answer for the question, "How long will it take me to study for the GSEC exam?" It depends on how much you already know about the GSEC topics, how well you understood the lectures and labs in your SANS SEC401 class, and afterwards how well you studied the material and prepared for the GSEC exam itself. SANS SEC401 students are given four months to take the GIAC GSEC exam after finishing SEC401, so most anyone with the motivation to obtain the GSEC should have enough time to prepare. Just don't try to cram it all in the weekend before your exam date.

GSEC Practice Exams

The SANS SEC401 course comes with two online practice exams that emulate the GSEC exam in length, format, and content. You are given 300 minutes in which to complete 180 exam items, just like in the real GSEC exam. There is also an on-screen clock displaying you exam time remaining, and your current exam score is displayed and updated after completing each 15 exam items. The exams are available in your account after you purchase the GSEC exam.

Your SEC401 instructor will probably advise you to take the first practice exam shortly after completing the class. This will give you an accurate assessment of how well you understand the class material and give you an idea of what the exam is like. At the completion of a practice exam, a summary is displayed of all of the topics on the exam, each with a rating of zero to five stars of how well you did on each topic. This assessment is the foundation of your study plan. Start by studying your worst topics (zero- and one-star) first and work up from there. Once you complete a practice exam, you cannot review or retake it, but the summary is always available to you in your account.

How and when you use your second practice exam is up to you. You can actually give it away to someone else registered on if you feel that you don't need it. One week before my GSEC exam, I used my second practice exam as a mock GSEC exam experience. I went to the library on a Saturday morning with all of my SANS 401 books and notes, set myself up in a private cubical, and proceeded to take the practice exam using the same rules as the real exam (no electronics, one 15-minute break, no distractions, etc.). The idea was to find any deficiencies in my knowledge and study materials, and to exercise my mental stamina for taking a 5-hour, computer-based exam.

I found myself getting mentally winded around exam item 130, but I pressed on. I took notes to study some topics, make some tables, and to improve my index. I found it helped me polish my exam materials and gave me confidence that I was prepared for the actual GSEC exam.

After 4 hours and 19 minutes, I finished with a score of 93%. (I scored only 80% on my first practice exam taken nearly three months before.) I was surprised how many topics I saw in the practice exam that were not listed in my handmade index. Several of the practice exam items I got wrong just from picking stupidly. You know those questions where you know the correct answer, but you end up picking wrong answer because you second-guessed yourself? And the exam items asking for the FALSE statement and you pick the first TRUE answer you see instead? I really hate myself for missing those.

During the practice exam, you are given a opportunity to flag up to five exam items to pass on and be given again at the end of the exam. I did not take advantage of this feature, but I would have had I been spending too long researching any one exam item. You may also flag exam items you wish to comment on after the exam is completed. I only had an issue with one exam item and how its information was not explained sufficiently detail in the SEC401 books. It may have been a trivial detail, but I got the item wrong and I felt that I needed vindication for a slightly lower practice exam score that meant nothing.

All That Effort Just to Pass an Expensive Certification Exam?

Why did I go to all this trouble? To get the best possible learning experience from the SANS Security Essential 401 class? For the "nerd cred" earned by a really high passing score? Well, both of those, really. But there is also an officially-recognized GIAC Elite; those who score in the 90th percentile on a GIAC exam are asked to join the GIAC Advisory Board. That sounded like something pretty cool to be a part of, so I went for it too.

More about how to inflame your nerdish ego in part 3 of this series, The GIAC GSEC Exam Experience. ]]>
The SANS Security Essentials SEC401 Experience Tue, 11 Sep 2012 02:52:24 GMT This is part one of a series of three articles on the SANS SEC401 training course and the GIAC GSEC certification exam. Parts two and three are My...
This is part one of a series of three articles on the SANS SEC401 training course and the GIAC GSEC certification exam. Parts two and three are My Study Plan for the GIAC GSEC Exam and The GIAC GSEC Exam Experience.

