Security+ Exam:Mean as Heck.

[MartinX]

I have just got back from sitting the Comptia Security+ , and let me just say:

WHAT A FUCKING BASTARD EXAM!

I went in moderately prepared for trick questions, and questions so poorly worded that you'd need a divining rod to figure out what they wanted.

I came out shocked at how badly biased the exam is towards guesswork/magic/subjective opinion instead of knowledge/fact/common sense.

I suppose it's tricky coming up with 100 questions on a subject that mostly consists of a couple of standardized areas and a big bunch of "best practice" (although who's best practice is also subjective).

I've heard of "Security through obscurity", but I don't think that should extend to exam questions.

Also,

NOTE TO COMPTIA: If you are going to have "Pick the most correct answer from the 4 somewhat correct answers below" type questions, it REALLY needs to be based on something that is actually QUANTIFIABLE and has been quantified, not just the opinion of the guy setting the question, there HAS to be a FACT somewhere to back it.
There was more than one question of that type in there where I KNEW for a FACT that there was no one "most" correct answer.

You know the ones I mean... *COUGH*social engineering*COUGH*

Note to other people taking the exam: Know the material, but make sure your astrologer approves the day you choose to take the paper.

---vent ends---

*edit*Obviously I passed it, but it was still a shit exam.
*edit2* Oh right, I just noticed the whole Friday the 13thness of the day that's in it, guess I got off lightly...

 

[Kaos]

could you please post some of the questions youre referring to?

 

[Stang Man]

could you please post some of the questions youre referring to?

How about not? That's against the rules and I am sure he had to sign an NDA after taking the test. Let's try not to make certs look worse than they already are.

 

[MartinX]

could you please post some of the questions youre referring to?

No, NDA and all that, if you know what you're doing, and have a strong grasp of the Objectives that are based on technology passing isn't particularly hard, my gripe is that there were questions (way too many of them) that simply did not have an available answer that was quantifiably more correct than one or more of of the alternatives, and I don't mean that just in the context of the exam, I mean that there is no RFC/ISO/Manual/etc that governs some of the topics, so the "correct" answer is subjective.

In these topics, compTIA should have stuck to "overview" type questions, but they didn't, they treated these subjective areas as if there was an objective standard governing it, which resulted in questions that had answers that had no basis in knowledge, fact or even logic/common sense.

Like I said, I had been prepared for bad questions, both by other peoples anecdotes, and my one previous comptia exam (the Network+ I got last week), and most alarmingly by every study guide I've ever seen for a comptia exam, but the Security+ really alarmed me.

I may just have been really unlucky with the question set I got, but I'm really glad CompTIA exams are one shot deals, if Cisco pulled that type of crap I doubt they'd get as many people coming back after the 3 years.

 

[DragonNOA1]

if Cisco pulled that type of crap I doubt they'd get as many people coming back after the 3 years.

Don't mean to knit-pick but the Cisco cert's that I know of must be renewed every 2 years.

 

[MartinX]

Don't mean to knit-pick but the Cisco cert's that I know of must be renewed every 2 years.

A pox on your nitpickery!

But:
http://www.cisco.com/en/US/learning/le3/le2/le0/le9/learning_certification_type_home.html
http://www.cisco.com/en/US/learning/le3/le2/le37/le10/learning_certification_type_home.html
http://www.cisco.com/en/US/learning/le3/le2/le0/le4/learning_certification_type_home.html
http://www.cisco.com/en/US/learning/le3/le2/le37/le54/learning_certification_type_home.html

Unless I'm misinterpreting "Valid for 3 years"...

 

[mike2323]

I may just have been really unlucky with the question set I got, but I'm really glad CompTIA exams are one shot deals, if Cisco pulled that type of crap I doubt they'd get as many people coming back after the 3 years.

There's a reason for this. Cisco material changes all the time. For example: PIX OS 6.3 vs. PIX OS 7.0. While the concepts are all still the same nearly all the syntax has changed. Cisco is gearing towards a converged IOS setup so now certifications need to adapt to a lot of this. The current CCNA 640-801 test is now obsolete and it's still being used. Several of the switching commands no longer work. It's enough that it could cause people to fail the test.

I've never taken the Network+ or Security+ but after seeing people brag about how they didn't even study and passed makes me wonder -- if the test isn't vendor specific then there can't be THAT much content to cover to make it difficult. If you pick up a book on the Cisco certifications you'll find that out of 12 chapters only 3 are vendor neutral chapters. Just my opinion anyway.

 

[MartinX]

There's a reason for this. Cisco material changes all the time. For example: PIX OS 6.3 vs. PIX OS 7.0. While the concepts are all still the same nearly all the syntax has changed. Cisco is gearing towards a converged IOS setup so now certifications need to adapt to a lot of this. The current CCNA 640-801 test is now obsolete and it's still being used. Several of the switching commands no longer work. It's enough that it could cause people to fail the test.

I've never taken the Network+ or Security+ but after seeing people brag about how they didn't even study and passed makes me wonder -- if the test isn't vendor specific then there can't be THAT much content to cover to make it difficult. If you pick up a book on the Cisco certifications you'll find that out of 12 chapters only 3 are vendor neutral chapters. Just my opinion anyway.

In terms of scope of content and depth of knowledge required Network+ is piss easy if you have any knowledge/experience of networking at all, and from the looks of it they've pushed it even further towards the n00b end of the spectrum with the 05 objectives (that's not to say the 02 objectives were any more than entry level anyway), but to be fair, it does advertise itself as being basic, not some kind of uber-guru type dealie.

The Security+ also doesn't actually cover much ground, and any actual difficulty it does present is more to do with comptias poxy questions rather than the complexity of the subject matter.

I don't think anyone takes CompTIA that seriously anyway (certainly not next to Cisco or even MSs own exams), and to be honest, based on my own first-hand experience, especially with the Sec+, I don't take them seriously either.
Unfortunatly (or fortunately, depending on your perspective) a lot of employers don't know any better, so they want to see bits of paper quantifying your ability.

 

[DragonNOA1]

A pox on your nitpickery!
Unless I'm misinterpreting "Valid for 3 years"...

I swear I searched before posting and saw where it said two years. I did talk with a CCIE and he said you have to re-certify every 2 years(for CCIE's). Boo-Yah! Check the link yo.

http://www.cisco.com/en/US/learning/le3/ccie/recert/index.html