|
|
Security+ 2008 Exam Notes by Michelle Maasburg
All,
I took my S+ 2008 test today over at CrossData (by Military Circle Mall)
and passed with 840 out of 750 (each time I have taken one of these the
minimum changes). 100 questions, about 90% came out of nowhere. About 5
came from the pdf, maybe 5 from Transcender, and it looked like the
English Majors changed up the test. This is why you cannot rely on
‘gouge’ and you must Trust the Man With the Plan (Will). It is the only
way to beat the inevitable 90% surprise. The 90% was CLEARLY the correct
material, just a brand new bastardization of it. I have provided for you
all below a brain dump of as many questions as I can remember from my
test for your benefit.
The reason that I passed was because of taking onboard Will’s advice and
trusting his process. The number one most useful item of all of it was
Will’s classroom instruction which was outstanding.
WILL’S PROCESS:
1. Show up to class and pay attention in class
2. Read and learn the material fully
3. Set up and do Transcender exactly like he tells you and pare down to
Dirty Dozen
4. Reference Will’s website for extra study material, don’t get
distracted too long at the candy store. Go back later after you pass the
test
5. Go through study questions in exam prep supplementary book and pdfs
if available
6. If you see anything that you do not know or understand, look it
up/research it fully online with google, wikipedia, etc
7. Use Will’s psychological test taking strategy to find “IT” (the
answer). Works every time.
. These are the items that I can remember to the best of my knowledge:
1. As far as I had been concerned until this past week the security
system of resources followed a 3 step process, Authentication,
Authorization, and Accounting…That was until Transcender stirred the pot
with an ...Identification” pain in the ass step, must have been from
2007 or earlier, or maybe I must have missed something. I of course
looked up Identification and found out that the difference between it
and Authentication is that “Authentication verifies set of credentials
while Identification verifies user requesting set of credentials”. Of
course my test had an ‘Identification’ question on it, and it added
another new twist that I cannot quite remember off of the top of my
head. Take the time to either google or wikipedia it so that you don’t
miss it. I’m sure that I probably did.
2. The device that is used for a NIDS – the term used was a SENSOR
(distracters included similar words)
3. 2 questions about a user who is in a particular group unable to
access a file who is supposed to have read/write access. The actual
answer for both is (word for word) “wrong rights assigned”. See what
happens when English majors write these tests?
4. Main difference between RADIUS and TACACS? (separation of A, A, A)
5. Definition of Decryption
6. Question about a user having a huge influx of new employees, leading
you to an answer of whether or not you should employ a “role based” or
“rule based” action
7. I had a ‘fuzzy math’ problem: it went something like this: A vendor
puts in an email system for a small company. The vendor offers the
company a $5000 annual virus protection package. The company manager
researches and finds out that there is a 90% chance of failure without
the protection, and with the failure it will take 3 hours for
restoration based on this annual 90% figure. With 30 employees paid at
$90 per hour, what is the company’s Annual Cost
8. Definition of Disaster Recovery Policy (restore IT structure)
9. Definition of Business Continuity Policy (maintain Business
Operations/availability)
10. Which is a vulnerability scan – Microsoft Baseline Security Analyzer
or AirSnort?
11. What kind of item is a disgruntled employee most likely to plant on
a server that cannot be traced back to him (worm or logic bomb)
12. Question about S/MIME
13. Which has the smallest bit encryption – IDEA, 3DES, SHA-1
14. Principle of least privilege definition – 2 questions
15. 3 NAT questions, all very simple
16. Which item includes a KDC – Kerberos (other items don’t make sense)
17. Question on difference between bluejacking and bluesnarfing (bluesnarfing
takes control of device or data)
18. Which port is SNMP? 161
19. Which is the older of the protocols LANMAN (others are NTLM,
Kerberos)
20. When would a penetration test be appropriate (correct answer is
‘owner approval’)
21. About 10 questions that kept going over scenario based choices
between a protocol analyzer, port scanner, penetration test,
vulnerability test, password cracker, network mapper.
22. Of course that horrific ‘False Negative’ question came up, but I do
believe that it was masked as ‘False Acceptance’. Good thing I studied
Freud in sophomore biology.
23. 1 question about employee job rotation, easy.
1 question about virtual machine benefits, easy
|
09/10/2009