I was recently given the opportunity by my employer to attend SANS™ Institute training at SANS Security West 2012 in San Diego, CA. I attended the class associated with the GIAC GSEC certification: SANS Security Essentials 401 (SEC401). This class and certification are both a broad and in-depth survey of Information Security topics oriented towards technical knowledge and practical applications. The GSEC is considered to be the flagship of the 17 GIAC certifications, and with over 33,000 people having passed the GSEC exam, SEC401 is easily the most popular of all SANS training classes.

My Six Days in a Hotel Conference Room

SEC401 is a 6-day boot camp-style class for the GIAC GSEC certification and taught at most SANS events. The class runs from 9AM to 7PM for five days and 9AM to 5PM the last day, and may be attended by anywhere from 75 to 150 people. The time spent in class is mostly instruction with Q&A, but the last hour or so of the first five day is for completing lab exercises.

The SEC401 class material is divided into six major subject areas, with each area subdivided into half-dozen or so learning modules. There are six course books, one for each day, and you get them all in a nice SANS bag at registration. The lab exercises are found at the end of each course book. The books are instrumental in studying for an passing the GSEC exam, so treat them with care.

Dr. Eric Cole

The SEC401 class I attended was instructed by Dr. Eric Cole of SANS™ Institute and Secure Anchor Consulting. Dr. Cole is a very personable, entertaining, and highly energetic lecturer. Attending a very technical InfoSec class for 10+ hours a day for six straight days is tough enough, but when you are the class instructor needing to keep 100+ students engaged for that time frame you have to be the Energizer Bunny® of Information Security. SANS has found just such an instructor in Dr. Cole.

Dr. Cole has been authoring and teaching the SANS 401 course for the past 14 years. He puts all of his incredible personal and career experience in InfoSec into the class lectures and material. Listening to his personal stories and anecdotes alone is worth the price of admission, and you will likely be listening to them for weeks after the class on his recorded SANS SEC401 lectures.

Dr. Cole also has considerable input into the content of the GIAC GSEC exam, for which the SEC401 course is designed. Although the class is not taught specifically for the goal of passing the exam (i.e., "teaching to the exam"), you will receive hints along the way as to important topics to know. Dr. Cole also greatly values student's comments about the class' content and his instruction, and he welcomes comments and suggestions for improvements of both. With all of this considered, I strongly recommend you attempting to attend Dr Cole's SEC401 class if the GSEC certification is in your future plans.

Click image for larger version

Name:	Network Security Bible 2nd Ed.jpg
Views:	2473
Size:	61.0 KB
ID:	2894 Dr. Cole is also a principle author of the book Network Security Bible from Wiley. The information in his book parallels and augments the topics taught in SEC401, so you might consider taking a copy of it with you into the GSEC exam (*hint hint*).

Wait, Give It a Chance...

If, while in the first day of class, you think that you have signed up for a SANS class will not meet your needs, you have the option to turn in your SANS materials and switch to a different class. However, be aware that the SEC401 subjects change considerably each day. The first day is very technical with discussions of almost every possible concept in TCP/IP networking. So if you find yourself into a falling into a glassy-eyed stare during the talk about Internet protocols, VoIP, or IP subnetting, try to ride it out and remember the next day's subjects will be easier.

Snack Alert!

One thing to be very careful of are the breaks during the classes. A break is given every 90 minutes or so, and snacks are served in a common area by the hotel; it can be quite a sugary and caloric event. Cookies, ice cream, caramel apples slices, and pastries were some of the items on the snack menu during my SANS experience. It was rather unfortunate for more than a few people that "5-pound brownie day" just happened to be on the same day as the cryptography lecture. There were more than a few eyes shutting and heads nodding during class after that, and at least one case of "Keyboard Face" that I saw.

