Category Archives: Technology Certification Exams

CompTia Security+ Exam Tips

Leave a reply

CompTia Security+While the exam is still fresh in my head, I going to hand out some tips and suggestions for the CompTia Security Plus exam.  I took the test one time, and passed with a 834/900.

My Previous experience:

  • A few weeks ago, I got my MTA Security Fundamentals, along with the CompTia Network+.  The Network+ really came in handy for Security+.
  • 10+ years in telecom, IS/IT/Development roles
  • Lots of other certs… I’ve taken nearly all MTA certifications now, mostly thanks to WGU (Washington Governors University).

My study time/process/tools:

  • I spent about 4 days preparing for this exam.
  • My university provided an online tool called LabSim, provided by “TestOut”. This was a mix of videos, tables, quizzes, and hands-on simulated exercises.  I did not really feel this was efficient use of my time, but 90% of my study time was spent using this source.
  • I also had access to a UCertify Course as provided through WGU. I avoided this source.
  • Professor Messer’s Security+ videos on Youtube. I watched about 10 of the ~200 of them. Those are really great, especially if you need a clear explanation on a topic you’re not getting.

What to focus on:

  • If you don’t do ANYTHING else, at least memorize the protocols (and where they are used), ports, associated hashing or crypto algorithms, and categorization.  The thing that helped me the most was the fact that I had all of the symmetric and asymmetric protocols and algorithms fully memorized.  In fact, before I even started the test, I jotted them all out on the scratch paper, under their proper heading. I referred back to this table probably about 20 times.
  • Know the “strongest” configuration for all areas: wireless networking,  remote authentication, etc.  There were quite a few “what is the most secure configuration” type questions.
  • Don’t skip the chapter on the risk assessments and calculations… I skipped it and it cost me a few questions, I think.  There were probably 7 or 8 questions about risk management, documentation and process.
  • Know the terms involved with security threats.  I was tempted to skip the chapters discussing worms and viruses, but I’m glad I didn’t because there were probably 20+ questions on phishing, worms, viruses, malware, spear fishing, vishing, pharming, rootkits, backdoors, trojan horses, etc.  Make sure you REALLY know the difference between these, and the appropriate response to these security threats.

What to skip:

  • The LabSim online training course I was using (provided by “TestOut”) went into a LOT of detail and hands-on exercises that I felt wasted a lot of time.   They had me doing many tasks that were unrelated to security, such as dinking around with AD, adjusting network settings, etc.  While it may help give context to some of the concepts, just keep in mind that every question on the real exam asked a SECURITY question.  For example, on the real exam, I was never asked to configure a RADIUS server or anything close to that. But I WAS asked many, many questions regarding the protocols, ports, and algorithms used with RADIUS.

98-367: Tips for taking the MTA Security Fundamentals Exam

3 Replies

courses-exams-98-366-98-367-mta-networking-and-security-fundamentals-917-891Just got back from scoring a 97% on the Microsoft Technology Associate Exam for Security Fundamentals. I found it to be the easiest certification I’ve taken to date, however, here are some tips to help you prepare:

My Previous experience:

  • I just got my MTA Network certification as well as CompTia Network+, which actually gave me the answers to all items related to network security. 
  • 10+ years in telecom, IS/IT/Development roles
  • Lots of other certs… I’ve taken nearly all MTA certifications now, mostly thanks to WGU (Washington Governors University).

My study time/process/tools:

  • My only source was the Wiley text: Exam 98-367 Security Fundamentals (Microsoft Official Academic Course). I spent two nights reading this cover to cover, with the exception of the networking chapter. This book is a little dry, and the content is scattered, but everything you need is in there.
  • I have a Windows Server 2008 R2 virtual machine to play with… the exercises in the book aren’t really helpful, but i found it helpful to play around with the server when they reference something unfamiliar. Its its too much trouble for you to set this up, you can get away without it.

What to focus on:

  • Different types of password attacks – there were more questions on things like brute force, dictionary attacks than anything else. 
  • There were at least three question on digital certificates and digital signing (what are they for, who do they protect?)
  • NTFS permissions – what happens to perms when you move a subfolder? What about copying files?
  • Know the different layers of security presented in the first chapter of the book. Lots of questions like “Encrypting a thumb drive is an example of ___________” with possible answers of integrity, confidentiality, etc.

What to skip:

  • That book has a lot of stuff unrelated to security. While it is important to understand some concepts, don’t waste your time memorizing stuff unrelated to security. Examples of what I mean below:
    • You don’t need to memorize the OSI model (if you haven’t already). Just know the security-related nuggets you read about. A question you might see on the exam would be: IPSec operates at layer ______ of the OSI model. 
    • Don’t memorize the extra stuff in the tables presented in the book. Example: the test may ask which file systems support NTFS, but it will probably NOT ask what the maximum filesize is for NTFS.

Most of this exam is common sense, especially if you already go about your daily life in a safe and secure manner when it comes to computers. Just read each question carefully.  But if you are the type of person who isn’t sure what type of wireless security your home network is using, or have never dealt with setting file permissions, you will probably want to take some time and read the text.

Good luck!