I got a few letters behind my name this afternoon. I passed the CompTIA Security+ exam with flying colors. And that means two things: I get to keep my job, and I was qualified to have the job in the first place, but now I have a certificate that says a third party agrees.My personal opinion on the test: You have to approach it like any other test. Another coworker took the test at the same time I did. He was joking around with other people and talking up a storm beforehand. Meanwhile, I was pacing, counting on my fingers and not talking to anyone. I had five things I needed to remember until the clock on the test started and I could scribble them down, so I was focused solely on those five things.
My coworker said he was worried about me because I appeared to be nervous. But that’s just how I am before tests. I review a few things up until the time I’m supposed to walk in, and I take any aid the system provides. If I can carry in an index card, I do that. In the case of CompTIA tests, you can ask for a pencil and piece of paper and scribble down whatever you want on it after the test starts. So I did.
I probably would have passed without that, but I didn’t want to score a 765 on the test (passing is either 764 or 765 out of a possible 900). I wanted an 899. For what it’s worth, my score was a lot closer to 899 than 765.
My coworker and I also both believe the test is designed to frustrate you. The first 30 or so questions were pretty easy. Then my coworker missed 18 questions in a row. He knew he missed them, and there wasn’t anything he could do about it. I was pretty confident about my test, but most of my questionable questions came in bunches too. The real key is to not get bogged down in those rough stretches. It gets better.
Of the 100 questions on the test, only 85 count. The contents of the other 15 are anyone’s guess. Some are questions they’re considering to add to the test’s question pool, and based on how people answer them, they’ll decide if they’re fair or unfair. Some are just plain garbage. I had two questions, I think, that had no right answer out of the four options. I think those are control questions to thwart the companies who pay people to take the test and remember a few questions verbatim so they can build up a bank of test questions to sell. If, for example, you pay for some questions and see one asking where the password hashes are stored on a Linux system, and all four responses start with C:\, you’re going to lose confidence in that provider.
As for classes and books… CompTIA’s official class and book cover a lot of material, but there’s an awful lot of middle-management bull in the book and class that isn’t on the test. We had a manager take the test, and he knew the book forward and backward and paid attention in class, but he didn’t pass.
By the same token, every sysadmin who attended the same class and took the test has passed so far. Having lots of recent experience to draw on helps. I can harden Windows systems in my sleep because that’s been my job description for the last couple of years, and no week-long class can cover that kind of depth.
But the interesting thing is, I got very few questions about system hardening. I got a lot more questions about encryption and firewalls, where my knowledge is weaker. I don’t know if the test determines all of your questions at the start or if it uses the first few questions to figure out your weaker areas and then tries to concentrate on those, but I suspect it might be the latter.
But with Security+ out of the way, I’m thinking about other certifications. Network+ is supposed to be easy when Security+ is fresh in your mind. Given my hardware and operating systems background, A+ should be easy.