To ward off the affects of "high tide, low tide" blood sugar, bring your own healthy snacks and just partake of the water, coffee, and tea in the break area. There will likely be food markets near to your hotel. To find the closest, just ask Dr. Cole where he buys his coconut water.

The SANS SEC401 Labs

The lab exercises in each class are to help you better understand the concepts and applications within the SEC401 material (Linux commands, vulnerability scanning, network traffic interpretation, password cracking, steganography, event logging, etc.). The labs are very useful and could be very helpful with the GSEC exam (*hint hint*), but truth be known, all of the labs in SEC401 are optional. If you are very familiar with a lab exercise, perhaps because it is part of your daily work activities, you can skip it. You might find yourself skipping entire labs to participate in the evening activities hosted by SANS.


In the evening of the first five class days are the SANS@Night after-class events. I highly recommend that you attend as many of these events as possible. Instructors from each class lecture and demonstrate on what it they teach, giving SANS Conference attendees a chance to decide on what class they would like to take at their next SANS conference. There are also presentations and discussion panels on special topics, such as state of the Internet, social engineering, future trends in hardware and software technology, and Internet safety for kids and adults. There is also a NetWars Capture-The-Flag tournament and an overview of the GIAC program for people wanting to become SANS Facilitators. You should at least attend the Welcome to SANS lecture given on the morning of the first day.

There are actually two events at 7:15PM and another two at 8:15PM, so you will need to decide what you want to attend. Realize that none of these SANS@Night events are recorded, so when you attend one you will miss the other. If you choose to stay after class and finish all of your labs, you may miss them all. And let's not even ponder what you'll miss if you instead decide spend an evening on the town in a place like Chicago, San Diego, San Francisco, Orlando, or Las Vegas. (For the sake of team-building with my co-workers, I did select this option as my evening's activity more than once.)

The Venue

If possible, get to your SANS conference the day before it begins so you can register, collect your materials, check in to your room, explore the venue, and look over the schedule of events. SANS is in more places than you can think to DDoS, so I can only offer a description of my venue.

The SANS Security West 2012 I attended was held at the Manchester Grand Hyatt in San Diego, CA. This is a very nice and large hotel on the water designed in the confusing, two-tower configuration. (Yes, I went up the wrong tower my first trip to my room. That's what I get for checking in using a kiosk-bot and not a desk-human.) The hotel is stylish, comfortable, and has more than enough space for a SANS conference. SANS comps attendees free access to the hotel's Wi-Fi (also something the kiosk-bot didn't tell me).

The Hyatt is in a nice downtown area near to the San Diego Convention Center. (You know, that place where 100K+ people attend ComicCon every year?) The entire downtown is within walking distance of the Hyatt, including fast food, grocery stores, other hotels, and Petco Park. However, you probably won't want to go any farther than 5th Street in San Diego's Gaslamp Quarter. All forms and manner of food, drink, shopping, and entertainment are there. With the many weeks you'll be putting in studying for your GSEC exam, you may not have another opportunity to get away like this for quite a while. :wink:

More Questions?

I highly suggest reading through all of the material on the SANS Security Essential 401 page for more in-depth information on the content of the classes and upcoming locations of training events. Have a look at the SANS Security Training FAQ for answers to your questions about SANS courses, GIAC GSEC certification, and to understand the different training SANS options (vLive, OnDemand, Self-study, etc.). And, of course, there is always the SANS GIAC discussion forum at TechExams.Net.

Oh--and don't forget to read part two of this series, My Study Plan for the GIAC GSEC Exam. ]]>
Review: CompTIA Security+ SY0-301 Authorized Practice Questions Exam Cram,3rd Edition Wed, 28 Dec 2011 22:29:00 GMT [TR] [TD="align: center"]Attachment 1716 (]]>
Click image for larger version

Name:	Pearson.SecPlus.3rdEd.jpeg
Views:	980
Size:	19.3 KB
ID:	1716 Authors : Diane Barrett
Hardback : 400 pages
Release Date : December 2011
ISBN : 0789748282
ISBN 13 : 9780789748287
Language : English
Publisher : Pearson Education, Inc.

Here at TechExams.Net, we have a lot of members looking for practice questions for the IT certifications exams they will be taking. After many hours of reading through books and Web pages, watching online videos, and taking copious notes, an exam candidate will begin to wonder how they will perform on the actual exam. Taking practice exams is not only a good way for a certification candidate to get a rough guesstimate at his or her current level of exam subject knowledge, but is also a great way to study for the exam itself.

Hot off the presses and on to my desk is the book CompTIA Security+ SY0-301 Authorized Practice Questions Exam Cram, 3rd Edition by Pearson Education. This book is the answer to certification candidates looking to practice for the CompTIA Security+ exam. This book offers not only the latest topics that a candidate may find on the Security+ exam, but does so in a variety of hard copy and digital forms.

We Have Questions...

This Security + exam practice questions book is the companion to the CompTIA Security+ SY0-301 Authorized Exam Cram, 3rd Edition book also published by Pearson Education. The 3rd edition of these books covers the latest CompTIA Security+ exam, SY0-301. The previous edition covered the SY0-201 exam, which will only be available until December 31, 2011.

This publication presents information found in the Security+ exam topics as exam questions to both teach the concepts found on the Security+ exam, and to test what the exam candidate (that's you) already knows. The questions are concise, well-written, and don't contain any tricky wording (or bad grammar) that you may have seen on actual certification exams.

The book is organized into practice questions, quick answers, and descriptive answers. This format makes it easy to quickly grade your results, and then go back later to review each question's very detailed description, which explains why each possible answer was correct or not. I really like this attention to detail, as I think teaching why answers are incorrect is equally valuable to learning.

This book is a lot more than just pages and pages of practice questions. At the front of the book is a fold-out, tear-off "cram sheet" that is an aide for memorizing the concepts you may encounter on the Security+ exam. This is useful for helping you determine what concepts and definition you definitely should have memorized for the exam, such as the difference between new and unfamiliar concepts, like "PaaS," "IaaS," and "SaaS."

This books also gives the reader quite a bit of information about the Security+ exam objectives themselves, and without asking the reader to fill out a marketing information form before doing so. (Have a look at the Security+ Exam Objectives page on CompTIA's Web site to know what I'm talking about.) Also offered are the benefits of becoming CompTIA-certified.

A word of note: This is a study preparation guide and not a key to the actual Security+ exam. As the publisher points out, "...the purpose of this book is to help you prepare for this exam, not to provide you with real exam questions." That said, use this study guide as an aide in learning the Security+ exam topics and you should never need actual exam questions to pass.

What's On The CD?

If you don't think the 200 questions on this book's pages will give you enough of a challenge and learning experience, on the CD you will find the Pearson IT Certification Practice Test engine with another 800 Security+ practice questions. The test engine features multiple test modes and gives the save detailed explanations for answers as the book. The test engine is for Windows and .NET only (someone please post in the comments if the test engine works under Mono). Also, if you want to know anything more about the contents of the CD, you will have to look on Pearson's Web site, as the CD isn't mentioned in the book.

This Book Is Online Too?

Pearson IT Certification has also teamed up with O'Reilly's Safari Books Online to make an online version of this Exam Cram book available free to use for 45 days. Just enter the code included with the book, sign up for a Safari account, and begin studying the same material online. If you have never tried Safari Books Online before, you are in for a read treat, as it's a great library and most every Exam Cram IT certification book is on there too.

In Conclusion...

Other than the lack of information about the contents of CD in the book's printed pages, I had a very difficult time finding any fault with this book. The information is very detailed, readable, and highly relevant to the topics covered by the Security+ exam. In my opinion, all Security+ exam candidates should find these many practice questions a worthwhile and entertaining diversion from reading books containing long-winded chapters about information security. ]]>